PolarSSL v1.3.9
cipher.c
Go to the documentation of this file.
1 
30 #if !defined(POLARSSL_CONFIG_FILE)
31 #include "polarssl/config.h"
32 #else
33 #include POLARSSL_CONFIG_FILE
34 #endif
35 
36 #if defined(POLARSSL_CIPHER_C)
37 
38 #include "polarssl/cipher.h"
39 #include "polarssl/cipher_wrap.h"
40 
41 #if defined(POLARSSL_GCM_C)
42 #include "polarssl/gcm.h"
43 #endif
44 
45 #if defined(POLARSSL_CCM_C)
46 #include "polarssl/ccm.h"
47 #endif
48 
49 #include <stdlib.h>
50 
51 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
52 #define POLARSSL_CIPHER_MODE_STREAM
53 #endif
54 
55 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
56  !defined(EFI32)
57 #define strcasecmp _stricmp
58 #endif
59 
60 /* Implementation that should never be optimized out by the compiler */
61 static void polarssl_zeroize( void *v, size_t n ) {
62  volatile unsigned char *p = v; while( n-- ) *p++ = 0;
63 }
64 
65 static int supported_init = 0;
66 
67 const int *cipher_list( void )
68 {
69  const cipher_definition_t *def;
70  int *type;
71 
72  if( ! supported_init )
73  {
74  def = cipher_definitions;
75  type = supported_ciphers;
76 
77  while( def->type != 0 )
78  *type++ = (*def++).type;
79 
80  *type = 0;
81 
82  supported_init = 1;
83  }
84 
85  return( supported_ciphers );
86 }
87 
88 const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
89 {
90  const cipher_definition_t *def;
91 
92  for( def = cipher_definitions; def->info != NULL; def++ )
93  if( def->type == cipher_type )
94  return( def->info );
95 
96  return( NULL );
97 }
98 
99 const cipher_info_t *cipher_info_from_string( const char *cipher_name )
100 {
101  const cipher_definition_t *def;
102 
103  if( NULL == cipher_name )
104  return( NULL );
105 
106  for( def = cipher_definitions; def->info != NULL; def++ )
107  if( ! strcasecmp( def->info->name, cipher_name ) )
108  return( def->info );
109 
110  return( NULL );
111 }
112 
113 const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
114  int key_length,
115  const cipher_mode_t mode )
116 {
117  const cipher_definition_t *def;
118 
119  for( def = cipher_definitions; def->info != NULL; def++ )
120  if( def->info->base->cipher == cipher_id &&
121  def->info->key_length == (unsigned) key_length &&
122  def->info->mode == mode )
123  return( def->info );
124 
125  return( NULL );
126 }
127 
128 void cipher_init( cipher_context_t *ctx )
129 {
130  memset( ctx, 0, sizeof( cipher_context_t ) );
131 }
132 
133 void cipher_free( cipher_context_t *ctx )
134 {
135  if( ctx == NULL )
136  return;
137 
138  if( ctx->cipher_ctx )
139  ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
140 
141  polarssl_zeroize( ctx, sizeof(cipher_context_t) );
142 }
143 
144 int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
145 {
146  if( NULL == cipher_info || NULL == ctx )
148 
149  memset( ctx, 0, sizeof( cipher_context_t ) );
150 
151  if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
153 
154  ctx->cipher_info = cipher_info;
155 
156 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
157  /*
158  * Ignore possible errors caused by a cipher mode that doesn't use padding
159  */
160 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
162 #else
164 #endif
165 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
166 
167  return( 0 );
168 }
169 
170 /* Deprecated, redirects to cipher_free() */
172 {
173  cipher_free( ctx );
174 
175  return( 0 );
176 }
177 
178 int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
179  int key_length, const operation_t operation )
180 {
181  if( NULL == ctx || NULL == ctx->cipher_info )
183 
184  if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
185  (int) ctx->cipher_info->key_length != key_length )
186  {
188  }
189 
190  ctx->key_length = key_length;
191  ctx->operation = operation;
192 
193  /*
194  * For CFB and CTR mode always use the encryption key schedule
195  */
196  if( POLARSSL_ENCRYPT == operation ||
199  {
200  return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
201  ctx->key_length );
202  }
203 
204  if( POLARSSL_DECRYPT == operation )
205  return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
206  ctx->key_length );
207 
209 }
210 
