PolarSSL v1.1.4
|
00001 00030 #include "polarssl/config.h" 00031 00032 #if defined(POLARSSL_CIPHER_C) 00033 00034 #include "polarssl/cipher.h" 00035 #include "polarssl/cipher_wrap.h" 00036 00037 #include <stdlib.h> 00038 00039 #if defined _MSC_VER && !defined strcasecmp 00040 #define strcasecmp _stricmp 00041 #endif 00042 00043 static const int supported_ciphers[] = { 00044 00045 #if defined(POLARSSL_AES_C) 00046 POLARSSL_CIPHER_AES_128_CBC, 00047 POLARSSL_CIPHER_AES_192_CBC, 00048 POLARSSL_CIPHER_AES_256_CBC, 00049 00050 #if defined(POLARSSL_CIPHER_MODE_CFB) 00051 POLARSSL_CIPHER_AES_128_CFB128, 00052 POLARSSL_CIPHER_AES_192_CFB128, 00053 POLARSSL_CIPHER_AES_256_CFB128, 00054 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ 00055 00056 #if defined(POLARSSL_CIPHER_MODE_CTR) 00057 POLARSSL_CIPHER_AES_128_CTR, 00058 POLARSSL_CIPHER_AES_192_CTR, 00059 POLARSSL_CIPHER_AES_256_CTR, 00060 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ 00061 00062 #endif /* defined(POLARSSL_AES_C) */ 00063 00064 #if defined(POLARSSL_CAMELLIA_C) 00065 POLARSSL_CIPHER_CAMELLIA_128_CBC, 00066 POLARSSL_CIPHER_CAMELLIA_192_CBC, 00067 POLARSSL_CIPHER_CAMELLIA_256_CBC, 00068 00069 #if defined(POLARSSL_CIPHER_MODE_CFB) 00070 POLARSSL_CIPHER_CAMELLIA_128_CFB128, 00071 POLARSSL_CIPHER_CAMELLIA_192_CFB128, 00072 POLARSSL_CIPHER_CAMELLIA_256_CFB128, 00073 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ 00074 00075 #if defined(POLARSSL_CIPHER_MODE_CTR) 00076 POLARSSL_CIPHER_CAMELLIA_128_CTR, 00077 POLARSSL_CIPHER_CAMELLIA_192_CTR, 00078 POLARSSL_CIPHER_CAMELLIA_256_CTR, 00079 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ 00080 00081 #endif /* defined(POLARSSL_CAMELLIA_C) */ 00082 00083 #if defined(POLARSSL_DES_C) 00084 POLARSSL_CIPHER_DES_CBC, 00085 POLARSSL_CIPHER_DES_EDE_CBC, 00086 POLARSSL_CIPHER_DES_EDE3_CBC, 00087 #endif /* defined(POLARSSL_DES_C) */ 00088 00089 0 00090 }; 00091 00092 const int *cipher_list( void ) 00093 { 00094 return supported_ciphers; 00095 } 00096 00097 const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type ) 00098 { 00099 /* Find static cipher information */ 00100 switch ( cipher_type ) 00101 { 00102 #if defined(POLARSSL_AES_C) 00103 case POLARSSL_CIPHER_AES_128_CBC: 00104 return &aes_128_cbc_info; 00105 case POLARSSL_CIPHER_AES_192_CBC: 00106 return &aes_192_cbc_info; 00107 case POLARSSL_CIPHER_AES_256_CBC: 00108 return &aes_256_cbc_info; 00109 00110 #if defined(POLARSSL_CIPHER_MODE_CFB) 00111 case POLARSSL_CIPHER_AES_128_CFB128: 00112 return &aes_128_cfb128_info; 00113 case POLARSSL_CIPHER_AES_192_CFB128: 00114 return &aes_192_cfb128_info; 00115 case POLARSSL_CIPHER_AES_256_CFB128: 00116 return &aes_256_cfb128_info; 00117 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ 00118 00119 #if defined(POLARSSL_CIPHER_MODE_CTR) 00120 case POLARSSL_CIPHER_AES_128_CTR: 00121 return &aes_128_ctr_info; 00122 case POLARSSL_CIPHER_AES_192_CTR: 00123 return &aes_192_ctr_info; 00124 case POLARSSL_CIPHER_AES_256_CTR: 00125 return &aes_256_ctr_info; 00126 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ 00127 00128 #endif 00129 00130 #if defined(POLARSSL_CAMELLIA_C) 00131 case POLARSSL_CIPHER_CAMELLIA_128_CBC: 00132 return &camellia_128_cbc_info; 00133 case POLARSSL_CIPHER_CAMELLIA_192_CBC: 00134 return &camellia_192_cbc_info; 00135 case POLARSSL_CIPHER_CAMELLIA_256_CBC: 00136 return &camellia_256_cbc_info; 00137 00138 #if defined(POLARSSL_CIPHER_MODE_CFB) 00139 case POLARSSL_CIPHER_CAMELLIA_128_CFB128: 00140 return &camellia_128_cfb128_info; 00141 case POLARSSL_CIPHER_CAMELLIA_192_CFB128: 00142 return &camellia_192_cfb128_info; 00143 case POLARSSL_CIPHER_CAMELLIA_256_CFB128: 00144 return &camellia_256_cfb128_info; 00145 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ 00146 00147 #if defined(POLARSSL_CIPHER_MODE_CTR) 00148 case POLARSSL_CIPHER_CAMELLIA_128_CTR: 00149 return &camellia_128_ctr_info; 00150 case