projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[SHELL] IPersistFolder2::GetCurFolder takes a PIDLIST_ABSOLUTE*. CORE-16385
[reactos.git] / dll / 3rdparty / mbedtls / cipher.c
1 /**
2 * \file cipher.c
3 *
4 * \brief Generic cipher wrapper for mbed TLS
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
8 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
9 * SPDX-License-Identifier: GPL-2.0
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * This file is part of mbed TLS (https://tls.mbed.org)
26 */
27
28 #if !defined(MBEDTLS_CONFIG_FILE)
29 #include "mbedtls/config.h"
30 #else
31 #include MBEDTLS_CONFIG_FILE
32 #endif
33
34 #if defined(MBEDTLS_CIPHER_C)
35
36 #include "mbedtls/cipher.h"
37 #include "mbedtls/cipher_internal.h"
38
39 #include <stdlib.h>
40 #include <string.h>
41
42 #if defined(MBEDTLS_GCM_C)
43 #include "mbedtls/gcm.h"
44 #endif
45
46 #if defined(MBEDTLS_CCM_C)
47 #include "mbedtls/ccm.h"
48 #endif
49
50 #if defined(MBEDTLS_CMAC_C)
51 #include "mbedtls/cmac.h"
52 #endif
53
54 #if defined(MBEDTLS_PLATFORM_C)
55 #include "mbedtls/platform.h"
56 #else
57 #define mbedtls_calloc calloc
58 #define mbedtls_free free
59 #endif
60
61 /* Implementation that should never be optimized out by the compiler */
62 static void mbedtls_zeroize( void *v, size_t n ) {
63 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
64 }
65
66 static int supported_init = 0;
67
68 const int *mbedtls_cipher_list( void )
69 {
70 const mbedtls_cipher_definition_t *def;
71 int *type;
72
73 if( ! supported_init )
74 {
75 def = mbedtls_cipher_definitions;
76 type = mbedtls_cipher_supported;
77
78 while( def->type != 0 )
79 *type++ = (*def++).type;
80
81 *type = 0;
82
83 supported_init = 1;
84 }
85
86 return( mbedtls_cipher_supported );
87 }
88
89 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type )
90 {
91 const mbedtls_cipher_definition_t *def;
92
93 for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
94 if( def->type == cipher_type )
95 return( def->info );
96
97 return( NULL );
98 }
99
100 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name )
101 {
102 const mbedtls_cipher_definition_t *def;
103
104 if( NULL == cipher_name )
105 return( NULL );
106
107 for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
108 if( ! strcmp( def->info->name, cipher_name ) )
109 return( def->info );
110
111 return( NULL );
112 }
113
114 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
115 int key_bitlen,
116 const mbedtls_cipher_mode_t mode )
117 {
118 const mbedtls_cipher_definition_t *def;
119
120 for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
121 if( def->info->base->cipher == cipher_id &&
122 def->info->key_bitlen == (unsigned) key_bitlen &&
123 def->info->mode == mode )
124 return( def->info );
125
126 return( NULL );
127 }
128
129 void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
130 {
131 memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
132 }
133
134 void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
135 {
136 if( ctx == NULL )
137 return;
138
139 #if defined(MBEDTLS_CMAC_C)
140 if( ctx->cmac_ctx )
141 {
142 mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) );
143 mbedtls_free( ctx->cmac_ctx );
144 }
145 #endif
146
147 if( ctx->cipher_ctx )
148 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
149
150 mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
151 }
152
153 int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
154 {
155 if( NULL == cipher_info || NULL == ctx )
156 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
157
158 memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
159
160 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
161 return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
162
163 ctx->cipher_info = cipher_info;
164
165 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
166 /*
167 * Ignore possible errors caused by a cipher mode that doesn't use padding
168 */
169 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
170 (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
171 #else
172 (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
173 #endif
174 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
175
176 return( 0 );
177 }
178
179 int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
180 int key_bitlen, const mbedtls_operation_t operation )
181 {
182 if( NULL == ctx || NULL == ctx->cipher_info )
183 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
184
185 if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
186 (int) ctx->cipher_info->key_bitlen != key_bitlen )
187 {
188 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
189 }
190
191 ctx->key_bitlen = key_bitlen;
192 ctx->operation = operation;
193
194 /*
195 * For CFB and CTR mode always use the encryption key schedule
196 */
197 if( MBEDTLS_ENCRYPT == operation ||
198 MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
199 MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
