30 #if !defined(POLARSSL_CONFIG_FILE)
33 #include POLARSSL_CONFIG_FILE
36 #if defined(POLARSSL_CIPHER_C)
41 #if defined(POLARSSL_GCM_C)
45 #if defined(POLARSSL_CCM_C)
51 #if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
52 #define POLARSSL_CIPHER_MODE_STREAM
55 #if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
57 #define strcasecmp _stricmp
61 static void polarssl_zeroize(
void *v,
size_t n ) {
62 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
65 static int supported_init = 0;
72 if( ! supported_init )
77 while( def->
type != 0 )
78 *type++ = (*def++).type;
93 if( def->
type == cipher_type )
103 if( NULL == cipher_name )
107 if( ! strcasecmp( def->
info->
name, cipher_name ) )
146 if( NULL == cipher_info || NULL == ctx )
156 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
160 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
212 const unsigned char *iv,
size_t iv_len )
214 size_t actual_iv_size;
216 if( NULL == ctx || NULL == ctx->
cipher_info || NULL == iv )
224 actual_iv_size = iv_len;
230 if( actual_iv_size > iv_len )
234 memcpy( ctx->
iv, iv, actual_iv_size );
250 #if defined(POLARSSL_GCM_C)
252 const unsigned char *ad,
size_t ad_len )
268 size_t ilen,
unsigned char *output,
size_t *olen )
272 if( NULL == ctx || NULL == ctx->
cipher_info || NULL == olen )
295 #if defined(POLARSSL_GCM_C)
304 if( input == output &&
310 #if defined(POLARSSL_CIPHER_MODE_CBC)
389 #if defined(POLARSSL_CIPHER_MODE_CFB)
405 #if defined(POLARSSL_CIPHER_MODE_CTR)
421 #if defined(POLARSSL_CIPHER_MODE_STREAM)
425 ilen, input, output ) ) )
439 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
440 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
444 static void add_pkcs_padding(
unsigned char *output,
size_t output_len,
447 size_t padding_len = output_len - data_len;
450 for( i = 0; i < padding_len; i++ )
451 output[data_len + i] = (
unsigned char) padding_len;
454 static int get_pkcs_padding(
unsigned char *input,
size_t input_len,
458 unsigned char padding_len, bad = 0;
460 if( NULL == input || NULL == data_len )
463 padding_len = input[input_len - 1];
464 *data_len = input_len - padding_len;
467 bad |= padding_len > input_len;
468 bad |= padding_len == 0;
472 pad_idx = input_len - padding_len;
473 for( i = 0; i < input_len; i++ )
474 bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
480 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
484 static void add_one_and_zeros_padding(
unsigned char *output,
485 size_t output_len,
size_t data_len )
487 size_t padding_len = output_len - data_len;
490 output[data_len] = 0x80;
491 for( i = 1; i < padding_len; i++ )
492 output[data_len + i] = 0x00;
495 static int get_one_and_zeros_padding(
unsigned char *input,
size_t input_len,
499 unsigned char done = 0, prev_done, bad;
501 if( NULL == input || NULL == data_len )
506 for( i = input_len; i > 0; i-- )
509 done |= ( input[i-1] != 0 );
510 *data_len |= ( i - 1 ) * ( done != prev_done );
511 bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
519 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
523 static void add_zeros_and_len_padding(
unsigned char *output,
524 size_t output_len,
size_t data_len )
526 size_t padding_len = output_len - data_len;
529 for( i = 1; i < padding_len; i++ )
530 output[data_len + i - 1] = 0x00;
531 output[output_len - 1] = (
unsigned char) padding_len;
534 static int get_zeros_and_len_padding(
unsigned char *input,
size_t input_len,
538 unsigned char padding_len, bad = 0;
540 if( NULL == input || NULL == data_len )
543 padding_len = input[input_len - 1];
544 *data_len = input_len - padding_len;
547 bad |= padding_len > input_len;
548 bad |= padding_len == 0;
551 pad_idx = input_len - padding_len;
552 for( i = 0; i < input_len - 1; i++ )
