cipher.c 27.7 KB
Newer Older
1 2 3 4 5 6 7
/**
 * \file cipher.c
 * 
 * \brief Generic cipher wrapper for PolarSSL
 *
 * \author Adriaan de Jong <dejong@fox-it.com>
 *
8
 *  Copyright (C) 2006-2013, Brainspark B.V.
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
 *
 *  This file is part of PolarSSL (http://www.polarssl.org)
 *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
 *
 *  All rights reserved.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include "polarssl/config.h"

#if defined(POLARSSL_CIPHER_C)

#include "polarssl/cipher.h"
#include "polarssl/cipher_wrap.h"

37 38 39 40
#if defined(POLARSSL_GCM_C)
#include "polarssl/gcm.h"
#endif

41 42
#include <stdlib.h>

43
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
44 45 46
#define POLARSSL_CIPHER_MODE_STREAM
#endif

47 48 49 50
#if defined _MSC_VER && !defined strcasecmp
#define strcasecmp _stricmp
#endif

51 52 53 54 55 56
static const int supported_ciphers[] = {

#if defined(POLARSSL_AES_C)
        POLARSSL_CIPHER_AES_128_CBC,
        POLARSSL_CIPHER_AES_192_CBC,
        POLARSSL_CIPHER_AES_256_CBC,
57 58 59 60 61 62 63 64 65 66 67 68 69

#if defined(POLARSSL_CIPHER_MODE_CFB)
        POLARSSL_CIPHER_AES_128_CFB128,
        POLARSSL_CIPHER_AES_192_CFB128,
        POLARSSL_CIPHER_AES_256_CFB128,
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
        POLARSSL_CIPHER_AES_128_CTR,
        POLARSSL_CIPHER_AES_192_CTR,
        POLARSSL_CIPHER_AES_256_CTR,
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */

Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
70 71 72 73 74 75
#if defined(POLARSSL_GCM_C)
        POLARSSL_CIPHER_AES_128_GCM,
        POLARSSL_CIPHER_AES_192_GCM,
        POLARSSL_CIPHER_AES_256_GCM,
#endif /* defined(POLARSSL_GCM_C) */

76 77
#endif /* defined(POLARSSL_AES_C) */

78 79 80 81
#if defined(POLARSSL_ARC4_C)
        POLARSSL_CIPHER_ARC4_128,
#endif

82 83 84 85
#if defined(POLARSSL_CAMELLIA_C)
        POLARSSL_CIPHER_CAMELLIA_128_CBC,
        POLARSSL_CIPHER_CAMELLIA_192_CBC,
        POLARSSL_CIPHER_CAMELLIA_256_CBC,
86 87 88 89 90 91 92 93 94 95 96 97 98

#if defined(POLARSSL_CIPHER_MODE_CFB)
        POLARSSL_CIPHER_CAMELLIA_128_CFB128,
        POLARSSL_CIPHER_CAMELLIA_192_CFB128,
        POLARSSL_CIPHER_CAMELLIA_256_CFB128,
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
        POLARSSL_CIPHER_CAMELLIA_128_CTR,
        POLARSSL_CIPHER_CAMELLIA_192_CTR,
        POLARSSL_CIPHER_CAMELLIA_256_CTR,
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */

99 100 101 102 103 104 105 106
#endif /* defined(POLARSSL_CAMELLIA_C) */

#if defined(POLARSSL_DES_C)
        POLARSSL_CIPHER_DES_CBC,
        POLARSSL_CIPHER_DES_EDE_CBC,
        POLARSSL_CIPHER_DES_EDE3_CBC,
#endif /* defined(POLARSSL_DES_C) */

107 108 109 110 111 112 113 114 115 116 117 118 119
#if defined(POLARSSL_BLOWFISH_C)
        POLARSSL_CIPHER_BLOWFISH_CBC,

#if defined(POLARSSL_CIPHER_MODE_CFB)
        POLARSSL_CIPHER_BLOWFISH_CFB64,
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
        POLARSSL_CIPHER_BLOWFISH_CTR,
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */

#endif /* defined(POLARSSL_BLOWFISH_C) */

120 121 122 123
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
        POLARSSL_CIPHER_NULL,
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */

