mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length
GCM: allow arbitrary lengths for update Only the ABI-API-checking job failed and this is expected thus good to go.
This commit is contained in:
Ronald Cron
GitHub
@ -724,11 +724,6 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
|
||||
* Exception: For MBEDTLS_MODE_ECB, expects a single block
|
||||
* in size. For example, 16 Bytes for AES.
|
||||
*
|
||||
* \note If the underlying cipher is used in GCM mode, all calls
|
||||
* to this function, except for the last one before
|
||||
* mbedtls_cipher_finish(), must have \p ilen as a
|
||||
* multiple of the block size of the cipher.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* \param input The buffer holding the input data. This must be a
|
||||
|
||||
@ -227,6 +227,32 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
* \param iv The initialization vector. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes.
|
||||
* \param iv_len The length of the IV.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
const unsigned char *iv,
|
||||
size_t iv_len );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer as associated data
|
||||
* (authenticated but not encrypted data) in a GCM
|
||||
* encryption or decryption operation.
|
||||
*
|
||||
* Call this function after mbedtls_gcm_starts() to pass
|
||||
* the associated data. If the associated data is empty,
|
||||
* you do not need to call this function. You may not
|
||||
* call this function after calling mbedtls_cipher_update().
|
||||
*
|
||||
* \note This function may only be called once per operation:
|
||||
* you must pass the whole associated data in a single
|
||||
* call. This limitation will be lifted in a future version
|
||||
* of Mbed TLS.
|
||||
*
|
||||
* \param ctx The GCM context. This must have been started with
|
||||
* mbedtls_gcm_starts() and must not have yet received
|
||||
* any input with mbedtls_gcm_update().
|
||||
* \param add The buffer holding the additional data, or \c NULL
|
||||
* if \p add_len is \c 0.
|
||||
* \param add_len The length of the additional data. If \c 0,
|
||||
@ -234,42 +260,65 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
*/
|
||||
int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||
int mode,
|
||||
const unsigned char *iv,
|
||||
size_t iv_len,
|
||||
const unsigned char *add,
|
||||
size_t add_len );
|
||||
int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
|
||||
const unsigned char *add,
|
||||
size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief This function feeds an input buffer into an ongoing GCM
|
||||
* encryption or decryption operation.
|
||||
*
|
||||
* ` The function expects input to be a multiple of 16
|
||||
* Bytes. Only the last call before calling
|
||||
* mbedtls_gcm_finish() can be less than 16 Bytes.
|
||||
* You may call this function zero, one or more times
|
||||
* to pass successive parts of the input: the plaintext to
|
||||
* encrypt, or the ciphertext (not including the tag) to
|
||||
* decrypt. After the last part of the input, call
|
||||
* mbedtls_gcm_finish().
|
||||
*
|
||||
* This function may produce output in one of the following
|
||||
* ways:
|
||||
* - Immediate output: the output length is always equal
|
||||
* to the input length.
|
||||
* - Buffered output: the output consists of a whole number
|
||||
* of 16-byte blocks. If the total input length so far
|
||||
* (not including associated data) is 16 \* *B* + *A*
|
||||
* with *A* < 16 then the total output length is 16 \* *B*.
|
||||
*
|
||||
* In particular:
|
||||
* - It is always correct to call this function with
|
||||
* \p output_size >= \p input_length + 15.
|
||||
* - If \p input_length is a multiple of 16 for all the calls
|
||||
* to this function during an operation, then it is
|
||||
* correct to use \p output_size = \p input_length.
|
||||
*
|
||||
* \note For decryption, the output buffer cannot be the same as
|
||||
* input buffer. If the buffers overlap, the output buffer
|
||||
* must trail at least 8 Bytes behind the input buffer.
|
||||
*
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param length The length of the input data. This must be a multiple of
|
||||
* 16 except in the last call before mbedtls_gcm_finish().
|
||||
* \param input The buffer holding the input data. If \p length is greater
|
||||
* than zero, this must be a readable buffer of at least that
|
||||
* size in Bytes.
|
||||
* \param output The buffer for holding the output data. If \p length is
|
||||
* greater than zero, this must be a writable buffer of at
|
||||
* least that size in Bytes.
|
||||
* \param ctx The GCM context. This must be initialized.
|
||||
* \param input The buffer holding the input data. If \p input_length
|
||||
* is greater than zero, this must be a readable buffer
|
||||
* of at least \p input_length bytes.
|
||||
* \param input_length The length of the input data in bytes.
|
||||
* \param output The buffer for the output data. If \p output_size
|
||||
* is greater than zero, this must be a writable buffer of
|
||||
* of at least \p output_size bytes.
|
||||
* \param output_size The size of the output buffer in bytes.
|
||||
* See the function description regarding the output size.
|
||||
* \param output_length On success, \p *output_length contains the actual
|
||||
* length of the output written in \p output.
|
||||
* On failure, the content of \p *output_length is
|
||||
* unspecified.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
|
||||
* total input length too long,
|
||||
* unsupported input/output buffer overlap detected,
|
||||
* or \p output_size too small.
|
||||
*/
|
||||
int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
size_t length,
|
||||
const unsigned char *input,
|
||||
unsigned char *output );
|
||||
const unsigned char *input, size_t input_length,
|
||||
unsigned char *output, size_t output_size,
|
||||
size_t *output_length );
|
||||
|
||||
/**
|
||||
* \brief This function finishes the GCM operation and generates
|
||||
@ -283,13 +332,26 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
* buffer of at least \p tag_len Bytes.
|
||||
* \param tag_len The length of the tag to generate. This must be at least
|
||||
* four.
|
||||
* \param output The buffer for the final output.
|
||||
* If \p output_size is nonzero, this must be a writable
|
||||
* buffer of at least \p output_size bytes.
|
||||
* \param output_size The size of the \p output buffer in bytes.
|
||||
* This must be large enough for the output that
|
||||
* mbedtls_gcm_update() has not produced. In particular:
|
||||
* - If mbedtls_gcm_update() produces immediate output,
|
||||
* or if the total input size is a multiple of \c 16,
|
||||
* then mbedtls_gcm_finish() never produces any output,
|
||||
* so \p output_size can be \c 0.
|
||||
* - \p output_size never needs to be more than \c 15.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
|
||||
* invalid value of \p tag_len,
|
||||
* or \p output_size too small.
|
||||
*/
|
||||
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
||||
unsigned char *tag,
|
||||
size_t tag_len );
|
||||
unsigned char *output, size_t output_size,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief This function clears a GCM context and the underlying
|
||||
|
||||
Reference in New Issue
Block a user