553 bad |= input[i] * ( i >= pad_idx );
559 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
563 static void add_zeros_padding(
unsigned char *output,
564 size_t output_len,
size_t data_len )
568 for( i = data_len; i < output_len; i++ )
572 static int get_zeros_padding(
unsigned char *input,
size_t input_len,
576 unsigned char done = 0, prev_done;
578 if( NULL == input || NULL == data_len )
582 for( i = input_len; i > 0; i-- )
585 done |= ( input[i-1] != 0 );
586 *data_len |= i * ( done != prev_done );
599 static int get_no_padding(
unsigned char *input,
size_t input_len,
602 if( NULL == input || NULL == data_len )
605 *data_len = input_len;
612 unsigned char *output,
size_t *olen )
614 if( NULL == ctx || NULL == ctx->
cipher_info || NULL == olen )
635 #if defined(POLARSSL_CIPHER_MODE_CBC)
690 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
701 #if defined(POLARSSL_CIPHER_PADDING_PKCS7)
707 #if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
713 #if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
719 #if defined(POLARSSL_CIPHER_PADDING_ZEROS)
738 #if defined(POLARSSL_GCM_C)
740 unsigned char *tag,
size_t tag_len )
742 if( NULL == ctx || NULL == ctx->
cipher_info || NULL == tag )
755 const unsigned char *tag,
size_t tag_len )
767 unsigned char check_tag[16];
771 if( tag_len >
sizeof( check_tag ) )
775 check_tag, tag_len ) ) )
781 for( diff = 0, i = 0; i < tag_len; i++ )
782 diff |= tag[i] ^ check_tag[i];
798 const unsigned char *iv,
size_t iv_len,
799 const unsigned char *input,
size_t ilen,
800 unsigned char *output,
size_t *olen )
811 if( ( ret =
cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
814 if( ( ret =
cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
817 *olen += finish_olen;
822 #if defined(POLARSSL_CIPHER_MODE_AEAD)
827 const unsigned char *iv,
size_t iv_len,
828 const unsigned char *ad,
size_t ad_len,
829 const unsigned char *input,
size_t ilen,
830 unsigned char *output,
size_t *olen,
831 unsigned char *tag,
size_t tag_len )
833 #if defined(POLARSSL_GCM_C)
838 iv, iv_len, ad, ad_len, input, output,
842 #if defined(POLARSSL_CCM_C)
847 iv, iv_len, ad, ad_len, input, output,
859 const unsigned char *iv,
size_t iv_len,
860 const unsigned char *ad,
size_t ad_len,
861 const unsigned char *input,
size_t ilen,
862 unsigned char *output,
size_t *olen,
863 const unsigned char *tag,
size_t tag_len )
865 #if defined(POLARSSL_GCM_C)
872 iv, iv_len, ad, ad_len,
873 tag, tag_len, input, output );
881 #if defined(POLARSSL_CCM_C)
888 iv, iv_len, ad, ad_len,
889 input, output, tag, tag_len );
903 #if defined(POLARSSL_SELF_TEST)
int key_length
Key length to use.
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
Bad input parameters to function.
int gcm_auth_decrypt(gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *tag, size_t tag_len, const unsigned char *input, unsigned char *output)
GCM buffer authenticated decryption using a block cipher.
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
The selected feature is not available.
static int cipher_get_iv_size(const cipher_context_t *ctx)
Returns the size of the cipher's IV/NONCE in bytes.
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED
Failed to allocate memory.
void cipher_init(cipher_context_t *ctx)
Initialize a cipher_context (as NONE)
int cipher_write_tag(cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
Write tag for AEAD ciphers.
zero padding (not reversible!)
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
static unsigned int cipher_get_block_size(const cipher_context_t *ctx)
Returns the block size of the given cipher.
const cipher_info_t * cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Configuration options (set of defines)
void(* ctx_free_func)(void *ctx)
Free the given context.
