ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-15 03:07:16 +08:00
Code Issues Releases Wiki Activity

ccm/gcm: use BLOCK_CIPHER whenever possible

Browse Source 
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-12-14 09:36:03 +01:00
parent 4a5d57d225
commit bd7528a592
4 changed files with 66 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/mbedtls/ccm.h
View File

@ -40,7 +40,7 @@
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#if !defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "mbedtls/block_cipher.h" #include "mbedtls/block_cipher.h"
#endif #endif
@ -84,10 +84,10 @@ typedef struct mbedtls_ccm_context {
#MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_DECRYPT or
#MBEDTLS_CCM_STAR_ENCRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
#MBEDTLS_CCM_STAR_DECRYPT. */ #MBEDTLS_CCM_STAR_DECRYPT. */
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#else
mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
#else
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#endif #endif
int MBEDTLS_PRIVATE(state); /*!< Working value holding context's int MBEDTLS_PRIVATE(state); /*!< Working value holding context's
state. Used for chunked data input */ state. Used for chunked data input */

8
include/mbedtls/gcm.h
View File

@ -24,7 +24,7 @@
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#if !defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "mbedtls/block_cipher.h" #include "mbedtls/block_cipher.h"
#endif #endif
@ -50,10 +50,10 @@ extern "C" {
* \brief The GCM context structure. * \brief The GCM context structure.
*/ */
typedef struct mbedtls_gcm_context { typedef struct mbedtls_gcm_context {
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#else
mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */
#else
mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
#endif #endif
uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */ uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */

66
library/ccm.c
View File

@ -23,7 +23,7 @@
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/constant_time.h" #include "mbedtls/constant_time.h"
#if !defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "block_cipher_internal.h" #include "block_cipher_internal.h"
#endif #endif
@ -56,7 +56,17 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
#else
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
@ -79,16 +89,6 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
MBEDTLS_ENCRYPT)) != 0) { MBEDTLS_ENCRYPT)) != 0) {
return ret; return ret;
} }
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
#endif #endif
return 0; return 0;
@ -102,10 +102,10 @@ void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
if (ctx == NULL) { if (ctx == NULL) {
return; return;
} }
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_cipher_free(&ctx->cipher_ctx);
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx); mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
#else
mbedtls_cipher_free(&ctx->cipher_ctx);
#endif #endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context)); mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
} }
@ -128,11 +128,11 @@ static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char tmp_buf[16] = { 0 }; unsigned char tmp_buf[16] = { 0 };
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
#else
size_t olen = 0; size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen); ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
#endif #endif
if (ret != 0) { if (ret != 0) {
ctx->state |= CCM_STATE__ERROR; ctx->state |= CCM_STATE__ERROR;
@ -158,7 +158,7 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i; unsigned char i;
size_t len_left; size_t len_left;
#if defined(MBEDTLS_CIPHER_C) #if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen; size_t olen;
#endif #endif
@ -206,10 +206,10 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
} }
/* Start CBC-MAC with first block*/ /* Start CBC-MAC with first block*/
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#else
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif #endif
if (ret != 0) { if (ret != 0) {
ctx->state |= CCM_STATE__ERROR; ctx->state |= CCM_STATE__ERROR;
@ -292,7 +292,7 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t use_len, offset; size_t use_len, offset;
#if defined(MBEDTLS_CIPHER_C) #if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen; size_t olen;
#endif #endif
@ -334,10 +334,10 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
add += use_len; add += use_len;
if (use_len + offset == 16 || ctx->processed == ctx->add_len) { if (use_len + offset == 16 || ctx->processed == ctx->add_len) {
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#else
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif #endif
if (ret != 0) { if (ret != 0) {
ctx->state |= CCM_STATE__ERROR; ctx->state |= CCM_STATE__ERROR;
@ -363,7 +363,7 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char i; unsigned char i;
size_t use_len, offset; size_t use_len, offset;
#if defined(MBEDTLS_CIPHER_C) #if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen; size_t olen;
#endif #endif
@ -403,10 +403,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len); mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#else
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif #endif
if (ret != 0) { if (ret != 0) {
ctx->state |= CCM_STATE__ERROR; ctx->state |= CCM_STATE__ERROR;
@ -438,10 +438,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
memcpy(output, local_output, use_len); memcpy(output, local_output, use_len);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#else
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
#endif #endif
if (ret != 0) { if (ret != 0) {
ctx->state |= CCM_STATE__ERROR; ctx->state |= CCM_STATE__ERROR;

50
library/gcm.c
View File

@ -25,7 +25,7 @@
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/constant_time.h" #include "mbedtls/constant_time.h"
#if !defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
#include "block_cipher_internal.h" #include "block_cipher_internal.h"
#endif #endif
@ -66,11 +66,11 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx)
memset(h, 0, 16); memset(h, 0, 16);
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h);
#else
size_t olen = 0; size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen); ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h);
#endif #endif
if (ret != 0) { if (ret != 0) {
return ret; return ret;
@ -139,7 +139,17 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
return MBEDTLS_ERR_GCM_BAD_INPUT; return MBEDTLS_ERR_GCM_BAD_INPUT;
} }
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
return ret;
}
if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
return ret;
}
#else
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
@ -162,16 +172,6 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
MBEDTLS_ENCRYPT)) != 0) { MBEDTLS_ENCRYPT)) != 0) {
return ret; return ret;
} }
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) {
return ret;
}
if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) {
return ret;
}
#endif #endif
if ((ret = gcm_gen_table(ctx)) != 0) { if ((ret = gcm_gen_table(ctx)) != 0) {
@ -277,7 +277,7 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
const unsigned char *p; const unsigned char *p;
size_t use_len; size_t use_len;
uint64_t iv_bits; uint64_t iv_bits;
#if defined(MBEDTLS_CIPHER_C) #if !defined(MBEDTLS_BLOCK_CIPHER_C)
size_t olen = 0; size_t olen = 0;
#endif #endif
@ -320,10 +320,10 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
} }
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr); ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr);
#else
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen);
#endif #endif
if (ret != 0) { if (ret != 0) {
return ret; return ret;
@ -419,11 +419,11 @@ static int gcm_mask(mbedtls_gcm_context *ctx,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr);
#else
size_t olen = 0; size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen); ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen);
#else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr);
#endif #endif
if (ret != 0) { if (ret != 0) {
mbedtls_platform_zeroize(ectr, 16); mbedtls_platform_zeroize(ectr, 16);
@ -649,10 +649,10 @@ void mbedtls_gcm_free(mbedtls_gcm_context *ctx)
if (ctx == NULL) { if (ctx == NULL) {
return; return;
} }
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_BLOCK_CIPHER_C)
mbedtls_cipher_free(&ctx->cipher_ctx);
#else
mbedtls_block_cipher_free(&ctx->block_cipher_ctx); mbedtls_block_cipher_free(&ctx->block_cipher_ctx);
#else
mbedtls_cipher_free(&ctx->cipher_ctx);
#endif #endif
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
} }