212  const unsigned char *iv, size_t iv_len )
213 {
214  size_t actual_iv_size;
215 
216  if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
218 
219  /* avoid buffer overflow in ctx->iv */
220  if( iv_len > POLARSSL_MAX_IV_LENGTH )
222 
223  if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_IV_LEN ) != 0 )
224  actual_iv_size = iv_len;
225  else
226  {
227  actual_iv_size = ctx->cipher_info->iv_size;
228 
229  /* avoid reading past the end of input buffer */
230  if( actual_iv_size > iv_len )
232  }
233 
234  memcpy( ctx->iv, iv, actual_iv_size );
235  ctx->iv_size = actual_iv_size;
236 
237  return( 0 );
238 }
239 
240 int cipher_reset( cipher_context_t *ctx )
241 {
242  if( NULL == ctx || NULL == ctx->cipher_info )
244 
245  ctx->unprocessed_len = 0;
246 
247  return( 0 );
248 }
249 
250 #if defined(POLARSSL_GCM_C)
252  const unsigned char *ad, size_t ad_len )
253 {
254  if( NULL == ctx || NULL == ctx->cipher_info )
256 
257  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
258  {
259  return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
260  ctx->iv, ctx->iv_size, ad, ad_len );
261  }
262 
263  return( 0 );
264 }
265 #endif /* POLARSSL_GCM_C */
266 
267 int cipher_update( cipher_context_t *ctx, const unsigned char *input,
268  size_t ilen, unsigned char *output, size_t *olen )
269 {
270  int ret;
271 
272  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
273  {
275  }
276 
277  *olen = 0;
278 
279  if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
280  {
281  if( ilen != cipher_get_block_size( ctx ) )
283 
284  *olen = ilen;
285 
286  if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
287  ctx->operation, input, output ) ) )
288  {
289  return( ret );
290  }
291 
292  return( 0 );
293  }
294 
295 #if defined(POLARSSL_GCM_C)
296  if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
297  {
298  *olen = ilen;
299  return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
300  output );
301  }
302 #endif
303 
304  if( input == output &&
305  ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
306  {
308  }
309 
310 #if defined(POLARSSL_CIPHER_MODE_CBC)
311  if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
312  {
313  size_t copy_len = 0;
314 
315  /*
316  * If there is not enough data for a full block, cache it.
317  */
318  if( ( ctx->operation == POLARSSL_DECRYPT &&
319  ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
320  ( ctx->operation == POLARSSL_ENCRYPT &&
321  ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
322  {
323  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
324  ilen );
325 
326  ctx->unprocessed_len += ilen;
327  return( 0 );
328  }
329 
330  /*
331  * Process cached data first
332  */
333  if( ctx->unprocessed_len != 0 )
334  {
335  copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
336 
337  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
338  copy_len );
339 
340  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
341  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
342  ctx->unprocessed_data, output ) ) )
343  {
344  return( ret );
345  }
346 
347  *olen += cipher_get_block_size( ctx );
348  output += cipher_get_block_size( ctx );
349  ctx->unprocessed_len = 0;
350 
351  input += copy_len;
352  ilen -= copy_len;
353  }
354 
355  /*
356  * Cache final, incomplete block
357  */
358  if( 0 != ilen )
359  {
360  copy_len = ilen % cipher_get_block_size( ctx );
361  if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
362  copy_len = cipher_get_block_size( ctx );
363 
364  memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
365  copy_len );
366 
367  ctx->unprocessed_len += copy_len;
368  ilen -= copy_len;
369  }
370 
371  /*
372  * Process remaining full blocks
373  */
374  if( ilen )
375  {
376  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
377  ctx->operation, ilen, ctx->iv, input, output ) ) )
378  {
379  return( ret );
380  }
381 
382  *olen += ilen;
383  }
384 
385  return( 0 );
386  }
387 #endif /* POLARSSL_CIPHER_MODE_CBC */
388 
389 #if defined(POLARSSL_CIPHER_MODE_CFB)
390  if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
391  {
392  if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
