mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-10 06:40:16 +00:00
Merge pull request #7825 from daverodgman/cipher_wrap_size
Cipher wrap size improvement
This commit is contained in:
Dave Rodgman
GitHub
commit
3d0c8255aa
@ -270,45 +270,58 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
|
||||
* mbedtls_cipher_info_from_type(),
|
||||
* mbedtls_cipher_info_from_values(),
|
||||
* mbedtls_cipher_info_from_psa().
|
||||
*
|
||||
* \note Some fields store a value that has been right-shifted to save
|
||||
* code-size, so should not be used directly. The accessor
|
||||
* functions adjust for this and return the "natural" value.
|
||||
*/
|
||||
typedef struct mbedtls_cipher_info_t {
|
||||
/** Full cipher identifier. For example,
|
||||
* MBEDTLS_CIPHER_AES_256_CBC.
|
||||
*/
|
||||
mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
|
||||
|
||||
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
|
||||
mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
|
||||
|
||||
/** The cipher key length, in bits. This is the
|
||||
* default length for variable sized ciphers.
|
||||
* Includes parity bits for ciphers like DES.
|
||||
*/
|
||||
unsigned int MBEDTLS_PRIVATE(key_bitlen);
|
||||
|
||||
/** Name of the cipher. */
|
||||
const char *MBEDTLS_PRIVATE(name);
|
||||
|
||||
/** IV or nonce size, in Bytes.
|
||||
/** The block size, in bytes. */
|
||||
unsigned int MBEDTLS_PRIVATE(block_size) : 5;
|
||||
|
||||
/** IV or nonce size, in bytes (right shifted by #MBEDTLS_IV_SIZE_SHIFT).
|
||||
* For ciphers that accept variable IV sizes,
|
||||
* this is the recommended size.
|
||||
*/
|
||||
unsigned int MBEDTLS_PRIVATE(iv_size);
|
||||
unsigned int MBEDTLS_PRIVATE(iv_size) : 3;
|
||||
|
||||
/** The cipher key length, in bits (right shifted by #MBEDTLS_KEY_BITLEN_SHIFT).
|
||||
* This is the default length for variable sized ciphers.
|
||||
* Includes parity bits for ciphers like DES.
|
||||
*/
|
||||
unsigned int MBEDTLS_PRIVATE(key_bitlen) : 4;
|
||||
|
||||
/** The cipher mode (as per mbedtls_cipher_mode_t).
|
||||
* For example, MBEDTLS_MODE_CBC.
|
||||
*/
|
||||
unsigned int MBEDTLS_PRIVATE(mode) : 4;
|
||||
|
||||
/** Full cipher identifier (as per mbedtls_cipher_type_t).
|
||||
* For example, MBEDTLS_CIPHER_AES_256_CBC.
|
||||
*
|
||||
* This could be 7 bits, but 8 bits retains byte alignment for the
|
||||
* next field, which reduces code size to access that field.
|
||||
*/
|
||||
unsigned int MBEDTLS_PRIVATE(type) : 8;
|
||||
|
||||
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
|
||||
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
|
||||
* cipher supports variable IV or variable key sizes, respectively.
|
||||
*/
|
||||
int MBEDTLS_PRIVATE(flags);
|
||||
unsigned int MBEDTLS_PRIVATE(flags) : 2;
|
||||
|
||||
/** The block size, in Bytes. */
|
||||
unsigned int MBEDTLS_PRIVATE(block_size);
|
||||
|
||||
/** Struct for base cipher information and functions. */
|
||||
const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
|
||||
/** Index to LUT for base cipher information and functions. */
|
||||
unsigned int MBEDTLS_PRIVATE(base_idx) : 5;
|
||||
|
||||
} mbedtls_cipher_info_t;
|
||||
|
||||
/* For internal use only.
|
||||
* These are used to more compactly represent the fields above. */
|
||||
#define MBEDTLS_KEY_BITLEN_SHIFT 6
|
||||
#define MBEDTLS_IV_SIZE_SHIFT 2
|
||||
/**
|
||||
* Generic cipher context.
