PolarSSL v1.2.12
cipher.c
Go to the documentation of this file.
1 
30 #include "polarssl/config.h"
31 
32 #if defined(POLARSSL_CIPHER_C)
33 
34 #include "polarssl/cipher.h"
35 #include "polarssl/cipher_wrap.h"
36 
37 #include <stdlib.h>
38 
39 #if defined _MSC_VER && !defined strcasecmp
40 #define strcasecmp _stricmp
41 #endif
42 
43 /* Implementation that should never be optimized out by the compiler */
44 static void polarssl_zeroize( void *v, size_t n ) {
45  volatile unsigned char *p = v; while( n-- ) *p++ = 0;
46 }
47 
48 static const int supported_ciphers[] = {
49 
50 #if defined(POLARSSL_AES_C)
54 
55 #if defined(POLARSSL_CIPHER_MODE_CFB)
59 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
60 
61 #if defined(POLARSSL_CIPHER_MODE_CTR)
65 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
66 
67 #endif /* defined(POLARSSL_AES_C) */
68 
69 #if defined(POLARSSL_CAMELLIA_C)
73 
74 #if defined(POLARSSL_CIPHER_MODE_CFB)
78 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
79 
80 #if defined(POLARSSL_CIPHER_MODE_CTR)
84 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
85 
86 #endif /* defined(POLARSSL_CAMELLIA_C) */
87 
88 #if defined(POLARSSL_DES_C)
92 #endif /* defined(POLARSSL_DES_C) */
93 
94 #if defined(POLARSSL_BLOWFISH_C)
96 
97 #if defined(POLARSSL_CIPHER_MODE_CFB)
99 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
100 
101 #if defined(POLARSSL_CIPHER_MODE_CTR)
103 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
104 
105 #endif /* defined(POLARSSL_BLOWFISH_C) */
106 
107 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
109 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
110 
111  0
112 };
113 
114 const int *cipher_list( void )
115 {
116  return supported_ciphers;
117 }
118 
119 const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
120 {
121  /* Find static cipher information */
122  switch ( cipher_type )
123  {
124 #if defined(POLARSSL_AES_C)
126  return &aes_128_cbc_info;
128  return &aes_192_cbc_info;
130  return &aes_256_cbc_info;
131 
132 #if defined(POLARSSL_CIPHER_MODE_CFB)
134  return &aes_128_cfb128_info;
136  return &aes_192_cfb128_info;
138  return &aes_256_cfb128_info;
139 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
140 
141 #if defined(POLARSSL_CIPHER_MODE_CTR)
143  return &aes_128_ctr_info;
145  return &aes_192_ctr_info;
147  return &aes_256_ctr_info;
148 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
149 
150 #endif
151 
152 #if defined(POLARSSL_CAMELLIA_C)
154  return &camellia_128_cbc_info;
156  return &camellia_192_cbc_info;
158  return &camellia_256_cbc_info;
159 
160 #if defined(POLARSSL_CIPHER_MODE_CFB)
162  return &camellia_128_cfb128_info;
164  return &camellia_192_cfb128_info;
166  return &camellia_256_cfb128_info;
167 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
168 
169 #if defined(POLARSSL_CIPHER_MODE_CTR)
171  return &camellia_128_ctr_info;
173  return &camellia_192_ctr_info;
175  return &camellia_256_ctr_info;
176 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
177 
178 #endif
179 
180 #if defined(POLARSSL_DES_C)
182  return &des_cbc_info;
184  return &des_ede_cbc_info;
186  return &des_ede3_cbc_info;
187 #endif
188 
189 #if defined(POLARSSL_BLOWFISH_C)
191  return &blowfish_cbc_info;
192 
193 #if defined(POLARSSL_CIPHER_MODE_CFB)
195  return &blowfish_cfb64_info;
196 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
197 
198 #if defined(POLARSSL_CIPHER_MODE_CTR)
200  return &blowfish_ctr_info;
201 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
202 
203 #endif
204 
205 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
207  return &null_cipher_info;
208 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
209 
210  default:
211  return NULL;
212  }
213 }
214 
215 const cipher_info_t *cipher_info_from_string( const char *cipher_name )
216 {
217  if( NULL == cipher_name )
218  return NULL;
219 
220  /* Get the appropriate cipher information */
221 #if defined(POLARSSL_CAMELLIA_C)
222  if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) )
224  if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) )
226  if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) )
228 
229 #if defined(POLARSSL_CIPHER_MODE_CFB)
230  if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) )
232  if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) )
