Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / b9cfaa0c7f41c7adb28755cb7bc46a624e98d3b6 / . / library / cipher.c
blob: 5edc39a6c66cf1388ee9e794027902682a1d0f78 [file] [log] [blame]
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1/**
2 * \file cipher.c
3 *
4 * \brief Generic cipher wrapper for PolarSSL
5 *
6 * \author Adriaan de Jong <dejong@fox-it.com>
7 *
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]8 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]9 *
10 * This file is part of PolarSSL (http://www.polarssl.org)
11 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
12 *
13 * All rights reserved.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 */
29
30#include "polarssl/config.h"
31
32#if defined(POLARSSL_CIPHER_C)
33
34#include "polarssl/cipher.h"
35#include "polarssl/cipher_wrap.h"
36
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]37#if defined(POLARSSL_GCM_C)
38#include "polarssl/gcm.h"
39#endif
40
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]41#include <stdlib.h>
42
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]43#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]44#define POLARSSL_CIPHER_MODE_STREAM
45#endif
46
Paul Bakkeraf5c85f2011-04-18 03:47:52 +0000[diff] [blame]47#if defined _MSC_VER && !defined strcasecmp
48#define strcasecmp _stricmp
49#endif
50
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]51static int supported_init = 0;
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]52
53const int *cipher_list( void )
54{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]55 const cipher_definition_t *def;
56 int *type;
57
58 if( ! supported_init )
59 {
60 def = cipher_definitions;
61 type = supported_ciphers;
62
63 while( def->type != 0 )
64 *type++ = (*def++).type;
65
66 *type = 0;
67
68 supported_init = 1;
69 }
70
Paul Bakker72f62662011-01-16 21:27:44 +0000[diff] [blame]71 return supported_ciphers;
72}
73
Paul Bakkerec1b9842012-01-14 18:24:43 +0000[diff] [blame]74const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]75{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]76 const cipher_definition_t *def;
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]77
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]78 for( def = cipher_definitions; def->info != NULL; def++ )
79 if( def->type == cipher_type )
80 return( def->info );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]81
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]82 return NULL;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]83}
84
85const cipher_info_t *cipher_info_from_string( const char *cipher_name )
86{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]87 const cipher_definition_t *def;
88
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]89 if( NULL == cipher_name )
90 return NULL;
91
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]92 for( def = cipher_definitions; def->info != NULL; def++ )
93 if( ! strcasecmp( def->info->name, cipher_name ) )
94 return( def->info );
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]95
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]96 return NULL;
97}
98
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]99const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
100 int key_length,
101 const cipher_mode_t mode )
102{
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]103 const cipher_definition_t *def;
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]104
Manuel Pégourié-Gonnarddace82f2013-09-18 15:12:07 +0200[diff] [blame]105 for( def = cipher_definitions; def->info != NULL; def++ )
106 if( def->info->base->cipher == cipher_id &&
107 def->info->key_length == (unsigned) key_length &&
108 def->info->mode == mode )
109 return( def->info );
Paul Bakkerf46b6952013-09-09 00:08:26 +0200[diff] [blame]110
111 return NULL;
112}
113
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]114int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
115{
116 if( NULL == cipher_info || NULL == ctx )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]117 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]118
Paul Bakker279432a2012-04-26 10:09:35 +0000[diff] [blame]119 memset( ctx, 0, sizeof( cipher_context_t ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]120
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]121 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]122 return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]123
124 ctx->cipher_info = cipher_info;
125
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]126#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]127 /*
128 * Ignore possible errors caused by a cipher mode that doesn't use padding
129 */
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]130#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]131 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]132#else
133 (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
134#endif
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]135#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]136
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]137 return 0;
138}
139
140int cipher_free_ctx( cipher_context_t *ctx )
141{
142 if( ctx == NULL || ctx->cipher_info == NULL )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]143 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]144
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]145 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]146
147 return 0;
148}
149
150int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
151 int key_length, const operation_t operation )
152{
153 if( NULL == ctx || NULL == ctx->cipher_info )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]154 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]155
