Nitin Shukla
nkjnm
Dependencies: MAX44000 nexpaq_mdk
Fork of
LED_Demo
by 
Maxim nexpaq
mbd_os/features/mbedtls/src/cipher.c@7:3a65ef12ba31, 2016-11-04 (annotated)
- Committer:
- nitsshukla
- Date:
- Fri Nov 04 12:06:04 2016 +0000
- Revision:
- 7:3a65ef12ba31
- Parent:
- 1:55a6170b404f
kghj;
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| nexpaq | 1:55a6170b404f | 1 | /** |
| nexpaq | 1:55a6170b404f | 2 | * \file cipher.c |
| nexpaq | 1:55a6170b404f | 3 | * |
| nexpaq | 1:55a6170b404f | 4 | * \brief Generic cipher wrapper for mbed TLS |
| nexpaq | 1:55a6170b404f | 5 | * |
| nexpaq | 1:55a6170b404f | 6 | * \author Adriaan de Jong <dejong@fox-it.com> |
| nexpaq | 1:55a6170b404f | 7 | * |
| nexpaq | 1:55a6170b404f | 8 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| nexpaq | 1:55a6170b404f | 9 | * SPDX-License-Identifier: Apache-2.0 |
| nexpaq | 1:55a6170b404f | 10 | * |
| nexpaq | 1:55a6170b404f | 11 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| nexpaq | 1:55a6170b404f | 12 | * not use this file except in compliance with the License. |
| nexpaq | 1:55a6170b404f | 13 | * You may obtain a copy of the License at |
| nexpaq | 1:55a6170b404f | 14 | * |
| nexpaq | 1:55a6170b404f | 15 | * http://www.apache.org/licenses/LICENSE-2.0 |
| nexpaq | 1:55a6170b404f | 16 | * |
| nexpaq | 1:55a6170b404f | 17 | * Unless required by applicable law or agreed to in writing, software |
| nexpaq | 1:55a6170b404f | 18 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| nexpaq | 1:55a6170b404f | 19 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| nexpaq | 1:55a6170b404f | 20 | * See the License for the specific language governing permissions and |
| nexpaq | 1:55a6170b404f | 21 | * limitations under the License. |
| nexpaq | 1:55a6170b404f | 22 | * |
| nexpaq | 1:55a6170b404f | 23 | * This file is part of mbed TLS (https://tls.mbed.org) |
| nexpaq | 1:55a6170b404f | 24 | */ |
| nexpaq | 1:55a6170b404f | 25 | |
| nexpaq | 1:55a6170b404f | 26 | #if !defined(MBEDTLS_CONFIG_FILE) |
| nexpaq | 1:55a6170b404f | 27 | #include "mbedtls/config.h" |
| nexpaq | 1:55a6170b404f | 28 | #else |
| nexpaq | 1:55a6170b404f | 29 | #include MBEDTLS_CONFIG_FILE |
| nexpaq | 1:55a6170b404f | 30 | #endif |
| nexpaq | 1:55a6170b404f | 31 | |
| nexpaq | 1:55a6170b404f | 32 | #if defined(MBEDTLS_CIPHER_C) |
| nexpaq | 1:55a6170b404f | 33 | |
| nexpaq | 1:55a6170b404f | 34 | #include "mbedtls/cipher.h" |
| nexpaq | 1:55a6170b404f | 35 | #include "mbedtls/cipher_internal.h" |
| nexpaq | 1:55a6170b404f | 36 | |
| nexpaq | 1:55a6170b404f | 37 | #include <stdlib.h> |
| nexpaq | 1:55a6170b404f | 38 | #include <string.h> |
| nexpaq | 1:55a6170b404f | 39 | |
| nexpaq | 1:55a6170b404f | 40 | #if defined(MBEDTLS_GCM_C) |
| nexpaq | 1:55a6170b404f | 41 | #include "mbedtls/gcm.h" |
| nexpaq | 1:55a6170b404f | 42 | #endif |
| nexpaq | 1:55a6170b404f | 43 | |
| nexpaq | 1:55a6170b404f | 44 | #if defined(MBEDTLS_CCM_C) |
| nexpaq | 1:55a6170b404f | 45 | #include "mbedtls/ccm.h" |
| nexpaq | 1:55a6170b404f | 46 | #endif |
| nexpaq | 1:55a6170b404f | 47 | |
| nexpaq | 1:55a6170b404f | 48 | #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) |
| nexpaq | 1:55a6170b404f | 49 | #define MBEDTLS_CIPHER_MODE_STREAM |
| nexpaq | 1:55a6170b404f | 50 | #endif |
| nexpaq | 1:55a6170b404f | 51 | |
| nexpaq | 1:55a6170b404f | 52 | /* Implementation that should never be optimized out by the compiler */ |
| nexpaq | 1:55a6170b404f | 53 | static void mbedtls_zeroize( void *v, size_t n ) { |
| nexpaq | 1:55a6170b404f | 54 | volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; |
| nexpaq | 1:55a6170b404f | 55 | } |
| nexpaq | 1:55a6170b404f | 56 | |
| nexpaq | 1:55a6170b404f | 57 | static int supported_init = 0; |
| nexpaq | 1:55a6170b404f | 58 | |
| nexpaq | 1:55a6170b404f | 59 | const int *mbedtls_cipher_list( void ) |
| nexpaq | 1:55a6170b404f | 60 | { |
| nexpaq | 1:55a6170b404f | 61 | const mbedtls_cipher_definition_t *def; |
| nexpaq | 1:55a6170b404f | 62 | int *type; |
| nexpaq | 1:55a6170b404f | 63 | |
| nexpaq | 1:55a6170b404f | 64 | if( ! supported_init ) |
| nexpaq | 1:55a6170b404f | 65 | { |
| nexpaq | 1:55a6170b404f | 66 | def = mbedtls_cipher_definitions; |
| nexpaq | 1:55a6170b404f | 67 | type = mbedtls_cipher_supported; |
| nexpaq | 1:55a6170b404f | 68 | |
| nexpaq | 1:55a6170b404f | 69 | while( def->type != 0 ) |
| nexpaq | 1:55a6170b404f | 70 | *type++ = (*def++).type; |
| nexpaq | 1:55a6170b404f | 71 | |
| nexpaq | 1:55a6170b404f | 72 | *type = 0; |
| nexpaq | 1:55a6170b404f | 73 | |
| nexpaq | 1:55a6170b404f | 74 | supported_init = 1; |
| nexpaq | 1:55a6170b404f | 75 | } |
| nexpaq | 1:55a6170b404f | 76 | |
| nexpaq | 1:55a6170b404f | 77 | return( mbedtls_cipher_supported ); |
| nexpaq | 1:55a6170b404f | 78 | } |
| nexpaq | 1:55a6170b404f | 79 | |
| nexpaq | 1:55a6170b404f | 80 | const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ) |
| nexpaq | 1:55a6170b404f | 81 | { |
| nexpaq | 1:55a6170b404f | 82 | const mbedtls_cipher_definition_t *def; |
| nexpaq | 1:55a6170b404f | 83 | |
| nexpaq | 1:55a6170b404f | 84 | for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) |
| nexpaq | 1:55a6170b404f | 85 | if( def->type == cipher_type ) |
| nexpaq | 1:55a6170b404f | 86 | return( def->info ); |
| nexpaq | 1:55a6170b404f | 87 | |
| nexpaq | 1:55a6170b404f | 88 | return( NULL ); |
| nexpaq | 1:55a6170b404f | 89 | } |
| nexpaq | 1:55a6170b404f | 90 | |
| nexpaq | 1:55a6170b404f | 91 | const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ) |
| nexpaq | 1:55a6170b404f | 92 | { |
| nexpaq | 1:55a6170b404f | 93 | const mbedtls_cipher_definition_t *def; |
| nexpaq | 1:55a6170b404f | 94 | |
| nexpaq | 1:55a6170b404f | 95 | if( NULL == cipher_name ) |
| nexpaq | 1:55a6170b404f | 96 | return( NULL ); |
| nexpaq | 1:55a6170b404f | 97 | |
| nexpaq | 1:55a6170b404f | 98 | for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) |
| nexpaq | 1:55a6170b404f | 99 | if( ! strcmp( def->info->name, cipher_name ) ) |
| nexpaq | 1:55a6170b404f | 100 | return( def->info ); |
| nexpaq | 1:55a6170b404f | 101 | |
| nexpaq | 1:55a6170b404f | 102 | return( NULL ); |
| nexpaq | 1:55a6170b404f | 103 | } |
| nexpaq | 1:55a6170b404f | 104 | |
| nexpaq | 1:55a6170b404f | 105 | const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, |
| nexpaq | 1:55a6170b404f | 106 | int key_bitlen, |
| nexpaq | 1:55a6170b404f | 107 | const mbedtls_cipher_mode_t mode ) |
| nexpaq | 1:55a6170b404f | 108 | { |
| nexpaq | 1:55a6170b404f | 109 | const mbedtls_cipher_definition_t *def; |
