lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Merged current cipher enhancements for ARC4 and AES-GCM

Browse Source
This commit is contained in:
Paul Bakker
2013-09-01 15:49:38 +02:00
parent cca5b81d18 9241be7ac5
commit eb851f6cd5
14 changed files with 544 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
library/cipher.c
View File

@@ -34,8 +34,16 @@
#include "polarssl/cipher.h"
#include "polarssl/cipher_wrap.h"
#if defined(POLARSSL_GCM_C)
#include "polarssl/gcm.h"
#endif
#include <stdlib.h>
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
#define POLARSSL_CIPHER_MODE_STREAM
#endif
#if defined _MSC_VER && !defined strcasecmp
#define strcasecmp _stricmp
#endif
@@ -61,6 +69,10 @@ static const int supported_ciphers[] = {
#endif /* defined(POLARSSL_AES_C) */
#if defined(POLARSSL_ARC4_C)
POLARSSL_CIPHER_ARC4_128,
#endif
#if defined(POLARSSL_CAMELLIA_C)
POLARSSL_CIPHER_CAMELLIA_128_CBC,
POLARSSL_CIPHER_CAMELLIA_192_CBC,
@@ -277,6 +289,18 @@ const cipher_info_t *cipher_info_from_string( const char *cipher_name )
if( !strcasecmp( "AES-256-CTR", cipher_name ) )
return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR );
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
#if defined(POLARSSL_GCM_C)
if( !strcasecmp( "AES-128-GCM", cipher_name ) )
return cipher_info_from_type( POLARSSL_CIPHER_AES_128_GCM );
if( !strcasecmp( "AES-256-GCM", cipher_name ) )
return cipher_info_from_type( POLARSSL_CIPHER_AES_256_GCM );
#endif
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_ARC4_C)
if( !strcasecmp( "ARC4-128", cipher_name ) )
return( cipher_info_from_type( POLARSSL_CIPHER_ARC4_128 ) );
#endif
#if defined(POLARSSL_DES_C)
@@ -354,11 +378,6 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
ctx->key_length = key_length;
ctx->operation = operation;
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
return 0;
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
/*
* For CFB and CTR mode always use the encryption key schedule
*/
@@ -377,13 +396,27 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
int cipher_reset( cipher_context_t *ctx, const unsigned char *iv )
int cipher_reset( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len )
{
if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
ctx->unprocessed_len = 0;
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
return gcm_starts( ctx->cipher_ctx, ctx->operation,
iv, iv_len, ad, ad_len );
}
#else
((void) ad);
((void) ad_len);
((void) iv_len);
#endif
memcpy( ctx->iv, iv, cipher_get_iv_size( ctx ) );
return 0;
@@ -408,20 +441,8 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
{
*olen = ilen;
if( output == input )
return( 0 );
memcpy( output, input, ilen );
return 0;
}
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
if( ctx->cipher_info->mode == POLARSSL_MODE_CBC ||
ctx->cipher_info->mode == POLARSSL_MODE_GCM )
{
/*
* If there is not enough data for a full block, cache it.
@@ -448,6 +469,18 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
copy_len );
#if defined(POLARSSL_GCM_C)
if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
{
if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
cipher_get_block_size( ctx ),
ctx->unprocessed_data, output ) ) )
{
return ret;
}
}
else
#endif
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
ctx->unprocessed_data, output ) ) )
@@ -484,11 +517,23 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
*/
if( ilen )
{
#if defined(POLARSSL_GCM_C)
if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
{
if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
ilen, input, output ) ) )
{
return ret;
}
}
else
#endif
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output ) ) )
{
return ret;
}
*olen += ilen;
}
@@ -527,6 +572,21 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
}
#endif
#if defined(POLARSSL_CIPHER_MODE_STREAM)
if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
{
if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
ilen, input, output ) ) )
{
return ret;
}
*olen = ilen;
return 0;
}
#endif
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
@@ -686,7 +746,9 @@ static int get_no_padding( unsigned char *input, size_t input_len,
return 0;
}
int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
int cipher_finish( cipher_context_t *ctx,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
{
int ret = 0;
@@ -697,11 +759,52 @@ int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
POLARSSL_MODE_NULL == ctx->cipher_info->mode )
POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
{
return 0;
}
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
unsigned char check_tag[16];
size_t i;
int diff;
if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
ctx->unprocessed_len, ctx->unprocessed_data,
output ) ) )
{
return( ret );
}
*olen += ctx->unprocessed_len;
if( 0 != ( ret = gcm_finish( ctx->cipher_ctx, check_tag, tag_len ) ) )
return( ret );
/* On encryption, write the tag */
if( POLARSSL_ENCRYPT == ctx->operation )
{
if( tag_len != 0 )
memcpy( tag, check_tag, tag_len );
return( 0 );
}
/* On decryption, check the tag (in "constant-time") */
for( diff = 0, i = 0; i < tag_len; i++ )
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
return( POLARSSL_ERR_GCM_AUTH_FAILED );
return( 0 );
}
#else
((void) tag);
((void) tag_len);
#endif
if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
{
if( POLARSSL_ENCRYPT == ctx->operation )

