mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge CCM cipher mode and ciphersuites
Conflicts: library/ssl_tls.c
This commit is contained in:
Paul Bakker
@ -11,6 +11,7 @@ set(src
|
||||
bignum.c
|
||||
blowfish.c
|
||||
camellia.c
|
||||
ccm.c
|
||||
certs.c
|
||||
cipher.c
|
||||
cipher_wrap.c
|
||||
|
||||
@ -37,7 +37,7 @@ endif
|
||||
OBJS= aes.o aesni.o arc4.o \
|
||||
asn1parse.o \
|
||||
asn1write.o base64.o bignum.o \
|
||||
blowfish.o camellia.o \
|
||||
blowfish.o camellia.o ccm.o \
|
||||
certs.o cipher.o cipher_wrap.o \
|
||||
ctr_drbg.o debug.o des.o \
|
||||
dhm.o ecdh.o ecdsa.o \
|
||||
|
||||
448
library/ccm.c
Normal file
448
library/ccm.c
Normal file
@ -0,0 +1,448 @@
|
||||
/*
|
||||
* NIST SP800-38C compliant CCM implementation
|
||||
*
|
||||
* Copyright (C) 2014, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Definition of CCM:
|
||||
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
|
||||
* RFC 3610 "Counter with CBC-MAC (CCM)"
|
||||
*
|
||||
* Related:
|
||||
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
|
||||
*/
|
||||
|
||||
#if !defined(POLARSSL_CONFIG_FILE)
|
||||
#include "polarssl/config.h"
|
||||
#else
|
||||
#include POLARSSL_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
|
||||
#include "polarssl/ccm.h"
|
||||
|
||||
#define CCM_ENCRYPT 0
|
||||
#define CCM_DECRYPT 1
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
int ccm_init( ccm_context *ctx, cipher_id_t cipher,
|
||||
const unsigned char *key, unsigned int keysize )
|
||||
{
|
||||
int ret;
|
||||
const cipher_info_t *cipher_info;
|
||||
|
||||
memset( ctx, 0, sizeof( ccm_context ) );
|
||||
|
||||
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
|
||||
if( cipher_info == NULL )
|
||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||
|
||||
if( cipher_info->block_size != 16 )
|
||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||
|
||||
if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = cipher_setkey( &ctx->cipher_ctx, key, keysize,
|
||||
POLARSSL_ENCRYPT ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Free context
|
||||
*/
|
||||
void ccm_free( ccm_context *ctx )
|
||||
{
|
||||
(void) cipher_free_ctx( &ctx->cipher_ctx );
|
||||
memset( ctx, 0, sizeof( ccm_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Macros for common operations.
|
||||
* Results in smaller compiled code than static inline functions.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Update the CBC-MAC state in y using a block in b
|
||||
* (Always using b as the source helps the compiler optimise a bit better.)
|
||||
*/
|
||||
#define UPDATE_CBC_MAC \
|
||||
for( i = 0; i < 16; i++ ) \
|
||||
y[i] ^= b[i]; \
|
||||
\
|
||||
if( ( ret = cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
|
||||
return( ret );
|
||||
|
||||
/*
|
||||
* Encrypt or decrypt a partial block with CTR
|
||||
* Warning: using b for temporary storage! src and dst must not be b!
|
||||
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
|
||||
*/
|
||||
#define CTR_CRYPT( dst, src, len ) \
|
||||
if( ( ret = cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 ) \
|
||||
return( ret ); \
|
||||
\
|
||||
for( i = 0; i < len; i++ ) \
|
||||
dst[i] = src[i] ^ b[i];
|
||||
|
||||
/*
|
||||
* Authenticated encryption or decryption
|
||||
*/
|
||||
static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char i;
|
||||
unsigned char q = 16 - 1 - iv_len;
|
||||
size_t len_left, olen;
|
||||
unsigned char b[16];
|
||||
unsigned char y[16];
|
||||
unsigned char ctr[16];
|
||||
const unsigned char *src;
|
||||
unsigned char *dst;
|
||||
|
||||
/*
|
||||
* Check length requirements: SP800-38C A.1
|
||||
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
|
||||
* 'length' checked later (when writing it to the first block)
|
||||
*/
|
||||
if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
|
||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||
|
||||
/* Also implies q is within bounds */
|
||||
if( iv_len < 7 || iv_len > 13 )
|
||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||
|
||||
if( add_len > 0xFF00 )
|
||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||
|
||||
/*
|
||||
* First block B_0:
|
||||
* 0 .. 0 flags
|
||||
* 1 .. iv_len nonce (aka iv)
|
||||
* iv_len+1 .. 15 length
|
||||
*
|
||||
* With flags as (bits):
|
||||
* 7 0
|
||||
* 6 add present?