POLARSSL_CIPHER_CAMELLIA_192_CTR: 00151 return &camellia_192_ctr_info; 00152 case POLARSSL_CIPHER_CAMELLIA_256_CTR: 00153 return &camellia_256_ctr_info; 00154 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ 00155 00156 #endif 00157 00158 #if defined(POLARSSL_DES_C) 00159 case POLARSSL_CIPHER_DES_CBC: 00160 return &des_cbc_info; 00161 case POLARSSL_CIPHER_DES_EDE_CBC: 00162 return &des_ede_cbc_info; 00163 case POLARSSL_CIPHER_DES_EDE3_CBC: 00164 return &des_ede3_cbc_info; 00165 #endif 00166 00167 default: 00168 return NULL; 00169 } 00170 } 00171 00172 const cipher_info_t *cipher_info_from_string( const char *cipher_name ) 00173 { 00174 if( NULL == cipher_name ) 00175 return NULL; 00176 00177 /* Get the appropriate cipher information */ 00178 #if defined(POLARSSL_CAMELLIA_C) 00179 if( !strcasecmp( "CAMELLIA-128-CBC", cipher_name ) ) 00180 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CBC ); 00181 if( !strcasecmp( "CAMELLIA-192-CBC", cipher_name ) ) 00182 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CBC ); 00183 if( !strcasecmp( "CAMELLIA-256-CBC", cipher_name ) ) 00184 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CBC ); 00185 00186 #if defined(POLARSSL_CIPHER_MODE_CFB) 00187 if( !strcasecmp( "CAMELLIA-128-CFB128", cipher_name ) ) 00188 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CFB128 ); 00189 if( !strcasecmp( "CAMELLIA-192-CFB128", cipher_name ) ) 00190 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CFB128 ); 00191 if( !strcasecmp( "CAMELLIA-256-CFB128", cipher_name ) ) 00192 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CFB128 ); 00193 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ 00194 00195 #if defined(POLARSSL_CIPHER_MODE_CTR) 00196 if( !strcasecmp( "CAMELLIA-128-CTR", cipher_name ) ) 00197 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_128_CTR ); 00198 if( !strcasecmp( "CAMELLIA-192-CTR", cipher_name ) ) 00199 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_192_CTR ); 00200 if( !strcasecmp( "CAMELLIA-256-CTR", cipher_name ) ) 00201 return cipher_info_from_type( POLARSSL_CIPHER_CAMELLIA_256_CTR ); 00202 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ 00203 #endif 00204 00205 #if defined(POLARSSL_AES_C) 00206 if( !strcasecmp( "AES-128-CBC", cipher_name ) ) 00207 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CBC ); 00208 if( !strcasecmp( "AES-192-CBC", cipher_name ) ) 00209 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CBC ); 00210 if( !strcasecmp( "AES-256-CBC", cipher_name ) ) 00211 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CBC ); 00212 00213 #if defined(POLARSSL_CIPHER_MODE_CFB) 00214 if( !strcasecmp( "AES-128-CFB128", cipher_name ) ) 00215 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CFB128 ); 00216 if( !strcasecmp( "AES-192-CFB128", cipher_name ) ) 00217 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CFB128 ); 00218 if( !strcasecmp( "AES-256-CFB128", cipher_name ) ) 00219 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CFB128 ); 00220 #endif /* defined(POLARSSL_CIPHER_MODE_CFB) */ 00221 00222 #if defined(POLARSSL_CIPHER_MODE_CTR) 00223 if( !strcasecmp( "AES-128-CTR", cipher_name ) ) 00224 return cipher_info_from_type( POLARSSL_CIPHER_AES_128_CTR ); 00225 if( !strcasecmp( "AES-192-CTR", cipher_name ) ) 00226 return cipher_info_from_type( POLARSSL_CIPHER_AES_192_CTR ); 00227 if( !strcasecmp( "AES-256-CTR", cipher_name ) ) 00228 return cipher_info_from_type( POLARSSL_CIPHER_AES_256_CTR ); 00229 #endif /* defined(POLARSSL_CIPHER_MODE_CTR) */ 00230 #endif 00231 00232 #if defined(POLARSSL_DES_C) 00233 if( !strcasecmp( "DES-CBC", cipher_name ) ) 00234 return cipher_info_from_type( POLARSSL_CIPHER_DES_CBC ); 00235 if( !strcasecmp( "DES-EDE-CBC", cipher_name ) ) 00236 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE_CBC ); 00237 if( !strcasecmp( "DES-EDE3-CBC", cipher_name ) ) 00238 return