200 {
201 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
202 ctx->key_bitlen );
203 }
204
205 if( MBEDTLS_DECRYPT == operation )
206 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
207 ctx->key_bitlen );
208
209 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
210 }
211
212 int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
213 const unsigned char *iv, size_t iv_len )
214 {
215 size_t actual_iv_size;
216 if( NULL == ctx || NULL == ctx->cipher_info )
217 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
218 else if( NULL == iv && iv_len != 0 )
219 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
220
221 if( NULL == iv && iv_len == 0 )
222 ctx->iv_size = 0;
223
224 /* avoid buffer overflow in ctx->iv */
225 if( iv_len > MBEDTLS_MAX_IV_LENGTH )
226 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
227
228 if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
229 actual_iv_size = iv_len;
230 else
231 {
232 actual_iv_size = ctx->cipher_info->iv_size;
233
234 /* avoid reading past the end of input buffer */
235 if( actual_iv_size > iv_len )
236 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
237 }
238 if ( actual_iv_size != 0 )
239 {
240 memcpy( ctx->iv, iv, actual_iv_size );
241 ctx->iv_size = actual_iv_size;
242 }
243
244 return( 0 );
245 }
246
247 int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
248 {
249 if( NULL == ctx || NULL == ctx->cipher_info )
250 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
251
252 ctx->unprocessed_len = 0;
253
254 return( 0 );
255 }
256
257 #if defined(MBEDTLS_GCM_C)
258 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
259 const unsigned char *ad, size_t ad_len )
260 {
261 if( NULL == ctx || NULL == ctx->cipher_info )
262 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
263
264 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
265 {
266 return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
267 ctx->iv, ctx->iv_size, ad, ad_len );
268 }
269
270 return( 0 );
271 }
272 #endif /* MBEDTLS_GCM_C */
273
274 int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
275 size_t ilen, unsigned char *output, size_t *olen )
276 {
277 int ret;
278 size_t block_size = 0;
279
280 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
281 {
282 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
283 }
284
285 *olen = 0;
286 block_size = mbedtls_cipher_get_block_size( ctx );
287
288 if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
289 {
290 if( ilen != block_size )
291 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
292
293 *olen = ilen;
294
295 if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
296 ctx->operation, input, output ) ) )
297 {
298 return( ret );
299 }
300
301 return( 0 );
302 }
303
304 #if defined(MBEDTLS_GCM_C)
305 if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
306 {
307 *olen = ilen;
308 return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
309 output );
310 }
311 #endif
312
313 if ( 0 == block_size )
314 {
315 return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
316 }
317
318 if( input == output &&
319 ( ctx->unprocessed_len != 0 || ilen % block_size ) )
320 {
321 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
322 }
323
324 #if defined(MBEDTLS_CIPHER_MODE_CBC)
325 if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
326 {
327 size_t copy_len = 0;
328
329 /*
330 * If there is not enough data for a full block, cache it.
331 */
332 if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
333 ilen <= block_size - ctx->unprocessed_len ) ||
334 ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
335 ilen < block_size - ctx->unprocessed_len ) ||
336 ( ctx->operation == MBEDTLS_ENCRYPT &&
337 ilen < block_size - ctx->unprocessed_len ) )
338 {
339 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
340 ilen );
341
342 ctx->unprocessed_len += ilen;
343 return( 0 );
344 }
345
346 /*
347 * Process cached data first
348 */
349 if( 0 != ctx->unprocessed_len )
350 {
351 copy_len = block_size - ctx->unprocessed_len;
352
353 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
354 copy_len );
355
356 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
357 ctx->operation, block_size, ctx->iv,
358 ctx->unprocessed_data, output ) ) )
359 {
360 return( ret );
361 }
362
363 *olen += block_size;
364 output += block_size;
365 ctx->unprocessed_len = 0;
366
367 input += copy_len;
368 ilen -= copy_len;
369 }
370
371 /*
372 * Cache final, incomplete block
373 */
374 if( 0 != ilen )
375 {
376 if( 0 == block_size )
377 {
378 return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
379 }
380
381 /* Encryption: only cache partial blocks
382 * Decryption w/ padding: always keep at least one whole block
383 * Decryption w/o padding: only cache partial blocks
384 */
385 copy_len = ilen % block_size;
386 if( copy_len == 0 &&
387 ctx->operation == MBEDTLS_DECRYPT &&
388 NULL != ctx->add_padding)
389 {
390 copy_len = block_size;
391 }
392
