PolarSSL v1.3.7
cipher.c
Go to the documentation of this file.
1 
30 #if !defined(POLARSSL_CONFIG_FILE)
31 #include "polarssl/config.h"
32 #else
33 #include POLARSSL_CONFIG_FILE
34 #endif
35 
36 #if defined(POLARSSL_CIPHER_C)
37 
38 #include "polarssl/cipher.h"
39 #include "polarssl/cipher_wrap.h"
40 
41 #if defined(POLARSSL_GCM_C)
42 #include "polarssl/gcm.h"
43 #endif
44 
45 #include <stdlib.h>
46 
47 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
48 #define POLARSSL_CIPHER_MODE_STREAM
49 #endif
50 
51 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
52  !defined(EFI32)
53 #define strcasecmp _stricmp
54 #endif
55 
56 static int supported_init = 0;
57 
58 const int *cipher_list( void )
59 {
60  const cipher_definition_t *def;
61  int *type;
62 
63  if( ! supported_init )
64  {
65  def = cipher_definitions;
66  type = supported_ciphers;
67 
68  while( def->type != 0 )
69  *type++ = (*def++).type;
70 
71  *type = 0;
72 
73  supported_init = 1;
74  }
75 
76  return supported_ciphers;
77 }
78 
79 const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
80 {
81  const cipher_definition_t *def;
82 
83  for( def = cipher_definitions; def->info != NULL; def++ )
84  if( def->type == cipher_type )
85  return( def->info );
86 
87  return NULL;
88 }
89 
90 const cipher_info_t *cipher_info_from_string( const char *cipher_name )
91 {
92  const cipher_definition_t *def;
93 
94  if( NULL == cipher_name )
95  return NULL;
96 
97  for( def = cipher_definitions; def->info != NULL; def++ )
98  if( ! strcasecmp( def->info->name, cipher_name ) )
99  return( def->info );
100 
101  return NULL;
102 }
103 
104 const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
105  int key_length,
106  const cipher_mode_t mode )
107 {
108  const cipher_definition_t *def;
109 
110  for( def = cipher_definitions; def->info != NULL; def++ )
111  if( def->info->base->cipher == cipher_id &&
112  def->info->key_length == (unsigned) key_length &&
113  def->info->mode == mode )
114  return( def->info );
115 
116  return NULL;
117 }
118 
119 int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
120 {
121  if( NULL == cipher_info || NULL == ctx )
123 
124  memset( ctx, 0, sizeof( cipher_context_t ) );
125 
126  if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
128 
129  ctx->cipher_info = cipher_info;
130 
131 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
132  /*
133  * Ignore possible errors caused by a cipher mode that doesn't use padding
134  */
135 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
137 #else
139 #endif
140 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
141 
142  return 0;
143 }
144 
146 {
147  if( ctx == NULL || ctx->cipher_info == NULL )
149 
150  ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
151 
152  return 0;
153 }
154 
155 int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
156  int key_length, const operation_t operation )
157 {
158  if( NULL == ctx || NULL == ctx->cipher_info )
160 
161  if( (int) ctx->cipher_info->key_length != key_length )
163 
164  ctx->key_length = key_length;
165  ctx->operation = operation;
166 
167  /*
168  * For CFB and CTR mode always use the encryption key schedule
169  */
170  if( POLARSSL_ENCRYPT == operation ||
173  {
174  return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
175  ctx->key_length );
176  }
177 
178  if( POLARSSL_DECRYPT == operation )
179  return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
180  ctx->key_length );
181 
183 }
184 
186  const unsigned char *iv, size_t iv_len )
187 {
188  size_t actual_iv_size;
189 
190  if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
192 
193  /* avoid buffer overflow in ctx->iv */
194  if( iv_len > POLARSSL_MAX_IV_LENGTH )
196 
198  actual_iv_size = iv_len;
199  else
200  {
201  actual_iv_size = ctx->cipher_info->iv_size;
202 
203  /* avoid reading past the end of input buffer */
204  if( actual_iv_size > iv_len )
206  }
207 
208  memcpy( ctx->iv, iv, actual_iv_size );
209  ctx->iv_size = actual_iv_size;
210 
211  return 0;
212 }
213 
214 int cipher_reset( cipher_context_t *ctx )
215 {
216  if( NULL == ctx || NULL == ctx->cipher_info )
218 
219  ctx->unprocessed_len = 0;
220 
221  return 0;
222 }
223 
224 #if defined(POLARSSL_CIPHER_MODE_AEAD)
226  const unsigned char *ad, size_t ad_len )
227 {
228  if( NULL == ctx || NULL == ctx->cipher_info )
230 
231 #if defined(POLARSSL_GCM_C)
232  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
233  {
234  return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
235  ctx->iv, ctx->iv_size, ad, ad_len );
236  }
237 #endif
238 
239  return 0;
240 }
241 #endif /* POLARSSL_CIPHER_MODE_AEAD */
242 
243 int cipher_update( cipher_context_t *ctx, const unsigned char *input,
244  size_t ilen, unsigned char *output, size_t *olen )
245 {
246  int ret;
247 
248  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
249  {
251  }
252 
253  *olen = 0;
254 
255  if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
256  {
257  if( ilen != cipher_get_block_size( ctx ) )
259 
260  *olen = ilen;
261 
262  if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
263  ctx->operation, input, output ) ) )
264  {
265  return ret;
266  }
267 
268  return 0;
269  }
270 
271 #if defined(POLARSSL_GCM_C)
272  if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
273  {
274  *olen = ilen;
275  return gcm_update( (gcm_context *) ctx->cipher_ctx, ilen, input,
276  output );
277  }
278 #endif
279 
280  if( input == output &&
281  ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
282  {
284  }
285 
286 #if defined(POLARSSL_CIPHER_MODE_CBC)
287  if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
288  {
289  size_t copy_len = 0;
290 
291  /*
292  * If there is not enough data for a full block, cache it.
