Fix iv_len interface.

cipher_info->iv_size == 0 is no longer ambiguous, and cipher_get_iv_size() always returns something useful to generate an IV.
2025-02-09 12:40:57 +00:00 · 2013-09-03 13:25:52 +02:00 · 2013-09-03 13:25:52 +02:00 · a235b5b5bd
commit a235b5b5bd
parent 9c853b910c
5 changed files with 49 additions and 19 deletions
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@ -185,10 +185,13 @@ typedef struct {
    /** Name of the cipher */
    const char * name;

-    /** IV/NONCE size, in bytes, for ciphers with fixed-length IVs), or
-     * 0 for ciphers with variable-length IVs or not using IVs */
+    /** IV/NONCE size, in bytes.
+     *  For cipher that accept many sizes: recommended size */
    unsigned int iv_size;

+    /** Flag for ciphers that accept many sizes of IV/NONCE */
+    int accepts_variable_iv_size;
+
    /** block size, in bytes */
    unsigned int block_size;

@ -323,8 +326,8 @@ static inline cipher_mode_t cipher_get_cipher_mode( const cipher_context_t *ctx
 *
 * \param ctx           cipher's context. Must have been initialised.
 *
- * \return              If IV has not been set yet: desired size for ciphers
- *                      with fixed-size IVs, 0 for other ciphers.
+ * \return              If IV has not been set yet: (recommended) IV size
+ *                      (0 for ciphers not using IV/NONCE).
 *                      If IV has already been set: actual size.
 */
 static inline int cipher_get_iv_size( const cipher_context_t *ctx )
@ -439,8 +442,8 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode );
 * \brief               Set the initialization vector (IV) or nonce
 *
 * \param iv            IV to use (or NONCE_COUNTER for CTR-mode ciphers)
- * \param iv_len        IV length for ciphers with variable-size IV,
- *                      Discarded by ciphers with fixed-size IV.
+ * \param iv_len        IV length for ciphers with variable-size IV;
+ *                      discarded by ciphers with fixed-size IV.
 *
 * \returns             O on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
 *
--- a/library/cipher.c
+++ b/library/cipher.c
@ -399,19 +399,18 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
 int cipher_set_iv( cipher_context_t *ctx,
                   const unsigned char *iv, size_t iv_len )
 {
-    size_t fixed_iv_size;
+    size_t actual_iv_size;

    if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

-    fixed_iv_size = cipher_get_iv_size( ctx );
+    if( ctx->cipher_info->accepts_variable_iv_size )
+        actual_iv_size = iv_len;
+    else
+        actual_iv_size = ctx->cipher_info->iv_size;

-    /* 0 means variable size (or no IV): use given len */
-    if( fixed_iv_size == 0 )
-        fixed_iv_size = iv_len;
-
-    memcpy( ctx->iv, iv, fixed_iv_size );
-    ctx->iv_size = fixed_iv_size;
+    memcpy( ctx->iv, iv, actual_iv_size );
+    ctx->iv_size = actual_iv_size;