393  ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
394  input, output ) ) )
395  {
396  return( ret );
397  }
398 
399  *olen = ilen;
400 
401  return( 0 );
402  }
403 #endif /* POLARSSL_CIPHER_MODE_CFB */
404 
405 #if defined(POLARSSL_CIPHER_MODE_CTR)
406  if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
407  {
408  if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
409  ilen, &ctx->unprocessed_len, ctx->iv,
410  ctx->unprocessed_data, input, output ) ) )
411  {
412  return( ret );
413  }
414 
415  *olen = ilen;
416 
417  return( 0 );
418  }
419 #endif /* POLARSSL_CIPHER_MODE_CTR */
420 
421 #if defined(POLARSSL_CIPHER_MODE_STREAM)
422  if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
423  {
424  if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
425  ilen, input, output ) ) )
426  {
427  return( ret );
428  }
429 
430  *olen = ilen;
431 
432  return( 0 );
433  }
434 #endif /* POLARSSL_CIPHER_MODE_STREAM */
435 
437 }
438 
439 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
440 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
441 /*
442  * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
443  */
444 static void add_pkcs_padding( unsigned char *output, size_t output_len,
445  size_t data_len )
446 {
447  size_t padding_len = output_len - data_len;
448  unsigned char i;
449 
450  for( i = 0; i < padding_len; i++ )
451  output[data_len + i] = (unsigned char) padding_len;
452 }
453 
454 static int get_pkcs_padding( unsigned char *input, size_t input_len,
455  size_t *data_len )
456 {
457  size_t i, pad_idx;
458  unsigned char padding_len, bad = 0;
459 
460  if( NULL == input || NULL == data_len )
462 
463  padding_len = input[input_len - 1];
464  *data_len = input_len - padding_len;
465 
466  /* Avoid logical || since it results in a branch */
467  bad |= padding_len > input_len;
468  bad |= padding_len == 0;
469 
470  /* The number of bytes checked must be independent of padding_len,
471  * so pick input_len, which is usually 8 or 16 (one block) */
472  pad_idx = input_len - padding_len;
473  for( i = 0; i < input_len; i++ )
474  bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
475 
476  return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
477 }
478 #endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
479 
480 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
481 /*
482  * One and zeros padding: fill with 80 00 ... 00
483  */
484 static void add_one_and_zeros_padding( unsigned char *output,
485  size_t output_len, size_t data_len )
486 {
487  size_t padding_len = output_len - data_len;
488  unsigned char i = 0;
489 
490  output[data_len] = 0x80;
491  for( i = 1; i < padding_len; i++ )
492  output[data_len + i] = 0x00;
493 }
494 
495 static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
496  size_t *data_len )
497 {
498  size_t i;
499  unsigned char done = 0, prev_done, bad;
500 
501  if( NULL == input || NULL == data_len )
503 
504  bad = 0xFF;
505  *data_len = 0;
506  for( i = input_len; i > 0; i-- )
507  {
508  prev_done = done;
509  done |= ( input[i-1] != 0 );
510  *data_len |= ( i - 1 ) * ( done != prev_done );
511  bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
512  }
513 
514  return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
515 
516 }
517 #endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
518 
519 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
520 /*
521  * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
522  */
523 static void add_zeros_and_len_padding( unsigned char *output,
524  size_t output_len, size_t data_len )
525 {
526  size_t padding_len = output_len - data_len;
527  unsigned char i = 0;
528 
529  for( i = 1; i < padding_len; i++ )
530  output[data_len + i - 1] = 0x00;
531  output[output_len - 1] = (unsigned char) padding_len;
532 }
533 
534 static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
535  size_t *data_len )
536 {
537  size_t i, pad_idx;
538  unsigned char padding_len, bad = 0;
539 
540  if( NULL == input || NULL == data_len )
542 
543  padding_len = input[input_len - 1];
544  *data_len = input_len - padding_len;
545 
546  /* Avoid logical || since it results in a branch */