#define POLARSSL_ERR_CIPHER_INVALID_PADDING
Input data contains invalid padding and is rejected.
int cipher_crypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic all-in-one encryption/decryption (for all ciphers except AEAD constructs).
int(* cbc_func)(void *ctx, operation_t mode, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CBC.
const cipher_definition_t cipher_definitions[]
int ccm_auth_decrypt(ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len)
CCM buffer authenticated decryption.
int(* ecb_func)(void *ctx, operation_t mode, const unsigned char *input, unsigned char *output)
Encrypt using ECB.
unsigned char iv[POLARSSL_MAX_IV_LENGTH]
Current IV or NONCE_COUNTER for CTR-mode.
const cipher_info_t * cipher_info
Information about the associated cipher.
int(* cfb_func)(void *ctx, operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CFB (Full length)
int gcm_crypt_and_tag(gcm_context *ctx, int mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
GCM buffer encryption/decryption using a block cipher.
int(* ctr_func)(void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output)
Encrypt using CTR.
operation_t operation
Operation that the context's key has been initialised for.
size_t unprocessed_len
Number of bytes that still need processing.
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
int cipher_update_ad(cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
Add additional data (for AEAD ciphers).
unsigned int key_length
Cipher key length, in bits (default length for variable sized ciphers) (Includes parity bits for ciph...
int cipher_set_iv(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
#define POLARSSL_CIPHER_VARIABLE_IV_LEN
Cipher accepts IVs of variable length.
int cipher_auth_encrypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, unsigned char *tag, size_t tag_len)
Generic autenticated encryption (AEAD ciphers).
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
int(* setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for decryption purposes.
int cipher_auth_decrypt(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, const unsigned char *ad, size_t ad_len, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, const unsigned char *tag, size_t tag_len)
Generic autenticated decryption (AEAD ciphers).
unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH]
Buffer for data that hasn't been encrypted yet.
int(* stream_func)(void *ctx, size_t length, const unsigned char *input, unsigned char *output)
Encrypt using STREAM.
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
Decryption of block requires a full block.
const char * name
Name of the cipher.
#define POLARSSL_MAX_IV_LENGTH
Maximum length of any IV, in bytes.
int cipher_reset(cipher_context_t *ctx)
Finish preparation of the given context.
int(* setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for encryption purposes.
void *(* ctx_alloc_func)(void)
Allocate a new context.
cipher_id_t cipher
Base Cipher type (e.g.
void cipher_free(cipher_context_t *ctx)
Free and clear the cipher-specific context of ctx.
int cipher_set_padding_mode(cipher_context_t *ctx, cipher_padding_t mode)
Set padding mode, for cipher modes that use padding.
cipher_mode_t mode
Cipher mode (e.g.
#define POLARSSL_ERR_GCM_AUTH_FAILED
Authenticated decryption failed.
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
int gcm_update(gcm_context *ctx, size_t length, const unsigned char *input, unsigned char *output)
Generic GCM update function.
int gcm_starts(gcm_context *ctx, int mode, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len)
Generic GCM stream start function.
never pad (full blocks only)
int ccm_encrypt_and_tag(ccm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len)
CCM buffer encryption.
Galois/Counter mode for 128-bit block ciphers.
const cipher_base_t * base
Base cipher information and functions.
const int * cipher_list(void)
Returns the list of ciphers supported by the generic cipher module.
int gcm_finish(gcm_context *ctx, unsigned char *tag, size_t tag_len)
Generic GCM finalisation function.
void * cipher_ctx
Cipher-specific context.
int cipher_self_test(int verbose)
Checkup routine.
void(* add_padding)(unsigned char *output, size_t olen, size_t data_len)
Padding functions to use, if relevant for cipher mode.
size_t iv_size
IV size in bytes (for ciphers with variable-length IVs)
int flags
Flags for variable IV size, variable key size, etc.
#define POLARSSL_ERR_CCM_AUTH_FAILED
Authenticated decryption failed.
int cipher_check_tag(cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
Check tag for AEAD ciphers.
unsigned int iv_size
IV/NONCE size, in bytes.
#define POLARSSL_ERR_CIPHER_AUTH_FAILED
Authentication failed (for AEAD modes).
#define POLARSSL_CIPHER_VARIABLE_KEY_LEN
Cipher accepts keys of variable length.
const cipher_info_t * cipher_info_from_values(const cipher_id_t cipher_id, int key_length, const cipher_mode_t mode)
Returns the cipher information structure associated with the given cipher id, key size and mode...
Counter with CBC-MAC (CCM) for 128-bit block ciphers.
const cipher_info_t * info