diff --git a/ChangeLog b/ChangeLog index 4b266d5722..c1df109581 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Features * Support for CCM and CCM_8 ciphersuites * Support for parsing and verifying RSASSA-PSS signatures in the X.509 modules (certificates, CRLs and CSRs). + * Blowfish in the cipher layer now supports variable length keys. Changes * Add LINK_WITH_PTHREAD option in CMake for explicit linking that is diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h index 4325f9fa1e..51534613ea 100644 --- a/include/polarssl/cipher.h +++ b/include/polarssl/cipher.h @@ -61,6 +61,9 @@ #define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define POLARSSL_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ +#define POLARSSL_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ +#define POLARSSL_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ + #ifdef __cplusplus extern "C" { #endif @@ -238,8 +241,8 @@ typedef struct { * For cipher that accept many sizes: recommended size */ unsigned int iv_size; - /** Flag for ciphers that accept many sizes of IV/NONCE */ - int accepts_variable_iv_size; + /** Flags for variable IV size, variable key size, etc. */ + int flags; /** block size, in bytes */ unsigned int block_size; diff --git a/library/cipher.c b/library/cipher.c index edef2f9ac3..558c4b35b0 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -168,8 +168,11 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, if( NULL == ctx || NULL == ctx->cipher_info ) return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA ); - if( (int) ctx->cipher_info->key_length != key_length ) + if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_KEY_LEN ) == 0 && + (int) ctx->cipher_info->key_length != key_length ) + { return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA ); + } ctx->key_length = key_length; ctx->operation = operation; @@ -204,7 +207,7 @@ int cipher_set_iv( cipher_context_t *ctx, if( iv_len > POLARSSL_MAX_IV_LENGTH ) return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE ); - if( ctx->cipher_info->accepts_variable_iv_size ) + if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_IV_LEN ) != 0 ) actual_iv_size = iv_len; else { diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index efc4d44362..f4d39fa26f 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -374,7 +374,7 @@ const cipher_info_t aes_128_gcm_info = { 128, "AES-128-GCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &gcm_aes_info }; @@ -385,7 +385,7 @@ const cipher_info_t aes_192_gcm_info = { 192, "AES-192-GCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &gcm_aes_info }; @@ -396,7 +396,7 @@ const cipher_info_t aes_256_gcm_info = { 256, "AES-256-GCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &gcm_aes_info }; @@ -429,7 +429,7 @@ const cipher_info_t aes_128_ccm_info = { 128, "AES-128-CCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &ccm_aes_info }; @@ -440,7 +440,7 @@ const cipher_info_t aes_192_ccm_info = { 192, "AES-192-CCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &ccm_aes_info }; @@ -451,7 +451,7 @@ const cipher_info_t aes_256_ccm_info = { 256, "AES-256-CCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &ccm_aes_info }; @@ -728,7 +728,7 @@ const cipher_info_t camellia_128_gcm_info = { 128, "CAMELLIA-128-GCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &gcm_camellia_info }; @@ -739,7 +739,7 @@ const cipher_info_t camellia_192_gcm_info = { 192, "CAMELLIA-192-GCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &gcm_camellia_info }; @@ -750,7 +750,7 @@ const cipher_info_t camellia_256_gcm_info = { 256, "CAMELLIA-256-GCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &gcm_camellia_info }; @@ -783,7 +783,7 @@ const cipher_info_t camellia_128_ccm_info = { 128, "CAMELLIA-128-CCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &ccm_camellia_info }; @@ -794,7 +794,7 @@ const cipher_info_t camellia_192_ccm_info = { 192, "CAMELLIA-192-CCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &ccm_camellia_info }; @@ -805,7 +805,7 @@ const cipher_info_t camellia_256_ccm_info = { 256, "CAMELLIA-256-CCM", 12, - 1, + POLARSSL_CIPHER_VARIABLE_IV_LEN, 16, &ccm_camellia_info }; @@ -1180,7 +1180,7 @@ const cipher_info_t blowfish_ecb_info = { 128, "BLOWFISH-ECB", 8, - 0, + POLARSSL_CIPHER_VARIABLE_KEY_LEN, 8, &blowfish_info }; @@ -1192,7 +1192,7 @@ const cipher_info_t blowfish_cbc_info = { 128, "BLOWFISH-CBC", 8, - 0, + POLARSSL_CIPHER_VARIABLE_KEY_LEN, 8, &blowfish_info }; @@ -1205,7 +1205,7 @@ const cipher_info_t blowfish_cfb64_info = { 128, "BLOWFISH-CFB64", 8, - 0, + POLARSSL_CIPHER_VARIABLE_KEY_LEN, 8, &blowfish_info }; @@ -1218,7 +1218,7 @@ const cipher_info_t blowfish_ctr_info = { 128, "BLOWFISH-CTR", 8, - 0, + POLARSSL_CIPHER_VARIABLE_KEY_LEN, 8, &blowfish_info }; diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data index de20521d11..bd0f890f0b 100644 --- a/tests/suites/test_suite_cipher.blowfish.data +++ b/tests/suites/test_suite_cipher.blowfish.data @@ -549,3 +549,56 @@ enc_dec_buf_multipart:POLARSSL_CIPHER_BLOWFISH_CTR:128:17:6: BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CTR enc_dec_buf_multipart:POLARSSL_CIPHER_BLOWFISH_CTR:128:16:16: + +BLOWFISH CBC Encrypt and decrypt 7 bytes, 192-bits key +depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_CIPHER_PADDING_PKCS7 +enc_dec_buf:POLARSSL_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":192:7:-1 + +BLOWFISH CTR Encrypt and decrypt 7 bytes, 192-bits key +depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CTR +enc_dec_buf:POLARSSL_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":192:7:-1 + +BLOWFISH CFB64 Encrypt and decrypt 7 bytes, 192-bits key +depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CFB +enc_dec_buf:POLARSSL_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":192:7:-1 + +BLOWFISH ECB Encrypt test vector (SSLeay) #1 +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"00000000000000000000000000000000":"0000000000000000":"4ef997456198dd78":0 + +BLOWFISH ECB Encrypt test vector (SSLeay) #2 +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"ffffffffffffffffffffffffffffffff":"ffffffffffffffff":"51866fd5b85ecb8a":0 + +BLOWFISH ECB Encrypt test vector (SSLeay) #3 +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0 + +BLOWFISH ECB Encrypt test vector (SSLeay) #3, 64-bit key +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0 + +BLOWFISH ECB Encrypt test vector (SSLeay) #3, 192-bit key +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"fedcba9876543210fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0 + +BLOWFISH ECB Decrypt test vector (SSLeay) #1 +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"00000000000000000000000000000000":"4ef997456198dd78":"0000000000000000":0 + +BLOWFISH ECB Decrypt test vector (SSLeay) #2 +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"ffffffffffffffffffffffffffffffff":"51866fd5b85ecb8a":"ffffffffffffffff":0 + +BLOWFISH ECB Decrypt test vector (SSLeay) #3 +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0 + +BLOWFISH ECB Decrypt test vector (SSLeay) #3, 64-bit key +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0 + +BLOWFISH ECB Decrypt test vector (SSLeay) #3, 192-bit key +depends_on:POLARSSL_BLOWFISH_C +test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"3849674c2602319e3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0 +