|
||||
* 5 .. 3 (t - 2) / 2
|
||||
* 2 .. 0 q - 1
|
||||
*/
|
||||
b[0] = 0;
|
||||
b[0] |= ( add_len > 0 ) << 6;
|
||||
b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
|
||||
b[0] |= q - 1;
|
||||
|
||||
memcpy( b + 1, iv, iv_len );
|
||||
|
||||
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
|
||||
b[15-i] = (unsigned char)( len_left & 0xFF );
|
||||
|
||||
if( len_left > 0 )
|
||||
return( POLARSSL_ERR_CCM_BAD_INPUT );
|
||||
|
||||
|
||||
/* Start CBC-MAC with first block */
|
||||
memset( y, 0, 16 );
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
/*
|
||||
* If there is additional data, update CBC-MAC with
|
||||
* add_len, add, 0 (padding to a block boundary)
|
||||
*/
|
||||
if( add_len > 0 )
|
||||
{
|
||||
size_t use_len;
|
||||
len_left = add_len;
|
||||
src = add;
|
||||
|
||||
memset( b, 0, 16 );
|
||||
b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
|
||||
b[1] = (unsigned char)( ( add_len ) & 0xFF );
|
||||
|
||||
use_len = len_left < 16 - 2 ? len_left : 16 - 2;
|
||||
memcpy( b + 2, src, use_len );
|
||||
len_left -= use_len;
|
||||
src += use_len;
|
||||
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
while( len_left > 0 )
|
||||
{
|
||||
use_len = len_left > 16 ? 16 : len_left;
|
||||
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, src, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
|
||||
len_left -= use_len;
|
||||
src += use_len;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Prepare counter block for encryption:
|
||||
* 0 .. 0 flags
|
||||
* 1 .. iv_len nonce (aka iv)
|
||||
* iv_len+1 .. 15 counter (initially 1)
|
||||
*
|
||||
* With flags as (bits):
|
||||
* 7 .. 3 0
|
||||
* 2 .. 0 q - 1
|
||||
*/
|
||||
ctr[0] = q - 1;
|
||||
memcpy( ctr + 1, iv, iv_len );
|
||||
memset( ctr + 1 + iv_len, 0, q );
|
||||
ctr[15] = 1;
|
||||
|
||||
/*
|
||||
* Authenticate and {en,de}crypt the message.
|
||||
*
|
||||
* The only difference between encryption and decryption is
|
||||
* the respective order of authentication and {en,de}cryption.
|
||||
*/
|
||||
len_left = length;
|
||||
src = input;
|
||||
dst = output;
|
||||
|
||||
while( len_left > 0 )
|
||||
{
|
||||
unsigned char use_len = len_left > 16 ? 16 : len_left;
|
||||
|
||||
if( mode == CCM_ENCRYPT )
|
||||
{
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, src, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
}
|
||||
|
||||
CTR_CRYPT( dst, src, use_len );
|
||||
|
||||
if( mode == CCM_DECRYPT )
|
||||
{
|
||||
memset( b, 0, 16 );
|
||||
memcpy( b, dst, use_len );
|
||||
UPDATE_CBC_MAC;
|
||||
}
|
||||
|
||||
dst += use_len;
|
||||
src += use_len;
|
||||
len_left -= use_len;
|
||||
|
||||
/*
|
||||
* Increment counter.
|
||||
* No need to check for overflow thanks to the length check above.