124 125 126 127 128 129 130 131
        0
};

const int *cipher_list( void )
{
    return supported_ciphers;
}

132
const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
133 134 135 136 137 138 139 140 141 142 143
{
    /* Find static cipher information */
    switch ( cipher_type )
    {
#if defined(POLARSSL_AES_C)
        case POLARSSL_CIPHER_AES_128_CBC:
            return &aes_128_cbc_info;
        case POLARSSL_CIPHER_AES_192_CBC:
            return &aes_192_cbc_info;
        case POLARSSL_CIPHER_AES_256_CBC:
            return &aes_256_cbc_info;
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162

#if defined(POLARSSL_CIPHER_MODE_CFB)
        case POLARSSL_CIPHER_AES_128_CFB128:
            return &aes_128_cfb128_info;
        case POLARSSL_CIPHER_AES_192_CFB128:
            return &aes_192_cfb128_info;
        case POLARSSL_CIPHER_AES_256_CFB128:
            return &aes_256_cfb128_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
        case POLARSSL_CIPHER_AES_128_CTR:
            return &aes_128_ctr_info;
        case POLARSSL_CIPHER_AES_192_CTR:
            return &aes_192_ctr_info;
        case POLARSSL_CIPHER_AES_256_CTR:
            return &aes_256_ctr_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */

163 164 165
#if defined(POLARSSL_GCM_C)
        case POLARSSL_CIPHER_AES_128_GCM:
            return &aes_128_gcm_info;
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
166 167
        case POLARSSL_CIPHER_AES_192_GCM:
            return &aes_192_gcm_info;
168 169 170 171
        case POLARSSL_CIPHER_AES_256_GCM:
            return &aes_256_gcm_info;
#endif /* defined(POLARSSL_GCM_C) */

172 173 174 175 176 177 178 179 180
#endif

#if defined(POLARSSL_CAMELLIA_C)
        case POLARSSL_CIPHER_CAMELLIA_128_CBC:
            return &camellia_128_cbc_info;
        case POLARSSL_CIPHER_CAMELLIA_192_CBC:
            return &camellia_192_cbc_info;
        case POLARSSL_CIPHER_CAMELLIA_256_CBC:
            return &camellia_256_cbc_info;
181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199

#if defined(POLARSSL_CIPHER_MODE_CFB)
        case POLARSSL_CIPHER_CAMELLIA_128_CFB128:
            return &camellia_128_cfb128_info;
        case POLARSSL_CIPHER_CAMELLIA_192_CFB128:
            return &camellia_192_cfb128_info;
        case POLARSSL_CIPHER_CAMELLIA_256_CFB128:
            return &camellia_256_cfb128_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
        case POLARSSL_CIPHER_CAMELLIA_128_CTR:
            return &camellia_128_ctr_info;
        case POLARSSL_CIPHER_CAMELLIA_192_CTR:
            return &camellia_192_ctr_info;
        case POLARSSL_CIPHER_CAMELLIA_256_CTR:
            return &camellia_256_ctr_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */

200 201 202 203 204 205 206 207 208 209 210
#endif

#if defined(POLARSSL_DES_C)
        case POLARSSL_CIPHER_DES_CBC:
            return &des_cbc_info;
        case POLARSSL_CIPHER_DES_EDE_CBC:
            return &des_ede_cbc_info;
        case POLARSSL_CIPHER_DES_EDE3_CBC:
            return &des_ede3_cbc_info;
#endif

211 212 213 214 215
#if defined(POLARSSL_ARC4_C)
        case POLARSSL_CIPHER_ARC4_128:
            return &arc4_128_info;
#endif

216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
#if defined(POLARSSL_BLOWFISH_C)
        case POLARSSL_CIPHER_BLOWFISH_CBC:
            return &blowfish_cbc_info;

#if defined(POLARSSL_CIPHER_MODE_CFB)
        case POLARSSL_CIPHER_BLOWFISH_CFB64:
            return &blowfish_cfb64_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
        case POLARSSL_CIPHER_BLOWFISH_CTR:
            return &blowfish_ctr_info;
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */

#endif

232 233 234 235 236
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
        case POLARSSL_CIPHER_NULL:
            return &null_cipher_info;
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */

237 238 239 240 241 242 243 244 245 246
        default:
            return NULL;
    }
}

const cipher_info_t *cipher_info_from_string( const char *cipher_name )
{
    if( NULL == cipher_name )
        return NULL;

247
    /* Get the appropriate cipher information */
248 249 250 251 252 253 254
#if defined(POLARSSL_CAMELLIA_C)
    if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CBC );
    if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CBC );
    if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CBC );
255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272

