Make CBC an option, step 3: individual ciphers

2025-08-08 17:42:09 +03:00 · 2013-09-13 16:24:20 +02:00
parent 989ed38de2
commit 92cb1d3a91
21 changed files with 162 additions and 46 deletions
--- a/library/aes.c
+++ b/library/aes.c
@@ -769,6 +769,7 @@ int aes_crypt_ecb( aes_context *ctx,
    return( 0 );
 }

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 /*
 * AES-CBC buffer encryption/decryption
 */
@@ -832,6 +833,7 @@ int aes_crypt_cbc( aes_context *ctx,

    return( 0 );
 }
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 #if defined(POLARSSL_CIPHER_MODE_CFB)
 /*
@@ -947,6 +949,7 @@ static const unsigned char aes_test_ecb_enc[3][16] =
      0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
 };

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 static const unsigned char aes_test_cbc_dec[3][16] =
 {
    { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
@@ -966,6 +969,7 @@ static const unsigned char aes_test_cbc_enc[3][16] =
    { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
      0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
 };
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 #if defined(POLARSSL_CIPHER_MODE_CFB)
 /*
@@ -1104,8 +1108,10 @@ int aes_self_test( int verbose )
    int i, j, u, v;
    unsigned char key[32];
    unsigned char buf[64];
-    unsigned char prv[16];
    unsigned char iv[16];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+    unsigned char prv[16];
+#endif
 #if defined(POLARSSL_CIPHER_MODE_CTR) || defined(POLARSSL_CIPHER_MODE_CFB)
    size_t offset;
 #endif
@@ -1170,6 +1176,7 @@ int aes_self_test( int verbose )
    if( verbose != 0 )
        printf( "\n" );

+#if defined(POLARSSL_CIPHER_MODE_CBC)
    /*
     * CBC mode
     */
@@ -1231,6 +1238,7 @@ int aes_self_test( int verbose )

    if( verbose != 0 )
        printf( "\n" );
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 #if defined(POLARSSL_CIPHER_MODE_CFB)
    /*
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -233,6 +233,7 @@ int blowfish_crypt_ecb( blowfish_context *ctx,
    return( 0 );
 }

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 /*
 * Blowfish-CBC buffer encryption/decryption
 */
@@ -284,6 +285,7 @@ int blowfish_crypt_cbc( blowfish_context *ctx,

    return( 0 );
 }
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 #if defined(POLARSSL_CIPHER_MODE_CFB)
 /*
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -523,6 +523,7 @@ int camellia_crypt_ecb( camellia_context *ctx,
    return( 0 );
 }

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 /*
 * Camellia-CBC buffer encryption/decryption
 */
@@ -574,6 +575,7 @@ int camellia_crypt_cbc( camellia_context *ctx,

    return( 0 );
 }
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 #if defined(POLARSSL_CIPHER_MODE_CFB)
 /*
@@ -732,6 +734,7 @@ static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
    }
 };

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 #define CAMELLIA_TESTS_CBC  3

 static const unsigned char camellia_test_cbc_key[3][32] =
@@ -793,6 +796,7 @@ static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
          0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
    }
 };
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 #if defined(POLARSSL_CIPHER_MODE_CTR)
 /*
@@ -867,7 +871,9 @@ int camellia_self_test( int verbose )
    unsigned char buf[64];
    unsigned char src[16];
    unsigned char dst[16];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
    unsigned char iv[16];
+#endif
 #if defined(POLARSSL_CIPHER_MODE_CTR)
    size_t offset, len;
    unsigned char nonce_counter[16];
@@ -917,6 +923,7 @@ int camellia_self_test( int verbose )
    if( verbose != 0 )
        printf( "\n" );

