PolarSSL v1.3.3
cipher.c
Go to the documentation of this file.
1 
30 #include "polarssl/config.h"
31 
32 #if defined(POLARSSL_CIPHER_C)
33 
34 #include "polarssl/cipher.h"
35 #include "polarssl/cipher_wrap.h"
36 
37 #if defined(POLARSSL_GCM_C)
38 #include "polarssl/gcm.h"
39 #endif
40 
41 #include <stdlib.h>
42 
43 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
44 #define POLARSSL_CIPHER_MODE_STREAM
45 #endif
46 
47 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
48  !defined(EFI32)
49 #define strcasecmp _stricmp
50 #endif
51 
52 static int supported_init = 0;
53 
54 const int *cipher_list( void )
55 {
56  const cipher_definition_t *def;
57  int *type;
58 
59  if( ! supported_init )
60  {
61  def = cipher_definitions;
62  type = supported_ciphers;
63 
64  while( def->type != 0 )
65  *type++ = (*def++).type;
66 
67  *type = 0;
68 
69  supported_init = 1;
70  }
71 
72  return supported_ciphers;
73 }
74 
75 const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
76 {
77  const cipher_definition_t *def;
78 
79  for( def = cipher_definitions; def->info != NULL; def++ )
80  if( def->type == cipher_type )
81  return( def->info );
82 
83  return NULL;
84 }
85 
86 const cipher_info_t *cipher_info_from_string( const char *cipher_name )
87 {
88  const cipher_definition_t *def;
89 
90  if( NULL == cipher_name )
91  return NULL;
92 
93  for( def = cipher_definitions; def->info != NULL; def++ )
94  if( ! strcasecmp( def->info->name, cipher_name ) )
95  return( def->info );
96 
97  return NULL;
98 }
99 
100 const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
101  int key_length,
102  const cipher_mode_t mode )
103 {
104  const cipher_definition_t *def;
105 
106  for( def = cipher_definitions; def->info != NULL; def++ )
107  if( def->info->base->cipher == cipher_id &&
108  def->info->key_length == (unsigned) key_length &&
109  def->info->mode == mode )
110  return( def->info );
111 
112  return NULL;
113 }
114 
115 int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
116 {
117  if( NULL == cipher_info || NULL == ctx )
119 
120  memset( ctx, 0, sizeof( cipher_context_t ) );
121 
122  if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
124 
125  ctx->cipher_info = cipher_info;
126 
127 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
128  /*
129  * Ignore possible errors caused by a cipher mode that doesn't use padding
130  */
131 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
133 #else
135 #endif
136 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
137 
138  return 0;
139 }
140 
142 {
143  if( ctx == NULL || ctx->cipher_info == NULL )
145 
146  ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
147 
148  return 0;
149 }
150 
151 int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
152  int key_length, const operation_t operation )
153 {
154  if( NULL == ctx || NULL == ctx->cipher_info )
156 
157  if( (int) ctx->cipher_info->key_length != key_length )
159 
160  ctx->key_length = key_length;
161  ctx->operation = operation;
162 
163  /*
164  * For CFB and CTR mode always use the encryption key schedule
165  */
166  if( POLARSSL_ENCRYPT == operation ||
169  {
170  return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
171  ctx->key_length );
172  }
173 
174  if( POLARSSL_DECRYPT == operation )
175  return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
176  ctx->key_length );
177 
179 }
180 
182  const unsigned char *iv, size_t iv_len )
183 {
184  size_t actual_iv_size;
185 
186  if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
188 
189  /* avoid buffer overflow in ctx->iv */
190  if( iv_len > POLARSSL_MAX_IV_LENGTH )
192 
194  actual_iv_size = iv_len;
195  else
196  {
197  actual_iv_size = ctx->cipher_info->iv_size;
198 
199  /* avoid reading past the end of input buffer */
200  if( actual_iv_size > iv_len )
202  }
203 
204  memcpy( ctx->iv, iv, actual_iv_size );
205  ctx->iv_size = actual_iv_size;
206 
207  return 0;
208 }
209 
210 int cipher_reset( cipher_context_t *ctx )
211 {
212  if( NULL == ctx || NULL == ctx->cipher_info )
214 
215  ctx->unprocessed_len = 0;
216 
217  return 0;
218 }
219 
220 #if defined(POLARSSL_CIPHER_MODE_AEAD)
222  const unsigned char *ad, size_t ad_len )
223 {
224  if( NULL == ctx || NULL == ctx->cipher_info )
226 
227 #if defined(POLARSSL_GCM_C)
228  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
229  {
230  return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
231  ctx->iv, ctx->iv_size, ad, ad_len );
232  }
233 #endif
234 
235  return 0;
236 }
237 #endif /* POLARSSL_CIPHER_MODE_AEAD */
238 
239 int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
240  unsigned char *output, size_t *olen )
241 {
242  int ret;
243 
244  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
245  {
247  }
248 
249  *olen = 0;
250 
251  if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
252  {
253  if( ilen != cipher_get_block_size( ctx ) )
255 
256  *olen = ilen;
257 
258  if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
259  ctx->operation, input, output ) ) )
260  {
261  return ret;
262  }
263 
264  return 0;
265  }
266 
267 #if defined(POLARSSL_GCM_C)
268  if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
269  {
270  *olen = ilen;
271  return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
272  output );
273  }
274 #endif
275 
276  if( input == output &&
277  ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
278  {
280  }
281 
282 #if defined(POLARSSL_CIPHER_MODE_CBC)
283  if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
284  {
285  size_t copy_len = 0;
286 
287  /*
288  * If there is not enough data for a full block, cache it.