234  if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) )
236 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
237 
238 #if defined(POLARSSL_CIPHER_MODE_CTR)
239  if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) )
241  if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) )
243  if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) )
245 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
246 #endif
247 
248 #if defined(POLARSSL_AES_C)
249  if( !strcasecmp( "AES-128-CBC", cipher_name ) )
251  if( !strcasecmp( "AES-192-CBC", cipher_name ) )
253  if( !strcasecmp( "AES-256-CBC", cipher_name ) )
255 
256 #if defined(POLARSSL_CIPHER_MODE_CFB)
257  if( !strcasecmp( "AES-128-CFB128", cipher_name ) )
259  if( !strcasecmp( "AES-192-CFB128", cipher_name ) )
261  if( !strcasecmp( "AES-256-CFB128", cipher_name ) )
263 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
264 
265 #if defined(POLARSSL_CIPHER_MODE_CTR)
266  if( !strcasecmp( "AES-128-CTR", cipher_name ) )
268  if( !strcasecmp( "AES-192-CTR", cipher_name ) )
270  if( !strcasecmp( "AES-256-CTR", cipher_name ) )
272 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
273 #endif
274 
275 #if defined(POLARSSL_DES_C)
276  if( !strcasecmp( "DES-CBC", cipher_name ) )
278  if( !strcasecmp( "DES-EDE-CBC", cipher_name ) )
280  if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) )
282 #endif
283 
284 #if defined(POLARSSL_BLOWFISH_C)
285  if( !strcasecmp( "BLOWFISH-CBC", cipher_name ) )
287 
288 #if defined(POLARSSL_CIPHER_MODE_CFB)
289  if( !strcasecmp( "BLOWFISH-CFB64", cipher_name ) )
291 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */
292 
293 #if defined(POLARSSL_CIPHER_MODE_CTR)
294  if( !strcasecmp( "BLOWFISH-CTR", cipher_name ) )
296 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */
297 #endif
298 
299 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
300  if( !strcasecmp( "NULL", cipher_name ) )
302 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
303 
304  return NULL;
305 }
306 
307 int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
308 {
309  if( NULL == cipher_info || NULL == ctx )
311 
312  memset( ctx, 0, sizeof( cipher_context_t ) );
313 
314  if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
316 
317  ctx->cipher_info = cipher_info;
318 
319  return 0;
320 }
321 
323 {
324  if( ctx == NULL || ctx->cipher_info == NULL )
326 
327  ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
328  polarssl_zeroize( ctx, sizeof(cipher_context_t) );
329 
330  return 0;
331 }
332 
333 int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
334  int key_length, const operation_t operation )
335 {
336  if( NULL == ctx || NULL == ctx->cipher_info )
338 
339  ctx->key_length = key_length;
340  ctx->operation = operation;
341 
342 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
343  if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
344  return 0;
345 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
346 
347  /*
348  * For CFB and CTR mode always use the encryption key schedule
349  */
350  if( POLARSSL_ENCRYPT == operation ||
353  {
354  return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
355  ctx->key_length );
356  }
357 
358  if( POLARSSL_DECRYPT == operation )
359  return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
360  ctx->key_length );
361 
363 }
364 
365 int cipher_reset( cipher_context_t *ctx, const unsigned char *iv )
366 {
367  if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
369 
370  ctx->unprocessed_len = 0;
371 
372  memcpy( ctx->iv, iv, cipher_get_iv_size( ctx ) );
373 
374  return 0;
375 }
376 
377 int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
378  unsigned char *output, size_t *olen )
379 {
380  int ret;
381  size_t copy_len = 0;
382 
383  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ||
384  input == output )
385  {
387  }
388 
389  *olen = 0;
390 
391 #if defined(POLARSSL_CIPHER_NULL_CIPHER)
392  if( ctx->cipher_info->mode == POLARSSL_MODE_NULL )
393  {
394  memcpy( output, input, ilen );
395  *olen = ilen;
396  return 0;
397  }
398 #endif /* defined(POLARSSL_CIPHER_NULL_CIPHER) */
399 
400  if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
401  {
402  /*
403  * If there is not enough data for a full block, cache it.