+#if defined(POLARSSL_CIPHER_MODE_CBC)
    /*
     * CBC mode
     */
@@ -965,6 +972,7 @@ int camellia_self_test( int verbose )
        if( verbose != 0 )
            printf( "passed\n" );
    }
+#endif /* POLARSSL_CIPHER_MODE_CBC */

    if( verbose != 0 )
        printf( "\n" );
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -77,7 +77,18 @@ static int aes_crypt_ecb_wrap( void *ctx, operation_t operation,
 static int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
        unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
+#if defined(POLARSSL_CIPHER_MODE_CBC)
    return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input, output );
+#else
+    ((void) ctx);
+    ((void) operation);
+    ((void) length);
+    ((void) iv);
+    ((void) input);
+    ((void) output);
+
+    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
 }

 static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
@@ -367,7 +378,18 @@ static int camellia_crypt_ecb_wrap( void *ctx, operation_t operation,
 static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
        unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
+#if defined(POLARSSL_CIPHER_MODE_CBC)
    return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv, input, output );
+#else
+    ((void) ctx);
+    ((void) operation);
+    ((void) length);
+    ((void) iv);
+    ((void) input);
+    ((void) output);
+
+    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
 }

 static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
@@ -600,13 +622,35 @@ static int des3_crypt_ecb_wrap( void *ctx, operation_t operation,
 static int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
        unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
+#if defined(POLARSSL_CIPHER_MODE_CBC)
    return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input, output );
+#else
+    ((void) ctx);
+    ((void) operation);
+    ((void) length);
+    ((void) iv);
+    ((void) input);
+    ((void) output);
+
+    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
 }

 static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
        unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
+#if defined(POLARSSL_CIPHER_MODE_CBC)
    return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input, output );
+#else
+    ((void) ctx);
+    ((void) operation);
+    ((void) length);
+    ((void) iv);
+    ((void) input);
+    ((void) output);
+
+    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
 }

 static int des_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
@@ -817,7 +861,18 @@ static int blowfish_crypt_ecb_wrap( void *ctx, operation_t operation,
 static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
        unsigned char *iv, const unsigned char *input, unsigned char *output )
 {
+#if defined(POLARSSL_CIPHER_MODE_CBC)
    return blowfish_crypt_cbc( (blowfish_context *) ctx, operation, length, iv, input, output );
+#else
+    ((void) ctx);
+    ((void) operation);
+    ((void) length);
+    ((void) iv);
+    ((void) input);
+    ((void) output);
+
+    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
+#endif /* POLARSSL_CIPHER_MODE_CBC */
 }

 static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation, size_t length,
--- a/library/des.c
+++ b/library/des.c
@@ -606,6 +606,7 @@ int des_crypt_ecb( des_context *ctx,
    return( 0 );
 }

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 /*
 * DES-CBC buffer encryption/decryption
 */
@@ -657,6 +658,7 @@ int des_crypt_cbc( des_context *ctx,

    return( 0 );
 }
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 /*
 * 3DES-ECB block encryption/decryption
@@ -701,6 +703,7 @@ int des3_crypt_ecb( des3_context *ctx,
    return( 0 );
 }

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 /*
 * 3DES-CBC buffer encryption/decryption
 */
@@ -752,6 +755,7 @@ int des3_crypt_cbc( des3_context *ctx,

    return( 0 );
 }
+#endif /* POLARSSL_CIPHER_MODE_CBC */

 #endif /* !POLARSSL_DES_ALT */

@@ -819,8 +823,10 @@ int des_self_test( int verbose )
    des3_context ctx3;
    unsigned char key[24];
    unsigned char buf[8];
+#if defined(POLARSSL_CIPHER_MODE_CBC)
    unsigned char prv[8];
    unsigned char iv[8];
+#endif

    memset( key, 0, 24 );

@@ -895,6 +901,7 @@ int des_self_test( int verbose )
    if( verbose != 0 )
        printf( "\n" );

+#if defined(POLARSSL_CIPHER_MODE_CBC)
    /*
     * CBC mode
     */
@@ -985,6 +992,7 @@ int des_self_test( int verbose )
        if( verbose != 0 )
            printf( "passed\n" );
    }
+#endif /* POLARSSL_CIPHER_MODE_CBC */

    if( verbose != 0 )
        printf( "\n" );
--- a/library/pem.c
+++ b/library/pem.c
@@ -48,7 +48,8 @@ void pem_init( pem_context *ctx )
    memset( ctx, 0, sizeof( pem_context ) );
 }