Manuel Pégourié-Gonnarddd0f57f2013-09-16 11:47:43 +0200[diff] [blame]156 if( (int) ctx->cipher_info->key_length != key_length )
157 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
158
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]159 ctx->key_length = key_length;
160 ctx->operation = operation;
161
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]162 /*
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]163 * For CFB and CTR mode always use the encryption key schedule
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]164 */
165 if( POLARSSL_ENCRYPT == operation ||
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]166 POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]167 POLARSSL_MODE_CTR == ctx->cipher_info->mode )
168 {
169 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]170 ctx->key_length );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]171 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]172
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]173 if( POLARSSL_DECRYPT == operation )
174 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]175 ctx->key_length );
176
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]177 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]178}
179
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]180int cipher_set_iv( cipher_context_t *ctx,
181 const unsigned char *iv, size_t iv_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]182{
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]183 size_t actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]184
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]185 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]186 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]187
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]188 if( ctx->cipher_info->accepts_variable_iv_size )
189 actual_iv_size = iv_len;
190 else
191 actual_iv_size = ctx->cipher_info->iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]192
Manuel Pégourié-Gonnarda235b5b2013-09-03 13:25:52 +0200[diff] [blame]193 memcpy( ctx->iv, iv, actual_iv_size );
194 ctx->iv_size = actual_iv_size;
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]195
196 return 0;
197}
198
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]199int cipher_reset( cipher_context_t *ctx )
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]200{
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]201 if( NULL == ctx || NULL == ctx->cipher_info )
202 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
203
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]204 ctx->unprocessed_len = 0;
205
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]206 return 0;
207}
208
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]209#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]210int cipher_update_ad( cipher_context_t *ctx,
211 const unsigned char *ad, size_t ad_len )
212{
213 if( NULL == ctx || NULL == ctx->cipher_info )
214 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
215
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]216#if defined(POLARSSL_GCM_C)
217 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
218 {
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]219 return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]220 ctx->iv, ctx->iv_size, ad, ad_len );
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]221 }
222#endif
223
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]224 return 0;
225}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]226#endif /* POLARSSL_CIPHER_MODE_AEAD */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]227
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]228int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
229 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]230{
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]231 int ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]232
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]233 *olen = 0;
234
235 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]236 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]237 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]238 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]239
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]240 if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
241 {
242 if( ilen != cipher_get_block_size( ctx ) )
243 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
244
245 *olen = ilen;
246
247 if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
248 ctx->operation, input, output ) ) )
249 {
250 return ret;
251 }
252
253 return 0;
254 }
255
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]256#if defined(POLARSSL_GCM_C)
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]257 if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]258 {
259 *olen = ilen;
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]260 return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
261 output );
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]262 }
263#endif
264
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]265 if( input == output &&
266 ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
267 {
268 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
269 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]270
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]271#if defined(POLARSSL_CIPHER_MODE_CBC)
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]272 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]273 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]274 size_t copy_len = 0;
275
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]276 /*
277 * If there is not enough data for a full block, cache it.