cipher_info_from_type( POLARSSL_CIPHER_DES_EDE3_CBC ); 00239 #endif 00240 return NULL; 00241 } 00242 00243 int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info ) 00244 { 00245 if( NULL == cipher_info || NULL == ctx ) 00246 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00247 00248 memset( ctx, 0, sizeof( cipher_context_t ) ); 00249 00250 if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) ) 00251 return POLARSSL_ERR_CIPHER_ALLOC_FAILED; 00252 00253 ctx->cipher_info = cipher_info; 00254 00255 return 0; 00256 } 00257 00258 int cipher_free_ctx( cipher_context_t *ctx ) 00259 { 00260 if( ctx == NULL || ctx->cipher_info == NULL ) 00261 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00262 00263 ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); 00264 00265 return 0; 00266 } 00267 00268 int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, 00269 int key_length, const operation_t operation ) 00270 { 00271 if( NULL == ctx || NULL == ctx->cipher_info ) 00272 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00273 00274 ctx->key_length = key_length; 00275 ctx->operation = operation; 00276 00277 /* 00278 * For CFB128 and CTR mode always use the encryption key schedule 00279 */ 00280 if( POLARSSL_ENCRYPT == operation || 00281 POLARSSL_MODE_CFB128 == ctx->cipher_info->mode || 00282 POLARSSL_MODE_CTR == ctx->cipher_info->mode ) 00283 { 00284 return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, 00285 ctx->key_length ); 00286 } 00287 00288 if( POLARSSL_DECRYPT == operation ) 00289 return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key, 00290 ctx->key_length ); 00291 00292 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00293 } 00294 00295 int cipher_reset( cipher_context_t *ctx, const unsigned char *iv ) 00296 { 00297 if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv ) 00298 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00299 00300 ctx->unprocessed_len = 0; 00301 00302 memcpy( ctx->iv, iv, cipher_get_iv_size( ctx ) ); 00303 00304 return 0; 00305 } 00306 00307 int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen, 00308 unsigned char *output, size_t *olen ) 00309 { 00310 int ret; 00311 size_t copy_len = 0; 00312 00313 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen || 00314 input == output ) 00315 { 00316 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00317 } 00318 00319 *olen = 0; 00320 00321 if( ctx->cipher_info->mode == POLARSSL_MODE_CBC ) 00322 { 00323 /* 00324 * If there is not enough data for a full block, cache it. 00325 */ 00326 if( ( ctx->operation == POLARSSL_DECRYPT && 00327 ilen + ctx->unprocessed_len <= cipher_get_block_size( ctx ) ) || 00328 ( ctx->operation == POLARSSL_ENCRYPT && 00329 ilen + ctx->unprocessed_len < cipher_get_block_size( ctx ) ) ) 00330 { 00331 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, 00332 ilen ); 00333 00334 ctx->unprocessed_len += ilen; 00335 return 0; 00336 } 00337 00338 /* 00339 * Process cached data first 00340 */ 00341 if( ctx->unprocessed_len != 0 ) 00342 { 00343 copy_len = cipher_get_block_size( ctx ) - ctx->unprocessed_len; 00344 00345 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, 00346 copy_len ); 00347 00348 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, 00349 ctx->operation, cipher_get_block_size( ctx ), ctx->iv, 00350 ctx->unprocessed_data, output ) ) ) 00351 { 00352 return ret; 00353 } 00354 00355 *olen += cipher_get_block_size( ctx ); 00356 output += cipher_get_block_size( ctx ); 00357 ctx->unprocessed_len = 0; 00358 00359 input += copy_len; 00360 ilen -= copy_len; 00361 } 00362 00363 /* 00364 * Cache final, incomplete block 00365 */ 00366 if( 0 != ilen ) 00367 { 00368 copy_len = ilen % cipher_get_block_size( ctx ); 00369 if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT ) 00370 copy_len = cipher_get_block_size(ctx); 00371 00372 memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), 00373 