| nexpaq | 1:55a6170b404f | 110 | |
| nexpaq | 1:55a6170b404f | 111 | for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) |
| nexpaq | 1:55a6170b404f | 112 | if( def->info->base->cipher == cipher_id && |
| nexpaq | 1:55a6170b404f | 113 | def->info->key_bitlen == (unsigned) key_bitlen && |
| nexpaq | 1:55a6170b404f | 114 | def->info->mode == mode ) |
| nexpaq | 1:55a6170b404f | 115 | return( def->info ); |
| nexpaq | 1:55a6170b404f | 116 | |
| nexpaq | 1:55a6170b404f | 117 | return( NULL ); |
| nexpaq | 1:55a6170b404f | 118 | } |
| nexpaq | 1:55a6170b404f | 119 | |
| nexpaq | 1:55a6170b404f | 120 | void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ) |
| nexpaq | 1:55a6170b404f | 121 | { |
| nexpaq | 1:55a6170b404f | 122 | memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); |
| nexpaq | 1:55a6170b404f | 123 | } |
| nexpaq | 1:55a6170b404f | 124 | |
| nexpaq | 1:55a6170b404f | 125 | void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) |
| nexpaq | 1:55a6170b404f | 126 | { |
| nexpaq | 1:55a6170b404f | 127 | if( ctx == NULL ) |
| nexpaq | 1:55a6170b404f | 128 | return; |
| nexpaq | 1:55a6170b404f | 129 | |
| nexpaq | 1:55a6170b404f | 130 | if( ctx->cipher_ctx ) |
| nexpaq | 1:55a6170b404f | 131 | ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); |
| nexpaq | 1:55a6170b404f | 132 | |
| nexpaq | 1:55a6170b404f | 133 | mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); |
| nexpaq | 1:55a6170b404f | 134 | } |
| nexpaq | 1:55a6170b404f | 135 | |
| nexpaq | 1:55a6170b404f | 136 | int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info ) |
| nexpaq | 1:55a6170b404f | 137 | { |
| nexpaq | 1:55a6170b404f | 138 | if( NULL == cipher_info || NULL == ctx ) |
| nexpaq | 1:55a6170b404f | 139 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 140 | |
| nexpaq | 1:55a6170b404f | 141 | memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); |
| nexpaq | 1:55a6170b404f | 142 | |
| nexpaq | 1:55a6170b404f | 143 | if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) ) |
| nexpaq | 1:55a6170b404f | 144 | return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); |
| nexpaq | 1:55a6170b404f | 145 | |
| nexpaq | 1:55a6170b404f | 146 | ctx->cipher_info = cipher_info; |
| nexpaq | 1:55a6170b404f | 147 | |
| nexpaq | 1:55a6170b404f | 148 | #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) |
| nexpaq | 1:55a6170b404f | 149 | /* |
| nexpaq | 1:55a6170b404f | 150 | * Ignore possible errors caused by a cipher mode that doesn't use padding |
| nexpaq | 1:55a6170b404f | 151 | */ |
| nexpaq | 1:55a6170b404f | 152 | #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) |
| nexpaq | 1:55a6170b404f | 153 | (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 ); |
| nexpaq | 1:55a6170b404f | 154 | #else |
| nexpaq | 1:55a6170b404f | 155 | (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE ); |
| nexpaq | 1:55a6170b404f | 156 | #endif |
| nexpaq | 1:55a6170b404f | 157 | #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ |
| nexpaq | 1:55a6170b404f | 158 | |
| nexpaq | 1:55a6170b404f | 159 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 160 | } |
| nexpaq | 1:55a6170b404f | 161 | |
| nexpaq | 1:55a6170b404f | 162 | int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key, |
| nexpaq | 1:55a6170b404f | 163 | int key_bitlen, const mbedtls_operation_t operation ) |
| nexpaq | 1:55a6170b404f | 164 | { |
| nexpaq | 1:55a6170b404f | 165 | if( NULL == ctx || NULL == ctx->cipher_info ) |
| nexpaq | 1:55a6170b404f | 166 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 167 | |
| nexpaq | 1:55a6170b404f | 168 | if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 && |
| nexpaq | 1:55a6170b404f | 169 | (int) ctx->cipher_info->key_bitlen != key_bitlen ) |
| nexpaq | 1:55a6170b404f | 170 | { |
| nexpaq | 1:55a6170b404f | 171 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 172 | } |
| nexpaq | 1:55a6170b404f | 173 | |
| nexpaq | 1:55a6170b404f | 174 | ctx->key_bitlen = key_bitlen; |
| nexpaq | 1:55a6170b404f | 175 | ctx->operation = operation; |
| nexpaq | 1:55a6170b404f | 176 | |
| nexpaq | 1:55a6170b404f | 177 | /* |
| nexpaq | 1:55a6170b404f | 178 | * For CFB and CTR mode always use the encryption key schedule |
| nexpaq | 1:55a6170b404f | 179 | */ |
| nexpaq | 1:55a6170b404f | 180 | if( MBEDTLS_ENCRYPT == operation || |
| nexpaq | 1:55a6170b404f | 181 | MBEDTLS_MODE_CFB == ctx->cipher_info->mode || |
| nexpaq | 1:55a6170b404f | 182 | MBEDTLS_MODE_CTR == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 183 | { |
| nexpaq | 1:55a6170b404f | 184 | return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, |
| nexpaq | 1:55a6170b404f | 185 | ctx->key_bitlen ); |
| nexpaq | 1:55a6170b404f | 186 | } |
| nexpaq | 1:55a6170b404f | 187 | |
| nexpaq | 1:55a6170b404f | 188 | if( MBEDTLS_DECRYPT == operation ) |
| nexpaq | 1:55a6170b404f | 189 | return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key, |
| nexpaq | 1:55a6170b404f | 190 | ctx->key_bitlen ); |
| nexpaq | 1:55a6170b404f | 191 | |
| nexpaq | 1:55a6170b404f | 192 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 193 | } |
| nexpaq | 1:55a6170b404f | 194 | |
| nexpaq | 1:55a6170b404f | 195 | int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 196 | const unsigned char *iv, size_t iv_len ) |
| nexpaq | 1:55a6170b404f | 197 | { |
| nexpaq | 1:55a6170b404f | 198 | size_t actual_iv_size; |
| nexpaq | 1:55a6170b404f | 199 | |
| nexpaq | 1:55a6170b404f | 200 | if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv ) |
| nexpaq | 1:55a6170b404f | 201 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 202 | |
| nexpaq | 1:55a6170b404f | 203 | /* avoid buffer overflow in ctx->iv */ |
| nexpaq | 1:55a6170b404f | 204 | if( iv_len > MBEDTLS_MAX_IV_LENGTH ) |
| nexpaq | 1:55a6170b404f | 205 | return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); |
| nexpaq | 1:55a6170b404f | 206 | |
| nexpaq | 1:55a6170b404f | 207 | if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 ) |
| nexpaq | 1:55a6170b404f | 208 | actual_iv_size = iv_len; |
| nexpaq | 1:55a6170b404f | 209 | else |
| nexpaq | 1:55a6170b404f | 210 | { |
| nexpaq | 1:55a6170b404f | 211 | actual_iv_size = ctx->cipher_info->iv_size; |
| nexpaq | 1:55a6170b404f | 212 | |
| nexpaq | 1:55a6170b404f | 213 | /* avoid reading past the end of input buffer */ |
| nexpaq | 1:55a6170b404f | 214 | if( actual_iv_size > iv_len ) |
| nexpaq | 1:55a6170b404f | 215 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 216 | } |
| nexpaq | 1:55a6170b404f | 217 | |
