lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #7825 from daverodgman/cipher_wrap_size

Browse Source 
Cipher wrap size improvement
This commit is contained in:
Dave Rodgman
2023-07-05 15:45:48 +01:00
committed by GitHub
parent db084d16ea 761d0dcfbf
commit 3d0c8255aa
15 changed files with 765 additions and 610 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/ccm.c
View File

@ -70,7 +70,7 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if (cipher_info->block_size != 16) {
if (mbedtls_cipher_info_get_block_size(cipher_info) != 16) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}

212
library/cipher.c
View File

@ -67,6 +67,12 @@
static int supported_init = 0;
static inline const mbedtls_cipher_base_t *mbedtls_cipher_get_base(
const mbedtls_cipher_info_t *info)
{
return mbedtls_cipher_base_lookup_table[info->base_idx];
}
const int *mbedtls_cipher_list(void)
{
const mbedtls_cipher_definition_t *def;
@ -128,8 +134,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
const mbedtls_cipher_definition_t *def;
for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
if (def->info->base->cipher == cipher_id &&
def->info->key_bitlen == (unsigned) key_bitlen &&
if (mbedtls_cipher_get_base(def->info)->cipher == cipher_id &&
mbedtls_cipher_info_get_key_bitlen(def->info) == (unsigned) key_bitlen &&
def->info->mode == mode) {
return def->info;
}
@ -178,7 +184,7 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
#endif
if (ctx->cipher_ctx) {
ctx->cipher_info->base->ctx_free_func(ctx->cipher_ctx);
mbedtls_cipher_get_base(ctx->cipher_info)->ctx_free_func(ctx->cipher_ctx);
}
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
@ -193,7 +199,7 @@ int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
if (NULL == (ctx->cipher_ctx = cipher_info->base->ctx_alloc_func())) {
if (NULL == (ctx->cipher_ctx = mbedtls_cipher_get_base(cipher_info)->ctx_alloc_func())) {
return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
}
@ -228,11 +234,11 @@ int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
/* Check that the underlying cipher mode and cipher type are
* supported by the underlying PSA Crypto implementation. */
alg = mbedtls_psa_translate_cipher_mode(cipher_info->mode, taglen);
alg = mbedtls_psa_translate_cipher_mode(((mbedtls_cipher_mode_t) cipher_info->mode), taglen);
if (alg == 0) {
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
if (mbedtls_psa_translate_cipher_type(cipher_info->type) == 0) {
if (mbedtls_psa_translate_cipher_type(((mbedtls_cipher_type_t) cipher_info->type)) == 0) {
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
@ -285,7 +291,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
}
key_type = mbedtls_psa_translate_cipher_type(
ctx->cipher_info->type);
((mbedtls_cipher_type_t) ctx->cipher_info->type));
if (key_type == 0) {
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
@ -323,7 +329,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
(int) ctx->cipher_info->key_bitlen != key_bitlen) {
(int) mbedtls_cipher_info_get_key_bitlen(ctx->cipher_info) != key_bitlen) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
@ -334,16 +340,16 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
* For OFB, CFB and CTR mode always use the encryption key schedule
*/
if (MBEDTLS_ENCRYPT == operation ||
MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode) {
return ctx->cipher_info->base->setkey_enc_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
}
if (MBEDTLS_DECRYPT == operation) {
return ctx->cipher_info->base->setkey_dec_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
}
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
@ -375,7 +381,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN) != 0) {
actual_iv_size = iv_len;
} else {
actual_iv_size = ctx->cipher_info->iv_size;
actual_iv_size = mbedtls_cipher_info_get_iv_size(ctx->cipher_info);
/* avoid reading past the end of input buffer */
if (actual_iv_size > iv_len) {
@ -384,7 +390,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
}
#if defined(MBEDTLS_CHACHA20_C)
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20) {
if (((mbedtls_cipher_type_t) ctx->cipher_info->type) == MBEDTLS_CIPHER_CHACHA20) {
/* Even though the actual_iv_size is overwritten with a correct value
* of 12 from the cipher info, return an error to indicate that
* the input iv_len is wrong. */
@ -399,7 +405,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
}
}
#if defined(MBEDTLS_CHACHAPOLY_C)
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
if (((mbedtls_cipher_type_t) ctx->cipher_info->type) == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
iv_len != 12) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
@ -407,7 +413,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
#endif
#if defined(MBEDTLS_GCM_C)
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
return mbedtls_gcm_starts((mbedtls_gcm_context *) ctx->cipher_ctx,
ctx->operation,
iv, iv_len);
@ -415,7 +421,7 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
#endif
#if defined(MBEDTLS_CCM_C)
if (MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_CCM_STAR_NO_TAG == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