|
||||
*/
|
||||
for( i = 0; i < q; i++ )
|
||||
if( ++ctr[15-i] != 0 )
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* Authentication: reset counter and crypt/mask internal tag
|
||||
*/
|
||||
for( i = 0; i < q; i++ )
|
||||
ctr[15-i] = 0;
|
||||
|
||||
CTR_CRYPT( y, y, 16 );
|
||||
memcpy( tag, y, tag_len );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticated encryption
|
||||
*/
|
||||
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
|
||||
add, add_len, input, output, tag, tag_len ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticated decryption
|
||||
*/
|
||||
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *add, size_t add_len,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char check_tag[16];
|
||||
unsigned char i;
|
||||
int diff;
|
||||
|
||||
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
|
||||
iv, iv_len, add, add_len,
|
||||
input, output, check_tag, tag_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/* Check tag in "constant-time" */
|
||||
for( diff = 0, i = 0; i < tag_len; i++ )
|
||||
diff |= tag[i] ^ check_tag[i];
|
||||
|
||||
if( diff != 0 )
|
||||
{
|
||||
memset( output, 0, length );
|
||||
return( POLARSSL_ERR_CCM_AUTH_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
|
||||
|
||||
#if defined(POLARSSL_PLATFORM_C)
|
||||
#include "polarssl/platform.h"
|
||||
#else
|
||||
#define polarssl_printf printf
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Examples 1 to 3 from SP800-38C Appendix C
|
||||
*/
|
||||
|
||||
#define NB_TESTS 3
|
||||
|
||||
/*
|
||||
* The data is the same for all tests, only the used length changes
|
||||
*/
|
||||
static const unsigned char key[] = {
|
||||
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
|
||||
};
|
||||
|
||||
static const unsigned char iv[] = {
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
0x18, 0x19, 0x1a, 0x1b
|
||||
};
|
||||
|
||||
static const unsigned char ad[] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
0x10, 0x11, 0x12, 0x13
|
||||
};
|
||||
|
||||
static const unsigned char msg[] = {
|
||||
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
||||
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
||||
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
||||
};
|
||||
|
||||
static const size_t iv_len [NB_TESTS] = { 7, 8, 12 };
|
||||
static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
|
||||
static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
|
||||
static const size_t tag_len[NB_TESTS] = { 4, 6, 8 };
|
||||
|
||||
static const unsigned char res[NB_TESTS][32] = {
|
||||
{ 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
|
||||
{ 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
|
||||
0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
|
||||
0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
|
||||
{ 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
|
||||
0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
|
||||
0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
|
||||
0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
|
||||
};
|
||||
|
||||
int ccm_self_test( int verbose )
|
||||
{
|
||||
ccm_context ctx;
|
||||
unsigned char out[32];
|
||||
size_t i;
|
||||
int ret;
|
||||
|
||||
if( ccm_init( &ctx, POLARSSL_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
polarssl_printf( " CCM: setup failed" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
for( i = 0; i < NB_TESTS; i++ )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
|
||||
|
||||
ret = ccm_encrypt_and_tag( &ctx, msg_len[i],
|
||||
iv, iv_len[i], ad, add_len[i],
|
||||
msg, out,
|
||||
out + msg_len[i], tag_len[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
polarssl_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
ret = ccm_auth_decrypt( &ctx, msg_len[i],
|
||||
iv, iv_len[i], ad, add_len[i],
|
||||
res[i], out,
|
||||
res[i] + msg_len[i], tag_len[i] );
|
||||
|
||||
if( ret != 0 ||
|
||||
memcmp( out, msg, msg_len[i] ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
polarssl_printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
polarssl_printf( "passed\n" );
|
||||
}
|
||||
|
||||
ccm_free( &ctx );
|
||||
|
||||
if( verbose != 0 )
|
||||
polarssl_printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
|
||||
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
113
library/cipher.c
113
library/cipher.c
@ -42,6 +42,10 @@
|
||||
#include "polarssl/gcm.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
#include "polarssl/ccm.h"
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
@ -771,6 +775,115 @@ int cipher_check_tag( cipher_context_t *ctx,
|
||||
}
|
||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
||||
|
||||
/*
|
||||
* Packet-oriented wrapper for non-AEAD modes
|
||||
*/
|
||||
int cipher_crypt( cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen )
|
||||
{
|
||||
int ret;
|
||||
size_t finish_olen;
|
||||
|
||||
if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = cipher_reset( ctx ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
*olen += finish_olen;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_CIPHER_MODE_AEAD)