| nexpaq | 1:55a6170b404f | 218 | memcpy( ctx->iv, iv, actual_iv_size ); |
| nexpaq | 1:55a6170b404f | 219 | ctx->iv_size = actual_iv_size; |
| nexpaq | 1:55a6170b404f | 220 | |
| nexpaq | 1:55a6170b404f | 221 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 222 | } |
| nexpaq | 1:55a6170b404f | 223 | |
| nexpaq | 1:55a6170b404f | 224 | int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) |
| nexpaq | 1:55a6170b404f | 225 | { |
| nexpaq | 1:55a6170b404f | 226 | if( NULL == ctx || NULL == ctx->cipher_info ) |
| nexpaq | 1:55a6170b404f | 227 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 228 | |
| nexpaq | 1:55a6170b404f | 229 | ctx->unprocessed_len = 0; |
| nexpaq | 1:55a6170b404f | 230 | |
| nexpaq | 1:55a6170b404f | 231 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 232 | } |
| nexpaq | 1:55a6170b404f | 233 | |
| nexpaq | 1:55a6170b404f | 234 | #if defined(MBEDTLS_GCM_C) |
| nexpaq | 1:55a6170b404f | 235 | int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 236 | const unsigned char *ad, size_t ad_len ) |
| nexpaq | 1:55a6170b404f | 237 | { |
| nexpaq | 1:55a6170b404f | 238 | if( NULL == ctx || NULL == ctx->cipher_info ) |
| nexpaq | 1:55a6170b404f | 239 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 240 | |
| nexpaq | 1:55a6170b404f | 241 | if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 242 | { |
| nexpaq | 1:55a6170b404f | 243 | return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation, |
| nexpaq | 1:55a6170b404f | 244 | ctx->iv, ctx->iv_size, ad, ad_len ); |
| nexpaq | 1:55a6170b404f | 245 | } |
| nexpaq | 1:55a6170b404f | 246 | |
| nexpaq | 1:55a6170b404f | 247 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 248 | } |
| nexpaq | 1:55a6170b404f | 249 | #endif /* MBEDTLS_GCM_C */ |
| nexpaq | 1:55a6170b404f | 250 | |
| nexpaq | 1:55a6170b404f | 251 | int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, |
| nexpaq | 1:55a6170b404f | 252 | size_t ilen, unsigned char *output, size_t *olen ) |
| nexpaq | 1:55a6170b404f | 253 | { |
| nexpaq | 1:55a6170b404f | 254 | int ret; |
| nexpaq | 1:55a6170b404f | 255 | size_t block_size = 0; |
| nexpaq | 1:55a6170b404f | 256 | |
| nexpaq | 1:55a6170b404f | 257 | if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) |
| nexpaq | 1:55a6170b404f | 258 | { |
| nexpaq | 1:55a6170b404f | 259 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 260 | } |
| nexpaq | 1:55a6170b404f | 261 | |
| nexpaq | 1:55a6170b404f | 262 | *olen = 0; |
| nexpaq | 1:55a6170b404f | 263 | block_size = mbedtls_cipher_get_block_size( ctx ); |
| nexpaq | 1:55a6170b404f | 264 | |
| nexpaq | 1:55a6170b404f | 265 | if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) |
| nexpaq | 1:55a6170b404f | 266 | { |
| nexpaq | 1:55a6170b404f | 267 | if( ilen != block_size ) |
| nexpaq | 1:55a6170b404f | 268 | return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); |
| nexpaq | 1:55a6170b404f | 269 | |
| nexpaq | 1:55a6170b404f | 270 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 271 | |
| nexpaq | 1:55a6170b404f | 272 | if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 273 | ctx->operation, input, output ) ) ) |
| nexpaq | 1:55a6170b404f | 274 | { |
| nexpaq | 1:55a6170b404f | 275 | return( ret ); |
| nexpaq | 1:55a6170b404f | 276 | } |
| nexpaq | 1:55a6170b404f | 277 | |
| nexpaq | 1:55a6170b404f | 278 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 279 | } |
| nexpaq | 1:55a6170b404f | 280 | |
| nexpaq | 1:55a6170b404f | 281 | #if defined(MBEDTLS_GCM_C) |
| nexpaq | 1:55a6170b404f | 282 | if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM ) |
| nexpaq | 1:55a6170b404f | 283 | { |
| nexpaq | 1:55a6170b404f | 284 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 285 | return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, |
| nexpaq | 1:55a6170b404f | 286 | output ); |
| nexpaq | 1:55a6170b404f | 287 | } |
| nexpaq | 1:55a6170b404f | 288 | #endif |
| nexpaq | 1:55a6170b404f | 289 | |
| nexpaq | 1:55a6170b404f | 290 | if ( 0 == block_size ) |
| nexpaq | 1:55a6170b404f | 291 | { |
| nexpaq | 1:55a6170b404f | 292 | return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; |
| nexpaq | 1:55a6170b404f | 293 | } |
| nexpaq | 1:55a6170b404f | 294 | |
| nexpaq | 1:55a6170b404f | 295 | if( input == output && |
| nexpaq | 1:55a6170b404f | 296 | ( ctx->unprocessed_len != 0 || ilen % block_size ) ) |
| nexpaq | 1:55a6170b404f | 297 | { |
| nexpaq | 1:55a6170b404f | 298 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 299 | } |
| nexpaq | 1:55a6170b404f | 300 | |
| nexpaq | 1:55a6170b404f | 301 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
| nexpaq | 1:55a6170b404f | 302 | if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC ) |
| nexpaq | 1:55a6170b404f | 303 | { |
| nexpaq | 1:55a6170b404f | 304 | size_t copy_len = 0; |
| nexpaq | 1:55a6170b404f | 305 | |
| nexpaq | 1:55a6170b404f | 306 | /* |
| nexpaq | 1:55a6170b404f | 307 | * If there is not enough data for a full block, cache it. |
| nexpaq | 1:55a6170b404f | 308 | */ |
| nexpaq | 1:55a6170b404f | 309 | if( ( ctx->operation == MBEDTLS_DECRYPT && |
| nexpaq | 1:55a6170b404f | 310 | ilen + ctx->unprocessed_len <= block_size ) || |
| nexpaq | 1:55a6170b404f | 311 | ( ctx->operation == MBEDTLS_ENCRYPT && |
| nexpaq | 1:55a6170b404f | 312 | ilen + ctx->unprocessed_len < block_size ) ) |
| nexpaq | 1:55a6170b404f | 313 | { |
| nexpaq | 1:55a6170b404f | 314 | memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, |
| nexpaq | 1:55a6170b404f | 315 | ilen ); |
| nexpaq | 1:55a6170b404f | 316 | |
| nexpaq | 1:55a6170b404f | 317 | ctx->unprocessed_len += ilen; |
| nexpaq | 1:55a6170b404f | 318 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 319 | } |
| nexpaq | 1:55a6170b404f | 320 | |
| nexpaq | 1:55a6170b404f | 321 | /* |
| nexpaq | 1:55a6170b404f | 322 | * Process cached data first |
| nexpaq | 1:55a6170b404f | 323 | */ |
| nexpaq | 1:55a6170b404f | 324 | if( 0 != ctx->unprocessed_len ) |
| nexpaq | 1:55a6170b404f | 325 | { |
| nexpaq | 1:55a6170b404f | 326 | copy_len = block_size - ctx->unprocessed_len; |
| nexpaq | 1:55a6170b404f | 327 | |
| nexpaq | 1:55a6170b404f | 328 | memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, |
| nexpaq | 1:55a6170b404f | 329 | copy_len ); |
| nexpaq | 1:55a6170b404f | 330 | |
| nexpaq | 1:55a6170b404f | 331 | if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 332 | ctx->operation, block_size, ctx->iv, |
| nexpaq | 1:55a6170b404f | 333 | ctx->unprocessed_data, output ) ) ) |
| nexpaq | 1:55a6170b404f | 334 | { |
| nexpaq | 1:55a6170b404f | 335 | return( ret ); |