    return 0;
 }
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@ -150,6 +150,7 @@ const cipher_info_t aes_128_cbc_info = {
    128,
    "AES-128-CBC",
    16,
+    0,
    16,
    &aes_info
 };
@ -160,6 +161,7 @@ const cipher_info_t aes_192_cbc_info = {
    192,
    "AES-192-CBC",
    16,
+    0,
    16,
    &aes_info
 };
@ -170,6 +172,7 @@ const cipher_info_t aes_256_cbc_info = {
    256,
    "AES-256-CBC",
    16,
+    0,
    16,
    &aes_info
 };
@ -181,6 +184,7 @@ const cipher_info_t aes_128_cfb128_info = {
    128,
    "AES-128-CFB128",
    16,
+    0,
    16,
    &aes_info
 };
@ -191,6 +195,7 @@ const cipher_info_t aes_192_cfb128_info = {
    192,
    "AES-192-CFB128",
    16,
+    0,
    16,
    &aes_info
 };
@ -201,6 +206,7 @@ const cipher_info_t aes_256_cfb128_info = {
    256,
    "AES-256-CFB128",
    16,
+    0,
    16,
    &aes_info
 };
@ -213,6 +219,7 @@ const cipher_info_t aes_128_ctr_info = {
    128,
    "AES-128-CTR",
    16,
+    0,
    16,
    &aes_info
 };
@ -223,6 +230,7 @@ const cipher_info_t aes_192_ctr_info = {
    192,
    "AES-192-CTR",
    16,
+    0,
    16,
    &aes_info
 };
@ -233,6 +241,7 @@ const cipher_info_t aes_256_ctr_info = {
    256,
    "AES-256-CTR",
    16,
+    0,
    16,
    &aes_info
 };
@ -271,7 +280,8 @@ const cipher_info_t aes_128_gcm_info = {
    POLARSSL_MODE_GCM,
    128,
    "AES-128-GCM",
-    0,
+    12,
+    1,
    16,
    &gcm_aes_info
 };
@ -281,7 +291,8 @@ const cipher_info_t aes_256_gcm_info = {
    POLARSSL_MODE_GCM,
    256,
    "AES-256-GCM",
-    0,
+    12,
+    1,
    16,
    &gcm_aes_info
 };
@ -373,6 +384,7 @@ const cipher_info_t camellia_128_cbc_info = {
    128,
    "CAMELLIA-128-CBC",
    16,
+    0,
    16,
    &camellia_info
 };
@ -383,6 +395,7 @@ const cipher_info_t camellia_192_cbc_info = {
    192,
    "CAMELLIA-192-CBC",
    16,
+    0,
    16,
    &camellia_info
 };
@ -393,6 +406,7 @@ const cipher_info_t camellia_256_cbc_info = {
    256,
    "CAMELLIA-256-CBC",
    16,
+    0,
    16,
    &camellia_info
 };
@ -404,6 +418,7 @@ const cipher_info_t camellia_128_cfb128_info = {
    128,
    "CAMELLIA-128-CFB128",
    16,
+    0,
    16,
    &camellia_info
 };
@ -414,6 +429,7 @@ const cipher_info_t camellia_192_cfb128_info = {
    192,
    "CAMELLIA-192-CFB128",
    16,
+    0,
    16,
    &camellia_info
 };
@ -424,6 +440,7 @@ const cipher_info_t camellia_256_cfb128_info = {
    256,
    "CAMELLIA-256-CFB128",
    16,
+    0,
    16,
    &camellia_info
 };
@ -436,6 +453,7 @@ const cipher_info_t camellia_128_ctr_info = {
    128,
    "CAMELLIA-128-CTR",
    16,
+    0,
    16,
    &camellia_info
 };
@ -446,6 +464,7 @@ const cipher_info_t camellia_192_ctr_info = {
    192,
    "CAMELLIA-192-CTR",
    16,
+    0,
    16,
    &camellia_info
 };
@ -456,6 +475,7 @@ const cipher_info_t camellia_256_ctr_info = {
    256,
    "CAMELLIA-256-CTR",
    16,
+    0,
    16,
    &camellia_info
 };
@ -581,6 +601,7 @@ const cipher_info_t des_cbc_info = {
    POLARSSL_KEY_LENGTH_DES,
    "DES-CBC",
    8,
+    0,
    8,
    &des_info
 };
@ -603,6 +624,7 @@ const cipher_info_t des_ede_cbc_info = {
    POLARSSL_KEY_LENGTH_DES_EDE,
    "DES-EDE-CBC",
    8,
+    0,
    8,
    &des_ede_info
 };
@ -625,6 +647,7 @@ const cipher_info_t des_ede3_cbc_info = {
    POLARSSL_KEY_LENGTH_DES_EDE3,
    "DES-EDE3-CBC",
    8,
+    0,
    8,
    &des_ede3_info
 };
@ -709,6 +732,7 @@ const cipher_info_t blowfish_cbc_info = {
    128,
    "BLOWFISH-CBC",
    8,
+    0,
    8,
    &blowfish_info
 };
@ -720,6 +744,7 @@ const cipher_info_t blowfish_cfb64_info = {
    128,
    "BLOWFISH-CFB64",
    8,
+    0,
    8,
    &blowfish_info
 };
@ -732,6 +757,7 @@ const cipher_info_t blowfish_ctr_info = {
    128,
    "BLOWFISH-CTR",
    8,
+    0,
    8,
    &blowfish_info
 };
@ -781,6 +807,7 @@ const cipher_info_t arc4_128_info = {
    128,
    "ARC4-128",
    0,
+    0,
    1,
    &arc4_base_info
 };
@ -834,6 +861,7 @@ const cipher_info_t null_cipher_info = {
    0,
    "NULL",
    0,
+    0,
    1,
    &null_base_info
 };
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@ -184,10 +184,10 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
    if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
        goto exit;

-    if( ( ret = cipher_set_iv( &cipher_ctx, iv, 0 ) ) != 0 )
+    if( ( ret = cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
        goto exit;

-    if( ( ret = cipher_reset( &cipher_ctx, iv, 0 ) ) != 0 )
+    if( ( ret = cipher_reset( &cipher_ctx, NULL, 0 ) ) != 0 )
        goto exit;

    if( ( ret = cipher_update( &cipher_ctx, data, len,
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@ -187,7 +187,7 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
    if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
        goto exit;

-    if( ( ret = cipher_set_iv( &cipher_ctx, iv, 0 ) ) != 0 )
+    if( ( ret = cipher_set_iv( &cipher_ctx, iv, enc_scheme_params.len ) ) != 0 )
        goto exit;

    if( ( ret = cipher_reset( &cipher_ctx, NULL, 0 ) ) != 0 )