293  */
294  if( ( ctx->operation == POLARSSL_DECRYPT &&
295  ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
296  ( ctx->operation == POLARSSL_ENCRYPT &&
297  ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
298  {
299  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
300  ilen );
301 
302  ctx->unprocessed_len += ilen;
303  return 0;
304  }
305 
306  /*
307  * Process cached data first
308  */
309  if( ctx->unprocessed_len != 0 )
310  {
311  copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
312 
313  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
314  copy_len );
315 
316  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
317  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
318  ctx->unprocessed_data, output ) ) )
319  {
320  return ret;
321  }
322 
323  *olen += cipher_get_block_size( ctx );
324  output += cipher_get_block_size( ctx );
325  ctx->unprocessed_len = 0;
326 
327  input += copy_len;
328  ilen -= copy_len;
329  }
330 
331  /*
332  * Cache final, incomplete block
333  */
334  if( 0 != ilen )
335  {
336  copy_len = ilen % cipher_get_block_size( ctx );
337  if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
338  copy_len = cipher_get_block_size(ctx);
339 
340  memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
341  copy_len );
342 
343  ctx->unprocessed_len += copy_len;
344  ilen -= copy_len;
345  }
346 
347  /*
348  * Process remaining full blocks
349  */
350  if( ilen )
351  {
352  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
353  ctx->operation, ilen, ctx->iv, input, output ) ) )
354  {
355  return ret;
356  }
357 
358  *olen += ilen;
359  }
360 
361  return 0;
362  }
363 #endif /* POLARSSL_CIPHER_MODE_CBC */
364 
365 #if defined(POLARSSL_CIPHER_MODE_CFB)
366  if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
367  {
368  if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
369  ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
370  input, output ) ) )
371  {
372  return ret;
373  }
374 
375  *olen = ilen;
376 
377  return 0;
378  }
379 #endif /* POLARSSL_CIPHER_MODE_CFB */
380 
381 #if defined(POLARSSL_CIPHER_MODE_CTR)
382  if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
383  {
384  if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
385  ilen, &ctx->unprocessed_len, ctx->iv,
386  ctx->unprocessed_data, input, output ) ) )
387  {
388  return ret;
389  }
390 
391  *olen = ilen;
392 
393  return 0;
394  }
395 #endif /* POLARSSL_CIPHER_MODE_CTR */
396 
397 #if defined(POLARSSL_CIPHER_MODE_STREAM)
398  if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
399  {
400  if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
401  ilen, input, output ) ) )
402  {
403  return ret;
404  }
405 
406  *olen = ilen;
407 
408  return 0;
409  }
410 #endif /* POLARSSL_CIPHER_MODE_STREAM */
411 
413 }
414 
415 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
416 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
417 /*
418  * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
419  */
420 static void add_pkcs_padding( unsigned char *output, size_t output_len,
421  size_t data_len )
422 {
423  size_t padding_len = output_len - data_len;
424  unsigned char i;
425 
426  for( i = 0; i < padding_len; i++ )
427  output[data_len + i] = (unsigned char) padding_len;
428 }
429 
430 static int get_pkcs_padding( unsigned char *input, size_t input_len,
431  size_t *data_len )
432 {
433  size_t i, pad_idx;
434  unsigned char padding_len, bad = 0;
435 
436  if( NULL == input || NULL == data_len )
438 
439  padding_len = input[input_len - 1];
440  *data_len = input_len - padding_len;
441 
442  /* Avoid logical || since it results in a branch */
443  bad |= padding_len > input_len;
444  bad |= padding_len == 0;
445 
446  /* The number of bytes checked must be independent of padding_len,
447  * so pick input_len, which is usually 8 or 16 (one block) */
448  pad_idx = input_len - padding_len;
449  for( i = 0; i < input_len; i++ )
450  bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
451 
452  return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
453 }
454 #endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
455 
456 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
457 /*
458  * One and zeros padding: fill with 80 00 ... 00
459  */
460 static void add_one_and_zeros_padding( unsigned char *output,
