/** * \file cipher.c * * \brief Generic cipher wrapper for Mbed TLS * * \author Adriaan de Jong <[email protected]> * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" #if defined(MBEDTLS_CIPHER_C) #include "mbedtls/cipher.h" #include "cipher_wrap.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" #include "constant_time_internal.h" #include <stdlib.h> #include <string.h> #if defined(MBEDTLS_CHACHAPOLY_C) #include "mbedtls/chachapoly.h" #endif #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" #endif #if defined(MBEDTLS_CCM_C) #include "mbedtls/ccm.h" #endif #if defined(MBEDTLS_CHACHA20_C) #include "mbedtls/chacha20.h" #endif #if defined(MBEDTLS_CMAC_C) #include "mbedtls/cmac.h" #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) #include "psa/crypto.h" #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_NIST_KW_C) #include "mbedtls/nist_kw.h" #endif #include "mbedtls/platform.h" static int supported_init = …; static inline const mbedtls_cipher_base_t *mbedtls_cipher_get_base( const mbedtls_cipher_info_t *info) { … } const int *mbedtls_cipher_list(void) { … } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type) { … } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name) { … } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, int key_bitlen, const mbedtls_cipher_mode_t mode) { … } #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) static inline psa_key_type_t mbedtls_psa_translate_cipher_type( mbedtls_cipher_type_t cipher) { switch (cipher) { case MBEDTLS_CIPHER_AES_128_CCM: case MBEDTLS_CIPHER_AES_192_CCM: case MBEDTLS_CIPHER_AES_256_CCM: case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_AES_128_GCM: case MBEDTLS_CIPHER_AES_192_GCM: case MBEDTLS_CIPHER_AES_256_GCM: case MBEDTLS_CIPHER_AES_128_CBC: case MBEDTLS_CIPHER_AES_192_CBC: case MBEDTLS_CIPHER_AES_256_CBC: case MBEDTLS_CIPHER_AES_128_ECB: case MBEDTLS_CIPHER_AES_192_ECB: case MBEDTLS_CIPHER_AES_256_ECB: return PSA_KEY_TYPE_AES; /* ARIA not yet supported in PSA. */ /* case MBEDTLS_CIPHER_ARIA_128_CCM: case MBEDTLS_CIPHER_ARIA_192_CCM: case MBEDTLS_CIPHER_ARIA_256_CCM: case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG: case MBEDTLS_CIPHER_ARIA_128_GCM: case MBEDTLS_CIPHER_ARIA_192_GCM: case MBEDTLS_CIPHER_ARIA_256_GCM: case MBEDTLS_CIPHER_ARIA_128_CBC: case MBEDTLS_CIPHER_ARIA_192_CBC: case MBEDTLS_CIPHER_ARIA_256_CBC: return( PSA_KEY_TYPE_ARIA ); */ default: return 0; } } static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( mbedtls_cipher_mode_t mode, size_t taglen) { switch (mode) { case MBEDTLS_MODE_ECB: return PSA_ALG_ECB_NO_PADDING; case MBEDTLS_MODE_GCM: return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen); case MBEDTLS_MODE_CCM: return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen); case MBEDTLS_MODE_CCM_STAR_NO_TAG: return PSA_ALG_CCM_STAR_NO_TAG; case MBEDTLS_MODE_CBC: if (taglen == 0) { return PSA_ALG_CBC_NO_PADDING; } else { return 0; } default: return 0; } } #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx) { … } void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx) { … } int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info) { … } #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info, size_t taglen) { psa_algorithm_t alg; mbedtls_cipher_context_psa *cipher_psa; if (NULL == cipher_info || NULL == ctx) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } /* Check that the underlying cipher mode and cipher type are * supported by the underlying PSA Crypto implementation. */ alg = mbedtls_psa_translate_cipher_mode(((mbedtls_cipher_mode_t) cipher_info->mode), taglen); if (alg == 0) { return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } if (mbedtls_psa_translate_cipher_type(((mbedtls_cipher_type_t) cipher_info->type)) == 0) { return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); cipher_psa = mbedtls_calloc(1, sizeof(mbedtls_cipher_context_psa)); if (cipher_psa == NULL) { return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; } cipher_psa->alg = alg; ctx->cipher_ctx = cipher_psa; ctx->cipher_info = cipher_info; ctx->psa_enabled = 1; return 0; } #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation) { … } int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len) { … } int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx) { … } #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, const unsigned char *ad, size_t ad_len) { … } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) { … } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) /* * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len */ static void add_pkcs_padding(unsigned char *output, size_t output_len, size_t data_len) { … } static int get_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len) { … } #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS) /* * One and zeros padding: fill with 80 00 ... 00 */ static void add_one_and_zeros_padding(unsigned char *output, size_t output_len, size_t data_len) { … } static int get_one_and_zeros_padding(unsigned char *input, size_t input_len, size_t *data_len) { … } #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */ #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN) /* * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length */ static void add_zeros_and_len_padding(unsigned char *output, size_t output_len, size_t data_len) { … } static int get_zeros_and_len_padding(unsigned char *input, size_t input_len, size_t *data_len) { … } #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */ #if defined(MBEDTLS_CIPHER_PADDING_ZEROS) /* * Zero padding: fill with 00 ... 00 */ static void add_zeros_padding(unsigned char *output, size_t output_len, size_t data_len) { … } static int get_zeros_padding(unsigned char *input, size_t input_len, size_t *data_len) { … } #endif /* MBEDTLS_CIPHER_PADDING_ZEROS */ /* * No padding: don't pad :) * * There is no add_padding function (check for NULL in mbedtls_cipher_finish) * but a trivial get_padding function */ static int get_no_padding(unsigned char *input, size_t input_len, size_t *data_len) { … } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen) { … } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode) { … } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, unsigned char *tag, size_t tag_len) { … } int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len) { … } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ /* * Packet-oriented wrapper for non-AEAD modes */ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) { … } #if defined(MBEDTLS_CIPHER_MODE_AEAD) /* * Packet-oriented encryption for AEAD modes: internal function used by * mbedtls_cipher_auth_encrypt_ext(). */ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len) { … } /* * Packet-oriented encryption for AEAD modes: internal function used by * mbedtls_cipher_auth_encrypt_ext(). */ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len) { … } #endif /* MBEDTLS_CIPHER_MODE_AEAD */ #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len) { … } /* * Packet-oriented decryption for AEAD/NIST_KW: public function. */ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len) { … } #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_CIPHER_C */
Codebase Browser
godot