|
||||
*/
|
||||
@ -439,7 +452,7 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
|
||||
if (info == NULL) {
|
||||
return MBEDTLS_CIPHER_NONE;
|
||||
} else {
|
||||
return info->MBEDTLS_PRIVATE(type);
|
||||
return (mbedtls_cipher_type_t) info->MBEDTLS_PRIVATE(type);
|
||||
}
|
||||
}
|
||||
|
||||
@ -458,7 +471,7 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
|
||||
if (info == NULL) {
|
||||
return MBEDTLS_MODE_NONE;
|
||||
} else {
|
||||
return info->MBEDTLS_PRIVATE(mode);
|
||||
return (mbedtls_cipher_mode_t) info->MBEDTLS_PRIVATE(mode);
|
||||
}
|
||||
}
|
||||
|
||||
@ -479,7 +492,7 @@ static inline size_t mbedtls_cipher_info_get_key_bitlen(
|
||||
if (info == NULL) {
|
||||
return 0;
|
||||
} else {
|
||||
return info->MBEDTLS_PRIVATE(key_bitlen);
|
||||
return info->MBEDTLS_PRIVATE(key_bitlen) << MBEDTLS_KEY_BITLEN_SHIFT;
|
||||
}
|
||||
}
|
||||
|
||||
@ -521,7 +534,7 @@ static inline size_t mbedtls_cipher_info_get_iv_size(
|
||||
return 0;
|
||||
}
|
||||
|
||||
return (size_t) info->MBEDTLS_PRIVATE(iv_size);
|
||||
return ((size_t) info->MBEDTLS_PRIVATE(iv_size)) << MBEDTLS_IV_SIZE_SHIFT;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -541,7 +554,7 @@ static inline size_t mbedtls_cipher_info_get_block_size(
|
||||
return 0;
|
||||
}
|
||||
|
||||
return (size_t) info->MBEDTLS_PRIVATE(block_size);
|
||||
return (size_t) (info->MBEDTLS_PRIVATE(block_size));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -682,7 +695,7 @@ static inline unsigned int mbedtls_cipher_get_block_size(
|
||||
return 0;
|
||||
}
|
||||
|
||||
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
|
||||
return (unsigned int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -702,7 +715,7 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
|
||||
return MBEDTLS_MODE_NONE;
|
||||
}
|
||||
|
||||
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
|
||||
return (mbedtls_cipher_mode_t) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -727,7 +740,8 @@ static inline int mbedtls_cipher_get_iv_size(
|
||||
return (int) ctx->MBEDTLS_PRIVATE(iv_size);
|
||||
}
|
||||
|
||||
return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
|
||||
return (int) (((int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size)) <<
|
||||
MBEDTLS_IV_SIZE_SHIFT);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -747,7 +761,7 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
|
||||
return MBEDTLS_CIPHER_NONE;
|
||||
}
|
||||
|
||||
return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
|
||||
return (mbedtls_cipher_type_t) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -788,7 +802,8 @@ static inline int mbedtls_cipher_get_key_bitlen(
|
||||
return MBEDTLS_KEY_LENGTH_NONE;
|
||||
}
|
||||
|
||||
return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
|
||||
return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen) <<
|
||||
MBEDTLS_KEY_BITLEN_SHIFT;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -70,7 +70,7 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
if (cipher_info->block_size != 16) {
|
||||
if (mbedtls_cipher_info_get_block_size(cipher_info) != 16) {
|
||||
return MBEDTLS_ERR_CCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
|
||||
212
library/cipher.c
212
library/cipher.c
@ -67,6 +67,12 @@
|
||||
|
||||
static int supported_init = 0;
|
||||
|
||||
static inline const mbedtls_cipher_base_t *mbedtls_cipher_get_base(
|
||||
const mbedtls_cipher_info_t *info)
|
||||
{
|
||||
return mbedtls_cipher_base_lookup_table[info->base_idx];
|
||||
}
|
||||
|
||||
const int *mbedtls_cipher_list(void)
|
||||
{
|
||||
const mbedtls_cipher_definition_t *def;
|
||||
@ -128,8 +134,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
|
||||
const mbedtls_cipher_definition_t *def;
|
||||
|
||||
for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
|
||||
if (def->info->base->cipher == cipher_id &&
|
||||
def->info->key_bitlen == (unsigned) key_bitlen &&
|
||||
if (mbedtls_cipher_get_base(def->info)->cipher == cipher_id &&
|
||||
mbedtls_cipher_info_get_key_bitlen(def->info) == (unsigned) key_bitlen &&
|
||||
def->info->mode == mode) {
|
||||
return def->info;
|
||||
}
|
||||
@ -178,7 +184,7 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
|
||||
#endif
|
||||
|
||||
if (ctx->cipher_ctx) {
|
||||
ctx->cipher_info->base->ctx_free_func(ctx->cipher_ctx);
|
||||
mbedtls_cipher_get_base(ctx->cipher_info)->ctx_free_func(ctx->cipher_ctx);
|
||||
}
|
||||
|
||||