393 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
394 copy_len );
395
396 ctx->unprocessed_len += copy_len;
397 ilen -= copy_len;
398 }
399
400 /*
401 * Process remaining full blocks
402 */
403 if( ilen )
404 {
405 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
406 ctx->operation, ilen, ctx->iv, input, output ) ) )
407 {
408 return( ret );
409 }
410
411 *olen += ilen;
412 }
413
414 return( 0 );
415 }
416 #endif /* MBEDTLS_CIPHER_MODE_CBC */
417
418 #if defined(MBEDTLS_CIPHER_MODE_CFB)
419 if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
420 {
421 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
422 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
423 input, output ) ) )
424 {
425 return( ret );
426 }
427
428 *olen = ilen;
429
430 return( 0 );
431 }
432 #endif /* MBEDTLS_CIPHER_MODE_CFB */
433
434 #if defined(MBEDTLS_CIPHER_MODE_CTR)
435 if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
436 {
437 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
438 ilen, &ctx->unprocessed_len, ctx->iv,
439 ctx->unprocessed_data, input, output ) ) )
440 {
441 return( ret );
442 }
443
444 *olen = ilen;
445
446 return( 0 );
447 }
448 #endif /* MBEDTLS_CIPHER_MODE_CTR */
449
450 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
451 if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
452 {
453 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
454 ilen, input, output ) ) )
455 {
456 return( ret );
457 }
458
459 *olen = ilen;
460
461 return( 0 );
462 }
463 #endif /* MBEDTLS_CIPHER_MODE_STREAM */
464
465 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
466 }
467
468 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
469 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
470 /*
471 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
472 */
473 static void add_pkcs_padding( unsigned char *output, size_t output_len,
474 size_t data_len )
475 {
476 size_t padding_len = output_len - data_len;
477 unsigned char i;
478
479 for( i = 0; i < padding_len; i++ )
480 output[data_len + i] = (unsigned char) padding_len;
481 }
482
483 static int get_pkcs_padding( unsigned char *input, size_t input_len,
484 size_t *data_len )
485 {
486 size_t i, pad_idx;
487 unsigned char padding_len, bad = 0;
488
489 if( NULL == input || NULL == data_len )
490 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
491
492 padding_len = input[input_len - 1];
493 *data_len = input_len - padding_len;
494
495 /* Avoid logical || since it results in a branch */
496 bad |= padding_len > input_len;
497 bad |= padding_len == 0;
498
499 /* The number of bytes checked must be independent of padding_len,
500 * so pick input_len, which is usually 8 or 16 (one block) */
501 pad_idx = input_len - padding_len;
502 for( i = 0; i < input_len; i++ )
503 bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
504
505 return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
506 }
507 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
508
509 #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
510 /*
511 * One and zeros padding: fill with 80 00 ... 00
512 */
513 static void add_one_and_zeros_padding( unsigned char *output,
514 size_t output_len, size_t data_len )
515 {
516 size_t padding_len = output_len - data_len;
517 unsigned char i = 0;
518
519 output[data_len] = 0x80;
520 for( i = 1; i < padding_len; i++ )
521 output[data_len + i] = 0x00;
522 }
523
524 static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
525 size_t *data_len )
526 {
527 size_t i;
528 unsigned char done = 0, prev_done, bad;
529
530 if( NULL == input || NULL == data_len )
531 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
532
533 bad = 0x80;
534 *data_len = 0;
535 for( i = input_len; i > 0; i-- )
536 {
537 prev_done = done;
538 done |= ( input[i - 1] != 0 );
539 *data_len |= ( i - 1 ) * ( done != prev_done );
540 bad ^= input[i - 1] * ( done != prev_done );
541 }
542
543 return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
544
545 }
546 #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
547
548 #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
549 /*
550 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
551 */
552 static void add_zeros_and_len_padding( unsigned char *output,
553 size_t output_len, size_t data_len )
554 {
555 size_t padding_len = output_len - data_len;
556 unsigned char i = 0;
557
558 for( i = 1; i < padding_len; i++ )
559 output[data_len + i - 1] = 0x00;
560 output[output_len - 1] = (unsigned char) padding_len;
561 }
562
563 static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
564 size_t *data_len )
565 {
566 size_t i, pad_idx;
567 unsigned char padding_len, bad = 0;
568
569 if( NULL == input || NULL == data_len )
570 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
571
572 padding_len = input[input_len - 1];
573 *data_len = input_len - padding_len;
574
575 /* Avoid logical || since it results in a branch */
576 bad |= padding_len > input_len;