-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) &&         \
+    ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
 /*
 * Read a 16-byte hex string and convert it to binary
 */
@@ -183,7 +184,8 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
 }
 #endif /* POLARSSL_AES_C */

-#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+          ( POLARSSL_AES_C || POLARSSL_DES_C ) */

 int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
                     const unsigned char *data, const unsigned char *pwd,
@@ -193,13 +195,15 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
    size_t len;
    unsigned char *buf;
    const unsigned char *s1, *s2, *end;
-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) &&         \
+    ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
    unsigned char pem_iv[16];
    cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
 #else
    ((void) pwd);
    ((void) pwdlen);
-#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+          ( POLARSSL_AES_C || POLARSSL_DES_C ) */

    if( ctx == NULL )
        return( POLARSSL_ERR_PEM_BAD_INPUT_DATA );
@@ -229,7 +233,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,

    if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
    {
-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) &&         \
+    ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
        enc++;

        s1 += 22;
@@ -289,7 +294,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
        else return( POLARSSL_ERR_PEM_INVALID_DATA );
 #else
        return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+          ( POLARSSL_AES_C || POLARSSL_DES_C ) */
    }

    len = 0;
@@ -309,7 +315,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
    
    if( enc != 0 )
    {
-#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) &&         \
+    ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) )
        if( pwd == NULL )
        {
            polarssl_free( buf );
@@ -346,7 +353,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
 #else
        polarssl_free( buf );
        return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif
+#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC &&
+          ( POLARSSL_AES_C || POLARSSL_DES_C ) */
    }

    ctx->buf = buf;
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -4270,7 +4270,6 @@ int x509_self_test( int verbose )
 #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C)
    int ret;
    int flags;
-    size_t i, j;
    x509_cert cacert;
    x509_cert clicert;
    pk_context pkey;
@@ -4305,23 +4304,25 @@ int x509_self_test( int verbose )
        return( ret );
    }

+#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) &&         \
+    defined(POLARSSL_DES_C) && defined(POLARSSL_AES_C)
    if( verbose != 0 )
        printf( "passed\n  X.509 private key load: " );

-    i = strlen( test_ca_key );
-    j = strlen( test_ca_pwd );
-
    pk_init( &pkey );

    if( ( ret = x509parse_key( &pkey,
-                    (const unsigned char *) test_ca_key, i,
-                    (const unsigned char *) test_ca_pwd, j ) ) != 0 )
+                               (const unsigned char *) test_ca_key,
+                               strlen( test_ca_key ),
+                               (const unsigned char *) test_ca_pwd,
+                               strlen( test_ca_pwd ) ) ) != 0 )
    {
        if( verbose != 0 )
            printf( "failed\n" );

        return( ret );
    }
+#endif

    if( verbose != 0 )
        printf( "passed\n  X.509 signature verify: ");
@@ -4341,10 +4342,8 @@ int x509_self_test( int verbose )
    if( verbose != 0 )
        printf( "passed\n  X.509 DHM parameter load: " );

-    i = strlen( test_dhm_params );
-    j = strlen( test_ca_pwd );
-
-    if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, i ) ) != 0 )
+    if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params,
+                                     strlen( test_dhm_params ) ) ) != 0 )
    {
        if( verbose != 0 )
            printf( "failed\n" );
--- a/library/xtea.c
+++ b/library/xtea.c
@@ -111,6 +111,7 @@ int xtea_crypt_ecb( xtea_context *ctx, int mode,
    return( 0 );
 }

+#if defined(POLARSSL_CIPHER_MODE_CBC)
 /*
 * XTEA-CBC buffer encryption/decryption
 */
@@ -159,6 +160,7 @@ int xtea_crypt_cbc( xtea_context *ctx, int mode, size_t length,

    return( 0 );
 }
+#endif /* POLARSSL_CIPHER_MODE_CBC */
 #endif /* !POLARSSL_XTEA_ALT */

 #if defined(POLARSSL_SELF_TEST)