| nexpaq | 1:55a6170b404f | 336 | } |
| nexpaq | 1:55a6170b404f | 337 | |
| nexpaq | 1:55a6170b404f | 338 | *olen += block_size; |
| nexpaq | 1:55a6170b404f | 339 | output += block_size; |
| nexpaq | 1:55a6170b404f | 340 | ctx->unprocessed_len = 0; |
| nexpaq | 1:55a6170b404f | 341 | |
| nexpaq | 1:55a6170b404f | 342 | input += copy_len; |
| nexpaq | 1:55a6170b404f | 343 | ilen -= copy_len; |
| nexpaq | 1:55a6170b404f | 344 | } |
| nexpaq | 1:55a6170b404f | 345 | |
| nexpaq | 1:55a6170b404f | 346 | /* |
| nexpaq | 1:55a6170b404f | 347 | * Cache final, incomplete block |
| nexpaq | 1:55a6170b404f | 348 | */ |
| nexpaq | 1:55a6170b404f | 349 | if( 0 != ilen ) |
| nexpaq | 1:55a6170b404f | 350 | { |
| nexpaq | 1:55a6170b404f | 351 | if( 0 == block_size ) |
| nexpaq | 1:55a6170b404f | 352 | { |
| nexpaq | 1:55a6170b404f | 353 | return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; |
| nexpaq | 1:55a6170b404f | 354 | } |
| nexpaq | 1:55a6170b404f | 355 | |
| nexpaq | 1:55a6170b404f | 356 | copy_len = ilen % block_size; |
| nexpaq | 1:55a6170b404f | 357 | if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) |
| nexpaq | 1:55a6170b404f | 358 | copy_len = block_size; |
| nexpaq | 1:55a6170b404f | 359 | |
| nexpaq | 1:55a6170b404f | 360 | memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), |
| nexpaq | 1:55a6170b404f | 361 | copy_len ); |
| nexpaq | 1:55a6170b404f | 362 | |
| nexpaq | 1:55a6170b404f | 363 | ctx->unprocessed_len += copy_len; |
| nexpaq | 1:55a6170b404f | 364 | ilen -= copy_len; |
| nexpaq | 1:55a6170b404f | 365 | } |
| nexpaq | 1:55a6170b404f | 366 | |
| nexpaq | 1:55a6170b404f | 367 | /* |
| nexpaq | 1:55a6170b404f | 368 | * Process remaining full blocks |
| nexpaq | 1:55a6170b404f | 369 | */ |
| nexpaq | 1:55a6170b404f | 370 | if( ilen ) |
| nexpaq | 1:55a6170b404f | 371 | { |
| nexpaq | 1:55a6170b404f | 372 | if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 373 | ctx->operation, ilen, ctx->iv, input, output ) ) ) |
| nexpaq | 1:55a6170b404f | 374 | { |
| nexpaq | 1:55a6170b404f | 375 | return( ret ); |
| nexpaq | 1:55a6170b404f | 376 | } |
| nexpaq | 1:55a6170b404f | 377 | |
| nexpaq | 1:55a6170b404f | 378 | *olen += ilen; |
| nexpaq | 1:55a6170b404f | 379 | } |
| nexpaq | 1:55a6170b404f | 380 | |
| nexpaq | 1:55a6170b404f | 381 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 382 | } |
| nexpaq | 1:55a6170b404f | 383 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
| nexpaq | 1:55a6170b404f | 384 | |
| nexpaq | 1:55a6170b404f | 385 | #if defined(MBEDTLS_CIPHER_MODE_CFB) |
| nexpaq | 1:55a6170b404f | 386 | if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB ) |
| nexpaq | 1:55a6170b404f | 387 | { |
| nexpaq | 1:55a6170b404f | 388 | if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 389 | ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv, |
| nexpaq | 1:55a6170b404f | 390 | input, output ) ) ) |
| nexpaq | 1:55a6170b404f | 391 | { |
| nexpaq | 1:55a6170b404f | 392 | return( ret ); |
| nexpaq | 1:55a6170b404f | 393 | } |
| nexpaq | 1:55a6170b404f | 394 | |
| nexpaq | 1:55a6170b404f | 395 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 396 | |
| nexpaq | 1:55a6170b404f | 397 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 398 | } |
| nexpaq | 1:55a6170b404f | 399 | #endif /* MBEDTLS_CIPHER_MODE_CFB */ |
| nexpaq | 1:55a6170b404f | 400 | |
| nexpaq | 1:55a6170b404f | 401 | #if defined(MBEDTLS_CIPHER_MODE_CTR) |
| nexpaq | 1:55a6170b404f | 402 | if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR ) |
| nexpaq | 1:55a6170b404f | 403 | { |
| nexpaq | 1:55a6170b404f | 404 | if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 405 | ilen, &ctx->unprocessed_len, ctx->iv, |
| nexpaq | 1:55a6170b404f | 406 | ctx->unprocessed_data, input, output ) ) ) |
| nexpaq | 1:55a6170b404f | 407 | { |
| nexpaq | 1:55a6170b404f | 408 | return( ret ); |
| nexpaq | 1:55a6170b404f | 409 | } |
| nexpaq | 1:55a6170b404f | 410 | |
| nexpaq | 1:55a6170b404f | 411 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 412 | |
| nexpaq | 1:55a6170b404f | 413 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 414 | } |
| nexpaq | 1:55a6170b404f | 415 | #endif /* MBEDTLS_CIPHER_MODE_CTR */ |
| nexpaq | 1:55a6170b404f | 416 | |
| nexpaq | 1:55a6170b404f | 417 | #if defined(MBEDTLS_CIPHER_MODE_STREAM) |
| nexpaq | 1:55a6170b404f | 418 | if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM ) |
| nexpaq | 1:55a6170b404f | 419 | { |
| nexpaq | 1:55a6170b404f | 420 | if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 421 | ilen, input, output ) ) ) |
| nexpaq | 1:55a6170b404f | 422 | { |
| nexpaq | 1:55a6170b404f | 423 | return( ret ); |
| nexpaq | 1:55a6170b404f | 424 | } |
| nexpaq | 1:55a6170b404f | 425 | |
| nexpaq | 1:55a6170b404f | 426 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 427 | |
| nexpaq | 1:55a6170b404f | 428 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 429 | } |
| nexpaq | 1:55a6170b404f | 430 | #endif /* MBEDTLS_CIPHER_MODE_STREAM */ |
| nexpaq | 1:55a6170b404f | 431 | |
| nexpaq | 1:55a6170b404f | 432 | return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); |
| nexpaq | 1:55a6170b404f | 433 | } |
| nexpaq | 1:55a6170b404f | 434 | |
| nexpaq | 1:55a6170b404f | 435 | #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) |
| nexpaq | 1:55a6170b404f | 436 | #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) |
| nexpaq | 1:55a6170b404f | 437 | /* |
| nexpaq | 1:55a6170b404f | 438 | * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len |
| nexpaq | 1:55a6170b404f | 439 | */ |
| nexpaq | 1:55a6170b404f | 440 | static void add_pkcs_padding( unsigned char *output, size_t output_len, |
| nexpaq | 1:55a6170b404f | 441 | size_t data_len ) |
| nexpaq | 1:55a6170b404f | 442 | { |
| nexpaq | 1:55a6170b404f | 443 | size_t padding_len = output_len - data_len; |
| nexpaq | 1:55a6170b404f | 444 | unsigned char i; |
| nexpaq | 1:55a6170b404f | 445 | |
| nexpaq | 1:55a6170b404f | 446 | for( i = 0; i < padding_len; i++ ) |
| nexpaq | 1:55a6170b404f | 447 | output[data_len + i] = (unsigned char) padding_len; |
| nexpaq | 1:55a6170b404f | 448 | } |
| nexpaq | 1:55a6170b404f | 449 | |
| nexpaq | 1:55a6170b404f | 450 | static int get_pkcs_padding( unsigned char *input, size_t input_len, |
| nexpaq | 1:55a6170b404f | 451 | size_t *data_len ) |
| nexpaq | 1:55a6170b404f | 452 | { |
| nexpaq | 1:55a6170b404f | 453 | size_t i, pad_idx; |
| nexpaq | 1:55a6170b404f | 454 | unsigned char padding_len, bad = 0; |
| nexpaq | 1:55a6170b404f | 455 | |