111
library/cipher_wrap.c
View File

@@ -37,6 +37,10 @@
#include "polarssl/aes.h"
#endif
#if defined(POLARSSL_ARC4_C)
#include "polarssl/arc4.h"
#endif
#if defined(POLARSSL_CAMELLIA_C)
#include "polarssl/camellia.h"
#endif
@@ -49,6 +53,10 @@
#include "polarssl/blowfish.h"
#endif
#if defined(POLARSSL_GCM_C)
#include "polarssl/gcm.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#else
@@ -129,6 +137,7 @@ const cipher_base_t aes_info = {
aes_crypt_cbc_wrap,
aes_crypt_cfb128_wrap,
aes_crypt_ctr_wrap,
NULL,
aes_setkey_enc_wrap,
aes_setkey_dec_wrap,
aes_ctx_alloc,
@@ -230,14 +239,41 @@ const cipher_info_t aes_256_ctr_info = {
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_GCM_C)
static void *gcm_ctx_alloc( void )
{
return polarssl_malloc( sizeof( gcm_context ) );
}
static void gcm_ctx_free( void *ctx )
{
polarssl_free( ctx );
}
static int gcm_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
{
return gcm_init( (gcm_context *) ctx, key, key_length );
}
const cipher_base_t gcm_aes_info = {
POLARSSL_CIPHER_ID_AES,
NULL,
NULL,
NULL,
NULL,
gcm_setkey_wrap,
gcm_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};
const cipher_info_t aes_128_gcm_info = {
POLARSSL_CIPHER_AES_128_GCM,
POLARSSL_MODE_GCM,
128,
"AES-128-GCM",
0,
16,
16,
&aes_info
&gcm_aes_info
};
const cipher_info_t aes_256_gcm_info = {
@@ -245,9 +281,9 @@ const cipher_info_t aes_256_gcm_info = {
POLARSSL_MODE_GCM,
256,
"AES-256-GCM",
0,
16,
16,
&aes_info
&gcm_aes_info
};
#endif /* POLARSSL_GCM_C */
@@ -324,6 +360,7 @@ const cipher_base_t camellia_info = {
camellia_crypt_cbc_wrap,
camellia_crypt_cfb128_wrap,
camellia_crypt_ctr_wrap,
NULL,
camellia_setkey_enc_wrap,
camellia_setkey_dec_wrap,
camellia_ctx_alloc,
@@ -531,6 +568,7 @@ const cipher_base_t des_info = {
des_crypt_cbc_wrap,
des_crypt_cfb128_wrap,
des_crypt_ctr_wrap,
NULL,
des_setkey_enc_wrap,
des_setkey_dec_wrap,
des_ctx_alloc,
@@ -552,6 +590,7 @@ const cipher_base_t des_ede_info = {
des3_crypt_cbc_wrap,
des_crypt_cfb128_wrap,
des_crypt_ctr_wrap,
NULL,
des3_set2key_enc_wrap,
des3_set2key_dec_wrap,
des3_ctx_alloc,
@@ -573,6 +612,7 @@ const cipher_base_t des_ede3_info = {
des3_crypt_cbc_wrap,
des_crypt_cfb128_wrap,
des_crypt_ctr_wrap,
NULL,
des3_set3key_enc_wrap,
des3_set3key_dec_wrap,
des3_ctx_alloc,
@@ -636,12 +676,7 @@ static int blowfish_crypt_ctr_wrap( void *ctx, size_t length,
#endif
}
static int blowfish_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
{
return blowfish_setkey( (blowfish_context *) ctx, key, key_length );
}
static int blowfish_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
{
return blowfish_setkey( (blowfish_context *) ctx, key, key_length );
}
@@ -661,8 +696,9 @@ const cipher_base_t blowfish_info = {
blowfish_crypt_cbc_wrap,
blowfish_crypt_cfb64_wrap,
blowfish_crypt_ctr_wrap,
blowfish_setkey_enc_wrap,
blowfish_setkey_dec_wrap,
NULL,
blowfish_setkey_wrap,
blowfish_setkey_wrap,
blowfish_ctx_alloc,
blowfish_ctx_free
};
@@ -703,15 +739,28 @@ const cipher_info_t blowfish_ctr_info = {
#endif /* POLARSSL_BLOWFISH_C */
#if defined(POLARSSL_ARC4_C)
static void * arc4_ctx_alloc( void )
static int arc4_crypt_stream_wrap( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
return (void *) 1;
return( arc4_crypt( (arc4_context *) ctx, length, input, output ) );
}
static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
arc4_setup( (arc4_context *) ctx, key, key_length );
return( 0 );
}
static void * arc4_ctx_alloc( void )
{
return polarssl_malloc( sizeof( arc4_context ) );
}
static void arc4_ctx_free( void *ctx )
{
((void) ctx);
polarssl_free( ctx );
}
const cipher_base_t arc4_base_info = {
@@ -719,8 +768,9 @@ const cipher_base_t arc4_base_info = {
NULL,
NULL,
NULL,
NULL,
NULL,
arc4_crypt_stream_wrap,
arc4_setkey_wrap,
arc4_setkey_wrap,
arc4_ctx_alloc,
arc4_ctx_free
};
@@ -737,12 +787,30 @@ const cipher_info_t arc4_128_info = {
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
static int null_crypt_stream( void *ctx, size_t length,
const unsigned char *input,
unsigned char *output )
{
((void) ctx);
memmove( output, input, length );
return( 0 );
}
static int null_setkey( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) ctx);
((void) key);
((void) key_length);
return( 0 );
}
static void * null_ctx_alloc( void )
{
return (void *) 1;
}
static void null_ctx_free( void *ctx )
{
((void) ctx);
@@ -753,15 +821,16 @@ const cipher_base_t null_base_info = {
NULL,
NULL,
NULL,
NULL,
NULL,
null_crypt_stream,
null_setkey,
null_setkey,
null_ctx_alloc,
null_ctx_free
};
const cipher_info_t null_cipher_info = {
POLARSSL_CIPHER_NULL,
POLARSSL_MODE_NULL,
POLARSSL_MODE_STREAM,
0,
"NULL",
0,