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
|
||||
@ -193,7 +199,7 @@ int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
|
||||
|
||||
memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
|
||||
|
||||
if (NULL == (ctx->cipher_ctx = cipher_info->base->ctx_alloc_func())) {
|
||||
if (NULL == (ctx->cipher_ctx = mbedtls_cipher_get_base(cipher_info)->ctx_alloc_func())) {
|
||||
return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
|
||||
}
|
||||
|
||||
@ -228,11 +234,11 @@ int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
|
||||
|
||||
/* Check that the underlying cipher mode and cipher type are
|
||||
* supported by the underlying PSA Crypto implementation. */
|
||||
alg = mbedtls_psa_translate_cipher_mode(cipher_info->mode, taglen);
|
||||
alg = mbedtls_psa_translate_cipher_mode(((mbedtls_cipher_mode_t) cipher_info->mode), taglen);
|
||||
if (alg == 0) {
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
if (mbedtls_psa_translate_cipher_type(cipher_info->type) == 0) {
|
||||
if (mbedtls_psa_translate_cipher_type(((mbedtls_cipher_type_t) cipher_info->type)) == 0) {
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
|
||||
@ -285,7 +291,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
|
||||
key_type = mbedtls_psa_translate_cipher_type(
|
||||
ctx->cipher_info->type);
|
||||
((mbedtls_cipher_type_t) ctx->cipher_info->type));
|
||||
if (key_type == 0) {
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
@ -323,7 +329,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
|
||||
(int) ctx->cipher_info->key_bitlen != key_bitlen) {
|
||||
(int) mbedtls_cipher_info_get_key_bitlen(ctx->cipher_info) != key_bitlen) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
@ -334,16 +340,16 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
||||
* For OFB, CFB and CTR mode always use the encryption key schedule
|
||||
*/
|
||||
if (MBEDTLS_ENCRYPT == operation ||
|
||||
MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode) {
|
||||
return ctx->cipher_info->base->setkey_enc_func(ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen);
|
||||
MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen);
|
||||
}
|
||||
|
||||
if (MBEDTLS_DECRYPT == operation) {
|
||||
return ctx->cipher_info->base->setkey_dec_func(ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen);
|
||||
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key,
|
||||
ctx->key_bitlen);
|
||||
}
|
||||
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
@ -375,7 +381,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
|
||||
if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN) != 0) {
|
||||
actual_iv_size = iv_len;
|
||||
} else {
|
||||
actual_iv_size = ctx->cipher_info->iv_size;
|
||||
actual_iv_size = mbedtls_cipher_info_get_iv_size(ctx->cipher_info);
|
||||
|
||||
/* avoid reading past the end of input buffer */
|
||||
if (actual_iv_size > iv_len) {
|
||||
@ -384,7 +390,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CHACHA20_C)
|
||||
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20) {
|
||||
if (((mbedtls_cipher_type_t) ctx->cipher_info->type) == MBEDTLS_CIPHER_CHACHA20) {
|
||||
/* Even though the actual_iv_size is overwritten with a correct value
|
||||
* of 12 from the cipher info, return an error to indicate that
|
||||
* the input iv_len is wrong. */
|
||||
@ -399,7 +405,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
|
||||
if (((mbedtls_cipher_type_t) ctx->cipher_info->type) == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
|
||||
iv_len != 12) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
@ -407,7 +413,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
return mbedtls_gcm_starts((mbedtls_gcm_context *) ctx->cipher_ctx,
|
||||
ctx->operation,
|
||||
iv, iv_len);
|
||||
@ -415,7 +421,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if (MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_CCM_STAR_NO_TAG == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
int set_lengths_result;
|
||||
int ccm_star_mode;
|
||||
|
||||
@ -485,14 +491,14 @@ int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
return mbedtls_gcm_update_ad((mbedtls_gcm_context *) ctx->cipher_ctx,
|
||||
ad, ad_len);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
|
||||
int result;
|
||||
mbedtls_chachapoly_mode_t mode;
|
||||
|
||||
@ -541,15 +547,16 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
|
||||
}
|
||||
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_ECB) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_ECB) {