| nexpaq | 1:55a6170b404f | 456 | if( NULL == input || NULL == data_len ) |
| nexpaq | 1:55a6170b404f | 457 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 458 | |
| nexpaq | 1:55a6170b404f | 459 | padding_len = input[input_len - 1]; |
| nexpaq | 1:55a6170b404f | 460 | *data_len = input_len - padding_len; |
| nexpaq | 1:55a6170b404f | 461 | |
| nexpaq | 1:55a6170b404f | 462 | /* Avoid logical || since it results in a branch */ |
| nexpaq | 1:55a6170b404f | 463 | bad |= padding_len > input_len; |
| nexpaq | 1:55a6170b404f | 464 | bad |= padding_len == 0; |
| nexpaq | 1:55a6170b404f | 465 | |
| nexpaq | 1:55a6170b404f | 466 | /* The number of bytes checked must be independent of padding_len, |
| nexpaq | 1:55a6170b404f | 467 | * so pick input_len, which is usually 8 or 16 (one block) */ |
| nexpaq | 1:55a6170b404f | 468 | pad_idx = input_len - padding_len; |
| nexpaq | 1:55a6170b404f | 469 | for( i = 0; i < input_len; i++ ) |
| nexpaq | 1:55a6170b404f | 470 | bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx ); |
| nexpaq | 1:55a6170b404f | 471 | |
| nexpaq | 1:55a6170b404f | 472 | return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); |
| nexpaq | 1:55a6170b404f | 473 | } |
| nexpaq | 1:55a6170b404f | 474 | #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ |
| nexpaq | 1:55a6170b404f | 475 | |
| nexpaq | 1:55a6170b404f | 476 | #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS) |
| nexpaq | 1:55a6170b404f | 477 | /* |
| nexpaq | 1:55a6170b404f | 478 | * One and zeros padding: fill with 80 00 ... 00 |
| nexpaq | 1:55a6170b404f | 479 | */ |
| nexpaq | 1:55a6170b404f | 480 | static void add_one_and_zeros_padding( unsigned char *output, |
| nexpaq | 1:55a6170b404f | 481 | size_t output_len, size_t data_len ) |
| nexpaq | 1:55a6170b404f | 482 | { |
| nexpaq | 1:55a6170b404f | 483 | size_t padding_len = output_len - data_len; |
| nexpaq | 1:55a6170b404f | 484 | unsigned char i = 0; |
| nexpaq | 1:55a6170b404f | 485 | |
| nexpaq | 1:55a6170b404f | 486 | output[data_len] = 0x80; |
| nexpaq | 1:55a6170b404f | 487 | for( i = 1; i < padding_len; i++ ) |
| nexpaq | 1:55a6170b404f | 488 | output[data_len + i] = 0x00; |
| nexpaq | 1:55a6170b404f | 489 | } |
| nexpaq | 1:55a6170b404f | 490 | |
| nexpaq | 1:55a6170b404f | 491 | static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, |
| nexpaq | 1:55a6170b404f | 492 | size_t *data_len ) |
| nexpaq | 1:55a6170b404f | 493 | { |
| nexpaq | 1:55a6170b404f | 494 | size_t i; |
| nexpaq | 1:55a6170b404f | 495 | unsigned char done = 0, prev_done, bad; |
| nexpaq | 1:55a6170b404f | 496 | |
| nexpaq | 1:55a6170b404f | 497 | if( NULL == input || NULL == data_len ) |
| nexpaq | 1:55a6170b404f | 498 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 499 | |
| nexpaq | 1:55a6170b404f | 500 | bad = 0xFF; |
| nexpaq | 1:55a6170b404f | 501 | *data_len = 0; |
| nexpaq | 1:55a6170b404f | 502 | for( i = input_len; i > 0; i-- ) |
| nexpaq | 1:55a6170b404f | 503 | { |
| nexpaq | 1:55a6170b404f | 504 | prev_done = done; |
| nexpaq | 1:55a6170b404f | 505 | done |= ( input[i-1] != 0 ); |
| nexpaq | 1:55a6170b404f | 506 | *data_len |= ( i - 1 ) * ( done != prev_done ); |
| nexpaq | 1:55a6170b404f | 507 | bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done ); |
| nexpaq | 1:55a6170b404f | 508 | } |
| nexpaq | 1:55a6170b404f | 509 | |
| nexpaq | 1:55a6170b404f | 510 | return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); |
| nexpaq | 1:55a6170b404f | 511 | |
| nexpaq | 1:55a6170b404f | 512 | } |
| nexpaq | 1:55a6170b404f | 513 | #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */ |
| nexpaq | 1:55a6170b404f | 514 | |
| nexpaq | 1:55a6170b404f | 515 | #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN) |
| nexpaq | 1:55a6170b404f | 516 | /* |
| nexpaq | 1:55a6170b404f | 517 | * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length |
| nexpaq | 1:55a6170b404f | 518 | */ |
| nexpaq | 1:55a6170b404f | 519 | static void add_zeros_and_len_padding( unsigned char *output, |
| nexpaq | 1:55a6170b404f | 520 | size_t output_len, size_t data_len ) |
| nexpaq | 1:55a6170b404f | 521 | { |
| nexpaq | 1:55a6170b404f | 522 | size_t padding_len = output_len - data_len; |
| nexpaq | 1:55a6170b404f | 523 | unsigned char i = 0; |
| nexpaq | 1:55a6170b404f | 524 | |
| nexpaq | 1:55a6170b404f | 525 | for( i = 1; i < padding_len; i++ ) |
| nexpaq | 1:55a6170b404f | 526 | output[data_len + i - 1] = 0x00; |
| nexpaq | 1:55a6170b404f | 527 | output[output_len - 1] = (unsigned char) padding_len; |
| nexpaq | 1:55a6170b404f | 528 | } |
| nexpaq | 1:55a6170b404f | 529 | |
| nexpaq | 1:55a6170b404f | 530 | static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, |
| nexpaq | 1:55a6170b404f | 531 | size_t *data_len ) |
| nexpaq | 1:55a6170b404f | 532 | { |
| nexpaq | 1:55a6170b404f | 533 | size_t i, pad_idx; |
| nexpaq | 1:55a6170b404f | 534 | unsigned char padding_len, bad = 0; |
| nexpaq | 1:55a6170b404f | 535 | |
| nexpaq | 1:55a6170b404f | 536 | if( NULL == input || NULL == data_len ) |
| nexpaq | 1:55a6170b404f | 537 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 538 | |
| nexpaq | 1:55a6170b404f | 539 | padding_len = input[input_len - 1]; |
| nexpaq | 1:55a6170b404f | 540 | *data_len = input_len - padding_len; |
| nexpaq | 1:55a6170b404f | 541 | |
| nexpaq | 1:55a6170b404f | 542 | /* Avoid logical || since it results in a branch */ |
| nexpaq | 1:55a6170b404f | 543 | bad |= padding_len > input_len; |
| nexpaq | 1:55a6170b404f | 544 | bad |= padding_len == 0; |
| nexpaq | 1:55a6170b404f | 545 | |
| nexpaq | 1:55a6170b404f | 546 | /* The number of bytes checked must be independent of padding_len */ |
| nexpaq | 1:55a6170b404f | 547 | pad_idx = input_len - padding_len; |
| nexpaq | 1:55a6170b404f | 548 | for( i = 0; i < input_len - 1; i++ ) |
| nexpaq | 1:55a6170b404f | 549 | bad |= input[i] * ( i >= pad_idx ); |
| nexpaq | 1:55a6170b404f | 550 | |
| nexpaq | 1:55a6170b404f | 551 | return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); |
| nexpaq | 1:55a6170b404f | 552 | } |
| nexpaq | 1:55a6170b404f | 553 | #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */ |
| nexpaq | 1:55a6170b404f | 554 | |
| nexpaq | 1:55a6170b404f | 555 | #if defined(MBEDTLS_CIPHER_PADDING_ZEROS) |
| nexpaq | 1:55a6170b404f | 556 | /* |
| nexpaq | 1:55a6170b404f | 557 | * Zero padding: fill with 00 ... 00 |
| nexpaq | 1:55a6170b404f | 558 | */ |
| nexpaq | 1:55a6170b404f | 559 | static void add_zeros_padding( unsigned char *output, |
| nexpaq | 1:55a6170b404f | 560 | size_t output_len, size_t data_len ) |