577 bad |= padding_len == 0;
578
579 /* The number of bytes checked must be independent of padding_len */
580 pad_idx = input_len - padding_len;
581 for( i = 0; i < input_len - 1; i++ )
582 bad |= input[i] * ( i >= pad_idx );
583
584 return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
585 }
586 #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
587
588 #if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
589 /*
590 * Zero padding: fill with 00 ... 00
591 */
592 static void add_zeros_padding( unsigned char *output,
593 size_t output_len, size_t data_len )
594 {
595 size_t i;
596
597 for( i = data_len; i < output_len; i++ )
598 output[i] = 0x00;
599 }
600
601 static int get_zeros_padding( unsigned char *input, size_t input_len,
602 size_t *data_len )
603 {
604 size_t i;
605 unsigned char done = 0, prev_done;
606
607 if( NULL == input || NULL == data_len )
608 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
609
610 *data_len = 0;
611 for( i = input_len; i > 0; i-- )
612 {
613 prev_done = done;
614 done |= ( input[i-1] != 0 );
615 *data_len |= i * ( done != prev_done );
616 }
617
618 return( 0 );
619 }
620 #endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
621
622 /*
623 * No padding: don't pad :)
624 *
625 * There is no add_padding function (check for NULL in mbedtls_cipher_finish)
626 * but a trivial get_padding function
627 */
628 static int get_no_padding( unsigned char *input, size_t input_len,
629 size_t *data_len )
630 {
631 if( NULL == input || NULL == data_len )
632 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
633
634 *data_len = input_len;
635
636 return( 0 );
637 }
638 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
639
640 int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
641 unsigned char *output, size_t *olen )
642 {
643 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
644 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
645
646 *olen = 0;
647
648 if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
649 MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
650 MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
651 MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
652 {
653 return( 0 );
654 }
655
656 if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
657 {
658 if( ctx->unprocessed_len != 0 )
659 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
660
661 return( 0 );
662 }
663
664 #if defined(MBEDTLS_CIPHER_MODE_CBC)
665 if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
666 {
667 int ret = 0;
668
669 if( MBEDTLS_ENCRYPT == ctx->operation )
670 {
671 /* check for 'no padding' mode */
672 if( NULL == ctx->add_padding )
673 {
674 if( 0 != ctx->unprocessed_len )
675 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
676
677 return( 0 );
678 }
679
680 ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
681 ctx->unprocessed_len );
682 }
683 else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
684 {
685 /*
686 * For decrypt operations, expect a full block,
687 * or an empty block if no padding
688 */
689 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
690 return( 0 );
691
692 return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
693 }
694
695 /* cipher block */
696 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
697 ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
698 ctx->unprocessed_data, output ) ) )
699 {
700 return( ret );
701 }
702
703 /* Set output size for decryption */
704 if( MBEDTLS_DECRYPT == ctx->operation )
705 return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
706 olen );
707
708 /* Set output size for encryption */
709 *olen = mbedtls_cipher_get_block_size( ctx );
710 return( 0 );
711 }
712 #else
713 ((void) output);
714 #endif /* MBEDTLS_CIPHER_MODE_CBC */
715
716 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
717 }
718
719 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
720 int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode )
721 {
722 if( NULL == ctx ||
723 MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
724 {
725 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
726 }
727
728 switch( mode )
729 {
730 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
731 case MBEDTLS_PADDING_PKCS7:
732 ctx->add_padding = add_pkcs_padding;
733 ctx->get_padding = get_pkcs_padding;
734 break;
735 #endif
736 #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
737 case MBEDTLS_PADDING_ONE_AND_ZEROS:
738 ctx->add_padding = add_one_and_zeros_padding;
739 ctx->get_padding = get_one_and_zeros_padding;
740 break;
741 #endif
742 #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
743 case MBEDTLS_PADDING_ZEROS_AND_LEN:
744 ctx->add_padding = add_zeros_and_len_padding;
745 ctx->get_padding = get_zeros_and_len_padding;
746 break;
747 #endif
748 #if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
749 case MBEDTLS_PADDING_ZEROS:
750 ctx->add_padding = add_zeros_padding;
751 ctx->get_padding = get_zeros_padding;