#if defined(POLARSSL_CIPHER_MODE_CFB)
    if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CFB128 );
    if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CFB128 );
    if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CFB128 );
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
    if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CTR );
    if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CTR );
    if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CTR );
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
273
#endif
274

275 276 277 278 279 280 281
#if defined(POLARSSL_AES_C)
    if( !strcasecmp( "AES-128-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC );
    if( !strcasecmp( "AES-192-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CBC );
    if( !strcasecmp( "AES-256-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CBC );
282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299

#if defined(POLARSSL_CIPHER_MODE_CFB)
    if( !strcasecmp( "AES-128-CFB128", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CFB128 );
    if( !strcasecmp( "AES-192-CFB128", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CFB128 );
    if( !strcasecmp( "AES-256-CFB128", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CFB128 );
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
    if( !strcasecmp( "AES-128-CTR", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CTR );
    if( !strcasecmp( "AES-192-CTR", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CTR );
    if( !strcasecmp( "AES-256-CTR", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR );
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
300 301 302 303

#if defined(POLARSSL_GCM_C)
    if( !strcasecmp( "AES-128-GCM", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_128_GCM );
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
304 305
    if( !strcasecmp( "AES-192-GCM", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_192_GCM );
306 307
    if( !strcasecmp( "AES-256-GCM", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_AES_256_GCM );
308
#endif
309
#endif /* POLARSSL_AES_C */
310

311 312 313 314 315
#if defined(POLARSSL_ARC4_C)
    if( !strcasecmp( "ARC4-128", cipher_name ) )
        return( cipher_info_from_type( POLARSSL_CIPHER_ARC4_128 ) );
#endif

316 317 318 319 320 321 322 323
#if defined(POLARSSL_DES_C)
    if( !strcasecmp( "DES-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_DES_CBC );
    if( !strcasecmp( "DES-EDE-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE_CBC );
    if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC );
#endif
324

325 326 327 328 329 330 331 332 333 334 335 336 337 338 339
#if defined(POLARSSL_BLOWFISH_C)
    if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CBC );

#if defined(POLARSSL_CIPHER_MODE_CFB)
    if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CFB64 );
#endif /* defined(POLARSSL_CIPHER_MODE_CFB) */

#if defined(POLARSSL_CIPHER_MODE_CTR)
    if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_BLOWFISH_CTR );
#endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
#endif

340 341 342 343 344
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
    if( !strcasecmp( "NULL", cipher_name ) )
        return cipher_info_from_type( POLARSSL_CIPHER_NULL );
#endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */

345 346 347 348 349 350
    return NULL;
}

int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
{
    if( NULL == cipher_info || NULL == ctx )
351
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
352

Paul Bakker's avatar
Paul Bakker committed
353
    memset( ctx, 0, sizeof( cipher_context_t ) );
354

355
    if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
356
        return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
357 358 359

    ctx->cipher_info = cipher_info;

360 361 362
    /*
     * Ignore possible errors caused by a cipher mode that doesn't use padding
     */
363
#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
364
    (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
365 366 367
#else
    (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
#endif
368

369 370 371 372 373 374
    return 0;
}

int cipher_free_ctx( cipher_context_t *ctx )
{
    if( ctx == NULL || ctx->cipher_info == NULL )
375
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
376

377
    ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
378 379 380 381 382 383 384 385

    return 0;
}

int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
        int key_length, const operation_t operation )
{
    if( NULL == ctx || NULL == ctx->cipher_info )
386
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
387 388 389 390

    ctx->key_length = key_length;
    ctx->operation = operation;

391
    /*
392
     * For CFB and CTR mode always use the encryption key schedule
393 394
     */
    if( POLARSSL_ENCRYPT == operation ||
395
        POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
396 397 398
        POLARSSL_MODE_CTR == ctx->cipher_info->mode )
    {
        return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
399
                ctx->key_length );
400
    }
401

402 403
    if( POLARSSL_DECRYPT == operation )
        return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
404 405
                ctx->key_length );

406
    return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
407 408
}

409 410
int cipher_set_iv( cipher_context_t *ctx,
                   const unsigned char *iv, size_t iv_len )
411
{
412
    size_t actual_iv_size;
413

414
    if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
415
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
416

417 418 419 420
    if( ctx->cipher_info->accepts_variable_iv_size )
        actual_iv_size = iv_len;
    else
        actual_iv_size = ctx->cipher_info->iv_size;
421