| nexpaq | 1:55a6170b404f | 561 | { |
| nexpaq | 1:55a6170b404f | 562 | size_t i; |
| nexpaq | 1:55a6170b404f | 563 | |
| nexpaq | 1:55a6170b404f | 564 | for( i = data_len; i < output_len; i++ ) |
| nexpaq | 1:55a6170b404f | 565 | output[i] = 0x00; |
| nexpaq | 1:55a6170b404f | 566 | } |
| nexpaq | 1:55a6170b404f | 567 | |
| nexpaq | 1:55a6170b404f | 568 | static int get_zeros_padding( unsigned char *input, size_t input_len, |
| nexpaq | 1:55a6170b404f | 569 | size_t *data_len ) |
| nexpaq | 1:55a6170b404f | 570 | { |
| nexpaq | 1:55a6170b404f | 571 | size_t i; |
| nexpaq | 1:55a6170b404f | 572 | unsigned char done = 0, prev_done; |
| nexpaq | 1:55a6170b404f | 573 | |
| nexpaq | 1:55a6170b404f | 574 | if( NULL == input || NULL == data_len ) |
| nexpaq | 1:55a6170b404f | 575 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 576 | |
| nexpaq | 1:55a6170b404f | 577 | *data_len = 0; |
| nexpaq | 1:55a6170b404f | 578 | for( i = input_len; i > 0; i-- ) |
| nexpaq | 1:55a6170b404f | 579 | { |
| nexpaq | 1:55a6170b404f | 580 | prev_done = done; |
| nexpaq | 1:55a6170b404f | 581 | done |= ( input[i-1] != 0 ); |
| nexpaq | 1:55a6170b404f | 582 | *data_len |= i * ( done != prev_done ); |
| nexpaq | 1:55a6170b404f | 583 | } |
| nexpaq | 1:55a6170b404f | 584 | |
| nexpaq | 1:55a6170b404f | 585 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 586 | } |
| nexpaq | 1:55a6170b404f | 587 | #endif /* MBEDTLS_CIPHER_PADDING_ZEROS */ |
| nexpaq | 1:55a6170b404f | 588 | |
| nexpaq | 1:55a6170b404f | 589 | /* |
| nexpaq | 1:55a6170b404f | 590 | * No padding: don't pad :) |
| nexpaq | 1:55a6170b404f | 591 | * |
| nexpaq | 1:55a6170b404f | 592 | * There is no add_padding function (check for NULL in mbedtls_cipher_finish) |
| nexpaq | 1:55a6170b404f | 593 | * but a trivial get_padding function |
| nexpaq | 1:55a6170b404f | 594 | */ |
| nexpaq | 1:55a6170b404f | 595 | static int get_no_padding( unsigned char *input, size_t input_len, |
| nexpaq | 1:55a6170b404f | 596 | size_t *data_len ) |
| nexpaq | 1:55a6170b404f | 597 | { |
| nexpaq | 1:55a6170b404f | 598 | if( NULL == input || NULL == data_len ) |
| nexpaq | 1:55a6170b404f | 599 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 600 | |
| nexpaq | 1:55a6170b404f | 601 | *data_len = input_len; |
| nexpaq | 1:55a6170b404f | 602 | |
| nexpaq | 1:55a6170b404f | 603 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 604 | } |
| nexpaq | 1:55a6170b404f | 605 | #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ |
| nexpaq | 1:55a6170b404f | 606 | |
| nexpaq | 1:55a6170b404f | 607 | int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 608 | unsigned char *output, size_t *olen ) |
| nexpaq | 1:55a6170b404f | 609 | { |
| nexpaq | 1:55a6170b404f | 610 | if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) |
| nexpaq | 1:55a6170b404f | 611 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 612 | |
| nexpaq | 1:55a6170b404f | 613 | *olen = 0; |
| nexpaq | 1:55a6170b404f | 614 | |
| nexpaq | 1:55a6170b404f | 615 | if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode || |
| nexpaq | 1:55a6170b404f | 616 | MBEDTLS_MODE_CTR == ctx->cipher_info->mode || |
| nexpaq | 1:55a6170b404f | 617 | MBEDTLS_MODE_GCM == ctx->cipher_info->mode || |
| nexpaq | 1:55a6170b404f | 618 | MBEDTLS_MODE_STREAM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 619 | { |
| nexpaq | 1:55a6170b404f | 620 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 621 | } |
| nexpaq | 1:55a6170b404f | 622 | |
| nexpaq | 1:55a6170b404f | 623 | if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 624 | { |
| nexpaq | 1:55a6170b404f | 625 | if( ctx->unprocessed_len != 0 ) |
| nexpaq | 1:55a6170b404f | 626 | return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); |
| nexpaq | 1:55a6170b404f | 627 | |
| nexpaq | 1:55a6170b404f | 628 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 629 | } |
| nexpaq | 1:55a6170b404f | 630 | |
| nexpaq | 1:55a6170b404f | 631 | #if defined(MBEDTLS_CIPHER_MODE_CBC) |
| nexpaq | 1:55a6170b404f | 632 | if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 633 | { |
| nexpaq | 1:55a6170b404f | 634 | int ret = 0; |
| nexpaq | 1:55a6170b404f | 635 | |
| nexpaq | 1:55a6170b404f | 636 | if( MBEDTLS_ENCRYPT == ctx->operation ) |
| nexpaq | 1:55a6170b404f | 637 | { |
| nexpaq | 1:55a6170b404f | 638 | /* check for 'no padding' mode */ |
| nexpaq | 1:55a6170b404f | 639 | if( NULL == ctx->add_padding ) |
| nexpaq | 1:55a6170b404f | 640 | { |
| nexpaq | 1:55a6170b404f | 641 | if( 0 != ctx->unprocessed_len ) |
| nexpaq | 1:55a6170b404f | 642 | return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); |
| nexpaq | 1:55a6170b404f | 643 | |
| nexpaq | 1:55a6170b404f | 644 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 645 | } |
| nexpaq | 1:55a6170b404f | 646 | |
| nexpaq | 1:55a6170b404f | 647 | ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ), |
| nexpaq | 1:55a6170b404f | 648 | ctx->unprocessed_len ); |
| nexpaq | 1:55a6170b404f | 649 | } |
| nexpaq | 1:55a6170b404f | 650 | else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len ) |
| nexpaq | 1:55a6170b404f | 651 | { |
| nexpaq | 1:55a6170b404f | 652 | /* |
| nexpaq | 1:55a6170b404f | 653 | * For decrypt operations, expect a full block, |
| nexpaq | 1:55a6170b404f | 654 | * or an empty block if no padding |
| nexpaq | 1:55a6170b404f | 655 | */ |
| nexpaq | 1:55a6170b404f | 656 | if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len ) |
| nexpaq | 1:55a6170b404f | 657 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 658 | |
| nexpaq | 1:55a6170b404f | 659 | return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); |
| nexpaq | 1:55a6170b404f | 660 | } |
| nexpaq | 1:55a6170b404f | 661 | |
| nexpaq | 1:55a6170b404f | 662 | /* cipher block */ |
| nexpaq | 1:55a6170b404f | 663 | if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 664 | ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, |
| nexpaq | 1:55a6170b404f | 665 | ctx->unprocessed_data, output ) ) ) |
| nexpaq | 1:55a6170b404f | 666 | { |
| nexpaq | 1:55a6170b404f | 667 | return( ret ); |
| nexpaq | 1:55a6170b404f | 668 | } |
| nexpaq | 1:55a6170b404f | 669 | |
| nexpaq | 1:55a6170b404f | 670 | /* Set output size for decryption */ |
| nexpaq | 1:55a6170b404f | 671 | if( MBEDTLS_DECRYPT == ctx->operation ) |
| nexpaq | 1:55a6170b404f | 672 | return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ), |
| nexpaq | 1:55a6170b404f | 673 | olen ); |
| nexpaq | 1:55a6170b404f | 674 | |