|
||||
/*
|
||||
* Packet-oriented encryption for AEAD modes
|
||||
*/
|
||||
int cipher_auth_encrypt( cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *ad, size_t ad_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen,
|
||||
unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
||||
{
|
||||
*olen = ilen;
|
||||
return( gcm_crypt_and_tag( ctx->cipher_ctx, GCM_ENCRYPT, ilen,
|
||||
iv, iv_len, ad, ad_len, input, output,
|
||||
tag_len, tag ) );
|
||||
}
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
|
||||
{
|
||||
*olen = ilen;
|
||||
return( ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
|
||||
iv, iv_len, ad, ad_len, input, output,
|
||||
tag, tag_len ) );
|
||||
}
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
|
||||
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
/*
|
||||
* Packet-oriented decryption for AEAD modes
|
||||
*/
|
||||
int cipher_auth_decrypt( cipher_context_t *ctx,
|
||||
const unsigned char *iv, size_t iv_len,
|
||||
const unsigned char *ad, size_t ad_len,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen,
|
||||
const unsigned char *tag, size_t tag_len )
|
||||
{
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
|
||||
{
|
||||
int ret;
|
||||
|
||||
*olen = ilen;
|
||||
ret = gcm_auth_decrypt( ctx->cipher_ctx, ilen,
|
||||
iv, iv_len, ad, ad_len,
|
||||
tag, tag_len, input, output );
|
||||
|
||||
if( ret == POLARSSL_ERR_GCM_AUTH_FAILED )
|
||||
ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
|
||||
{
|
||||
int ret;
|
||||
|
||||
*olen = ilen;
|
||||
ret = ccm_auth_decrypt( ctx->cipher_ctx, ilen,
|
||||
iv, iv_len, ad, ad_len,
|
||||
input, output, tag, tag_len );
|
||||
|
||||
if( ret == POLARSSL_ERR_CCM_AUTH_FAILED )
|
||||
ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
|
||||
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* POLARSSL_CIPHER_MODE_AEAD */
|
||||
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
||||
/*
|
||||
|
||||
@ -61,6 +61,10 @@
|
||||
#include "polarssl/gcm.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
#include "polarssl/ccm.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_PLATFORM_C)
|
||||
#include "polarssl/platform.h"
|
||||
#else
|
||||
@ -84,6 +88,20 @@ static void gcm_ctx_free( void *ctx )
|
||||
}
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
/* shared by all CCM ciphers */
|
||||
static void *ccm_ctx_alloc( void )
|
||||
{
|
||||
return polarssl_malloc( sizeof( ccm_context ) );
|
||||
}
|
||||
|
||||
static void ccm_ctx_free( void *ctx )
|
||||
{
|
||||
ccm_free( ctx );
|
||||
polarssl_free( ctx );
|
||||
}
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
|
||||
static int aes_crypt_ecb_wrap( void *ctx, operation_t operation,
|
||||
@ -378,6 +396,61 @@ const cipher_info_t aes_256_gcm_info = {
|
||||
};
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
|
||||
unsigned int key_length )
|
||||
{
|
||||
return ccm_init( (ccm_context *) ctx, POLARSSL_CIPHER_ID_AES,
|
||||
key, key_length );
|
||||
}
|
||||
|
||||
const cipher_base_t ccm_aes_info = {
|
||||
POLARSSL_CIPHER_ID_AES,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
ccm_aes_setkey_wrap,
|
||||
ccm_aes_setkey_wrap,
|
||||
ccm_ctx_alloc,
|
||||
ccm_ctx_free,
|
||||
};
|
||||
|
||||
const cipher_info_t aes_128_ccm_info = {
|
||||
POLARSSL_CIPHER_AES_128_CCM,
|
||||
POLARSSL_MODE_CCM,
|
||||
128,
|
||||
"AES-128-CCM",
|
||||
12,
|
||||
1,
|
||||
16,
|
||||
&ccm_aes_info
|
||||
};
|
||||
|
||||
const cipher_info_t aes_192_ccm_info = {
|
||||
POLARSSL_CIPHER_AES_192_CCM,
|
||||
POLARSSL_MODE_CCM,
|
||||
192,
|
||||
"AES-192-CCM",
|
||||
12,
|
||||
1,
|
||||
16,
|
||||
&ccm_aes_info
|
||||
};
|
||||
|
||||
const cipher_info_t aes_256_ccm_info = {
|
||||
POLARSSL_CIPHER_AES_256_CCM,
|
||||
POLARSSL_MODE_CCM,
|
||||
256,
|
||||
"AES-256-CCM",
|
||||
12,
|
||||
1,
|
||||
16,
|
||||
&ccm_aes_info
|
||||
};
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
@ -676,6 +749,61 @@ const cipher_info_t camellia_256_gcm_info = {
|
||||
};
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
|
||||
unsigned int key_length )
|
||||
{
|
||||
return ccm_init( (ccm_context *) ctx, POLARSSL_CIPHER_ID_CAMELLIA,
|
||||
key, key_length );
|
||||
}
|
||||
|
||||
const cipher_base_t ccm_camellia_info = {
|
||||
POLARSSL_CIPHER_ID_CAMELLIA,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
ccm_camellia_setkey_wrap,
|
||||
ccm_camellia_setkey_wrap,
|
||||
ccm_ctx_alloc,
|
||||
ccm_ctx_free,
|
||||
};
|
||||
|
||||
const cipher_info_t camellia_128_ccm_info = {
|
||||
POLARSSL_CIPHER_CAMELLIA_128_CCM,
|
||||
POLARSSL_MODE_CCM,
|
||||
128,
|
||||
"CAMELLIA-128-CCM",
|
||||
12,
|
||||
1,
|
||||
16,
|
||||
&ccm_camellia_info
|
||||
};
|
||||
|
||||
const cipher_info_t camellia_192_ccm_info = {
|
||||
POLARSSL_CIPHER_CAMELLIA_192_CCM,
|
||||
POLARSSL_MODE_CCM,
|
||||
192,
|
||||
"CAMELLIA-192-CCM",
|
||||
12,
|
||||
1,
|
||||
16,
|
||||
&ccm_camellia_info
|
||||
};
|
||||
|
||||
const cipher_info_t camellia_256_ccm_info = {
|
||||
POLARSSL_CIPHER_CAMELLIA_256_CCM,
|
||||
POLARSSL_MODE_CCM,
|
||||
256,
|
||||
"CAMELLIA-256-CCM",
|
||||
12,
|
||||
1,
|
||||
16,
|
||||