422 423
    memcpy( ctx->iv, iv, actual_iv_size );
    ctx->iv_size = actual_iv_size;
424 425 426 427

    return 0;
}

428
int cipher_reset( cipher_context_t *ctx )
429
{
430 431 432
    if( NULL == ctx || NULL == ctx->cipher_info )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

433 434
    ctx->unprocessed_len = 0;

435 436 437
    return 0;
}

438
#if defined(POLARSSL_CIPHER_MODE_AEAD)
439 440 441 442 443 444
int cipher_update_ad( cipher_context_t *ctx,
                      const unsigned char *ad, size_t ad_len )
{
    if( NULL == ctx || NULL == ctx->cipher_info )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

445 446 447 448
#if defined(POLARSSL_GCM_C)
    if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
    {
        return gcm_starts( ctx->cipher_ctx, ctx->operation,
449
                           ctx->iv, ctx->iv_size, ad, ad_len );
450 451 452
    }
#endif

453 454
    return 0;
}
455
#endif /* POLARSSL_CIPHER_MODE_AEAD */
456

457 458
int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
        unsigned char *output, size_t *olen )
459
{
460
    int ret;
461
    size_t copy_len = 0;
462

463 464 465
    *olen = 0;

    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
466
    {
467
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
468
    }
469

470 471 472 473 474 475 476 477
#if defined(POLARSSL_GCM_C)
    if( ctx->cipher_info->mode == POLARSSL_MODE_GCM)
    {
        *olen = ilen;
        return gcm_update( ctx->cipher_ctx, ilen, input, output );
    }
#endif

478 479 480 481 482
    if( input == output &&
       ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
    {
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
    }
483

484
    if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510
    {
        /*
         * If there is not enough data for a full block, cache it.
         */
        if( ( ctx->operation == POLARSSL_DECRYPT &&
                ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
             ( ctx->operation == POLARSSL_ENCRYPT &&
                ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
        {
            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
                    ilen );

            ctx->unprocessed_len += ilen;
            return 0;
        }

        /*
         * Process cached data first
         */
        if( ctx->unprocessed_len != 0 )
        {
            copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;

            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
                    copy_len );

511
            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
512
                    ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
513
                    ctx->unprocessed_data, output ) ) )
514
            {
515
                return ret;
516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546
            }

            *olen += cipher_get_block_size( ctx );
            output += cipher_get_block_size( ctx );
            ctx->unprocessed_len = 0;

            input += copy_len;
            ilen -= copy_len;
        }

        /*
         * Cache final, incomplete block
         */
        if( 0 != ilen )
        {
            copy_len = ilen % cipher_get_block_size( ctx );
            if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
                copy_len = cipher_get_block_size(ctx);

            memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
                    copy_len );

            ctx->unprocessed_len += copy_len;
            ilen -= copy_len;
        }

        /*
         * Process remaining full blocks
         */
        if( ilen )
        {
547 548
            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
                    ctx->operation, ilen, ctx->iv, input, output ) ) )
549
            {
550
                return ret;
551
            }
552

553 554 555 556 557 558
            *olen += ilen;
        }

        return 0;
    }

559
#if defined(POLARSSL_CIPHER_MODE_CFB)
560
    if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
561
    {
562
        if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
563
                ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
564
                input, output ) ) )
565
        {
566
            return ret;
567 568 569 570 571 572
        }

        *olen = ilen;

        return 0;
    }
573
#endif
574

575
#if defined(POLARSSL_CIPHER_MODE_CTR)
576 577
    if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
    {
578
        if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
579
                ilen, &ctx->unprocessed_len, ctx->iv,
580
                ctx->unprocessed_data, input, output ) ) )
581
        {
582
            return ret;
583 584 585 586 587 588
        }

        *olen = ilen;

        return 0;
    }
589
#endif
590

591 592 593 594 595 596 597 598 599 600 601 602 603 604 605
#if defined(POLARSSL_CIPHER_MODE_STREAM)
    if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
    {
        if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
                                                    ilen, input, output ) ) )
        {
            return ret;
        }

        *olen = ilen;

        return 0;
    }
#endif

606
    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
607 608
}

609
#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
610 611 612
/*
 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
 */
613 614
static void add_pkcs_padding( unsigned char *output, size_t output_len,
        size_t data_len )
615
{
616
    size_t padding_len = output_len - data_len;
617 618 619
    unsigned char i = 0;

    for( i = 0; i < padding_len; i++ )
620
        output[data_len + i] = (unsigned char) padding_len;
621 622
}

