From 48e93c84b7330c7857c7d57579a35613345f9320 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 14 Aug 2013 12:21:18 +0200 Subject: [PATCH] Made padding modes configurable from config.h --- include/polarssl/config.h | 15 +++++++++++++++ library/cipher.c | 26 +++++++++++++++++++++----- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 5742fe59be..6cabebb2fe 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -193,6 +193,21 @@ #define POLARSSL_CIPHER_NULL_CIPHER */ +/** + * \def POLARSSL_CIPHER_PADDING_XXX + * + * Uncomment or comment macros to add support for specific padding modes + * in the cipher layer with cipher modes that support padding (e.g. CBC) + * + * If you disable all padding modes, only full blocks can be used with CBC. + * + * Enable padding modes in the cipher layer. + */ +#define POLARSSL_CIPHER_PADDING_PKCS7 +#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS +#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN +#define POLARSSL_CIPHER_PADDING_ZEROS + /** * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES * diff --git a/library/cipher.c b/library/cipher.c index f023364d59..826d8fcd2e 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -326,7 +326,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) /* * Ignore possible errors caused by a cipher mode that doesn't use padding */ +#if defined(POLARSSL_CIPHER_PADDING_PKCS7) (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 ); +#else + (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE ); +#endif return 0; } @@ -526,6 +530,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; } +#if defined(POLARSSL_CIPHER_PADDING_PKCS7) /* * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len */ @@ -560,7 +565,9 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len, return 0; } +#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */ +#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS) /* * One and zeros padding: fill with 80 00 ... 00 */ @@ -593,7 +600,9 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, return 0; } +#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */ +#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN) /* * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length */ @@ -629,7 +638,9 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, return 0; } +#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */ +#if defined(POLARSSL_CIPHER_PADDING_ZEROS) /* * Zero padding: fill with 00 ... 00 */ @@ -656,6 +667,7 @@ static int get_zeros_padding( unsigned char *input, size_t input_len, return 0; } +#endif /* POLARSSL_CIPHER_PADDING_ZEROS */ /* * No padding: don't pad :) @@ -749,33 +761,37 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode ) switch( mode ) { +#if defined(POLARSSL_CIPHER_PADDING_PKCS7) case POLARSSL_PADDING_PKCS7: ctx->add_padding = add_pkcs_padding; ctx->get_padding = get_pkcs_padding; break; - +#endif +#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS) case POLARSSL_PADDING_ONE_AND_ZEROS: ctx->add_padding = add_one_and_zeros_padding; ctx->get_padding = get_one_and_zeros_padding; break; - +#endif +#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN) case POLARSSL_PADDING_ZEROS_AND_LEN: ctx->add_padding = add_zeros_and_len_padding; ctx->get_padding = get_zeros_and_len_padding; break; - +#endif +#if defined(POLARSSL_CIPHER_PADDING_ZEROS) case POLARSSL_PADDING_ZEROS: ctx->add_padding = add_zeros_padding; ctx->get_padding = get_zeros_padding; break; - +#endif case POLARSSL_PADDING_NONE: ctx->add_padding = NULL; ctx->get_padding = get_no_padding; break; default: - return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; + return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; } return 0;