|
||||
if (ilen != block_size) {
|
||||
return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
|
||||
}
|
||||
|
||||
*olen = ilen;
|
||||
|
||||
if (0 != (ret = ctx->cipher_info->base->ecb_func(ctx->cipher_ctx,
|
||||
ctx->operation, input, output))) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ecb_func(ctx->cipher_ctx,
|
||||
ctx->operation, input,
|
||||
output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -557,7 +564,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_GCM) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_GCM) {
|
||||
return mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx,
|
||||
input, ilen,
|
||||
output, ilen, olen);
|
||||
@ -565,7 +572,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CCM_STAR_NO_TAG) {
|
||||
return mbedtls_ccm_update((mbedtls_ccm_context *) ctx->cipher_ctx,
|
||||
input, ilen,
|
||||
output, ilen, olen);
|
||||
@ -573,7 +580,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
|
||||
if (((mbedtls_cipher_type_t) ctx->cipher_info->type) == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
|
||||
*olen = ilen;
|
||||
return mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx,
|
||||
ilen, input, output);
|
||||
@ -586,7 +593,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_CBC) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CBC) {
|
||||
size_t copy_len = 0;
|
||||
|
||||
/*
|
||||
@ -614,9 +621,12 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
|
||||
copy_len);
|
||||
|
||||
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
|
||||
ctx->operation, block_size, ctx->iv,
|
||||
ctx->unprocessed_data, output))) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx,
|
||||
ctx->operation,
|
||||
block_size, ctx->iv,
|
||||
ctx->
|
||||
unprocessed_data,
|
||||
output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -654,9 +664,11 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
* Process remaining full blocks
|
||||
*/
|
||||
if (ilen) {
|
||||
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
|
||||
ctx->operation, ilen, ctx->iv, input,
|
||||
output))) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx,
|
||||
ctx->operation,
|
||||
ilen, ctx->iv,
|
||||
input,
|
||||
output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -668,11 +680,12 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_CFB) {
|
||||
if (0 != (ret = ctx->cipher_info->base->cfb_func(ctx->cipher_ctx,
|
||||
ctx->operation, ilen,
|
||||
&ctx->unprocessed_len, ctx->iv,
|
||||
input, output))) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CFB) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cfb_func(ctx->cipher_ctx,
|
||||
ctx->operation, ilen,
|
||||
&ctx->unprocessed_len,
|
||||
ctx->iv,
|
||||
input, output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -683,10 +696,12 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_OFB)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_OFB) {
|
||||
if (0 != (ret = ctx->cipher_info->base->ofb_func(ctx->cipher_ctx,
|
||||
ilen, &ctx->unprocessed_len, ctx->iv,
|
||||
input, output))) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_OFB) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ofb_func(ctx->cipher_ctx,
|
||||
ilen,
|
||||
&ctx->unprocessed_len,
|
||||
ctx->iv,
|
||||
input, output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -697,10 +712,13 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
#endif /* MBEDTLS_CIPHER_MODE_OFB */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CTR)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_CTR) {
|
||||
if (0 != (ret = ctx->cipher_info->base->ctr_func(ctx->cipher_ctx,
|
||||
ilen, &ctx->unprocessed_len, ctx->iv,
|
||||
ctx->unprocessed_data, input, output))) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CTR) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ctr_func(ctx->cipher_ctx,
|
||||
ilen,
|
||||
&ctx->unprocessed_len,
|
||||
ctx->iv,
|
||||
ctx->unprocessed_data,
|
||||
input, output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -711,14 +729,18 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_XTS) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_XTS) {
|
||||
if (ctx->unprocessed_len > 0) {
|
||||
/* We can only process an entire data unit at a time. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
|
||||
ret = ctx->cipher_info->base->xts_func(ctx->cipher_ctx,
|
||||
ctx->operation, ilen, ctx->iv, input, output);