547  bad |= padding_len > input_len;
548  bad |= padding_len == 0;
549 
550  /* The number of bytes checked must be independent of padding_len */
551  pad_idx = input_len - padding_len;
552  for( i = 0; i < input_len - 1; i++ )
553  bad |= input[i] * ( i >= pad_idx );
554 
555  return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
556 }
557 #endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
558 
559 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
560 /*
561  * Zero padding: fill with 00 ... 00
562  */
563 static void add_zeros_padding( unsigned char *output,
564  size_t output_len, size_t data_len )
565 {
566  size_t i;
567 
568  for( i = data_len; i < output_len; i++ )
569  output[i] = 0x00;
570 }
571 
572 static int get_zeros_padding( unsigned char *input, size_t input_len,
573  size_t *data_len )
574 {
575  size_t i;
576  unsigned char done = 0, prev_done;
577 
578  if( NULL == input || NULL == data_len )
580 
581  *data_len = 0;
582  for( i = input_len; i > 0; i-- )
583  {
584  prev_done = done;
585  done |= ( input[i-1] != 0 );
586  *data_len |= i * ( done != prev_done );
587  }
588 
589  return( 0 );
590 }
591 #endif /* POLARSSL_CIPHER_PADDING_ZEROS */
592 
593 /*
594  * No padding: don't pad :)
595  *
596  * There is no add_padding function (check for NULL in cipher_finish)
597  * but a trivial get_padding function
598  */
599 static int get_no_padding( unsigned char *input, size_t input_len,
600  size_t *data_len )
601 {
602  if( NULL == input || NULL == data_len )
604 
605  *data_len = input_len;
606 
607  return( 0 );
608 }
609 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
610 
612  unsigned char *output, size_t *olen )
613 {
614  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
616 
617  *olen = 0;
618 
619  if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
623  {
624  return( 0 );
625  }
626 
627  if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
628  {
629  if( ctx->unprocessed_len != 0 )
631 
632  return( 0 );
633  }
634 
635 #if defined(POLARSSL_CIPHER_MODE_CBC)
636  if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
637  {
638  int ret = 0;
639 
640  if( POLARSSL_ENCRYPT == ctx->operation )
641  {
642  /* check for 'no padding' mode */
643  if( NULL == ctx->add_padding )
644  {
645  if( 0 != ctx->unprocessed_len )
647 
648  return( 0 );
649  }
650 
652  ctx->unprocessed_len );
653  }
654  else if( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
655  {
656  /*
657  * For decrypt operations, expect a full block,
658  * or an empty block if no padding
659  */
660  if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
661  return( 0 );
662 
664  }
665 
666  /* cipher block */
667  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
668  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
669  ctx->unprocessed_data, output ) ) )
670  {
671  return( ret );
672  }
673 
674  /* Set output size for decryption */
675  if( POLARSSL_DECRYPT == ctx->operation )
676  return ctx->get_padding( output, cipher_get_block_size( ctx ),
677  olen );
678 
679  /* Set output size for encryption */
680  *olen = cipher_get_block_size( ctx );
681  return( 0 );
682  }
683 #else
684  ((void) output);
685 #endif /* POLARSSL_CIPHER_MODE_CBC */
686 
688 }
689 
690 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
692 {
693  if( NULL == ctx ||
695  {
697  }
698 
699  switch( mode )
700  {
701 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
703  ctx->add_padding = add_pkcs_padding;
704  ctx->get_padding = get_pkcs_padding;
705  break;
706 #endif
707 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
709  ctx->add_padding = add_one_and_zeros_padding;
710  ctx->get_padding = get_one_and_zeros_padding;
711  break;
712 #endif
713 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
715  ctx->add_padding = add_zeros_and_len_padding;
716  ctx->get_padding = get_zeros_and_len_padding;
717  break;
718 #endif
719 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
721  ctx->add_padding = add_zeros_padding;
722  ctx->get_padding = get_zeros_padding;
723  break;
724 #endif
726  ctx->add_padding = NULL;
727  ctx->get_padding = get_no_padding;