278 */
279 if( ( ctx->operation == POLARSSL_DECRYPT &&
280 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
281 ( ctx->operation == POLARSSL_ENCRYPT &&
282 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
283 {
284 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
285 ilen );
286
287 ctx->unprocessed_len += ilen;
288 return 0;
289 }
290
291 /*
292 * Process cached data first
293 */
294 if( ctx->unprocessed_len != 0 )
295 {
296 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
297
298 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
299 copy_len );
300
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]301 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]302 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]303 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]304 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]305 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]306 }
307
308 *olen += cipher_get_block_size( ctx );
309 output += cipher_get_block_size( ctx );
310 ctx->unprocessed_len = 0;
311
312 input += copy_len;
313 ilen -= copy_len;
314 }
315
316 /*
317 * Cache final, incomplete block
318 */
319 if( 0 != ilen )
320 {
321 copy_len = ilen % cipher_get_block_size( ctx );
322 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
323 copy_len = cipher_get_block_size(ctx);
324
325 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
326 copy_len );
327
328 ctx->unprocessed_len += copy_len;
329 ilen -= copy_len;
330 }
331
332 /*
333 * Process remaining full blocks
334 */
335 if( ilen )
336 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]337 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
338 ctx->operation, ilen, ctx->iv, input, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]339 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]340 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]341 }
Manuel Pégourié-Gonnard07f8fa52013-08-30 18:34:08 +0200[diff] [blame]342
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]343 *olen += ilen;
344 }
345
346 return 0;
347 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]348#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]349
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]350#if defined(POLARSSL_CIPHER_MODE_CFB)
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]351 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]352 {
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]353 if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]354 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]355 input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]356 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]357 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]358 }
359
360 *olen = ilen;
361
362 return 0;
363 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]364#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]365
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]366#if defined(POLARSSL_CIPHER_MODE_CTR)
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]367 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
368 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]369 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]370 ilen, &ctx->unprocessed_len, ctx->iv,
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]371 ctx->unprocessed_data, input, output ) ) )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]372 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]373 return ret;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]374 }
375
376 *olen = ilen;
377
378 return 0;
379 }
Paul Bakker68884e32013-01-07 18:20:04 +0100[diff] [blame]380#endif
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]381
Manuel Pégourié-Gonnard37e230c2013-08-28 13:50:42 +0200[diff] [blame]382#if defined(POLARSSL_CIPHER_MODE_STREAM)
383 if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
384 {
385 if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
386 ilen, input, output ) ) )
387 {
388 return ret;
389 }
390
391 *olen = ilen;
392
393 return 0;
394 }
395#endif
396
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]397 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]398}
399
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]400#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]401#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]402/*
403 * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
404 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]405static void add_pkcs_padding( unsigned char *output, size_t output_len,
406 size_t data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]407{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]408 size_t padding_len = output_len - data_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]409 unsigned char i = 0;
410
411 for( i = 0; i < padding_len; i++ )
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]412 output[data_len + i] = (unsigned char) padding_len;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]413}
414
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]415static int get_pkcs_padding( unsigned char *input, size_t input_len,
416 size_t *data_len )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]417{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]418 size_t i, padding_len = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]419
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]420 if( NULL == input || NULL == data_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]421 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]422
423 padding_len = input[input_len - 1];
424
Manuel Pégourié-Gonnardb7d24bc2013-07-26 10:58:48 +0200[diff] [blame]425 if( padding_len > input_len || padding_len == 0 )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]426 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]427
Paul Bakkera885d682011-01-20 16:35:05 +0000[diff] [blame]428 for( i = input_len - padding_len; i < input_len; i++ )
429 if( input[i] != padding_len )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]430 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]431
432 *data_len = input_len - padding_len;
433
434 return 0;
435}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]436#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]437
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]438#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]439/*
440 * One and zeros padding: fill with 80 00 ... 00
441 */