int set_lengths_result;
int ccm_star_mode;
@ -485,14 +491,14 @@ int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
return mbedtls_gcm_update_ad((mbedtls_gcm_context *) ctx->cipher_ctx,
ad, ad_len);
}
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
int result;
mbedtls_chachapoly_mode_t mode;
@ -541,15 +547,16 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
}
if (ctx->cipher_info->mode == MBEDTLS_MODE_ECB) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_ECB) {
if (ilen != block_size) {
return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
}
*olen = ilen;
if (0 != (ret = ctx->cipher_info->base->ecb_func(ctx->cipher_ctx,
ctx->operation, input, output))) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ecb_func(ctx->cipher_ctx,
ctx->operation, input,
output))) {
return ret;
}
@ -557,7 +564,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
}
#if defined(MBEDTLS_GCM_C)
if (ctx->cipher_info->mode == MBEDTLS_MODE_GCM) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_GCM) {
return mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx,
input, ilen,
output, ilen, olen);
@ -565,7 +572,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
#endif
#if defined(MBEDTLS_CCM_C)
if (ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CCM_STAR_NO_TAG) {
return mbedtls_ccm_update((mbedtls_ccm_context *) ctx->cipher_ctx,
input, ilen,
output, ilen, olen);
@ -573,7 +580,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
if (((mbedtls_cipher_type_t) ctx->cipher_info->type) == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
*olen = ilen;
return mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx,
ilen, input, output);
@ -586,7 +593,7 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if (ctx->cipher_info->mode == MBEDTLS_MODE_CBC) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CBC) {
size_t copy_len = 0;
/*
@ -614,9 +621,12 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input,
copy_len);
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
ctx->operation, block_size, ctx->iv,
ctx->unprocessed_data, output))) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx,
ctx->operation,
block_size, ctx->iv,
ctx->
unprocessed_data,
output))) {
return ret;
}
@ -654,9 +664,11 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
* Process remaining full blocks
*/
if (ilen) {
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input,
output))) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx,
ctx->operation,
ilen, ctx->iv,
input,
output))) {
return ret;
}
@ -668,11 +680,12 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
if (ctx->cipher_info->mode == MBEDTLS_MODE_CFB) {
if (0 != (ret = ctx->cipher_info->base->cfb_func(ctx->cipher_ctx,
ctx->operation, ilen,
&ctx->unprocessed_len, ctx->iv,
input, output))) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CFB) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cfb_func(ctx->cipher_ctx,
ctx->operation, ilen,
&ctx->unprocessed_len,
ctx->iv,
input, output))) {
return ret;
}
@ -683,10 +696,12 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
if (ctx->cipher_info->mode == MBEDTLS_MODE_OFB) {
if (0 != (ret = ctx->cipher_info->base->ofb_func(ctx->cipher_ctx,
ilen, &ctx->unprocessed_len, ctx->iv,
input, output))) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_OFB) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ofb_func(ctx->cipher_ctx,
ilen,
&ctx->unprocessed_len,
ctx->iv,
input, output))) {
return ret;
}
@ -697,10 +712,13 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
if (ctx->cipher_info->mode == MBEDTLS_MODE_CTR) {
if (0 != (ret = ctx->cipher_info->base->ctr_func(ctx->cipher_ctx,
ilen, &ctx->unprocessed_len, ctx->iv,
ctx->unprocessed_data, input, output))) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CTR) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ctr_func(ctx->cipher_ctx,
ilen,
&ctx->unprocessed_len,
ctx->iv,
ctx->unprocessed_data,
input, output))) {
return ret;
}
@ -711,14 +729,18 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
if (ctx->cipher_info->mode == MBEDTLS_MODE_XTS) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_XTS) {
if (ctx->unprocessed_len > 0) {
/* We can only process an entire data unit at a time. */
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
ret = ctx->cipher_info->base->xts_func(ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output);
ret = mbedtls_cipher_get_base(ctx->cipher_info)->xts_func(ctx->cipher_ctx,
ctx->operation,
ilen,
ctx->iv,
input,
output);
if (ret != 0) {
return ret;
}
@ -730,9 +752,10 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
if (ctx->cipher_info->mode == MBEDTLS_MODE_STREAM) {
if (0 != (ret = ctx->cipher_info->base->stream_func(ctx->cipher_ctx,
ilen, input, output))) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_STREAM) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->stream_func(ctx->cipher_ctx,
ilen, input,
output))) {
return ret;
}
@ -944,22 +967,22 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
*olen = 0;
if (MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