404  */
405  if( ( ctx->operation == POLARSSL_DECRYPT &&
406  ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) ||
407  ( ctx->operation == POLARSSL_ENCRYPT &&
408  ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) )
409  {
410  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
411  ilen );
412 
413  ctx->unprocessed_len += ilen;
414  return 0;
415  }
416 
417  /*
418  * Process cached data first
419  */
420  if( ctx->unprocessed_len != 0 )
421  {
422  copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len;
423 
424  memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
425  copy_len );
426 
427  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
428  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
429  ctx->unprocessed_data, output ) ) )
430  {
431  return ret;
432  }
433 
434  *olen += cipher_get_block_size( ctx );
435  output += cipher_get_block_size( ctx );
436  ctx->unprocessed_len = 0;
437 
438  input += copy_len;
439  ilen -= copy_len;
440  }
441 
442  /*
443  * Cache final, incomplete block
444  */
445  if( 0 != ilen )
446  {
447  copy_len = ilen % cipher_get_block_size( ctx );
448  if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
449  copy_len = cipher_get_block_size(ctx);
450 
451  memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
452  copy_len );
453 
454  ctx->unprocessed_len += copy_len;
455  ilen -= copy_len;
456  }
457 
458  /*
459  * Process remaining full blocks
460  */
461  if( ilen )
462  {
463  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
464  ctx->operation, ilen, ctx->iv, input, output ) ) )
465  {
466  return ret;
467  }
468  *olen += ilen;
469  }
470 
471  return 0;
472  }
473 
474  if( ctx->cipher_info->mode == POLARSSL_MODE_CFB )
475  {
476  if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
477  ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
478  input, output ) ) )
479  {
480  return ret;
481  }
482 
483  *olen = ilen;
484 
485  return 0;
486  }
487 
488  if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
489  {
490  if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
491  ilen, &ctx->unprocessed_len, ctx->iv,
492  ctx->unprocessed_data, input, output ) ) )
493  {
494  return ret;
495  }
496 
497  *olen = ilen;
498 
499  return 0;
500  }
501 
503 }
504 
505 static void add_pkcs_padding( unsigned char *output, size_t output_len,
506  size_t data_len )
507 {
508  size_t padding_len = output_len - data_len;
509  unsigned char i;
510 
511  for( i = 0; i < padding_len; i++ )
512  output[data_len + i] = (unsigned char) padding_len;
513 }
514 
515 static int get_pkcs_padding( unsigned char *input, unsigned int input_len,
516  size_t *data_len)
517 {
518  unsigned int i, pad_idx;
519  unsigned char padding_len, bad = 0;
520 
521  if( NULL == input || NULL == data_len )
523 
524  padding_len = input[input_len - 1];
525  *data_len = input_len - padding_len;
526 
527  /* Avoid logical || since it results in a branch */
528  bad |= padding_len > input_len;
529  bad |= padding_len == 0;
530 
531  /* The number of bytes checked must be independent of padding_len,
532  * so pick input_len, which is usually 8 or 16 (one block) */
533  pad_idx = input_len - padding_len;
534  for( i = 0; i < input_len; i++ )
535  bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
536 
537  return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
538 }
539 
540 int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen)
541 {
542  int ret = 0;
543 
544  if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
546 
547  *olen = 0;
548 
549  if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
552  {
553  return 0;
554  }
555 
556  if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
557  {
558  if( POLARSSL_ENCRYPT == ctx->operation )
559  {
560  add_pkcs_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
561  ctx->unprocessed_len );
562  }
563  else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
564  {
565  /* For decrypt operations, expect a full block */
567  }
568 
569  /* cipher block */
570  if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
571  ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
572  ctx->unprocessed_data, output ) ) )
573  {
574  return ret;
575  }
576 
577  /* Set output size for decryption */
578  if( POLARSSL_DECRYPT == ctx->operation )
579  return get_pkcs_padding( output, cipher_get_block_size( ctx ), olen );
580 
581  /* Set output size for encryption */
582  *olen = cipher_get_block_size( ctx );
583  return 0;
584  }
585 
587 }
588 
589 #if defined(POLARSSL_SELF_TEST)
590 
591 #include <stdio.h>
592 
593 #define ASSERT(x) if (!(x)) { \
594  printf( "failed with %i at %s\n", value, (#x) ); \
595  return( 1 ); \
596 }
597 /*
598  * Checkup routine
599  */
600 
601 int cipher_self_test( int verbose )
602 {
603  ((void) verbose);
604 
605  return( 0 );
606 }
607 
608 #endif
609 
610 #endif
int key_length
Key length to use.