442static void add_one_and_zeros_padding( unsigned char *output,
443 size_t output_len, size_t data_len )
444{
445 size_t padding_len = output_len - data_len;
446 unsigned char i = 0;
447
448 output[data_len] = 0x80;
449 for( i = 1; i < padding_len; i++ )
450 output[data_len + i] = 0x00;
451}
452
453static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
454 size_t *data_len )
455{
456 unsigned char *p = input + input_len - 1;
457
458 if( NULL == input || NULL == data_len )
459 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
460
461 while( *p == 0x00 && p > input )
462 --p;
463
464 if( *p != 0x80 )
465 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
466
467 *data_len = p - input;
468
469 return 0;
470}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]471#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]472
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]473#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]474/*
475 * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
476 */
477static void add_zeros_and_len_padding( unsigned char *output,
478 size_t output_len, size_t data_len )
479{
480 size_t padding_len = output_len - data_len;
481 unsigned char i = 0;
482
483 for( i = 1; i < padding_len; i++ )
484 output[data_len + i - 1] = 0x00;
485 output[output_len - 1] = (unsigned char) padding_len;
486}
487
488static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
489 size_t *data_len )
490{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]491 size_t i, padding_len = 0;
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]492
493 if( NULL == input || NULL == data_len )
494 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
495
496 padding_len = input[input_len - 1];
497
498 if( padding_len > input_len || padding_len == 0 )
499 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
500
501 for( i = input_len - padding_len; i < input_len - 1; i++ )
502 if( input[i] != 0x00 )
503 return POLARSSL_ERR_CIPHER_INVALID_PADDING;
504
505 *data_len = input_len - padding_len;
506
507 return 0;
508}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]509#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]510
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]511#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]512/*
513 * Zero padding: fill with 00 ... 00
514 */
515static void add_zeros_padding( unsigned char *output,
516 size_t output_len, size_t data_len )
517{
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]518 size_t i;
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]519
520 for( i = data_len; i < output_len; i++ )
521 output[i] = 0x00;
522}
523
524static int get_zeros_padding( unsigned char *input, size_t input_len,
525 size_t *data_len )
526{
527 unsigned char *p = input + input_len - 1;
528 if( NULL == input || NULL == data_len )
529 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
530
531 while( *p == 0x00 && p > input )
532 --p;
533
534 *data_len = *p == 0x00 ? 0 : p - input + 1;
535
536 return 0;
537}
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]538#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]539
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]540/*
541 * No padding: don't pad :)
542 *
543 * There is no add_padding function (check for NULL in cipher_finish)
544 * but a trivial get_padding function
545 */
546static int get_no_padding( unsigned char *input, size_t input_len,
547 size_t *data_len )
548{
549 if( NULL == input || NULL == data_len )
550 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
551
552 *data_len = input_len;
553
554 return 0;
555}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]556#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]557
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]558int cipher_finish( cipher_context_t *ctx,
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]559 unsigned char *output, size_t *olen )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]560{
561 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]562 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]563
564 *olen = 0;
565
Paul Bakker6132d0a2012-07-04 17:10:40 +0000[diff] [blame]566 if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]567 POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb8bd5932013-09-05 13:38:15 +0200[diff] [blame]568 POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
Manuel Pégourié-Gonnardb5e85882013-08-28 16:36:14 +0200[diff] [blame]569 POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]570 {
571 return 0;
572 }
573
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]574 if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
575 {
576 if( ctx->unprocessed_len != 0 )
577 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
578
579 return 0;
580 }
581
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]582#if defined(POLARSSL_CIPHER_MODE_CBC)
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]583 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
584 {
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]585 int ret = 0;
586
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]587 if( POLARSSL_ENCRYPT == ctx->operation )
588 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]589 /* check for 'no padding' mode */
590 if( NULL == ctx->add_padding )
591 {
592 if( 0 != ctx->unprocessed_len )
593 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
594
595 return 0;
596 }
597
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]598 ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]599 ctx->unprocessed_len );
600 }
601 else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
602 {
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]603 /*
604 * For decrypt operations, expect a full block,
605 * or an empty block if no padding
606 */
607 if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
608 return 0;
609
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]610 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]611 }
612
613 /* cipher block */
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]614 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
615 ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
616 ctx->unprocessed_data, output ) ) )
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]617 {
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]618 return ret;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]619 }
620
621 /* Set output size for decryption */