289  */
290  if( ( ctx->operation == POLARSSL_DECRYPT &&
291  ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
292  ( ctx->operation == POLARSSL_ENCRYPT &&
293  ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
294  {
295  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
296  ilen );
297 
298  ctx->unprocessed_len += ilen;
299  return 0;
300  }
301 
302  /*
303  * Process cached data first
304  */
305  if( ctx->unprocessed_len != 0 )
306  {
307  copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
308 
309  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
310  copy_len );
311 
312  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
313  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
314  ctx->unprocessed_data, output ) ) )
315  {
316  return ret;
317  }
318 
319  *olen += cipher_get_block_size( ctx );
320  output += cipher_get_block_size( ctx );
321  ctx->unprocessed_len = 0;
322 
323  input += copy_len;
324  ilen -= copy_len;
325  }
326 
327  /*
328  * Cache final, incomplete block
329  */
330  if( 0 != ilen )
331  {
332  copy_len = ilen % cipher_get_block_size( ctx );
333  if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
334  copy_len = cipher_get_block_size(ctx);
335 
336  memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
337  copy_len );
338 
339  ctx->unprocessed_len += copy_len;
340  ilen -= copy_len;
341  }
342 
343  /*
344  * Process remaining full blocks
345  */
346  if( ilen )
347  {
348  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
349  ctx->operation, ilen, ctx->iv, input, output ) ) )
350  {
351  return ret;
352  }
353 
354  *olen += ilen;
355  }
356 
357  return 0;
358  }
359 #endif /* POLARSSL_CIPHER_MODE_CBC */
360 
361 #if defined(POLARSSL_CIPHER_MODE_CFB)
362  if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
363  {
364  if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
365  ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
366  input, output ) ) )
367  {
368  return ret;
369  }
370 
371  *olen = ilen;
372 
373  return 0;
374  }
375 #endif
376 
377 #if defined(POLARSSL_CIPHER_MODE_CTR)
378  if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
379  {
380  if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
381  ilen, &ctx->unprocessed_len, ctx->iv,
382  ctx->unprocessed_data, input, output ) ) )
383  {
384  return ret;
385  }
386 
387  *olen = ilen;
388 
389  return 0;
390  }
391 #endif
392 
393 #if defined(POLARSSL_CIPHER_MODE_STREAM)
394  if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
395  {
396  if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
397  ilen, input, output ) ) )
398  {
399  return ret;
400  }
401 
402  *olen = ilen;
403 
404  return 0;
405  }
406 #endif
407 
409 }
410 
411 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
412 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
413 /*
414  * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
415  */
416 static void add_pkcs_padding( unsigned char *output, size_t output_len,
417  size_t data_len )
418 {
419  size_t padding_len = output_len - data_len;
420  unsigned char i;
421 
422  for( i = 0; i < padding_len; i++ )
423  output[data_len + i] = (unsigned char) padding_len;
424 }
425 
426 static int get_pkcs_padding( unsigned char *input, size_t input_len,
427  size_t *data_len )
428 {
429  size_t i, pad_idx;
430  unsigned char padding_len, bad = 0;
431 
432  if( NULL == input || NULL == data_len )
434 
435  padding_len = input[input_len - 1];
436  *data_len = input_len - padding_len;
437 
438  /* Avoid logical || since it results in a branch */
439  bad |= padding_len > input_len;
440  bad |= padding_len == 0;
441 
442  /* The number of bytes checked must be independent of padding_len,
443  * so pick input_len, which is usually 8 or 16 (one block) */
444  pad_idx = input_len - padding_len;
445  for( i = 0; i < input_len; i++ )
446  bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
447 
448  return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
449 }
450 #endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
451 
452 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
453 /*
454  * One and zeros padding: fill with 80 00 ... 00
455  */
456 static void add_one_and_zeros_padding( unsigned char *output,
457  size_t output_len, size_t data_len )
458 {