752 break;
753 #endif
754 case MBEDTLS_PADDING_NONE:
755 ctx->add_padding = NULL;
756 ctx->get_padding = get_no_padding;
757 break;
758
759 default:
760 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
761 }
762
763 return( 0 );
764 }
765 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
766
767 #if defined(MBEDTLS_GCM_C)
768 int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
769 unsigned char *tag, size_t tag_len )
770 {
771 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
772 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
773
774 if( MBEDTLS_ENCRYPT != ctx->operation )
775 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
776
777 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
778 return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len );
779
780 return( 0 );
781 }
782
783 int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
784 const unsigned char *tag, size_t tag_len )
785 {
786 int ret;
787
788 if( NULL == ctx || NULL == ctx->cipher_info ||
789 MBEDTLS_DECRYPT != ctx->operation )
790 {
791 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
792 }
793
794 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
795 {
796 unsigned char check_tag[16];
797 size_t i;
798 int diff;
799
800 if( tag_len > sizeof( check_tag ) )
801 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
802
803 if( 0 != ( ret = mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
804 check_tag, tag_len ) ) )
805 {
806 return( ret );
807 }
808
809 /* Check the tag in "constant-time" */
810 for( diff = 0, i = 0; i < tag_len; i++ )
811 diff |= tag[i] ^ check_tag[i];
812
813 if( diff != 0 )
814 return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
815
816 return( 0 );
817 }
818
819 return( 0 );
820 }
821 #endif /* MBEDTLS_GCM_C */
822
823 /*
824 * Packet-oriented wrapper for non-AEAD modes
825 */
826 int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
827 const unsigned char *iv, size_t iv_len,
828 const unsigned char *input, size_t ilen,
829 unsigned char *output, size_t *olen )
830 {
831 int ret;
832 size_t finish_olen;
833
834 if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
835 return( ret );
836
837 if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
838 return( ret );
839
840 if( ( ret = mbedtls_cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
841 return( ret );
842
843 if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
844 return( ret );
845
846 *olen += finish_olen;
847
848 return( 0 );
849 }
850
851 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
852 /*
853 * Packet-oriented encryption for AEAD modes
854 */
855 int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
856 const unsigned char *iv, size_t iv_len,
857 const unsigned char *ad, size_t ad_len,
858 const unsigned char *input, size_t ilen,
859 unsigned char *output, size_t *olen,
860 unsigned char *tag, size_t tag_len )
861 {
862 #if defined(MBEDTLS_GCM_C)
863 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
864 {
865 *olen = ilen;
866 return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, ilen,
867 iv, iv_len, ad, ad_len, input, output,
868 tag_len, tag ) );
869 }
870 #endif /* MBEDTLS_GCM_C */
871 #if defined(MBEDTLS_CCM_C)
872 if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
873 {
874 *olen = ilen;
875 return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
876 iv, iv_len, ad, ad_len, input, output,
877 tag, tag_len ) );
878 }
879 #endif /* MBEDTLS_CCM_C */
880
881 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
882 }
883
884 /*
885 * Packet-oriented decryption for AEAD modes
886 */
887 int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
888 const unsigned char *iv, size_t iv_len,
889 const unsigned char *ad, size_t ad_len,
890 const unsigned char *input, size_t ilen,
891 unsigned char *output, size_t *olen,
892 const unsigned char *tag, size_t tag_len )
893 {
894 #if defined(MBEDTLS_GCM_C)
895 if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
896 {
897 int ret;
898
899 *olen = ilen;
900 ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
901 iv, iv_len, ad, ad_len,
902 tag, tag_len, input, output );
903
904 if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
905 ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
906
907 return( ret );
908 }
909 #endif /* MBEDTLS_GCM_C */
910 #if defined(MBEDTLS_CCM_C)
911 if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
912 {
913 int ret;
914
915 *olen = ilen;
916 ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
917 iv, iv_len, ad, ad_len,
918 input, output, tag, tag_len );
919
920 if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
921 ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
922
923 return( ret );
924 }
925 #endif /* MBEDTLS_CCM_C */
926
927 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
928 }
929 #endif /* MBEDTLS_CIPHER_MODE_AEAD */
930
931 #endif /* MBEDTLS_CIPHER_C */
A free Windows-compatible Operating System