622 if( POLARSSL_DECRYPT == ctx->operation )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]623 return ctx->get_padding( output, cipher_get_block_size( ctx ),
624 olen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]625
626 /* Set output size for encryption */
627 *olen = cipher_get_block_size( ctx );
628 return 0;
629 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]630#else
631 ((void) output);
632#endif /* POLARSSL_CIPHER_MODE_CBC */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]633
Paul Bakkerff61a782011-06-09 15:42:02 +0000[diff] [blame]634 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]635}
636
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]637#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]638int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
639{
640 if( NULL == ctx ||
641 POLARSSL_MODE_CBC != ctx->cipher_info->mode )
642 {
643 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
644 }
645
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]646 switch( mode )
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]647 {
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]648#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]649 case POLARSSL_PADDING_PKCS7:
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]650 ctx->add_padding = add_pkcs_padding;
651 ctx->get_padding = get_pkcs_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]652 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]653#endif
654#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]655 case POLARSSL_PADDING_ONE_AND_ZEROS:
Manuel Pégourié-Gonnard679f9e92013-07-26 12:46:02 +0200[diff] [blame]656 ctx->add_padding = add_one_and_zeros_padding;
657 ctx->get_padding = get_one_and_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]658 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]659#endif
660#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]661 case POLARSSL_PADDING_ZEROS_AND_LEN:
Manuel Pégourié-Gonnard8d4291b2013-07-26 14:55:18 +0200[diff] [blame]662 ctx->add_padding = add_zeros_and_len_padding;
663 ctx->get_padding = get_zeros_and_len_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]664 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]665#endif
666#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]667 case POLARSSL_PADDING_ZEROS:
Manuel Pégourié-Gonnard0e7d2c02013-07-26 16:05:14 +0200[diff] [blame]668 ctx->add_padding = add_zeros_padding;
669 ctx->get_padding = get_zeros_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]670 break;
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]671#endif
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]672 case POLARSSL_PADDING_NONE:
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]673 ctx->add_padding = NULL;
674 ctx->get_padding = get_no_padding;
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]675 break;
676
677 default:
Paul Bakker48e93c82013-08-14 12:21:18 +0200[diff] [blame]678 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]679 }
680
Paul Bakker1a45d912013-08-14 12:04:26 +0200[diff] [blame]681 return 0;
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]682}
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]683#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnardac56a1a2013-07-25 12:31:10 +0200[diff] [blame]684
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]685#if defined(POLARSSL_CIPHER_MODE_AEAD)
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]686int cipher_write_tag( cipher_context_t *ctx,
687 unsigned char *tag, size_t tag_len )
688{
689 if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
690 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
691
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]692 if( POLARSSL_ENCRYPT != ctx->operation )
693 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
694
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]695#if defined(POLARSSL_GCM_C)
696 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]697 return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]698#endif
699
700 return 0;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]701}
702
703int cipher_check_tag( cipher_context_t *ctx,
704 const unsigned char *tag, size_t tag_len )
705{
706 int ret;
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]707
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]708 if( NULL == ctx || NULL == ctx->cipher_info ||
709 POLARSSL_DECRYPT != ctx->operation )
710 {
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]711 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]712 }
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]713
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]714#if defined(POLARSSL_GCM_C)
715 if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
716 {
717 unsigned char check_tag[16];
718 size_t i;
719 int diff;
720
721 if( tag_len > sizeof( check_tag ) )
722 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
723
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]724 if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
725 check_tag, tag_len ) ) )
726 {
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]727 return( ret );
Paul Bakkerb9cfaa02013-10-11 18:58:55 +0200[diff] [blame^]728 }
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]729
730 /* Check the tag in "constant-time" */
731 for( diff = 0, i = 0; i < tag_len; i++ )
732 diff |= tag[i] ^ check_tag[i];
733
734 if( diff != 0 )
Manuel Pégourié-Gonnard4fee79b2013-09-19 18:09:14 +0200[diff] [blame]735 return( POLARSSL_ERR_CIPHER_AUTH_FAILED );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]736
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]737 return( 0 );
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]738 }
739#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]740
741 return( 0 );
742}
Manuel Pégourié-Gonnard43a47802013-09-03 16:35:53 +0200[diff] [blame]743#endif /* POLARSSL_CIPHER_MODE_AEAD */
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]744
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]745#if defined(POLARSSL_SELF_TEST)
746
747#include <stdio.h>
748
749#define ASSERT(x) if (!(x)) { \
750 printf( "failed with %i at %s\n", value, (#x) ); \
751 return( 1 ); \
752}
753/*
754 * Checkup routine
755 */
756
757int cipher_self_test( int verbose )
758{
Paul Bakkerd61e7d92011-01-18 16:17:47 +0000[diff] [blame]759 ((void) verbose);
760
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]761 return( 0 );
762}
763
764#endif
765
766#endif