MBEDTLS_MODE_STREAM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_CCM_STAR_NO_TAG == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_STREAM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
return 0;
}
if ((MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type) ||
(MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type)) {
if ((MBEDTLS_CIPHER_CHACHA20 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) ||
(MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type))) {
return 0;
}
if (MBEDTLS_MODE_ECB == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
if (ctx->unprocessed_len != 0) {
return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
}
@ -968,7 +991,7 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if (MBEDTLS_MODE_CBC == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
int ret = 0;
if (MBEDTLS_ENCRYPT == ctx->operation) {
@ -996,11 +1019,13 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
}
/* cipher block */
if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx,
ctx->operation,
mbedtls_cipher_get_block_size(ctx),
ctx->iv,
ctx->unprocessed_data, output))) {
if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx,
ctx->operation,
mbedtls_cipher_get_block_size(
ctx),
ctx->iv,
ctx->unprocessed_data,
output))) {
return ret;
}
@ -1025,7 +1050,8 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
mbedtls_cipher_padding_t mode)
{
if (NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode) {
if (NULL == ctx->cipher_info ||
MBEDTLS_MODE_CBC != ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
@ -1102,7 +1128,7 @@ int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
size_t output_length;
/* The code here doesn't yet support alternative implementations
* that can delay up to a block of output. */
@ -1113,7 +1139,7 @@ int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
/* Don't allow truncated MAC for Poly1305 */
if (tag_len != 16U) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
@ -1154,7 +1180,7 @@ int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
#if defined(MBEDTLS_GCM_C)
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
size_t output_length;
/* The code here doesn't yet support alternative implementations
* that can delay up to a block of output. */
@ -1179,7 +1205,7 @@ int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
/* Don't allow truncated MAC for Poly1305 */
if (tag_len != sizeof(check_tag)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
@ -1250,7 +1276,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
}
if (ctx->cipher_info->mode != MBEDTLS_MODE_ECB) {
if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) != MBEDTLS_MODE_ECB) {
status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
@ -1345,7 +1371,7 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
*olen = ilen;
return mbedtls_gcm_crypt_and_tag(ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
ilen, iv, iv_len, ad, ad_len,
@ -1353,7 +1379,7 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_CCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
*olen = ilen;
return mbedtls_ccm_encrypt_and_tag(ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len, input, output,
@ -1361,9 +1387,9 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
/* ChachaPoly has fixed length nonce and MAC (tag) */
if ((iv_len != ctx->cipher_info->iv_size) ||
if ((iv_len != mbedtls_cipher_info_get_iv_size(ctx->cipher_info)) ||
(tag_len != 16U)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
@ -1423,7 +1449,7 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_GCM_C)
if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
@ -1439,7 +1465,7 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) {
if (MBEDTLS_MODE_CCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
*olen = ilen;
@ -1455,11 +1481,11 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
}
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) {
if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ((mbedtls_cipher_type_t) ctx->cipher_info->type)) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* ChachaPoly has fixed length nonce and MAC (tag) */
if ((iv_len != ctx->cipher_info->iv_size) ||
if ((iv_len != mbedtls_cipher_info_get_iv_size(ctx->cipher_info)) ||
(tag_len != 16U)) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
@ -1496,10 +1522,11 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ctx->psa_enabled == 0 &&
#endif
(MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode))) {
mbedtls_nist_kw_mode_t mode =
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
/* There is no iv, tag or ad associated with KW and KWP,
* so these length should be 0 as documented. */
@ -1546,10 +1573,11 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
ctx->psa_enabled == 0 &&
#endif
(MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) {
mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode))) {
mbedtls_nist_kw_mode_t mode =
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) ?
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
/* There is no iv, tag or ad associated with KW and KWP,
* so these length should be 0 as documented. */