728  break;
729 
730  default:
732  }
733 
734  return( 0 );
735 }
736 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
737 
738 #if defined(POLARSSL_GCM_C)
740  unsigned char *tag, size_t tag_len )
741 {
742  if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
744 
745  if( POLARSSL_ENCRYPT != ctx->operation )
747 
748  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
749  return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
750 
751  return( 0 );
752 }
753 
755  const unsigned char *tag, size_t tag_len )
756 {
757  int ret;
758 
759  if( NULL == ctx || NULL == ctx->cipher_info ||
760  POLARSSL_DECRYPT != ctx->operation )
761  {
763  }
764 
765  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
766  {
767  unsigned char check_tag[16];
768  size_t i;
769  int diff;
770 
771  if( tag_len > sizeof( check_tag ) )
773 
774  if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
775  check_tag, tag_len ) ) )
776  {
777  return( ret );
778  }
779 
780  /* Check the tag in "constant-time" */
781  for( diff = 0, i = 0; i < tag_len; i++ )
782  diff |= tag[i] ^ check_tag[i];
783 
784  if( diff != 0 )
786 
787  return( 0 );
788  }
789 
790  return( 0 );
791 }
792 #endif /* POLARSSL_GCM_C */
793 
794 /*
795  * Packet-oriented wrapper for non-AEAD modes
796  */
798  const unsigned char *iv, size_t iv_len,
799  const unsigned char *input, size_t ilen,
800  unsigned char *output, size_t *olen )
801 {
802  int ret;
803  size_t finish_olen;
804 
805  if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
806  return( ret );
807 
808  if( ( ret = cipher_reset( ctx ) ) != 0 )
809  return( ret );
810 
811  if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
812  return( ret );
813 
814  if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
815  return( ret );
816 
817  *olen += finish_olen;
818 
819  return( 0 );
820 }
821 
822 #if defined(POLARSSL_CIPHER_MODE_AEAD)
823 /*
824  * Packet-oriented encryption for AEAD modes
825  */
827  const unsigned char *iv, size_t iv_len,
828  const unsigned char *ad, size_t ad_len,
829  const unsigned char *input, size_t ilen,
830  unsigned char *output, size_t *olen,
831  unsigned char *tag, size_t tag_len )
832 {
833 #if defined(POLARSSL_GCM_C)
834  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
835  {
836  *olen = ilen;
837  return( gcm_crypt_and_tag( ctx->cipher_ctx, GCM_ENCRYPT, ilen,
838  iv, iv_len, ad, ad_len, input, output,
839  tag_len, tag ) );
840  }
841 #endif /* POLARSSL_GCM_C */
842 #if defined(POLARSSL_CCM_C)
843  if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
844  {
845  *olen = ilen;
846  return( ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
847  iv, iv_len, ad, ad_len, input, output,
848  tag, tag_len ) );
849  }
850 #endif /* POLARSSL_CCM_C */
851 
853 }
854 
855 /*
856  * Packet-oriented decryption for AEAD modes
857  */
859  const unsigned char *iv, size_t iv_len,
860  const unsigned char *ad, size_t ad_len,
861  const unsigned char *input, size_t ilen,
862  unsigned char *output, size_t *olen,
863  const unsigned char *tag, size_t tag_len )
864 {
865 #if defined(POLARSSL_GCM_C)
866  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
867  {
868  int ret;
869 
870  *olen = ilen;
871  ret = gcm_auth_decrypt( ctx->cipher_ctx, ilen,
872  iv, iv_len, ad, ad_len,
873  tag, tag_len, input, output );
874 
875  if( ret == POLARSSL_ERR_GCM_AUTH_FAILED )
877 
878  return( ret );
879  }
880 #endif /* POLARSSL_GCM_C */
881 #if defined(POLARSSL_CCM_C)
882  if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
883  {
884  int ret;
885 
886  *olen = ilen;
887  ret = ccm_auth_decrypt( ctx->cipher_ctx, ilen,
888  iv, iv_len, ad, ad_len,
889  input, output, tag, tag_len );
890 
891  if( ret == POLARSSL_ERR_CCM_AUTH_FAILED )
893 
894  return( ret );
895  }
896 #endif /* POLARSSL_CCM_C */
897 
899 }
900 #endif /* POLARSSL_CIPHER_MODE_AEAD */
901 
902 
903 #if defined(POLARSSL_SELF_TEST)
904 
905 /*
906  * Checkup routine
907  */
908 int cipher_self_test( int verbose )
909 {
910  ((void) verbose);
911 
912  return( 0 );
913 }
914 
915 #endif /* POLARSSL_SELF_TEST */
916 
917 #endif /* POLARSSL_CIPHER_C */
int key_length
Key length to use.