459  size_t padding_len = output_len - data_len;
460  unsigned char i = 0;
461 
462  output[data_len] = 0x80;
463  for( i = 1; i < padding_len; i++ )
464  output[data_len + i] = 0x00;
465 }
466 
467 static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
468  size_t *data_len )
469 {
470  size_t i;
471  unsigned char done = 0, prev_done, bad;
472 
473  if( NULL == input || NULL == data_len )
475 
476  bad = 0xFF;
477  *data_len = 0;
478  for( i = input_len; i > 0; i-- )
479  {
480  prev_done = done;
481  done |= ( input[i-1] != 0 );
482  *data_len |= ( i - 1 ) * ( done != prev_done );
483  bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
484  }
485 
486  return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
487 
488 }
489 #endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
490 
491 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
492 /*
493  * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
494  */
495 static void add_zeros_and_len_padding( unsigned char *output,
496  size_t output_len, size_t data_len )
497 {
498  size_t padding_len = output_len - data_len;
499  unsigned char i = 0;
500 
501  for( i = 1; i < padding_len; i++ )
502  output[data_len + i - 1] = 0x00;
503  output[output_len - 1] = (unsigned char) padding_len;
504 }
505 
506 static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
507  size_t *data_len )
508 {
509  size_t i, pad_idx;
510  unsigned char padding_len, bad = 0;
511 
512  if( NULL == input || NULL == data_len )
514 
515  padding_len = input[input_len - 1];
516  *data_len = input_len - padding_len;
517 
518  /* Avoid logical || since it results in a branch */
519  bad |= padding_len > input_len;
520  bad |= padding_len == 0;
521 
522  /* The number of bytes checked must be independent of padding_len */
523  pad_idx = input_len - padding_len;
524  for( i = 0; i < input_len - 1; i++ )
525  bad |= input[i] * ( i >= pad_idx );
526 
527  return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
528 }
529 #endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
530 
531 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
532 /*
533  * Zero padding: fill with 00 ... 00
534  */
535 static void add_zeros_padding( unsigned char *output,
536  size_t output_len, size_t data_len )
537 {
538  size_t i;
539 
540  for( i = data_len; i < output_len; i++ )
541  output[i] = 0x00;
542 }
543 
544 static int get_zeros_padding( unsigned char *input, size_t input_len,
545  size_t *data_len )
546 {
547  size_t i;
548  unsigned char done = 0, prev_done;
549 
550  if( NULL == input || NULL == data_len )
552 
553  *data_len = 0;
554  for( i = input_len; i > 0; i-- )
555  {
556  prev_done = done;
557  done |= ( input[i-1] != 0 );
558  *data_len |= i * ( done != prev_done );
559  }
560 
561  return 0;
562 }
563 #endif /* POLARSSL_CIPHER_PADDING_ZEROS */
564 
565 /*
566  * No padding: don't pad :)
567  *
568  * There is no add_padding function (check for NULL in cipher_finish)
569  * but a trivial get_padding function
570  */
571 static int get_no_padding( unsigned char *input, size_t input_len,
572  size_t *data_len )
573 {
574  if( NULL == input || NULL == data_len )
576 
577  *data_len = input_len;
578 
579  return 0;
580 }
581 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
582 
584  unsigned char *output, size_t *olen )
585 {
586  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
588 
589  *olen = 0;
590 
591  if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
595  {
596  return 0;
597  }
598 
599  if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
600  {
601  if( ctx->unprocessed_len != 0 )
603 
604  return 0;
605  }
606 
607 #if defined(POLARSSL_CIPHER_MODE_CBC)
608  if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
609  {
610  int ret = 0;
611 
612  if( POLARSSL_ENCRYPT == ctx->operation )
613  {
614  /* check for 'no padding' mode */
615  if( NULL == ctx->add_padding )
616  {
617  if( 0 != ctx->unprocessed_len )
619 
620  return 0;
621  }
622 
624  ctx->unprocessed_len );
625  }
626  else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
627  {
628  /*
629  * For decrypt operations, expect a full block,
630  * or an empty block if no padding
631  */
632  if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
633  return 0;
634 
636  }
637 
638  /* cipher block */
639  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