| nexpaq | 1:55a6170b404f | 675 | /* Set output size for encryption */ |
| nexpaq | 1:55a6170b404f | 676 | *olen = mbedtls_cipher_get_block_size( ctx ); |
| nexpaq | 1:55a6170b404f | 677 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 678 | } |
| nexpaq | 1:55a6170b404f | 679 | #else |
| nexpaq | 1:55a6170b404f | 680 | ((void) output); |
| nexpaq | 1:55a6170b404f | 681 | #endif /* MBEDTLS_CIPHER_MODE_CBC */ |
| nexpaq | 1:55a6170b404f | 682 | |
| nexpaq | 1:55a6170b404f | 683 | return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); |
| nexpaq | 1:55a6170b404f | 684 | } |
| nexpaq | 1:55a6170b404f | 685 | |
| nexpaq | 1:55a6170b404f | 686 | #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) |
| nexpaq | 1:55a6170b404f | 687 | int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode ) |
| nexpaq | 1:55a6170b404f | 688 | { |
| nexpaq | 1:55a6170b404f | 689 | if( NULL == ctx || |
| nexpaq | 1:55a6170b404f | 690 | MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 691 | { |
| nexpaq | 1:55a6170b404f | 692 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 693 | } |
| nexpaq | 1:55a6170b404f | 694 | |
| nexpaq | 1:55a6170b404f | 695 | switch( mode ) |
| nexpaq | 1:55a6170b404f | 696 | { |
| nexpaq | 1:55a6170b404f | 697 | #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) |
| nexpaq | 1:55a6170b404f | 698 | case MBEDTLS_PADDING_PKCS7: |
| nexpaq | 1:55a6170b404f | 699 | ctx->add_padding = add_pkcs_padding; |
| nexpaq | 1:55a6170b404f | 700 | ctx->get_padding = get_pkcs_padding; |
| nexpaq | 1:55a6170b404f | 701 | break; |
| nexpaq | 1:55a6170b404f | 702 | #endif |
| nexpaq | 1:55a6170b404f | 703 | #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS) |
| nexpaq | 1:55a6170b404f | 704 | case MBEDTLS_PADDING_ONE_AND_ZEROS: |
| nexpaq | 1:55a6170b404f | 705 | ctx->add_padding = add_one_and_zeros_padding; |
| nexpaq | 1:55a6170b404f | 706 | ctx->get_padding = get_one_and_zeros_padding; |
| nexpaq | 1:55a6170b404f | 707 | break; |
| nexpaq | 1:55a6170b404f | 708 | #endif |
| nexpaq | 1:55a6170b404f | 709 | #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN) |
| nexpaq | 1:55a6170b404f | 710 | case MBEDTLS_PADDING_ZEROS_AND_LEN: |
| nexpaq | 1:55a6170b404f | 711 | ctx->add_padding = add_zeros_and_len_padding; |
| nexpaq | 1:55a6170b404f | 712 | ctx->get_padding = get_zeros_and_len_padding; |
| nexpaq | 1:55a6170b404f | 713 | break; |
| nexpaq | 1:55a6170b404f | 714 | #endif |
| nexpaq | 1:55a6170b404f | 715 | #if defined(MBEDTLS_CIPHER_PADDING_ZEROS) |
| nexpaq | 1:55a6170b404f | 716 | case MBEDTLS_PADDING_ZEROS: |
| nexpaq | 1:55a6170b404f | 717 | ctx->add_padding = add_zeros_padding; |
| nexpaq | 1:55a6170b404f | 718 | ctx->get_padding = get_zeros_padding; |
| nexpaq | 1:55a6170b404f | 719 | break; |
| nexpaq | 1:55a6170b404f | 720 | #endif |
| nexpaq | 1:55a6170b404f | 721 | case MBEDTLS_PADDING_NONE: |
| nexpaq | 1:55a6170b404f | 722 | ctx->add_padding = NULL; |
| nexpaq | 1:55a6170b404f | 723 | ctx->get_padding = get_no_padding; |
| nexpaq | 1:55a6170b404f | 724 | break; |
| nexpaq | 1:55a6170b404f | 725 | |
| nexpaq | 1:55a6170b404f | 726 | default: |
| nexpaq | 1:55a6170b404f | 727 | return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); |
| nexpaq | 1:55a6170b404f | 728 | } |
| nexpaq | 1:55a6170b404f | 729 | |
| nexpaq | 1:55a6170b404f | 730 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 731 | } |
| nexpaq | 1:55a6170b404f | 732 | #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ |
| nexpaq | 1:55a6170b404f | 733 | |
| nexpaq | 1:55a6170b404f | 734 | #if defined(MBEDTLS_GCM_C) |
| nexpaq | 1:55a6170b404f | 735 | int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 736 | unsigned char *tag, size_t tag_len ) |
| nexpaq | 1:55a6170b404f | 737 | { |
| nexpaq | 1:55a6170b404f | 738 | if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag ) |
| nexpaq | 1:55a6170b404f | 739 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 740 | |
| nexpaq | 1:55a6170b404f | 741 | if( MBEDTLS_ENCRYPT != ctx->operation ) |
| nexpaq | 1:55a6170b404f | 742 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 743 | |
| nexpaq | 1:55a6170b404f | 744 | if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 745 | return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len ); |
| nexpaq | 1:55a6170b404f | 746 | |
| nexpaq | 1:55a6170b404f | 747 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 748 | } |
| nexpaq | 1:55a6170b404f | 749 | |
| nexpaq | 1:55a6170b404f | 750 | int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 751 | const unsigned char *tag, size_t tag_len ) |
| nexpaq | 1:55a6170b404f | 752 | { |
| nexpaq | 1:55a6170b404f | 753 | int ret; |
| nexpaq | 1:55a6170b404f | 754 | |
| nexpaq | 1:55a6170b404f | 755 | if( NULL == ctx || NULL == ctx->cipher_info || |
| nexpaq | 1:55a6170b404f | 756 | MBEDTLS_DECRYPT != ctx->operation ) |
| nexpaq | 1:55a6170b404f | 757 | { |
| nexpaq | 1:55a6170b404f | 758 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 759 | } |
| nexpaq | 1:55a6170b404f | 760 | |
| nexpaq | 1:55a6170b404f | 761 | if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 762 | { |
| nexpaq | 1:55a6170b404f | 763 | unsigned char check_tag[16]; |
| nexpaq | 1:55a6170b404f | 764 | size_t i; |
| nexpaq | 1:55a6170b404f | 765 | int diff; |
| nexpaq | 1:55a6170b404f | 766 | |
| nexpaq | 1:55a6170b404f | 767 | if( tag_len > sizeof( check_tag ) ) |
| nexpaq | 1:55a6170b404f | 768 | return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); |
| nexpaq | 1:55a6170b404f | 769 | |
| nexpaq | 1:55a6170b404f | 770 | if( 0 != ( ret = mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, |
| nexpaq | 1:55a6170b404f | 771 | check_tag, tag_len ) ) ) |
| nexpaq | 1:55a6170b404f | 772 | { |
| nexpaq | 1:55a6170b404f | 773 | return( ret ); |
| nexpaq | 1:55a6170b404f | 774 | } |
| nexpaq | 1:55a6170b404f | 775 | |
| nexpaq | 1:55a6170b404f | 776 | /* Check the tag in "constant-time" */ |
| nexpaq | 1:55a6170b404f | 777 | for( diff = 0, i = 0; i < tag_len; i++ ) |
| nexpaq | 1:55a6170b404f | 778 | diff |= tag[i] ^ check_tag[i]; |
| nexpaq | 1:55a6170b404f | 779 | |
| nexpaq | 1:55a6170b404f | 780 | if( diff != 0 ) |
| nexpaq | 1:55a6170b404f | 781 | return( MBEDTLS_ERR_CIPHER_AUTH_FAILED ); |
| nexpaq | 1:55a6170b404f | 782 | |
| nexpaq | 1:55a6170b404f | 783 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 784 | } |
| nexpaq | 1:55a6170b404f | 785 | |
| nexpaq | 1:55a6170b404f | 786 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 787 | } |
| nexpaq | 1:55a6170b404f | 788 | #endif /* MBEDTLS_GCM_C */ |
