AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

All CBC ciphersuites via the cipher layer

Browse Source
This commit is contained in:
Paul Bakker 2013-08-31 17:40:26 +02:00
parent da02a7f45e
commit cca5b81d18
1 changed files with 66 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
library/ssl_tls.c
View File

@ -642,15 +642,12 @@ int ssl_derive_keys( ssl_context *ssl )
break; break;
#endif #endif
#if defined(POLARSSL_DES_C)
case POLARSSL_CIPHER_DES_EDE3_CBC: case POLARSSL_CIPHER_DES_EDE3_CBC:
des3_set3key_enc( (des3_context *) transform->ctx_enc, key1 ); case POLARSSL_CIPHER_CAMELLIA_128_CBC:
des3_set3key_dec( (des3_context *) transform->ctx_dec, key2 ); case POLARSSL_CIPHER_CAMELLIA_256_CBC:
break;
#endif
case POLARSSL_CIPHER_AES_128_CBC: case POLARSSL_CIPHER_AES_128_CBC:
case POLARSSL_CIPHER_AES_256_CBC: case POLARSSL_CIPHER_AES_256_CBC:
case POLARSSL_CIPHER_DES_CBC:
if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc, if( ( ret = cipher_init_ctx( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 ) cipher_info ) ) != 0 )
{ {
@ -690,23 +687,6 @@ int ssl_derive_keys( ssl_context *ssl )
} }
break; break;
#if defined(POLARSSL_CAMELLIA_C)
case POLARSSL_CIPHER_CAMELLIA_128_CBC:
case POLARSSL_CIPHER_CAMELLIA_256_CBC:
camellia_setkey_enc( (camellia_context*) transform->ctx_enc, key1,
cipher_info->key_length );
camellia_setkey_dec( (camellia_context*) transform->ctx_dec, key2,
cipher_info->key_length );
break;
#endif
#if defined(POLARSSL_DES_C)
case POLARSSL_CIPHER_DES_CBC:
des_setkey_enc( (des_context *) transform->ctx_enc, key1 );
des_setkey_dec( (des_context *) transform->ctx_dec, key2 );
break;
#endif
#if defined(POLARSSL_GCM_C) #if defined(POLARSSL_GCM_C)
case POLARSSL_CIPHER_AES_128_GCM: case POLARSSL_CIPHER_AES_128_GCM:
case POLARSSL_CIPHER_AES_256_GCM: case POLARSSL_CIPHER_AES_256_GCM:
@ -1083,78 +1063,46 @@ static int ssl_encrypt_buf( ssl_context *ssl )
SSL_DEBUG_BUF( 4, "before encrypt: output payload", SSL_DEBUG_BUF( 4, "before encrypt: output payload",
ssl->out_iv, ssl->out_msglen ); ssl->out_iv, ssl->out_msglen );
switch( ssl->transform_out->ciphersuite_info->cipher ) if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc ) ) != 0 )
{ {
#if defined(POLARSSL_DES_C) return( ret );
case POLARSSL_CIPHER_DES_CBC: }
des_crypt_cbc( (des_context *) ssl->transform_out->ctx_enc,
DES_ENCRYPT, enc_msglen,
ssl->transform_out->iv_enc, enc_msg, enc_msg );
break;
case POLARSSL_CIPHER_DES_EDE3_CBC: if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
des3_crypt_cbc( (des3_context *) ssl->transform_out->ctx_enc, enc_msg, enc_msglen, enc_msg,
DES_ENCRYPT, enc_msglen, &olen ) ) != 0 )
ssl->transform_out->iv_enc, enc_msg, enc_msg ); {
break; return( ret );
#endif }
case POLARSSL_CIPHER_AES_128_CBC: enc_msglen -= olen;
case POLARSSL_CIPHER_AES_256_CBC:
if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc ) ) != 0 )
{
return( ret );
}
if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc, if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
enc_msg, enc_msglen, enc_msg, enc_msg + olen, &olen ) ) != 0 )
&olen ) ) != 0 ) {
{ return( ret );
return( ret ); }
}
enc_msglen -= olen; if( enc_msglen != olen )
{
if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc, SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
enc_msg + olen, &olen ) ) != 0 ) enc_msglen, olen ) );
{ // TODO Real error number
return( ret ); return( -1 );
} }
if( enc_msglen != olen )
{
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