640  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
641  ctx->unprocessed_data, output ) ) )
642  {
643  return ret;
644  }
645 
646  /* Set output size for decryption */
647  if( POLARSSL_DECRYPT == ctx->operation )
648  return ctx->get_padding( output, cipher_get_block_size( ctx ),
649  olen );
650 
651  /* Set output size for encryption */
652  *olen = cipher_get_block_size( ctx );
653  return 0;
654  }
655 #else
656  ((void) output);
657 #endif /* POLARSSL_CIPHER_MODE_CBC */
658 
660 }
661 
662 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
664 {
665  if( NULL == ctx ||
667  {
669  }
670 
671  switch( mode )
672  {
673 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
675  ctx->add_padding = add_pkcs_padding;
676  ctx->get_padding = get_pkcs_padding;
677  break;
678 #endif
679 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
681  ctx->add_padding = add_one_and_zeros_padding;
682  ctx->get_padding = get_one_and_zeros_padding;
683  break;
684 #endif
685 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
687  ctx->add_padding = add_zeros_and_len_padding;
688  ctx->get_padding = get_zeros_and_len_padding;
689  break;
690 #endif
691 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
693  ctx->add_padding = add_zeros_padding;
694  ctx->get_padding = get_zeros_padding;
695  break;
696 #endif
698  ctx->add_padding = NULL;
699  ctx->get_padding = get_no_padding;
700  break;
701 
702  default:
704  }
705 
706  return 0;
707 }
708 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
709 
710 #if defined(POLARSSL_CIPHER_MODE_AEAD)
712  unsigned char *tag, size_t tag_len )
713 {
714  if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
716 
717  if( POLARSSL_ENCRYPT != ctx->operation )
719 
720 #if defined(POLARSSL_GCM_C)
721  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
722  return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
723 #endif
724 
725  return 0;
726 }
727 
729  const unsigned char *tag, size_t tag_len )
730 {
731  int ret;
732 
733  if( NULL == ctx || NULL == ctx->cipher_info ||
734  POLARSSL_DECRYPT != ctx->operation )
735  {
737  }
738 
739 #if defined(POLARSSL_GCM_C)
740  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
741  {
742  unsigned char check_tag[16];
743  size_t i;
744  int diff;
745 
746  if( tag_len > sizeof( check_tag ) )
748 
749  if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
750  check_tag, tag_len ) ) )
751  {
752  return( ret );
753  }
754 
755  /* Check the tag in "constant-time" */
756  for( diff = 0, i = 0; i < tag_len; i++ )
757  diff |= tag[i] ^ check_tag[i];
758 
759  if( diff != 0 )
761 
762  return( 0 );
763  }
764 #endif
765 
766  return( 0 );
767 }
768 #endif /* POLARSSL_CIPHER_MODE_AEAD */
769 
770 #if defined(POLARSSL_SELF_TEST)
771 
772 #include <stdio.h>
773 
774 #define ASSERT(x) if (!(x)) { \
775  printf( "failed with %i at %s\n", value, (#x) ); \
776  return( 1 ); \
777 }
778 /*
779  * Checkup routine
780  */
781 
782 int cipher_self_test( int verbose )
783 {
784  ((void) verbose);
785 
786  return( 0 );
787 }
788 
789 #endif
790 
791 #endif
int key_length
Key length to use.
Definition: cipher.h:244
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
Bad input parameters to function.
Definition: cipher.h:54
int supported_ciphers[]
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
The selected feature is not available.
Definition: cipher.h:53
static int cipher_get_iv_size(const cipher_context_t *ctx)
Returns the size of the cipher&#39;s IV/NONCE in bytes.
Definition: cipher.h:382
Generic cipher context.
Definition: cipher.h:239
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED
Failed to allocate memory.
Definition: cipher.h:55
int cipher_write_tag(cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
Write tag for AEAD ciphers.
Cipher information.
Definition: cipher.h:207
zero padding (not reversible!)
Definition: cipher.h:136
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
static unsigned int cipher_get_block_size(const cipher_context_t *ctx)
Returns the block size of the given cipher.
Definition: cipher.h:348
const cipher_info_t * cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:251
Configuration options (set of defines)
cipher_type_t type
Definition: cipher_wrap.h:41
void(* ctx_free_func)(void *ctx)
Free the given context.