| nexpaq | 1:55a6170b404f | 789 | |
| nexpaq | 1:55a6170b404f | 790 | /* |
| nexpaq | 1:55a6170b404f | 791 | * Packet-oriented wrapper for non-AEAD modes |
| nexpaq | 1:55a6170b404f | 792 | */ |
| nexpaq | 1:55a6170b404f | 793 | int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 794 | const unsigned char *iv, size_t iv_len, |
| nexpaq | 1:55a6170b404f | 795 | const unsigned char *input, size_t ilen, |
| nexpaq | 1:55a6170b404f | 796 | unsigned char *output, size_t *olen ) |
| nexpaq | 1:55a6170b404f | 797 | { |
| nexpaq | 1:55a6170b404f | 798 | int ret; |
| nexpaq | 1:55a6170b404f | 799 | size_t finish_olen; |
| nexpaq | 1:55a6170b404f | 800 | |
| nexpaq | 1:55a6170b404f | 801 | if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) |
| nexpaq | 1:55a6170b404f | 802 | return( ret ); |
| nexpaq | 1:55a6170b404f | 803 | |
| nexpaq | 1:55a6170b404f | 804 | if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 ) |
| nexpaq | 1:55a6170b404f | 805 | return( ret ); |
| nexpaq | 1:55a6170b404f | 806 | |
| nexpaq | 1:55a6170b404f | 807 | if( ( ret = mbedtls_cipher_update( ctx, input, ilen, output, olen ) ) != 0 ) |
| nexpaq | 1:55a6170b404f | 808 | return( ret ); |
| nexpaq | 1:55a6170b404f | 809 | |
| nexpaq | 1:55a6170b404f | 810 | if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 ) |
| nexpaq | 1:55a6170b404f | 811 | return( ret ); |
| nexpaq | 1:55a6170b404f | 812 | |
| nexpaq | 1:55a6170b404f | 813 | *olen += finish_olen; |
| nexpaq | 1:55a6170b404f | 814 | |
| nexpaq | 1:55a6170b404f | 815 | return( 0 ); |
| nexpaq | 1:55a6170b404f | 816 | } |
| nexpaq | 1:55a6170b404f | 817 | |
| nexpaq | 1:55a6170b404f | 818 | #if defined(MBEDTLS_CIPHER_MODE_AEAD) |
| nexpaq | 1:55a6170b404f | 819 | /* |
| nexpaq | 1:55a6170b404f | 820 | * Packet-oriented encryption for AEAD modes |
| nexpaq | 1:55a6170b404f | 821 | */ |
| nexpaq | 1:55a6170b404f | 822 | int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 823 | const unsigned char *iv, size_t iv_len, |
| nexpaq | 1:55a6170b404f | 824 | const unsigned char *ad, size_t ad_len, |
| nexpaq | 1:55a6170b404f | 825 | const unsigned char *input, size_t ilen, |
| nexpaq | 1:55a6170b404f | 826 | unsigned char *output, size_t *olen, |
| nexpaq | 1:55a6170b404f | 827 | unsigned char *tag, size_t tag_len ) |
| nexpaq | 1:55a6170b404f | 828 | { |
| nexpaq | 1:55a6170b404f | 829 | #if defined(MBEDTLS_GCM_C) |
| nexpaq | 1:55a6170b404f | 830 | if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 831 | { |
| nexpaq | 1:55a6170b404f | 832 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 833 | return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, ilen, |
| nexpaq | 1:55a6170b404f | 834 | iv, iv_len, ad, ad_len, input, output, |
| nexpaq | 1:55a6170b404f | 835 | tag_len, tag ) ); |
| nexpaq | 1:55a6170b404f | 836 | } |
| nexpaq | 1:55a6170b404f | 837 | #endif /* MBEDTLS_GCM_C */ |
| nexpaq | 1:55a6170b404f | 838 | #if defined(MBEDTLS_CCM_C) |
| nexpaq | 1:55a6170b404f | 839 | if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 840 | { |
| nexpaq | 1:55a6170b404f | 841 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 842 | return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen, |
| nexpaq | 1:55a6170b404f | 843 | iv, iv_len, ad, ad_len, input, output, |
| nexpaq | 1:55a6170b404f | 844 | tag, tag_len ) ); |
| nexpaq | 1:55a6170b404f | 845 | } |
| nexpaq | 1:55a6170b404f | 846 | #endif /* MBEDTLS_CCM_C */ |
| nexpaq | 1:55a6170b404f | 847 | |
| nexpaq | 1:55a6170b404f | 848 | return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); |
| nexpaq | 1:55a6170b404f | 849 | } |
| nexpaq | 1:55a6170b404f | 850 | |
| nexpaq | 1:55a6170b404f | 851 | /* |
| nexpaq | 1:55a6170b404f | 852 | * Packet-oriented decryption for AEAD modes |
| nexpaq | 1:55a6170b404f | 853 | */ |
| nexpaq | 1:55a6170b404f | 854 | int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, |
| nexpaq | 1:55a6170b404f | 855 | const unsigned char *iv, size_t iv_len, |
| nexpaq | 1:55a6170b404f | 856 | const unsigned char *ad, size_t ad_len, |
| nexpaq | 1:55a6170b404f | 857 | const unsigned char *input, size_t ilen, |
| nexpaq | 1:55a6170b404f | 858 | unsigned char *output, size_t *olen, |
| nexpaq | 1:55a6170b404f | 859 | const unsigned char *tag, size_t tag_len ) |
| nexpaq | 1:55a6170b404f | 860 | { |
| nexpaq | 1:55a6170b404f | 861 | #if defined(MBEDTLS_GCM_C) |
| nexpaq | 1:55a6170b404f | 862 | if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 863 | { |
| nexpaq | 1:55a6170b404f | 864 | int ret; |
| nexpaq | 1:55a6170b404f | 865 | |
| nexpaq | 1:55a6170b404f | 866 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 867 | ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen, |
| nexpaq | 1:55a6170b404f | 868 | iv, iv_len, ad, ad_len, |
| nexpaq | 1:55a6170b404f | 869 | tag, tag_len, input, output ); |
| nexpaq | 1:55a6170b404f | 870 | |
| nexpaq | 1:55a6170b404f | 871 | if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED ) |
| nexpaq | 1:55a6170b404f | 872 | ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; |
| nexpaq | 1:55a6170b404f | 873 | |
| nexpaq | 1:55a6170b404f | 874 | return( ret ); |
| nexpaq | 1:55a6170b404f | 875 | } |
| nexpaq | 1:55a6170b404f | 876 | #endif /* MBEDTLS_GCM_C */ |
| nexpaq | 1:55a6170b404f | 877 | #if defined(MBEDTLS_CCM_C) |
| nexpaq | 1:55a6170b404f | 878 | if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) |
| nexpaq | 1:55a6170b404f | 879 | { |
| nexpaq | 1:55a6170b404f | 880 | int ret; |
| nexpaq | 1:55a6170b404f | 881 | |
| nexpaq | 1:55a6170b404f | 882 | *olen = ilen; |
| nexpaq | 1:55a6170b404f | 883 | ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen, |
| nexpaq | 1:55a6170b404f | 884 | iv, iv_len, ad, ad_len, |
| nexpaq | 1:55a6170b404f | 885 | input, output, tag, tag_len ); |
| nexpaq | 1:55a6170b404f | 886 | |
| nexpaq | 1:55a6170b404f | 887 | if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) |
| nexpaq | 1:55a6170b404f | 888 | ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; |
| nexpaq | 1:55a6170b404f | 889 | |
| nexpaq | 1:55a6170b404f | 890 | return( ret ); |
| nexpaq | 1:55a6170b404f | 891 | } |
| nexpaq | 1:55a6170b404f | 892 | #endif /* MBEDTLS_CCM_C */ |
| nexpaq | 1:55a6170b404f | 893 | |
| nexpaq | 1:55a6170b404f | 894 | return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); |
| nexpaq | 1:55a6170b404f | 895 | } |
| nexpaq | 1:55a6170b404f | 896 | #endif /* MBEDTLS_CIPHER_MODE_AEAD */ |
| nexpaq | 1:55a6170b404f | 897 | |
| nexpaq | 1:55a6170b404f | 898 | #endif /* MBEDTLS_CIPHER_C */ |