&ccm_camellia_info
|
||||
};
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
@ -1217,6 +1345,11 @@ const cipher_definition_t cipher_definitions[] =
|
||||
{ POLARSSL_CIPHER_AES_192_GCM, &aes_192_gcm_info },
|
||||
{ POLARSSL_CIPHER_AES_256_GCM, &aes_256_gcm_info },
|
||||
#endif
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
{ POLARSSL_CIPHER_AES_128_CCM, &aes_128_ccm_info },
|
||||
{ POLARSSL_CIPHER_AES_192_CCM, &aes_192_ccm_info },
|
||||
{ POLARSSL_CIPHER_AES_256_CCM, &aes_256_ccm_info },
|
||||
#endif
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_ARC4_C)
|
||||
@ -1260,6 +1393,11 @@ const cipher_definition_t cipher_definitions[] =
|
||||
{ POLARSSL_CIPHER_CAMELLIA_192_GCM, &camellia_192_gcm_info },
|
||||
{ POLARSSL_CIPHER_CAMELLIA_256_GCM, &camellia_256_gcm_info },
|
||||
#endif
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
{ POLARSSL_CIPHER_CAMELLIA_128_CCM, &camellia_128_ccm_info },
|
||||
{ POLARSSL_CIPHER_CAMELLIA_192_CCM, &camellia_192_ccm_info },
|
||||
{ POLARSSL_CIPHER_CAMELLIA_256_CCM, &camellia_256_ccm_info },
|
||||
#endif
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
|
||||
@ -53,6 +53,10 @@
|
||||
#include "polarssl/camellia.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
#include "polarssl/ccm.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_CIPHER_C)
|
||||
#include "polarssl/cipher.h"
|
||||
#endif
|
||||
@ -578,6 +582,13 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
if( use_ret == -(POLARSSL_ERR_CCM_BAD_INPUT) )
|
||||
snprintf( buf, buflen, "CCM - Bad input parameters to function" );
|
||||
if( use_ret == -(POLARSSL_ERR_CCM_AUTH_FAILED) )
|
||||
snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
|
||||
#if defined(POLARSSL_CTR_DRBG_C)
|
||||
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) )
|
||||
snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );
|
||||
|
||||
@ -51,13 +51,15 @@
|
||||
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
|
||||
* 2. By key length and cipher:
|
||||
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
|
||||
* 3. By cipher mode when relevant GCM > CBC
|
||||
* 4. By hash function used
|
||||
* 3. By cipher mode when relevant CCM > GCM > CBC > CCM_8
|
||||
* 4. By hash function used when relevant
|
||||
* 5. By key exchange/auth again: EC > non-EC
|
||||
*/
|
||||
static const int ciphersuite_preference[] =
|
||||
{
|
||||
/* All AES-256 ephemeral suites */
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
|
||||
TLS_DHE_RSA_WITH_AES_256_CCM,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
@ -67,6 +69,8 @@ static const int ciphersuite_preference[] =
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
|
||||
TLS_DHE_RSA_WITH_AES_256_CCM_8,
|
||||
|
||||
/* All CAMELLIA-256 ephemeral suites */
|
||||
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
@ -78,6 +82,8 @@ static const int ciphersuite_preference[] =
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
|
||||
/* All AES-128 ephemeral suites */
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
|
||||
TLS_DHE_RSA_WITH_AES_128_CCM,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
@ -87,6 +93,8 @@ static const int ciphersuite_preference[] =
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
|
||||
TLS_DHE_RSA_WITH_AES_128_CCM_8,
|
||||
|
||||
/* All CAMELLIA-128 ephemeral suites */
|
||||
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
@ -103,6 +111,7 @@ static const int ciphersuite_preference[] =
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The PSK ephemeral suites */
|
||||
TLS_DHE_PSK_WITH_AES_256_CCM,
|
||||
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
@ -111,7 +120,9 @@ static const int ciphersuite_preference[] =
|
||||
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
TLS_DHE_PSK_WITH_AES_256_CCM_8,
|
||||
|
||||
TLS_DHE_PSK_WITH_AES_128_CCM,
|
||||
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
@ -120,11 +131,13 @@ static const int ciphersuite_preference[] =
|
||||
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_DHE_PSK_WITH_AES_128_CCM_8,
|
||||
|
||||
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* All AES-256 suites */
|
||||
TLS_RSA_WITH_AES_256_CCM,
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
@ -134,6 +147,7 @@ static const int ciphersuite_preference[] =
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CCM_8,
|
||||
|
||||
/* All CAMELLIA-256 suites */
|
||||
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
@ -145,6 +159,7 @@ static const int ciphersuite_preference[] =
|
||||
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
|
||||
/* All AES-128 suites */
|
||||
TLS_RSA_WITH_AES_128_CCM,
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
@ -154,6 +169,7 @@ static const int ciphersuite_preference[] =
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_CCM_8,
|
||||
|
||||
/* All CAMELLIA-128 suites */
|
||||
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
@ -185,17 +201,21 @@ static const int ciphersuite_preference[] =
|
||||
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* The PSK suites */
|
||||
TLS_PSK_WITH_AES_256_CCM,
|
||||
TLS_PSK_WITH_AES_256_GCM_SHA384,