|
||||
ret = mbedtls_cipher_get_base(ctx->cipher_info)->xts_func(ctx->cipher_ctx,
|
||||
ctx->operation,
|
||||
ilen,
|
||||
ctx->iv,
|
||||
input,
|
||||
output);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
@ -730,9 +752,10 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
||||
#endif /* MBEDTLS_CIPHER_MODE_XTS */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
|
||||
if (ctx->cipher_info->mode == MBEDTLS_MODE_STREAM) {
|
||||
if (0 != (ret = ctx->cipher_info->base->stream_func(ctx->cipher_ctx,
|
||||
ilen, input, output))) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_STREAM) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->stream_func(ctx->cipher_ctx,
|
||||
ilen, input,
|
||||
output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -944,22 +967,22 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
|
||||
|
||||
*olen = 0;
|
||||
|
||||
if (MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_STREAM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_CCM_STAR_NO_TAG == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_STREAM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type) ||
|
||||
(MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type)) {
|
||||
if ((MBEDTLS_CIPHER_CHACHA20 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) ||
|
||||
(MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type))) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (MBEDTLS_MODE_ECB == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
if (ctx->unprocessed_len != 0) {
|
||||
return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
|
||||
}
|
||||
@ -968,7 +991,7 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if (MBEDTLS_MODE_CBC == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
int ret = 0;
|
||||
|
||||
if (MBEDTLS_ENCRYPT == ctx->operation) {
|
||||
@ -996,11 +1019,13 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
|
||||
/* cipher block */
|
||||
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
|
||||
ctx->operation,
|
||||
mbedtls_cipher_get_block_size(ctx),
|
||||
ctx->iv,
|
||||
ctx->unprocessed_data, output))) {
|
||||
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx,
|
||||
ctx->operation,
|
||||
mbedtls_cipher_get_block_size(
|
||||
ctx),
|
||||
ctx->iv,
|
||||
ctx->unprocessed_data,
|
||||
output))) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1025,7 +1050,8 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
|
||||
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
|
||||
mbedtls_cipher_padding_t mode)
|
||||
{
|
||||
if (NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode) {
|
||||
if (NULL == ctx->cipher_info ||
|
||||
MBEDTLS_MODE_CBC != ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
@ -1102,7 +1128,7 @@ int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
size_t output_length;
|
||||
/* The code here doesn't yet support alternative implementations
|
||||
* that can delay up to a block of output. */
|
||||
@ -1113,7 +1139,7 @@ int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
|
||||
/* Don't allow truncated MAC for Poly1305 */
|
||||
if (tag_len != 16U) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
@ -1154,7 +1180,7 @@ int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
|
||||
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
size_t output_length;
|
||||
/* The code here doesn't yet support alternative implementations
|
||||
* that can delay up to a block of output. */
|
||||
@ -1179,7 +1205,7 @@ int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
|
||||
/* Don't allow truncated MAC for Poly1305 */
|
||||
if (tag_len != sizeof(check_tag)) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
@ -1250,7 +1276,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
|
||||
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
||||
}
|
||||
|
||||
if (ctx->cipher_info->mode != MBEDTLS_MODE_ECB) {
|
||||
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) != MBEDTLS_MODE_ECB) {
|
||||
status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
||||
@ -1345,7 +1371,7 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
*olen = ilen;
|
||||
return mbedtls_gcm_crypt_and_tag(ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
|
||||
ilen, iv, iv_len, ad, ad_len,
|
||||
@ -1353,7 +1379,7 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_CCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
*olen = ilen;
|
||||
return mbedtls_ccm_encrypt_and_tag(ctx->cipher_ctx, ilen,