copy_len ); 00374 00375 ctx->unprocessed_len += copy_len; 00376 ilen -= copy_len; 00377 } 00378 00379 /* 00380 * Process remaining full blocks 00381 */ 00382 if( ilen ) 00383 { 00384 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, 00385 ctx->operation, ilen, ctx->iv, input, output ) ) ) 00386 { 00387 return ret; 00388 } 00389 *olen += ilen; 00390 } 00391 00392 return 0; 00393 } 00394 00395 if( ctx->cipher_info->mode == POLARSSL_MODE_CFB128 ) 00396 { 00397 if( 0 != ( ret = ctx->cipher_info->base->cfb128_func( ctx->cipher_ctx, 00398 ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv, 00399 input, output ) ) ) 00400 { 00401 return ret; 00402 } 00403 00404 *olen = ilen; 00405 00406 return 0; 00407 } 00408 00409 if( ctx->cipher_info->mode == POLARSSL_MODE_CTR ) 00410 { 00411 if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, 00412 ilen, &ctx->unprocessed_len, ctx->iv, 00413 ctx->unprocessed_data, input, output ) ) ) 00414 { 00415 return ret; 00416 } 00417 00418 *olen = ilen; 00419 00420 return 0; 00421 } 00422 00423 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; 00424 } 00425 00426 static void add_pkcs_padding( unsigned char *output, size_t output_len, 00427 size_t data_len ) 00428 { 00429 size_t padding_len = output_len - data_len; 00430 unsigned char i = 0; 00431 00432 for( i = 0; i < padding_len; i++ ) 00433 output[data_len + i] = (unsigned char) padding_len; 00434 } 00435 00436 static int get_pkcs_padding( unsigned char *input, unsigned int input_len, 00437 size_t *data_len) 00438 { 00439 unsigned int i, padding_len = 0; 00440 00441 if( NULL == input || NULL == data_len ) 00442 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00443 00444 padding_len = input[input_len - 1]; 00445 00446 if( padding_len > input_len ) 00447 return POLARSSL_ERR_CIPHER_INVALID_PADDING; 00448 00449 for( i = input_len - padding_len; i < input_len; i++ ) 00450 if( input[i] != padding_len ) 00451 return POLARSSL_ERR_CIPHER_INVALID_PADDING; 00452 00453 *data_len = input_len - padding_len; 00454 00455 return 0; 00456 } 00457 00458 int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen) 00459 { 00460 int ret = 0; 00461 00462 if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) 00463 return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 00464 00465 *olen = 0; 00466 00467 if( POLARSSL_MODE_CFB128 == ctx->cipher_info->mode || 00468 POLARSSL_MODE_CTR == ctx->cipher_info->mode ) 00469 { 00470 return 0; 00471 } 00472 00473 if( POLARSSL_MODE_CBC == ctx->cipher_info->mode ) 00474 { 00475 if( POLARSSL_ENCRYPT == ctx->operation ) 00476 { 00477 add_pkcs_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ), 00478 ctx->unprocessed_len ); 00479 } 00480 else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len ) 00481 { 00482 /* For decrypt operations, expect a full block */ 00483 return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED; 00484 } 00485 00486 /* cipher block */ 00487 if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, 00488 ctx->operation, cipher_get_block_size( ctx ), ctx->iv, 00489 ctx->unprocessed_data, output ) ) ) 00490 { 00491 return ret; 00492 } 00493 00494 /* Set output size for decryption */ 00495 if( POLARSSL_DECRYPT == ctx->operation ) 00496 return get_pkcs_padding( output, cipher_get_block_size( ctx ), olen ); 00497 00498 /* Set output size for encryption */ 00499 *olen = cipher_get_block_size( ctx ); 00500 return 0; 00501 } 00502 00503 return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; 00504 } 00505 00506 #if defined(POLARSSL_SELF_TEST) 00507 00508 #include <stdio.h> 00509 00510 #define ASSERT(x) if (!(x)) { \ 00511 printf( "failed with %i at %s\n", value, (#x) ); \ 00512 return( 1 ); \ 00513 } 00514 /* 00515 * Checkup routine 00516 */ 00517 00518 int cipher_self_test( int verbose ) 00519 { 00520 ((void) verbose); 00521 00522 return( 0 ); 00523 } 00524 00525 #endif 00526 00527 #endif