Definition: cipher.h:263
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
Bad input parameters to function.
Definition: cipher.h:58
int supported_ciphers[]
int gcm_auth_decrypt(gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output)
GCM buffer authenticated decryption using a block cipher.
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
The selected feature is not available.
Definition: cipher.h:57
static int cipher_get_iv_size(const cipher_context_t *ctx)
Returns the size of the cipher&#39;s IV/NONCE in bytes.
Definition: cipher.h:418
Generic cipher context.
Definition: cipher.h:258
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED
Failed to allocate memory.
Definition: cipher.h:59
void cipher_init(cipher_context_t *ctx)
Initialize a cipher_context (as NONE)
int cipher_write_tag(cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
Write tag for AEAD ciphers.
Cipher information.
Definition: cipher.h:226
zero padding (not reversible!)
Definition: cipher.h:150
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
static unsigned int cipher_get_block_size(const cipher_context_t *ctx)
Returns the block size of the given cipher.
Definition: cipher.h:384
const cipher_info_t * cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:270
Configuration options (set of defines)
cipher_type_t type
Definition: cipher_wrap.h:45
void(* ctx_free_func)(void *ctx)
Free the given context.
Definition: cipher.h:219
#define POLARSSL_ERR_CIPHER_INVALID_PADDING
Input data contains invalid padding and is rejected.
Definition: cipher.h:60
ISO/IEC 7816-4 padding.
Definition: cipher.h:148
int cipher_crypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic all-in-one encryption/decryption (for all ciphers except AEAD constructs).
int(* cbc_func)(void *ctx, operation_t mode, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CBC.
Definition: cipher.h:189
const cipher_definition_t cipher_definitions[]
int ccm_auth_decrypt(ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len)
CCM buffer authenticated decryption.
#define GCM_ENCRYPT
Definition: gcm.h:40
Cipher wrappers.
int(* ecb_func)(void *ctx, operation_t mode, const unsigned char *input, unsigned char *output)
Encrypt using ECB.
Definition: cipher.h:185
unsigned char iv[POLARSSL_MAX_IV_LENGTH]
Current IV or NONCE_COUNTER for CTR-mode.
Definition: cipher.h:279
const cipher_info_t * cipher_info
Information about the associated cipher.
Definition: cipher.h:260
int(* cfb_func)(void *ctx, operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CFB (Full length)
Definition: cipher.h:194
int gcm_crypt_and_tag(gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
GCM buffer encryption/decryption using a block cipher.
int(* ctr_func)(void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output)
Encrypt using CTR.
Definition: cipher.h:199
operation_t operation
Operation that the context&#39;s key has been initialised for.
Definition: cipher.h:266
cipher_mode_t
Definition: cipher.h:134
cipher_type_t
Definition: cipher.h:82
size_t unprocessed_len
Number of bytes that still need processing.
Definition: cipher.h:276
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
int cipher_update_ad(cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
Add additional data (for AEAD ciphers).
unsigned int key_length
Cipher key length, in bits (default length for variable sized ciphers) (Includes parity bits for ciph...