Definition: cipher.h:200
#define POLARSSL_ERR_CIPHER_INVALID_PADDING
Input data contains invalid padding and is rejected.
Definition: cipher.h:56
ISO/IEC 7816-4 padding.
Definition: cipher.h:134
int(* cbc_func)(void *ctx, operation_t mode, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CBC.
Definition: cipher.h:175
const cipher_definition_t cipher_definitions[]
Cipher wrappers.
int(* ecb_func)(void *ctx, operation_t mode, const unsigned char *input, unsigned char *output)
Encrypt using ECB.
Definition: cipher.h:171
unsigned char iv[POLARSSL_MAX_IV_LENGTH]
Current IV or NONCE_COUNTER for CTR-mode.
Definition: cipher.h:260
const cipher_info_t * cipher_info
Information about the associated cipher.
Definition: cipher.h:241
int(* cfb_func)(void *ctx, operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CFB (Full length)
Definition: cipher.h:179
int(* ctr_func)(void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output)
Encrypt using CTR.
Definition: cipher.h:183
operation_t operation
Operation that the context&#39;s key has been initialised for.
Definition: cipher.h:247
cipher_mode_t
Definition: cipher.h:121
cipher_type_t
Definition: cipher.h:75
size_t unprocessed_len
Number of bytes that still need processing.
Definition: cipher.h:257
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
int cipher_update_ad(cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
Add additional data (for AEAD ciphers).
unsigned int key_length
Cipher key length, in bits (default length for variable sized ciphers) (Includes parity bits for ciph...
Definition: cipher.h:216
operation_t
Definition: cipher.h:140
int cipher_set_iv(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
int(* setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for decryption purposes.
Definition: cipher.h:194
unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH]
Buffer for data that hasn&#39;t been encrypted yet.
Definition: cipher.h:254
int(* stream_func)(void *ctx, size_t length, const unsigned char *input, unsigned char *output)
Encrypt using STREAM.
Definition: cipher.h:187
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
Decryption of block requires a full block.
Definition: cipher.h:57
const char * name
Name of the cipher.
Definition: cipher.h:219
GCM context structure.
Definition: gcm.h:53
Generic cipher wrapper.
cipher_id_t
Definition: cipher.h:64
#define POLARSSL_MAX_IV_LENGTH
Maximum length of any IV, in bytes.
Definition: cipher.h:158
int cipher_reset(cipher_context_t *ctx)
Finish preparation of the given context.
int(* setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for encryption purposes.
Definition: cipher.h:191
void *(* ctx_alloc_func)(void)
Allocate a new context.
Definition: cipher.h:197
cipher_id_t cipher
Base Cipher type (e.g.
Definition: cipher.h:168
int cipher_set_padding_mode(cipher_context_t *ctx, cipher_padding_t mode)
Set padding mode, for cipher modes that use padding.
cipher_mode_t mode
Cipher mode (e.g.
Definition: cipher.h:212
cipher_padding_t
Definition: cipher.h:132
PKCS7 padding (default)
Definition: cipher.h:133
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
int gcm_update(gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
Generic GCM update function.
int gcm_starts(gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
Generic GCM stream start function.
never pad (full blocks only)
Definition: cipher.h:137
Galois/Counter mode for 128-bit block ciphers.
const cipher_base_t * base
Base cipher information and functions.
Definition: cipher.h:232
const int * cipher_list(void)
Returns the list of ciphers supported by the generic cipher module.
int gcm_finish(gcm_context *ctx, unsigned char *tag, size_t tag_len)
Generic GCM finalisation function.
ANSI X.923 padding.
Definition: cipher.h:135
void * cipher_ctx
Cipher-specific context.
Definition: cipher.h:266
int cipher_self_test(int verbose)
Checkup routine.
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Padding functions to use, if relevant for cipher mode.
Definition: cipher.h:250
size_t iv_size
IV size in bytes (for ciphers with variable-length IVs)
Definition: cipher.h:263
int accepts_variable_iv_size
Flag for ciphers that accept many sizes of IV/NONCE.
Definition: cipher.h:226
int cipher_check_tag(cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
Check tag for AEAD ciphers.
unsigned int iv_size
IV/NONCE size, in bytes.
Definition: cipher.h:223
#define POLARSSL_ERR_CIPHER_AUTH_FAILED
Authentication failed (for AEAD modes).
Definition: cipher.h:58
const cipher_info_t * cipher_info_from_values(const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode)
Returns the cipher information structure associated with the given cipher id, key size and mode...
const cipher_info_t * info
Definition: cipher_wrap.h:42