ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-11-16 08:24:51 +01:00
parent 8db46e4ee1
commit 9b7a8b2a0c
4 changed files with 137 additions and 14 deletions

View File

@ -40,6 +40,10 @@
#include "mbedtls/cipher.h"
#if !defined(MBEDTLS_CIPHER_C)
#include "mbedtls/block_cipher.h"
#endif
#define MBEDTLS_CCM_DECRYPT 0
#define MBEDTLS_CCM_ENCRYPT 1
#define MBEDTLS_CCM_STAR_DECRYPT 2
@ -80,7 +84,11 @@ typedef struct mbedtls_ccm_context {
#MBEDTLS_CCM_DECRYPT or
#MBEDTLS_CCM_STAR_ENCRYPT or
#MBEDTLS_CCM_STAR_DECRYPT. */
#if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#else
mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
#endif
int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
state. Used for chunked data input */
}

View File

@ -24,6 +24,10 @@
#include "mbedtls/cipher.h"
#if !defined(MBEDTLS_CIPHER_C)
#include "mbedtls/block_cipher.h"
#endif
#include <stdint.h>
#define MBEDTLS_GCM_ENCRYPT 1
@ -46,7 +50,11 @@ extern "C" {
* \brief The GCM context structure.
*/
typedef struct mbedtls_gcm_context {
#if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#else
mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
#endif
uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */

View File

@ -23,6 +23,10 @@
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
#if !defined(MBEDTLS_CIPHER_C)
#include "block_cipher_internal.h"
#endif
#include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
@ -51,6 +55,8 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_CIPHER_C)
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
@ -73,6 +79,17 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
#endif
return 0;
}
@ -85,7 +102,11 @@ void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_free(&ctx->cipher_ctx);
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
#endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
}
@ -104,16 +125,25 @@ static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx,
const unsigned char *input,
unsigned char *output)
{
size_t olen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp_buf[16] = { 0 };
#if defined(MBEDTLS_CIPHER_C)
size_t olen = 0;
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
&olen)) != 0) {
ctx->state |= CCM_STATE__ERROR;
mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
return ret;
}
#else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf)) != 0) {
ctx->state |= CCM_STATE__ERROR;
mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
return ret;
}
#endif
mbedtls_xor(output, input, tmp_buf + offset, use_len);
@ -132,7 +162,10 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
size_t len_left, olen;
size_t len_left;
#if defined(MBEDTLS_CIPHER_C)
size_t olen;
#endif
/* length calculation can be done only after both
* mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
@ -178,10 +211,17 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
}
/* Start CBC-MAC with first block*/
#if defined(MBEDTLS_CIPHER_C)
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
ctx->state |= CCM_STATE__ERROR;
return ret;
}
#else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y)) != 0) {
ctx->state |= CCM_STATE__ERROR;
return ret;
}
#endif
return 0;
}
@ -258,7 +298,10 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
size_t add_len)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t olen, use_len, offset;
size_t use_len, offset;
#if defined(MBEDTLS_CIPHER_C)
size_t olen;
#endif
if (ctx->state & CCM_STATE__ERROR) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
@ -298,8 +341,12 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
add += use_len;
if (use_len + offset == 16 || ctx->processed == ctx->add_len) {
if ((ret =
mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
#if defined(MBEDTLS_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
return ret;
}
@ -322,7 +369,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i;
size_t use_len, offset, olen;
size_t use_len, offset;
#if defined(MBEDTLS_CIPHER_C)
size_t olen;
#endif
unsigned char local_output[16];
@ -360,8 +410,12 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
if ((ret =
mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
#if defined(MBEDTLS_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
goto exit;
}
@ -391,8 +445,12 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
memcpy(output, local_output, use_len);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
if ((ret =
mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
#if defined(MBEDTLS_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR;
goto exit;
}

View File

@ -25,6 +25,10 @@
#include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
#if !defined(MBEDTLS_CIPHER_C)
#include "block_cipher_internal.h"
#endif
#include <string.h>
#if defined(MBEDTLS_AESNI_C)
@ -59,12 +63,20 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx)
uint64_t hi, lo;
uint64_t vl, vh;
unsigned char h[16];
size_t olen = 0;
memset(h, 0, 16);
#if defined(MBEDTLS_CIPHER_C)
size_t olen = 0;
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h)) != 0) {
return ret;
}
#endif
/* pack h as two 64-bits ints, big-endian */
hi = MBEDTLS_GET_UINT32_BE(h, 0);
@ -124,12 +136,14 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
unsigned int keybits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_cipher_info_t *cipher_info;
if (keybits != 128 && keybits != 192 && keybits != 256) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
#if defined(MBEDTLS_CIPHER_C)
const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
MBEDTLS_MODE_ECB);
if (cipher_info == NULL) {
@ -150,6 +164,17 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
MBEDTLS_ENCRYPT)) != 0) {
return ret;
}
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
return ret;
}
if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
return ret;
}
#endif
if ((ret = gcm_gen_table(ctx)) != 0) {
return ret;
@ -252,8 +277,11 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char work_buf[16];
const unsigned char *p;
size_t use_len, olen = 0;
size_t use_len;
uint64_t iv_bits;
#if defined(MBEDTLS_CIPHER_C)
size_t olen = 0;
#endif
/* IV is limited to 2^64 bits, so 2^61 bytes */
/* IV is not allowed to be zero length */
@ -293,10 +321,18 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
gcm_mult(ctx, ctx->y, ctx->y);
}
#if defined(MBEDTLS_CIPHER_C)
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16,
ctx->base_ectr, &olen)) != 0) {
return ret;
}
#else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y,
ctx->base_ectr)) != 0) {
return ret;
}
#endif
return 0;
}
@ -386,8 +422,9 @@ static int gcm_mask(mbedtls_gcm_context *ctx,
const unsigned char *input,
unsigned char *output)
{
size_t olen = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_CIPHER_C)
size_t olen = 0;
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
&olen)) != 0) {
@ -395,6 +432,14 @@ static int gcm_mask(mbedtls_gcm_context *ctx,
return ret;
}
#else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr)) != 0) {
mbedtls_platform_zeroize(ectr, 16);
return ret;
}
#endif
if (ctx->mode == MBEDTLS_GCM_DECRYPT) {
mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len);
}
@ -614,7 +659,11 @@ void mbedtls_gcm_free(mbedtls_gcm_context *ctx)
if (ctx == NULL) {
return;
}
#if defined(MBEDTLS_CIPHER_C)
mbedtls_cipher_free(&ctx->cipher_ctx);
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
#endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
}