461  size_t output_len, size_t data_len )
462 {
463  size_t padding_len = output_len - data_len;
464  unsigned char i = 0;
465 
466  output[data_len] = 0x80;
467  for( i = 1; i < padding_len; i++ )
468  output[data_len + i] = 0x00;
469 }
470 
471 static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
472  size_t *data_len )
473 {
474  size_t i;
475  unsigned char done = 0, prev_done, bad;
476 
477  if( NULL == input || NULL == data_len )
479 
480  bad = 0xFF;
481  *data_len = 0;
482  for( i = input_len; i > 0; i-- )
483  {
484  prev_done = done;
485  done |= ( input[i-1] != 0 );
486  *data_len |= ( i - 1 ) * ( done != prev_done );
487  bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
488  }
489 
490  return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
491 
492 }
493 #endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
494 
495 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
496 /*
497  * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
498  */
499 static void add_zeros_and_len_padding( unsigned char *output,
500  size_t output_len, size_t data_len )
501 {
502  size_t padding_len = output_len - data_len;
503  unsigned char i = 0;
504 
505  for( i = 1; i < padding_len; i++ )
506  output[data_len + i - 1] = 0x00;
507  output[output_len - 1] = (unsigned char) padding_len;
508 }
509 
510 static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
511  size_t *data_len )
512 {
513  size_t i, pad_idx;
514  unsigned char padding_len, bad = 0;
515 
516  if( NULL == input || NULL == data_len )
518 
519  padding_len = input[input_len - 1];
520  *data_len = input_len - padding_len;
521 
522  /* Avoid logical || since it results in a branch */
523  bad |= padding_len > input_len;
524  bad |= padding_len == 0;
525 
526  /* The number of bytes checked must be independent of padding_len */
527  pad_idx = input_len - padding_len;
528  for( i = 0; i < input_len - 1; i++ )
529  bad |= input[i] * ( i >= pad_idx );
530 
531  return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
532 }
533 #endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
534 
535 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
536 /*
537  * Zero padding: fill with 00 ... 00
538  */
539 static void add_zeros_padding( unsigned char *output,
540  size_t output_len, size_t data_len )
541 {
542  size_t i;
543 
544  for( i = data_len; i < output_len; i++ )
545  output[i] = 0x00;
546 }
547 
548 static int get_zeros_padding( unsigned char *input, size_t input_len,
549  size_t *data_len )
550 {
551  size_t i;
552  unsigned char done = 0, prev_done;
553 
554  if( NULL == input || NULL == data_len )
556 
557  *data_len = 0;
558  for( i = input_len; i > 0; i-- )
559  {
560  prev_done = done;
561  done |= ( input[i-1] != 0 );
562  *data_len |= i * ( done != prev_done );
563  }
564 
565  return 0;
566 }
567 #endif /* POLARSSL_CIPHER_PADDING_ZEROS */
568 
569 /*
570  * No padding: don't pad :)
571  *
572  * There is no add_padding function (check for NULL in cipher_finish)
573  * but a trivial get_padding function
574  */
575 static int get_no_padding( unsigned char *input, size_t input_len,
576  size_t *data_len )
577 {
578  if( NULL == input || NULL == data_len )
580 
581  *data_len = input_len;
582 
583  return 0;
584 }
585 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
586 
588  unsigned char *output, size_t *olen )
589 {
590  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
592 
593  *olen = 0;
594 
595  if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
599  {
600  return 0;
601  }
602 
603  if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
604  {
605  if( ctx->unprocessed_len != 0 )
607 
608  return 0;
609  }
610 
611 #if defined(POLARSSL_CIPHER_MODE_CBC)
612  if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
613  {
614  int ret = 0;
615 
616  if( POLARSSL_ENCRYPT == ctx->operation )
617  {
618  /* check for 'no padding' mode */
619  if( NULL == ctx->add_padding )
620  {
621  if( 0 != ctx->unprocessed_len )
623 
624  return 0;
625  }
626 
628  ctx->unprocessed_len );
629  }
630  else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
631  {
632  /*
633  * For decrypt operations, expect a full block,
634  * or an empty block if no padding
635  */
636  if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
637  return 0;
638 
640  }
641 