Definition: cipher.h:235
operation_t
Definition: cipher.h:154
int cipher_set_iv(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
#define POLARSSL_CIPHER_VARIABLE_IV_LEN
Cipher accepts IVs of variable length.
Definition: cipher.h:64
int cipher_auth_encrypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
Generic autenticated encryption (AEAD ciphers).
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
int(* setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for decryption purposes.
Definition: cipher.h:212
int cipher_auth_decrypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
Generic autenticated decryption (AEAD ciphers).
unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH]
Buffer for data that hasn&#39;t been encrypted yet.
Definition: cipher.h:273
int(* stream_func)(void *ctx, size_t length, const unsigned char *input, unsigned char *output)
Encrypt using STREAM.
Definition: cipher.h:204
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
Decryption of block requires a full block.
Definition: cipher.h:61
const char * name
Name of the cipher.
Definition: cipher.h:238
GCM context structure.
Definition: gcm.h:53
Generic cipher wrapper.
cipher_id_t
Definition: cipher.h:71
#define POLARSSL_MAX_IV_LENGTH
Maximum length of any IV, in bytes.
Definition: cipher.h:172
int cipher_reset(cipher_context_t *ctx)
Finish preparation of the given context.
int(* setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for encryption purposes.
Definition: cipher.h:208
void *(* ctx_alloc_func)(void)
Allocate a new context.
Definition: cipher.h:216
cipher_id_t cipher
Base Cipher type (e.g.
Definition: cipher.h:182
void cipher_free(cipher_context_t *ctx)
Free and clear the cipher-specific context of ctx.
int cipher_set_padding_mode(cipher_context_t *ctx, cipher_padding_t mode)
Set padding mode, for cipher modes that use padding.
cipher_mode_t mode
Cipher mode (e.g.
Definition: cipher.h:231
#define POLARSSL_ERR_GCM_AUTH_FAILED
Authenticated decryption failed.
Definition: gcm.h:43
cipher_padding_t
Definition: cipher.h:146
PKCS7 padding (default)
Definition: cipher.h:147
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
int gcm_update(gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
Generic GCM update function.
int gcm_starts(gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
Generic GCM stream start function.
never pad (full blocks only)
Definition: cipher.h:151
int ccm_encrypt_and_tag(ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len)
CCM buffer encryption.
Galois/Counter mode for 128-bit block ciphers.
const cipher_base_t * base
Base cipher information and functions.
Definition: cipher.h:251
const int * cipher_list(void)
Returns the list of ciphers supported by the generic cipher module.
int gcm_finish(gcm_context *ctx, unsigned char *tag, size_t tag_len)
Generic GCM finalisation function.
ANSI X.923 padding.
Definition: cipher.h:149
void * cipher_ctx
Cipher-specific context.
Definition: cipher.h:285
int cipher_self_test(int verbose)
Checkup routine.
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Padding functions to use, if relevant for cipher mode.
Definition: cipher.h:269
size_t iv_size
IV size in bytes (for ciphers with variable-length IVs)
Definition: cipher.h:282
int flags
Flags for variable IV size, variable key size, etc.
Definition: cipher.h:245
#define POLARSSL_ERR_CCM_AUTH_FAILED
Authenticated decryption failed.
Definition: ccm.h:33
int cipher_check_tag(cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
Check tag for AEAD ciphers.
unsigned int iv_size
IV/NONCE size, in bytes.
Definition: cipher.h:242
#define POLARSSL_ERR_CIPHER_AUTH_FAILED
Authentication failed (for AEAD modes).
Definition: cipher.h:62
#define POLARSSL_CIPHER_VARIABLE_KEY_LEN
Cipher accepts keys of variable length.
Definition: cipher.h:65
const cipher_info_t * cipher_info_from_values(const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode)
Returns the cipher information structure associated with the given cipher id, key size and mode...
Counter with CBC-MAC (CCM) for 128-bit block ciphers.
const cipher_info_t * info
Definition: cipher_wrap.h:46