mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-02 07:20:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace CCM_CRYPT macro with a more versatile static function.

Browse Source 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk 2021-07-07 11:05:45 +02:00
parent 33392450b7
commit 2ad7d8e1ff
1 changed files with 32 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
library/ccm.c
View File

@ -108,14 +108,11 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
} }
/*
* Macros for common operations.
* Results in smaller compiled code than static inline functions.
*/
/* /*
* Update the CBC-MAC state in y using a block in b * Update the CBC-MAC state in y using a block in b
* (Always using b as the source helps the compiler optimise a bit better.) * (Always using b as the source helps the compiler optimise a bit better.)
*
* Macro results in smaller compiled code than static inline functions.
*/ */
#define UPDATE_CBC_MAC \ #define UPDATE_CBC_MAC \
for( i = 0; i < 16; i++ ) \ for( i = 0; i < 16; i++ ) \
@ -127,30 +124,37 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
return( ret ); \ return( ret ); \
} \ } \
/*
* Encrypt or decrypt a partial block with CTR
* Warning: using b for temporary storage! src and dst must not be b!
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
*/
#define CTR_CRYPT( dst, src, len ) \
do \
{ \
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, \
16, ctx->b, &olen ) ) != 0 ) \
{ \
ctx->state |= CCM_STATE__ERROR; \
return( ret ); \
} \
\
for( i = 0; i < (len); i++ ) \
(dst)[i] = (src)[i] ^ ctx->b[i]; \
} while( 0 )
#define CCM_STATE__CLEAR 0 #define CCM_STATE__CLEAR 0
#define CCM_STATE__STARTED 0x0001 #define CCM_STATE__STARTED 0x0001
#define CCM_STATE__LENGHTS_SET 0x0002 #define CCM_STATE__LENGHTS_SET 0x0002
#define CCM_STATE__ERROR 0x0004 #define CCM_STATE__ERROR 0x0004
/*
* Encrypt or decrypt a partial block with CTR
*/
static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
size_t offset, size_t use_len,
const unsigned char *input,
unsigned char *output )
{
size_t i;
size_t olen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp_buf[16] = {0};
if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
&olen ) ) != 0 )
{
ctx->state |= CCM_STATE__ERROR; \
return ret;
}
for( i = 0; i < use_len; i++ )
output[i] = input[i] ^ tmp_buf[offset + i];
return ret;
}
static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) { static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
ctx->state = CCM_STATE__CLEAR; ctx->state = CCM_STATE__CLEAR;
memset( ctx->b, 0, 16); memset( ctx->b, 0, 16);
@ -359,7 +363,7 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
UPDATE_CBC_MAC; UPDATE_CBC_MAC;
} }
CTR_CRYPT( dst, src, use_len ); mbedtls_ccm_crypt( ctx, 0, use_len, src, dst );
if( ctx->mode == CCM_DECRYPT ) if( ctx->mode == CCM_DECRYPT )
{ {
@ -389,7 +393,6 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i; unsigned char i;
size_t olen;
/* /*
* Authentication: reset counter and crypt/mask internal tag * Authentication: reset counter and crypt/mask internal tag
@ -397,7 +400,9 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
for( i = 0; i < ctx->q; i++ ) for( i = 0; i < ctx->q; i++ )
ctx->ctr[15-i] = 0; ctx->ctr[15-i] = 0;
CTR_CRYPT( ctx->y, ctx->y, 16 ); ret = mbedtls_ccm_crypt( ctx, 0, 16, ctx->y, ctx->y );
if( ret != 0 )
return ret;
memcpy( tag, ctx->y, tag_len ); memcpy( tag, ctx->y, tag_len );
mbedtls_ccm_clear_state(ctx); mbedtls_ccm_clear_state(ctx);