623 624
static int get_pkcs_padding( unsigned char *input, size_t input_len,
        size_t *data_len )
625
{
626
    unsigned int i, padding_len = 0;
627

628
    if( NULL == input || NULL == data_len )
629
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
630 631 632

    padding_len = input[input_len - 1];

633
    if( padding_len > input_len || padding_len == 0 )
634
        return POLARSSL_ERR_CIPHER_INVALID_PADDING;
635

636 637
    for( i = input_len - padding_len; i < input_len; i++ )
        if( input[i] != padding_len )
638
            return POLARSSL_ERR_CIPHER_INVALID_PADDING;
639 640 641 642 643

    *data_len = input_len - padding_len;

    return 0;
}
644
#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
645

646
#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678
/*
 * One and zeros padding: fill with 80 00 ... 00
 */
static void add_one_and_zeros_padding( unsigned char *output,
                                       size_t output_len, size_t data_len )
{
    size_t padding_len = output_len - data_len;
    unsigned char i = 0;

    output[data_len] = 0x80;
    for( i = 1; i < padding_len; i++ )
        output[data_len + i] = 0x00;
}

static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
                                      size_t *data_len )
{
    unsigned char *p = input + input_len - 1;

    if( NULL == input || NULL == data_len )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

    while( *p == 0x00 && p > input )
        --p;

    if( *p != 0x80 )
        return POLARSSL_ERR_CIPHER_INVALID_PADDING;

    *data_len = p - input;

    return 0;
}
679
#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
680

681
#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716
/*
 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
 */
static void add_zeros_and_len_padding( unsigned char *output,
                                       size_t output_len, size_t data_len )
{
    size_t padding_len = output_len - data_len;
    unsigned char i = 0;

    for( i = 1; i < padding_len; i++ )
        output[data_len + i - 1] = 0x00;
    output[output_len - 1] = (unsigned char) padding_len;
}

static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
                                      size_t *data_len )
{
    unsigned int i, padding_len = 0;

    if( NULL == input || NULL == data_len )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

    padding_len = input[input_len - 1];

    if( padding_len > input_len || padding_len == 0 )
        return POLARSSL_ERR_CIPHER_INVALID_PADDING;

    for( i = input_len - padding_len; i < input_len - 1; i++ )
        if( input[i] != 0x00 )
            return POLARSSL_ERR_CIPHER_INVALID_PADDING;

    *data_len = input_len - padding_len;

    return 0;
}
717
#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
718

719
#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745
/*
 * Zero padding: fill with 00 ... 00
 */
static void add_zeros_padding( unsigned char *output,
                               size_t output_len, size_t data_len )
{
    unsigned char i;

    for( i = data_len; i < output_len; i++ )
        output[i] = 0x00;
}

static int get_zeros_padding( unsigned char *input, size_t input_len,
                              size_t *data_len )
{
    unsigned char *p = input + input_len - 1;
    if( NULL == input || NULL == data_len )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

    while( *p == 0x00 && p > input )
        --p;

    *data_len = *p == 0x00 ? 0 : p - input + 1;

    return 0;
}
746
#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
747

748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764
/*
 * No padding: don't pad :)
 *
 * There is no add_padding function (check for NULL in cipher_finish)
 * but a trivial get_padding function
 */
static int get_no_padding( unsigned char *input, size_t input_len,
                              size_t *data_len )
{
    if( NULL == input || NULL == data_len )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

    *data_len = input_len;

    return 0;
}

765
int cipher_finish( cipher_context_t *ctx,
766
                   unsigned char *output, size_t *olen )
767
{
768 769
    int ret = 0;

770
    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
771
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
772 773 774

    *olen = 0;

775
    if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
776
        POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
777
        POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
778
        POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
779 780 781 782
    {
        return 0;
    }

783 784 785 786
    if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
    {
        if( POLARSSL_ENCRYPT == ctx->operation )
        {
787 788 789 790 791 792 793 794 795
            /* check for 'no padding' mode */
            if( NULL == ctx->add_padding )
            {
                if( 0 != ctx->unprocessed_len )
                    return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;

                return 0;
            }

796
            ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
797 798 799 800
                    ctx->unprocessed_len );
        }
        else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
        {
801 802 803 804 805 806 807
            /*
             * For decrypt operations, expect a full block,
             * or an empty block if no padding
             */
            if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
                return 0;