642  /* cipher block */
643  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
644  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
645  ctx->unprocessed_data, output ) ) )
646  {
647  return ret;
648  }
649 
650  /* Set output size for decryption */
651  if( POLARSSL_DECRYPT == ctx->operation )
652  return ctx->get_padding( output, cipher_get_block_size( ctx ),
653  olen );
654 
655  /* Set output size for encryption */
656  *olen = cipher_get_block_size( ctx );
657  return 0;
658  }
659 #else
660  ((void) output);
661 #endif /* POLARSSL_CIPHER_MODE_CBC */
662 
664 }
665 
666 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
668 {
669  if( NULL == ctx ||
671  {
673  }
674 
675  switch( mode )
676  {
677 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
679  ctx->add_padding = add_pkcs_padding;
680  ctx->get_padding = get_pkcs_padding;
681  break;
682 #endif
683 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
685  ctx->add_padding = add_one_and_zeros_padding;
686  ctx->get_padding = get_one_and_zeros_padding;
687  break;
688 #endif
689 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
691  ctx->add_padding = add_zeros_and_len_padding;
692  ctx->get_padding = get_zeros_and_len_padding;
693  break;
694 #endif
695 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
697  ctx->add_padding = add_zeros_padding;
698  ctx->get_padding = get_zeros_padding;
699  break;
700 #endif
702  ctx->add_padding = NULL;
703  ctx->get_padding = get_no_padding;
704  break;
705 
706  default:
708  }
709 
710  return 0;
711 }
712 #endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
713 
714 #if defined(POLARSSL_CIPHER_MODE_AEAD)
716  unsigned char *tag, size_t tag_len )
717 {
718  if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
720 
721  if( POLARSSL_ENCRYPT != ctx->operation )
723 
724 #if defined(POLARSSL_GCM_C)
725  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
726  return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
727 #endif
728 
729  return 0;
730 }
731 
733  const unsigned char *tag, size_t tag_len )
734 {
735  int ret;
736 
737  if( NULL == ctx || NULL == ctx->cipher_info ||
738  POLARSSL_DECRYPT != ctx->operation )
739  {
741  }
742 
743 #if defined(POLARSSL_GCM_C)
744  if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
745  {
746  unsigned char check_tag[16];
747  size_t i;
748  int diff;
749 
750  if( tag_len > sizeof( check_tag ) )
752 
753  if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
754  check_tag, tag_len ) ) )
755  {
756  return( ret );
757  }
758 
759  /* Check the tag in "constant-time" */
760  for( diff = 0, i = 0; i < tag_len; i++ )
761  diff |= tag[i] ^ check_tag[i];
762 
763  if( diff != 0 )
765 
766  return( 0 );
767  }
768 #endif /* POLARSSL_GCM_C */
769 
770  return( 0 );
771 }
772 #endif /* POLARSSL_CIPHER_MODE_AEAD */
773 
774 #if defined(POLARSSL_SELF_TEST)
775 
776 /*
777  * Checkup routine
778  */
779 int cipher_self_test( int verbose )
780 {
781  ((void) verbose);
782 
783  return( 0 );
784 }
785 
786 #endif /* POLARSSL_SELF_TEST */
787 
788 #endif /* POLARSSL_CIPHER_C */
int key_length
Key length to use.
Definition: cipher.h:253
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
Bad input parameters to function.
Definition: cipher.h:58
int supported_ciphers[]
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
The selected feature is not available.
Definition: cipher.h:57
static int cipher_get_iv_size(const cipher_context_t *ctx)
Returns the size of the cipher&#39;s IV/NONCE in bytes.
Definition: cipher.h:391
Generic cipher context.
Definition: cipher.h:248
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED
Failed to allocate memory.
Definition: cipher.h:59
int cipher_write_tag(cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
Write tag for AEAD ciphers.
Cipher information.
Definition: cipher.h:216
zero padding (not reversible!)
Definition: cipher.h:140
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
static unsigned int cipher_get_block_size(const cipher_context_t *ctx)
Returns the block size of the given cipher.
Definition: cipher.h:357
const cipher_info_t * cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Definition: cipher.h:260
Configuration options (set of defines)
cipher_type_t type
Definition: cipher_wrap.h:45
void(* ctx_free_func)(void *ctx)
Free the given context.