20
library/gcm.c
View File

@@ -293,11 +293,12 @@ int gcm_finish( gcm_context *ctx,
uint64_t orig_len = ctx->len * 8;
uint64_t orig_add_len = ctx->add_len * 8;
memcpy( tag, ctx->base_ectr, tag_len );
if( tag_len > 16 )
return( POLARSSL_ERR_GCM_BAD_INPUT );
if( tag_len != 0 )
memcpy( tag, ctx->base_ectr, tag_len );
if( orig_len || orig_add_len )
{
memset( work_buf, 0x00, 16 );
@@ -357,15 +358,22 @@ int gcm_auth_decrypt( gcm_context *ctx,
unsigned char *output )
{
unsigned char check_tag[16];
size_t i;
int diff;
gcm_crypt_and_tag( ctx, GCM_DECRYPT, length, iv, iv_len, add, add_len, input, output, tag_len, check_tag );
if( memcmp( check_tag, tag, tag_len ) == 0 )
return( 0 );
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < tag_len; i++ )
diff |= tag[i] ^ check_tag[i];
memset( output, 0, length );
if( diff != 0 )
{
memset( output, 0, length );
return( POLARSSL_ERR_GCM_AUTH_FAILED );
}
return( POLARSSL_ERR_GCM_AUTH_FAILED );
return( 0 );
}
#if defined(POLARSSL_SELF_TEST)

7
library/pkcs12.c
View File

@@ -184,7 +184,7 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
goto exit;
if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 )
if( ( ret = cipher_reset( &cipher_ctx, iv, 0, NULL, 0 ) ) != 0 )
goto exit;
if( ( ret = cipher_update( &cipher_ctx, data, len,
@@ -193,8 +193,11 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode,
goto exit;
}
if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen, NULL, 0 ) )
!= 0 )
{
ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH;
}
exit:
cipher_free_ctx( &cipher_ctx );

7
library/pkcs5.c
View File

@@ -187,7 +187,7 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
goto exit;
if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 )
if( ( ret = cipher_reset( &cipher_ctx, iv, 0, NULL, 0 ) ) != 0 )
goto exit;
if( ( ret = cipher_update( &cipher_ctx, data, datalen,
@@ -196,8 +196,11 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode,
goto exit;
}
if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen, NULL, 0 ) )
!= 0 )
{
ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
}
exit:
md_free_ctx( &md_ctx );