1034
library/cipher_wrap.c
View File

File diff suppressed because it is too large Load Diff

2
library/cipher_wrap.h
View File

@ -135,6 +135,8 @@ extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
extern int mbedtls_cipher_supported[];
extern const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[];
#ifdef __cplusplus
}
#endif

8
library/cmac.c
View File

@ -119,7 +119,7 @@ static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx,
mbedtls_platform_zeroize(L, sizeof(L));
block_size = ctx->cipher_info->block_size;
block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
/* Calculate Ek(0) */
if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) {
@ -186,7 +186,7 @@ int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
return retval;
}
type = ctx->cipher_info->type;
type = mbedtls_cipher_info_get_type(ctx->cipher_info);
switch (type) {
case MBEDTLS_CIPHER_AES_128_ECB:
@ -226,7 +226,7 @@ int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
}
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
state = ctx->cmac_ctx->state;
/* Is there data still to process from the last call, that's greater in
@ -295,7 +295,7 @@ int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
}
cmac_ctx = ctx->cmac_ctx;
block_size = ctx->cipher_info->block_size;
block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
state = cmac_ctx->state;
mbedtls_platform_zeroize(K1, sizeof(K1));

2
library/gcm.c
View File

@ -147,7 +147,7 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
return MBEDTLS_ERR_GCM_BAD_INPUT;
}
if (cipher_info->block_size != 16) {
if (mbedtls_cipher_info_get_block_size(cipher_info) != 16) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}

2
library/nist_kw.c
View File

@ -75,7 +75,7 @@ int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
if (cipher_info->block_size != 16) {
if (mbedtls_cipher_info_get_block_size(cipher_info) != 16) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}

8
library/pkcs12.c
View File

@ -151,11 +151,11 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
}
keylen = cipher_info->key_bitlen / 8;
keylen = (int) mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
key, keylen,
iv, cipher_info->iv_size)) != 0) {
iv, mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) {
return ret;
}
@ -171,7 +171,9 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
goto exit;
}
if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) {
if ((ret =
mbedtls_cipher_set_iv(&cipher_ctx, iv,
mbedtls_cipher_info_get_iv_size(cipher_info))) != 0) {
goto exit;
}

4
library/pkcs5.c
View File

@ -176,10 +176,10 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
* The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
* since it is optional and we don't know if it was set or not
*/
keylen = cipher_info->key_bitlen / 8;
keylen = (int) mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
enc_scheme_params.len != cipher_info->iv_size) {
enc_scheme_params.len != mbedtls_cipher_info_get_iv_size(cipher_info)) {
return MBEDTLS_ERR_PKCS5_INVALID_FORMAT;
}

2
library/psa_crypto_cipher.c
View File

@ -306,7 +306,7 @@ static psa_status_t psa_cipher_update_ecb(
size_t *output_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t block_size = ctx->cipher_info->block_size;
size_t block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
size_t internal_output_length = 0;
*output_length = 0;

4
library/ssl_tls.c
View File

@ -8323,7 +8323,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type);
#else
size_t block_size = cipher_info->block_size;
size_t block_size = mbedtls_cipher_info_get_block_size(cipher_info);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -8346,7 +8346,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
transform->ivlen = PSA_CIPHER_IV_LENGTH(key_type, alg);
#else
transform->ivlen = cipher_info->iv_size;
transform->ivlen = mbedtls_cipher_info_get_iv_size(cipher_info);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Minimum length */

4
library/ssl_tls13_keys.c
View File

@ -1019,14 +1019,14 @@ int mbedtls_ssl_tls13_populate_transform(
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
key_enc, cipher_info->key_bitlen,
key_enc, mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_ENCRYPT)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
return ret;
}
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
key_dec, cipher_info->key_bitlen,
key_dec, mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_DECRYPT)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
return ret;