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA384,
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
|
||||
TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
TLS_PSK_WITH_AES_256_CCM_8,
|
||||
|
||||
TLS_PSK_WITH_AES_128_CCM,
|
||||
TLS_PSK_WITH_AES_128_GCM_SHA256,
|
||||
TLS_PSK_WITH_AES_128_CBC_SHA256,
|
||||
TLS_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS_PSK_WITH_AES_128_CCM_8,
|
||||
|
||||
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
@ -240,7 +260,7 @@ static const int ciphersuite_preference[] =
|
||||
0
|
||||
};
|
||||
|
||||
#define MAX_CIPHERSUITES 160
|
||||
#define MAX_CIPHERSUITES 176
|
||||
static int supported_ciphersuites[MAX_CIPHERSUITES];
|
||||
static int supported_init = 0;
|
||||
|
||||
@ -294,6 +314,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
0 },
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_SHA512_C */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
@ -533,6 +575,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
@ -646,6 +710,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
0 },
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
{ TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
{ TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
@ -1018,6 +1104,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
{ TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
{ TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
@ -1132,6 +1240,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
||||
0 },
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
#endif /* POLARSSL_CIPHER_MODE_CBC */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
{ TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
|
||||
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
{ TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
0 },
|
||||
{ TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
|
||||
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG },
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
|
||||
@ -506,7 +506,8 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
* Determine the appropriate key, IV and MAC length.
|
||||
*/
|
||||
|
||||
if( cipher_info->mode == POLARSSL_MODE_GCM )
|
||||
if( cipher_info->mode == POLARSSL_MODE_GCM ||
|
||||
cipher_info->mode == POLARSSL_MODE_CCM )
|
||||
{
|
||||
transform->keylen = cipher_info->key_length;
|
||||
transform->keylen /= 8;
|
||||
@ -991,17 +992,19 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
|
||||
static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
{
|
||||
size_t i;
|
||||
const cipher_mode_t mode = cipher_get_cipher_mode(
|
||||
&ssl->transform_out->cipher_ctx_enc );
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
|
||||
|
||||
/*
|
||||
* Add MAC before encrypt, except for GCM
|
||||
* Add MAC before encrypt, except for AEAD modes
|
||||
*/
|
||||
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
|
||||
( defined(POLARSSL_CIPHER_MODE_CBC) && \
|
||||
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
|
||||
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode !=
|
||||
POLARSSL_MODE_GCM )
|
||||
if( mode != POLARSSL_MODE_GCM &&
|
||||
mode != POLARSSL_MODE_CCM )
|
||||
{
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
||||
@ -1037,14 +1040,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
|
||||
ssl->out_msglen += ssl->transform_out->maclen;
|
||||
}
|
||||
#endif /* GCM not the only option */
|
||||
#endif /* AEAD not the only option */
|
||||
|
||||
/*
|
||||
* Encrypt
|
||||
*/
|
||||
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
|
||||
POLARSSL_MODE_STREAM )
|
||||
if( mode == POLARSSL_MODE_STREAM )
|
||||
{
|
||||
int ret;
|
||||
size_t olen = 0;
|
||||
@ -1056,25 +1058,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_reset", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
|
||||
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen ) ) != 0 )
|
||||
ssl->transform_out->ivlen,
|
||||
ssl->out_msg, ssl->out_msglen,
|
||||
ssl->out_msg, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->out_msg, ssl->out_msglen, ssl->out_msg,
|
||||
&olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update", ret );
|
||||
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
@ -1084,31 +1074,19 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
ssl->out_msglen, olen ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->out_msg + olen, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_finish", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( 0 != olen )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
|
||||
0, olen ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
|
||||
POLARSSL_MODE_GCM )
|
||||
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
|
||||
if( mode == POLARSSL_MODE_GCM ||
|
||||
mode == POLARSSL_MODE_CCM )
|
||||
{
|
||||
size_t enc_msglen, olen, totlen;
|
||||
int ret;
|
||||
size_t enc_msglen, olen;
|
||||
unsigned char *enc_msg;
|
||||
unsigned char add_data[13];
|
||||
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16;
|
||||
|
||||
memcpy( add_data, ssl->out_ctr, 8 );
|
||||