|
||||
iv, iv_len, ad, ad_len, input, output,
|
||||
@ -1361,9 +1387,9 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
|
||||
/* ChachaPoly has fixed length nonce and MAC (tag) */
|
||||
if ((iv_len != ctx->cipher_info->iv_size) ||
|
||||
if ((iv_len != mbedtls_cipher_info_get_iv_size(ctx->cipher_info)) ||
|
||||
(tag_len != 16U)) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
@ -1423,7 +1449,7 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
*olen = ilen;
|
||||
@ -1439,7 +1465,7 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
|
||||
if (MBEDTLS_MODE_CCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
*olen = ilen;
|
||||
@ -1455,11 +1481,11 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
|
||||
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
/* ChachaPoly has fixed length nonce and MAC (tag) */
|
||||
if ((iv_len != ctx->cipher_info->iv_size) ||
|
||||
if ((iv_len != mbedtls_cipher_info_get_iv_size(ctx->cipher_info)) ||
|
||||
(tag_len != 16U)) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
@ -1496,10 +1522,11 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
ctx->psa_enabled == 0 &&
|
||||
#endif
|
||||
(MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
|
||||
mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
|
||||
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
|
||||
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode))) {
|
||||
mbedtls_nist_kw_mode_t mode =
|
||||
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) ?
|
||||
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
|
||||
|
||||
/* There is no iv, tag or ad associated with KW and KWP,
|
||||
* so these length should be 0 as documented. */
|
||||
@ -1546,10 +1573,11 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
ctx->psa_enabled == 0 &&
|
||||
#endif
|
||||
(MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
|
||||
mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
|
||||
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
|
||||
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode))) {
|
||||
mbedtls_nist_kw_mode_t mode =
|
||||
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) ?
|
||||
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
|
||||
|
||||
/* There is no iv, tag or ad associated with KW and KWP,
|
||||
* so these length should be 0 as documented. */
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -135,6 +135,8 @@ extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
|
||||
|
||||
extern int mbedtls_cipher_supported[];
|
||||
|
||||
extern const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[];
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -119,7 +119,7 @@ static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx,
|
||||
|
||||
mbedtls_platform_zeroize(L, sizeof(L));
|
||||
|
||||
block_size = ctx->cipher_info->block_size;
|
||||
block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
|
||||
|
||||
/* Calculate Ek(0) */
|
||||
if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) {
|
||||
@ -186,7 +186,7 @@ int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
|
||||
return retval;
|
||||
}
|
||||
|
||||
type = ctx->cipher_info->type;
|
||||
type = mbedtls_cipher_info_get_type(ctx->cipher_info);
|
||||
|
||||
switch (type) {
|
||||
case MBEDTLS_CIPHER_AES_128_ECB:
|
||||
@ -226,7 +226,7 @@ int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
|
||||
cmac_ctx = ctx->cmac_ctx;
|
||||
block_size = ctx->cipher_info->block_size;
|
||||
block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
|
||||
state = ctx->cmac_ctx->state;
|
||||
|
||||
/* Is there data still to process from the last call, that's greater in
|
||||
@ -295,7 +295,7 @@ int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
|
||||
}
|
||||
|
||||
cmac_ctx = ctx->cmac_ctx;
|
||||
block_size = ctx->cipher_info->block_size;
|
||||
block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
|
||||
state = cmac_ctx->state;
|
||||
|
||||
mbedtls_platform_zeroize(K1, sizeof(K1));
|
||||
|
||||
@ -147,7 +147,7 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
|
||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
if (cipher_info->block_size != 16) {
|
||||
if (mbedtls_cipher_info_get_block_size(cipher_info) != 16) {
|
||||
return MBEDTLS_ERR_GCM_BAD_INPUT;
|
||||
}
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@ int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
if (cipher_info->block_size != 16) {