Definition: cipher.h:209
#define POLARSSL_ERR_CIPHER_INVALID_PADDING
Input data contains invalid padding and is rejected.
Definition: cipher.h:60
ISO/IEC 7816-4 padding.
Definition: cipher.h:138
int(* cbc_func)(void *ctx, operation_t mode, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CBC.
Definition: cipher.h:179
const cipher_definition_t cipher_definitions[]
Cipher wrappers.
int(* ecb_func)(void *ctx, operation_t mode, const unsigned char *input, unsigned char *output)
Encrypt using ECB.
Definition: cipher.h:175
unsigned char iv[POLARSSL_MAX_IV_LENGTH]
Current IV or NONCE_COUNTER for CTR-mode.
Definition: cipher.h:269
const cipher_info_t * cipher_info
Information about the associated cipher.
Definition: cipher.h:250
int(* cfb_func)(void *ctx, operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CFB (Full length)
Definition: cipher.h:184
int(* ctr_func)(void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output)
Encrypt using CTR.
Definition: cipher.h:189
operation_t operation
Operation that the context&#39;s key has been initialised for.
Definition: cipher.h:256
cipher_mode_t
Definition: cipher.h:125
cipher_type_t
Definition: cipher.h:79
size_t unprocessed_len
Number of bytes that still need processing.
Definition: cipher.h:266
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
int cipher_update_ad(cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
Add additional data (for AEAD ciphers).
unsigned int key_length
Cipher key length, in bits (default length for variable sized ciphers) (Includes parity bits for ciph...
Definition: cipher.h:225
operation_t
Definition: cipher.h:144
int cipher_set_iv(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
int(* setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for decryption purposes.
Definition: cipher.h:202
unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH]
Buffer for data that hasn&#39;t been encrypted yet.
Definition: cipher.h:263
int(* stream_func)(void *ctx, size_t length, const unsigned char *input, unsigned char *output)
Encrypt using STREAM.
Definition: cipher.h:194
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
Decryption of block requires a full block.
Definition: cipher.h:61
const char * name
Name of the cipher.
Definition: cipher.h:228
GCM context structure.
Definition: gcm.h:53
Generic cipher wrapper.
cipher_id_t
Definition: cipher.h:68
#define POLARSSL_MAX_IV_LENGTH
Maximum length of any IV, in bytes.
Definition: cipher.h:162
int cipher_reset(cipher_context_t *ctx)
Finish preparation of the given context.
int(* setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for encryption purposes.
Definition: cipher.h:198
void *(* ctx_alloc_func)(void)
Allocate a new context.
Definition: cipher.h:206
cipher_id_t cipher
Base Cipher type (e.g.
Definition: cipher.h:172
int cipher_set_padding_mode(cipher_context_t *ctx, cipher_padding_t mode)
Set padding mode, for cipher modes that use padding.
cipher_mode_t mode
Cipher mode (e.g.
Definition: cipher.h:221
cipher_padding_t
Definition: cipher.h:136
PKCS7 padding (default)
Definition: cipher.h:137
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
int gcm_update(gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
Generic GCM update function.
int gcm_starts(gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
Generic GCM stream start function.
never pad (full blocks only)
Definition: cipher.h:141
Galois/Counter mode for 128-bit block ciphers.
const cipher_base_t * base
Base cipher information and functions.
Definition: cipher.h:241
const int * cipher_list(void)
Returns the list of ciphers supported by the generic cipher module.
int gcm_finish(gcm_context *ctx, unsigned char *tag, size_t tag_len)
Generic GCM finalisation function.
ANSI X.923 padding.
Definition: cipher.h:139
void * cipher_ctx
Cipher-specific context.
Definition: cipher.h:275
int cipher_self_test(int verbose)
Checkup routine.
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Padding functions to use, if relevant for cipher mode.
Definition: cipher.h:259
size_t iv_size
IV size in bytes (for ciphers with variable-length IVs)
Definition: cipher.h:272
int accepts_variable_iv_size
Flag for ciphers that accept many sizes of IV/NONCE.
Definition: cipher.h:235
int cipher_check_tag(cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
Check tag for AEAD ciphers.
unsigned int iv_size
IV/NONCE size, in bytes.
Definition: cipher.h:232
#define POLARSSL_ERR_CIPHER_AUTH_FAILED
Authentication failed (for AEAD modes).
Definition: cipher.h:62
const cipher_info_t * cipher_info_from_values(const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode)
Returns the cipher information structure associated with the given cipher id, key size and mode...
const cipher_info_t * info
Definition: cipher_wrap.h:46