add_data[8] = ssl->out_msgtype;
|
||||
@ -1152,67 +1130,36 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
/*
|
||||
* Encrypt
|
||||
* Encrypt and authenticate
|
||||
*/
|
||||
if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen ) ) != 0 ||
|
||||
( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
|
||||
if( ( ret = cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen,
|
||||
add_data, 13,
|
||||
enc_msg, enc_msglen,
|
||||
enc_msg, &olen,
|
||||
enc_msg + enc_msglen, taglen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_reset", ret );
|
||||
SSL_DEBUG_RET( 1, "cipher_auth_encrypt", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update_ad( &ssl->transform_out->cipher_ctx_enc,
|
||||
add_data, 13 ) ) != 0 )
|
||||
if( olen != enc_msglen )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update_ad", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
|
||||
enc_msg, enc_msglen,
|
||||
enc_msg, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update", ret );
|
||||
return( ret );
|
||||
}
|
||||
totlen = olen;
|
||||
|
||||
if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
|
||||
enc_msg + olen, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_finish", ret );
|
||||
return( ret );
|
||||
}
|
||||
totlen += olen;
|
||||
|
||||
if( totlen != enc_msglen )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
|
||||
enc_msglen, olen ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticate
|
||||
*/
|
||||
ssl->out_msglen += 16;
|
||||
ssl->out_msglen += taglen;
|
||||
|
||||
if( ( ret = cipher_write_tag( &ssl->transform_out->cipher_ctx_enc,
|
||||
enc_msg + enc_msglen, 16 ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_write_tag", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, 16 );
|
||||
SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_GCM_C || POLARSSL_CCM_C */
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC) && \
|
||||
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
|
||||
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
|
||||
POLARSSL_MODE_CBC )
|
||||
if( mode == POLARSSL_MODE_CBC )
|
||||
{
|
||||
int ret;
|
||||
unsigned char *enc_msg;
|
||||
@ -1266,34 +1213,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_iv, ssl->out_msglen );
|
||||
|
||||
if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_reset", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
|
||||
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen ) ) != 0 )
|
||||
ssl->transform_out->ivlen,
|
||||
enc_msg, enc_msglen,
|
||||
enc_msg, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
|
||||
enc_msg, enc_msglen, enc_msg,
|
||||
&olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
enc_msglen -= olen;
|
||||
|
||||
if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
|
||||
enc_msg + olen, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_finish", ret );
|
||||
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
@ -1345,6 +1271,8 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
{
|
||||
size_t i;
|
||||
const cipher_mode_t mode = cipher_get_cipher_mode(
|
||||
&ssl->transform_in->cipher_ctx_dec );
|
||||
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
|
||||
( defined(POLARSSL_CIPHER_MODE_CBC) && \
|
||||
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
|
||||
@ -1361,33 +1289,20 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
|
||||
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
|
||||
POLARSSL_MODE_STREAM )
|
||||
if( mode == POLARSSL_MODE_STREAM )
|
||||
{
|
||||
int ret;
|
||||
size_t olen = 0;
|
||||
|
||||
padlen = 0;
|
||||
|
||||
if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_reset", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
|
||||
if( ( ret = cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
|
||||
ssl->transform_in->iv_dec,
|
||||
ssl->transform_in->ivlen ) ) != 0 )
|
||||
ssl->transform_in->ivlen,
|
||||
ssl->in_msg, ssl->in_msglen,
|
||||
ssl->in_msg, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
|
||||
ssl->in_msg, ssl->in_msglen, ssl->in_msg,
|
||||
&olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update", ret );
|
||||
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
@ -1396,35 +1311,24 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
|
||||
ssl->in_msg + olen, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_finish", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( 0 != olen )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */
|
||||
#if defined(POLARSSL_GCM_C)
|
||||
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
|
||||
POLARSSL_MODE_GCM )
|
||||
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
|
||||
if( mode == POLARSSL_MODE_GCM ||
|
||||
mode == POLARSSL_MODE_CCM )
|
||||
{
|
||||
int ret;
|
||||
size_t dec_msglen, olen;
|
||||
unsigned char *dec_msg;
|
||||
unsigned char *dec_msg_result;
|
||||
size_t dec_msglen, olen, totlen;
|
||||
unsigned char add_data[13];
|
||||
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
|
||||
POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16;
|
||||
|
||||
dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
|
||||
