Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module

2025-07-28 00:21:48 +03:00 · 2021-11-24 10:44:13 +01:00
parent 77390dc8ec 3616243391
commit be7b21da22
211 changed files with 20565 additions and 5080 deletions
--- a/library/cipher.c
+++ b/library/cipher.c
@ -404,6 +404,31 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
    }
 #endif

+#if defined(MBEDTLS_CCM_C)
+    if( MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode )
+    {
+        int set_lengths_result;
+        int ccm_star_mode;
+
+        set_lengths_result = mbedtls_ccm_set_lengths(
+                                (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                0, 0, 0 );
+        if( set_lengths_result != 0 )
+            return set_lengths_result;
+
+        if( ctx->operation == MBEDTLS_DECRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_DECRYPT;
+        else if( ctx->operation == MBEDTLS_ENCRYPT )
+            ccm_star_mode = MBEDTLS_CCM_STAR_ENCRYPT;
+        else
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+
+        return( mbedtls_ccm_starts( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    ccm_star_mode,
+                                    iv, iv_len ) );
+    }
+#endif
+
    if ( actual_iv_size != 0 )
    {
        memcpy( ctx->iv, iv, actual_iv_size );
@ -540,6 +565,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
    }
 #endif

+#if defined(MBEDTLS_CCM_C)
+    if( ctx->cipher_info->mode == MBEDTLS_MODE_CCM_STAR_NO_TAG )
+    {
+        return( mbedtls_ccm_update( (mbedtls_ccm_context *) ctx->cipher_ctx,
+                                    input, ilen,
+                                    output, ilen, olen ) );
+    }
+#endif
+
 #if defined(MBEDTLS_CHACHAPOLY_C)
    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
    {
@ -927,6 +961,7 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
        MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
        MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
        MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
+        MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode ||
        MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
        MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
    {
@ -1246,9 +1281,12 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
        if( status != PSA_SUCCESS )
            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );

-        status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB )
+        {
+            status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
+            if( status != PSA_SUCCESS )
+                return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        }

        status = psa_cipher_update( &cipher_op,
                                    input, ilen,