808
            return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
809 810 811
        }

        /* cipher block */
812 813 814
        if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
                ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
                ctx->unprocessed_data, output ) ) )
815
        {
816
            return ret;
817 818 819 820
        }

        /* Set output size for decryption */
        if( POLARSSL_DECRYPT == ctx->operation )
821 822
            return ctx->get_padding( output, cipher_get_block_size( ctx ),
                                     olen );
823 824 825 826 827 828

        /* Set output size for encryption */
        *olen = cipher_get_block_size( ctx );
        return 0;
    }

829
    return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
830 831
}

832 833 834 835 836 837 838 839
int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
{
    if( NULL == ctx ||
        POLARSSL_MODE_CBC != ctx->cipher_info->mode )
    {
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
    }

840
    switch( mode )
841
    {
842
#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
843
    case POLARSSL_PADDING_PKCS7:
844 845
        ctx->add_padding = add_pkcs_padding;
        ctx->get_padding = get_pkcs_padding;
846
        break;
847 848
#endif
#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
849
    case POLARSSL_PADDING_ONE_AND_ZEROS:
850 851
        ctx->add_padding = add_one_and_zeros_padding;
        ctx->get_padding = get_one_and_zeros_padding;
852
        break;
853 854
#endif
#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
855
    case POLARSSL_PADDING_ZEROS_AND_LEN:
856 857
        ctx->add_padding = add_zeros_and_len_padding;
        ctx->get_padding = get_zeros_and_len_padding;
858
        break;
859 860
#endif
#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
861
    case POLARSSL_PADDING_ZEROS:
Manuel Pégourié-Gonnard's avatar
Manuel Pégourié-Gonnard committed
862 863
        ctx->add_padding = add_zeros_padding;
        ctx->get_padding = get_zeros_padding;
864
        break;
865
#endif
866
    case POLARSSL_PADDING_NONE:
867 868
        ctx->add_padding = NULL;
        ctx->get_padding = get_no_padding;
869 870 871
        break;

    default:
872
        return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
873 874
    }

875
    return 0;
876 877
}

878
#if defined(POLARSSL_CIPHER_MODE_AEAD)
879 880 881 882 883 884 885 886 887
int cipher_write_tag( cipher_context_t *ctx,
                      unsigned char *tag, size_t tag_len )
{
    if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

    if( POLARSSL_ENCRYPT != ctx->operation )
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;

888 889 890 891 892 893
#if defined(POLARSSL_GCM_C)
    if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
        return gcm_finish( ctx->cipher_ctx, tag, tag_len );
#endif

    return 0;
894 895 896 897 898 899 900
}
 
int cipher_check_tag( cipher_context_t *ctx,
                      const unsigned char *tag, size_t tag_len )
{
    int ret;

901 902 903
    if( NULL == ctx || NULL == ctx->cipher_info ||
        POLARSSL_DECRYPT != ctx->operation )
    {
904
        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
905
    }
906

907 908 909 910 911 912
#if defined(POLARSSL_GCM_C)
    if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
    {
        unsigned char check_tag[16];
        size_t i;
        int diff;
913

914 915
        if( tag_len > sizeof( check_tag ) )
            return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
916

917 918 919 920 921 922
        if( 0 != ( ret = gcm_finish( ctx->cipher_ctx, check_tag, tag_len ) ) )
            return( ret );

        /* Check the tag in "constant-time" */
        for( diff = 0, i = 0; i < tag_len; i++ )
            diff |= tag[i] ^ check_tag[i];
923

924 925
        if( diff != 0 )
            return( POLARSSL_ERR_GCM_AUTH_FAILED );
926

927 928 929
        return( 0 );
    }
#endif
930 931 932

    return( 0 );
}
933
#endif /* POLARSSL_CIPHER_MODE_AEAD */
934

935 936 937 938 939 940 941 942 943 944 945 946 947 948
#if defined(POLARSSL_SELF_TEST)

#include <stdio.h>

#define ASSERT(x) if (!(x)) { \
        printf( "failed with %i at %s\n", value, (#x) ); \
    return( 1 ); \
}
/*
 * Checkup routine
 */

int cipher_self_test( int verbose )
{
949 950
    ((void) verbose);

951 952 953 954 955 956
    return( 0 );
}

#endif

#endif