enc_msglen, olen ) );
// TODO Real error number
return( -1 );
}
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
if( ssl->minor_ver < SSL_MINOR_VERSION_2 ) if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
{ {
/* /*
* Save IV in SSL3 and TLS1 * Save IV in SSL3 and TLS1
*/ */
memcpy( ssl->transform_out->iv_enc, memcpy( ssl->transform_out->iv_enc,
ssl->transform_out->cipher_ctx_enc.iv, ssl->transform_out->cipher_ctx_enc.iv,
ssl->transform_out->ivlen ); ssl->transform_out->ivlen );
}
#endif
break;
#if defined(POLARSSL_CAMELLIA_C)
case POLARSSL_CIPHER_CAMELLIA_128_CBC:
case POLARSSL_CIPHER_CAMELLIA_256_CBC:
camellia_crypt_cbc( (camellia_context *) ssl->transform_out->ctx_enc,
CAMELLIA_ENCRYPT, enc_msglen,
ssl->transform_out->iv_enc, enc_msg, enc_msg );
break;
#endif
default:
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
} }
#endif
} }
for( i = 8; i > 0; i-- ) for( i = 8; i > 0; i-- )
@ -1307,76 +1255,44 @@ static int ssl_decrypt_buf( ssl_context *ssl )
} }
#endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */ #endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */
switch( ssl->transform_in->ciphersuite_info->cipher ) if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec,
ssl->transform_in->iv_dec ) ) != 0 )
{ {
#if defined(POLARSSL_DES_C) return( ret );
case POLARSSL_CIPHER_DES_CBC: }
des_crypt_cbc( (des_context *) ssl->transform_in->ctx_dec,
DES_DECRYPT, dec_msglen,
ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
break;
case POLARSSL_CIPHER_DES_EDE3_CBC: if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
des3_crypt_cbc( (des3_context *) ssl->transform_in->ctx_dec, dec_msg, dec_msglen, dec_msg_result,
DES_DECRYPT, dec_msglen, &olen ) ) != 0 )
ssl->transform_in->iv_dec, dec_msg, dec_msg_result ); {
break; return( ret );
#endif }
case POLARSSL_CIPHER_AES_128_CBC: dec_msglen -= olen;
case POLARSSL_CIPHER_AES_256_CBC: if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec, dec_msg_result + olen, &olen ) ) != 0 )
ssl->transform_in->iv_dec ) ) != 0 ) {
{ return( ret );
return( ret ); }
}
if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec, if( dec_msglen != olen )
dec_msg, dec_msglen, dec_msg_result, {
&olen ) ) != 0 ) SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
{ // TODO Real error number
return( ret ); return( -1 );
} }
dec_msglen -= olen;
if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
dec_msg_result + olen, &olen ) ) != 0 )
{
return( ret );
}
if( dec_msglen != olen )
{
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
// TODO Real error number
return( -1 );
}
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) #if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1)
if( ssl->minor_ver < SSL_MINOR_VERSION_2 ) if( ssl->minor_ver < SSL_MINOR_VERSION_2 )
{ {
/* /*
* Save IV in SSL3 and TLS1 * Save IV in SSL3 and TLS1
*/ */
memcpy( ssl->transform_in->iv_dec, memcpy( ssl->transform_in->iv_dec,
ssl->transform_in->cipher_ctx_dec.iv, ssl->transform_in->cipher_ctx_dec.iv,
ssl->transform_in->ivlen ); ssl->transform_in->ivlen );
}
#endif
break;
#if defined(POLARSSL_CAMELLIA_C)
case POLARSSL_CIPHER_CAMELLIA_128_CBC:
case POLARSSL_CIPHER_CAMELLIA_256_CBC:
camellia_crypt_cbc( (camellia_context *) ssl->transform_in->ctx_dec,
CAMELLIA_DECRYPT, dec_msglen,
ssl->transform_in->iv_dec, dec_msg, dec_msg_result );
break;
#endif
default:
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
} }
#endif
padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];