|
||||
if (mbedtls_cipher_info_get_block_size(cipher_info) != 16) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
|
||||
@ -151,11 +151,11 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
|
||||
return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
|
||||
keylen = cipher_info->key_bitlen / 8;
|
||||
keylen = (int) mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
|
||||
|
||||
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
|
||||
key, keylen,
|
||||
iv, cipher_info->iv_size)) != 0) {
|
||||
iv, mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -171,7 +171,9 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
|
||||
if ((ret =
|
||||
mbedtls_cipher_set_iv(&cipher_ctx, iv,
|
||||
mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
||||
@ -176,10 +176,10 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
|
||||
* The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
|
||||
* since it is optional and we don't know if it was set or not
|
||||
*/
|
||||
keylen = cipher_info->key_bitlen / 8;
|
||||
keylen = (int) mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
|
||||
|
||||
if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
|
||||
enc_scheme_params.len != cipher_info->iv_size) {
|
||||
enc_scheme_params.len != mbedtls_cipher_info_get_iv_size(cipher_info)) {
|
||||
return MBEDTLS_ERR_PKCS5_INVALID_FORMAT;
|
||||
}
|
||||
|
||||
|
||||
@ -306,7 +306,7 @@ static psa_status_t psa_cipher_update_ecb(
|
||||
size_t *output_length)
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
size_t block_size = ctx->cipher_info->block_size;
|
||||
size_t block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
|
||||
size_t internal_output_length = 0;
|
||||
*output_length = 0;
|
||||
|
||||
|
||||
@ -8323,7 +8323,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type);
|
||||
#else
|
||||
size_t block_size = cipher_info->block_size;
|
||||
size_t block_size = mbedtls_cipher_info_get_block_size(cipher_info);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@ -8346,7 +8346,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg);
|
||||
#else
|
||||
transform->ivlen = cipher_info->iv_size;
|
||||
transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Minimum length */
|
||||
|
||||
@ -1019,14 +1019,14 @@ int mbedtls_ssl_tls13_populate_transform(
|
||||
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
|
||||
key_enc, cipher_info->key_bitlen,
|
||||
key_enc, mbedtls_cipher_info_get_key_bitlen(cipher_info),
|
||||
MBEDTLS_ENCRYPT)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
|
||||
key_dec, cipher_info->key_bitlen,
|
||||
key_dec, mbedtls_cipher_info_get_key_bitlen(cipher_info),
|
||||
MBEDTLS_DECRYPT)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
|
||||
return ret;
|
||||
|
||||
@ -1142,11 +1142,11 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
/* Pick cipher */
|
||||
cipher_info = mbedtls_cipher_info_from_type(cipher_type);
|
||||
CHK(cipher_info != NULL);
|
||||
CHK(cipher_info->iv_size <= 16);
|
||||
CHK(cipher_info->key_bitlen % 8 == 0);
|
||||
CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
|
||||
CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
|
||||
|
||||
/* Pick keys */
|
||||
keylen = cipher_info->key_bitlen / 8;
|
||||
keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
|
||||
/* Allocate `keylen + 1` bytes to ensure that we get
|
||||
* a non-NULL pointers from `mbedtls_calloc` even if
|
||||
* `keylen == 0` in the case of the NULL cipher. */
|
||||
@ -1273,7 +1273,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
|
||||
|
||||
/* Pick IV's (regardless of whether they
|
||||
* are being used by the transform). */
|
||||
ivlen = cipher_info->iv_size;
|
||||
ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
|
||||
memset(iv_enc, 0x3, sizeof(iv_enc));
|
||||
memset(iv_dec, 0x4, sizeof(iv_dec));
|
||||
|
||||
|
||||
@ -586,12 +586,12 @@ void dec_empty_buf(int cipher,
|
||||
ASSERT_ALLOC(iv, iv_len);
|
||||
memset(iv, 0, iv_len);
|
||||
|
||||
TEST_ASSERT(sizeof(key) * 8 >= cipher_info->key_bitlen);
|
||||
TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info));
|
||||
|
||||
TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
|
||||
|
||||
TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec,
|
||||
key, cipher_info->key_bitlen,
|
||||
key, mbedtls_cipher_info_get_key_bitlen(cipher_info),
|
||||
MBEDTLS_DECRYPT));
|
||||
|
||||
TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user