ssl->transform_in->fixed_ivlen );
|
||||
dec_msglen -= 16;
|
||||
dec_msglen -= taglen;
|
||||
dec_msg = ssl->in_msg;
|
||||
dec_msg_result = ssl->in_msg;
|
||||
ssl->in_msglen = dec_msglen;
|
||||
@ -1445,67 +1349,39 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
|
||||
SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
|
||||
ssl->transform_in->ivlen );
|
||||
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
|
||||
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
|
||||
|
||||
/*
|
||||
* Decrypt
|
||||
* Decrypt and authenticate
|
||||
*/
|
||||
if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
|
||||
ssl->transform_in->iv_dec,
|
||||
ssl->transform_in->ivlen ) ) != 0 ||
|
||||
( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
|
||||
if( ( ret = cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
|
||||
ssl->transform_in->iv_dec,
|
||||
ssl->transform_in->ivlen,
|
||||
add_data, 13,
|
||||
dec_msg, dec_msglen,
|
||||
dec_msg_result, &olen,
|
||||
dec_msg + dec_msglen, taglen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_reset", ret );
|
||||
SSL_DEBUG_RET( 1, "cipher_auth_decrypt", ret );
|
||||
|
||||
if( ret == POLARSSL_ERR_CIPHER_AUTH_FAILED )
|
||||
return( POLARSSL_ERR_SSL_INVALID_MAC );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update_ad( &ssl->transform_in->cipher_ctx_dec,
|
||||
add_data, 13 ) ) != 0 )
|
||||
if( olen != dec_msglen )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update_ad", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
|
||||
dec_msg, dec_msglen,
|
||||
dec_msg_result, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update", ret );
|
||||
return( ret );
|
||||
}
|
||||
totlen = olen;
|
||||
|
||||
if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
|
||||
dec_msg_result + olen, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_finish", ret );
|
||||
return( ret );
|
||||
}
|
||||
totlen += olen;
|
||||
|
||||
if( totlen != dec_msglen )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
SSL_DEBUG_MSG( 1, ( "total decrypted length incorrect %d %d",
|
||||
dec_msglen, olen ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
/*
|
||||
* Authenticate
|
||||
*/
|
||||
if( ( ret = cipher_check_tag( &ssl->transform_in->cipher_ctx_dec,
|
||||
dec_msg + dec_msglen, 16 ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_check_tag", ret );
|
||||
return( POLARSSL_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_GCM_C */
|
||||
#endif /* POLARSSL_GCM_C || POLARSSL_CCM_C */
|
||||
#if defined(POLARSSL_CIPHER_MODE_CBC) && \
|
||||
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
|
||||
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
|
||||
POLARSSL_MODE_CBC )
|
||||
if( mode == POLARSSL_MODE_CBC )
|
||||
{
|
||||
/*
|
||||
* Decrypt and check the padding
|
||||
@ -1560,33 +1436,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
|
||||
if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_reset", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
|
||||
if( ( ret = cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
|
||||
ssl->transform_in->iv_dec,
|
||||
ssl->transform_in->ivlen ) ) != 0 )
|
||||
ssl->transform_in->ivlen,
|
||||
dec_msg, dec_msglen,
|
||||
dec_msg_result, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
|
||||
dec_msg, dec_msglen, dec_msg_result,
|
||||
&olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_update", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
dec_msglen -= olen;
|
||||
if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
|
||||
dec_msg_result + olen, &olen ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "cipher_finish", ret );
|
||||
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
@ -1697,13 +1553,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
ssl->in_msg, ssl->in_msglen );
|
||||
|
||||
/*
|
||||
* Always compute the MAC (RFC4346, CBCTIME), except for GCM of course
|
||||
* Always compute the MAC (RFC4346, CBCTIME), except for AEAD of course
|
||||
*/
|
||||
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
|
||||
( defined(POLARSSL_CIPHER_MODE_CBC) && \
|
||||
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
|
||||
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode !=
|
||||
POLARSSL_MODE_GCM )
|
||||
if( mode != POLARSSL_MODE_GCM &&
|
||||
mode != POLARSSL_MODE_CCM )
|
||||
{
|
||||
unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
|
||||
|
||||
@ -1784,7 +1640,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
if( correct == 0 )
|
||||
return( POLARSSL_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
#endif /* GCM not the only option */
|
||||
#endif /* AEAD not the only option */
|
||||
|
||||
if( ssl->in_msglen == 0 )
|
||||
{
|
||||
|
||||
@ -366,6 +366,9 @@ const char *features[] = {
|
||||
#if defined(POLARSSL_CAMELLIA_C)
|
||||
"POLARSSL_CAMELLIA_C",
|
||||
#endif /* POLARSSL_CAMELLIA_C */
|
||||
#if defined(POLARSSL_CCM_C)
|
||||
"POLARSSL_CCM_C",
|
||||
#endif /* POLARSSL_CCM_C */
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
"POLARSSL_CERTS_C",
|
||||
#endif /* POLARSSL_CERTS_C */
|
||||
|
||||
Reference in New Issue
Block a user