Definition: cipher.h:186
const cipher_info_t blowfish_ctr_info
#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
Bad input parameters to function.
Definition: cipher.h:44
const cipher_info_t blowfish_cbc_info
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
The selected feature is not available.
Definition: cipher.h:43
static int cipher_get_iv_size(const cipher_context_t *ctx)
Returns the size of the cipher's IV.
Definition: cipher.h:304
Generic cipher context.
Definition: cipher.h:181
const cipher_info_t camellia_192_ctr_info
const cipher_info_t aes_128_ctr_info
const cipher_info_t camellia_192_cbc_info
const cipher_info_t aes_256_ctr_info
#define POLARSSL_ERR_CIPHER_ALLOC_FAILED
Failed to allocate memory.
Definition: cipher.h:45
Cipher information.
Definition: cipher.h:153
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
static unsigned int cipher_get_block_size(const cipher_context_t *ctx)
Returns the block size of the given cipher.
Definition: cipher.h:271
const cipher_info_t * cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
const cipher_info_t aes_128_cfb128_info
const cipher_info_t des_cbc_info
Configuration options (set of defines)
const cipher_info_t aes_256_cbc_info
const cipher_info_t camellia_256_ctr_info
void(* ctx_free_func)(void *ctx)
Free the given context.
Definition: cipher.h:146
const cipher_info_t aes_192_ctr_info
#define POLARSSL_ERR_CIPHER_INVALID_PADDING
Input data contains invalid padding and is rejected.
Definition: cipher.h:46
const cipher_info_t camellia_128_ctr_info
const cipher_info_t blowfish_cfb64_info
int(* cbc_func)(void *ctx, operation_t mode, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CBC.
Definition: cipher.h:125
const cipher_info_t des_ede3_cbc_info
Cipher wrappers.
unsigned char iv[POLARSSL_MAX_IV_LENGTH]
Current IV or NONCE_COUNTER for CTR-mode.
Definition: cipher.h:198
const cipher_info_t * cipher_info
Information about the associated cipher.
Definition: cipher.h:183
int(* cfb_func)(void *ctx, operation_t mode, size_t length, size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output)
Encrypt using CFB (Full length)
Definition: cipher.h:129
const cipher_info_t aes_128_cbc_info
int(* ctr_func)(void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block, const unsigned char *input, unsigned char *output)
Encrypt using CTR.
Definition: cipher.h:133
operation_t operation
Operation that the context's key has been initialised for.
Definition: cipher.h:189
const cipher_info_t des_ede_cbc_info
cipher_type_t
Definition: cipher.h:59
size_t unprocessed_len
Number of bytes that still need processing.
Definition: cipher.h:195
unsigned char unprocessed_data[POLARSSL_MAX_IV_LENGTH]
Buffer for data that hasn't been encrypted yet.
Definition: cipher.h:192
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
operation_t
Definition: cipher.h:97
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
int(* setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for decryption purposes.
Definition: cipher.h:140
const cipher_info_t camellia_256_cfb128_info
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
Decryption of block requires a full block.
Definition: cipher.h:47
const cipher_info_t camellia_256_cbc_info
const cipher_info_t camellia_128_cbc_info
Generic cipher wrapper.
int cipher_reset(cipher_context_t *ctx, const unsigned char *iv)
Reset the given context, setting the IV to iv.
const cipher_info_t aes_192_cbc_info
int(* setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_length)
Set key for encryption purposes.
Definition: cipher.h:137
void *(* ctx_alloc_func)(void)
Allocate a new context.
Definition: cipher.h:143
cipher_mode_t mode
Cipher mode (e.g.
Definition: cipher.h:158
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
const cipher_info_t aes_256_cfb128_info
const cipher_info_t aes_192_cfb128_info
const cipher_base_t * base
Base cipher information and functions.
Definition: cipher.h:174
const int * cipher_list(void)
Returns the list of ciphers supported by the generic cipher module.
void * cipher_ctx
Cipher-specific context.
Definition: cipher.h:201
int cipher_self_test(int verbose)
Checkup routine.
const cipher_info_t camellia_192_cfb128_info
const cipher_info_t camellia_128_cfb128_info