AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix dependencies: GCM != AEAD != CCM

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-24 15:26:28 +02:00
parent 5bfd968e01
commit 8f625632bb
3 changed files with 35 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
include/polarssl/cipher.h
View File

@ -36,7 +36,7 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_GCM_C)
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
#define POLARSSL_CIPHER_MODE_AEAD
#endif
@ -534,25 +534,21 @@ int cipher_set_iv( cipher_context_t *ctx,
*/
int cipher_reset( cipher_context_t *ctx );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
/**
* \brief Add additional data (for AEAD ciphers).
* This function has no effect for non-AEAD ciphers.
* For AEAD ciphers, it may or may not be called
* repeatedly, and/or interleaved with calls to
* cipher_udpate(), depending on the cipher.
* E.g. for GCM is must be called exactly once, right
* after cipher_reset().
* Currently only supported with GCM.
* Must be called exactly once, after cipher_reset().
*
* \param ctx generic cipher context
* \param ad Additional data to use.
* \param ad_len Length of ad.
*
* \returns 0 on success, or a specific error code.
* \return 0 on success, or a specific error code.
*/
int cipher_update_ad( cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
/**
* \brief Generic cipher update function. Encrypts/decrypts
@ -606,10 +602,10 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input,
int cipher_finish( cipher_context_t *ctx,
unsigned char *output, size_t *olen );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
/**
* \brief Write tag for AEAD ciphers.
* No effect for other ciphers.
* Currently only supported with GCM.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
@ -623,9 +619,8 @@ int cipher_write_tag( cipher_context_t *ctx,
/**
* \brief Check tag for AEAD ciphers.
* No effect for other ciphers.
* Calling time depends on the cipher:
* for GCM, must be called after cipher_finish().
* Currently only supported with GCM.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
* \param tag Buffer holding the tag
@ -635,7 +630,7 @@ int cipher_write_tag( cipher_context_t *ctx,
*/
int cipher_check_tag( cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
/**
* \brief Generic all-in-one encryption/decryption

14
library/cipher.c
View File

@ -234,24 +234,22 @@ int cipher_reset( cipher_context_t *ctx )
return( 0 );
}
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
int cipher_update_ad( cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
if( NULL == ctx || NULL == ctx->cipher_info )
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
ctx->iv, ctx->iv_size, ad, ad_len );
}
#endif
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
int cipher_update( cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen )
@ -724,7 +722,7 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
}
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
int cipher_write_tag( cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
@ -734,10 +732,8 @@ int cipher_write_tag( cipher_context_t *ctx,
if( POLARSSL_ENCRYPT != ctx->operation )
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
#endif
return( 0 );
}
@ -753,7 +749,6 @@ int cipher_check_tag( cipher_context_t *ctx,
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
unsigned char check_tag[16];
@ -778,11 +773,10 @@ int cipher_check_tag( cipher_context_t *ctx,
return( 0 );
}
#endif /* POLARSSL_GCM_C */
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
/*
* Packet-oriented wrapper for non-AEAD modes

40
tests/suites/test_suite_cipher.function
View File

@ -60,7 +60,7 @@ void cipher_null_args( )
TEST_ASSERT( cipher_reset( NULL ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
TEST_ASSERT( cipher_reset( &ctx ) == POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( cipher_update_ad( NULL, buf, 0 )
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
TEST_ASSERT( cipher_update_ad( &ctx, buf, 0 )
@ -77,7 +77,7 @@ void cipher_null_args( )
TEST_ASSERT( cipher_finish( &ctx, buf, &olen )
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( cipher_write_tag( NULL, buf, olen )
== POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
TEST_ASSERT( cipher_write_tag( &ctx, buf, olen )
@ -157,10 +157,10 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* encode length number of bytes from inbuf */
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
@ -174,9 +174,9 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
TEST_ASSERT( 0 == cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
total_len += outlen;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
TEST_ASSERT( total_len == length ||
( total_len % cipher_get_block_size( &ctx_enc ) == 0 &&
@ -195,9 +195,9 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
TEST_ASSERT( 0 == cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
total_len += outlen;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* check result */
TEST_ASSERT( total_len == length );
@ -250,9 +250,9 @@ void enc_fail( int cipher_id, int pad_mode, int key_len,
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, 16 ) );
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx, NULL, 0 ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* encode length number of bytes from inbuf */
TEST_ASSERT( 0 == cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
@ -297,9 +297,9 @@ void dec_empty_buf()
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* decode 0-byte string */
TEST_ASSERT( 0 == cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
@ -359,10 +359,10 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
TEST_ASSERT( 0 == cipher_reset( &ctx_dec ) );
TEST_ASSERT( 0 == cipher_reset( &ctx_enc ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx_dec, NULL, 0 ) );
TEST_ASSERT( 0 == cipher_update_ad( &ctx_enc, NULL, 0 ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* encode length number of bytes from inbuf */
TEST_ASSERT( 0 == cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
@ -416,7 +416,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
unsigned char ad[200];
unsigned char tag[20];
size_t key_len, iv_len, cipher_len, clear_len;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
size_t ad_len, tag_len;
#endif
cipher_context_t ctx;
@ -435,7 +435,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
iv_len = unhexify( iv, hex_iv );
cipher_len = unhexify( cipher, hex_cipher );
clear_len = unhexify( clear, hex_clear );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
ad_len = unhexify( ad, hex_ad );
tag_len = unhexify( tag, hex_tag );
#else
@ -455,9 +455,9 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
TEST_ASSERT( 0 == cipher_set_iv( &ctx, iv, iv_len ) );
TEST_ASSERT( 0 == cipher_reset( &ctx ) );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( 0 == cipher_update_ad( &ctx, ad, ad_len ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* decode buffer and check tag */
total_len = 0;
@ -466,9 +466,9 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
TEST_ASSERT( finish_result == cipher_finish( &ctx, output + outlen,
&outlen ) );
total_len += outlen;
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
TEST_ASSERT( tag_result == cipher_check_tag( &ctx, tag, tag_len ) );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif
/* check plaintext only if everything went fine */
if( 0 == finish_result && 0 == tag_result )