yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Moved GCM to use cipher layer instead of AES directly

Browse source
This commit is contained in:
Paul Bakker 2013-09-09 00:10:27 +02:00
parent f46b6955e3
commit 43aff2aec4
4 changed files with 58 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
include/polarssl/gcm.h
View file

@ -1,7 +1,7 @@
/**
* \file gcm.h
*
* \brief Galois/Counter mode for AES
* \brief Galois/Counter mode for 128-bit block ciphers
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
@ -27,7 +27,7 @@
#ifndef POLARSSL_GCM_H
#define POLARSSL_GCM_H
#include "aes.h"
#include "cipher.h"
#ifdef _MSC_VER
#include <basetsd.h>
@ -50,7 +50,7 @@ extern "C" {
* \brief GCM context structure
*/
typedef struct {
aes_context aes_ctx; /*!< AES context used */
cipher_context_t cipher_ctx;/*!< cipher context used */
uint64_t HL[16]; /*!< Precalculated HTable */
uint64_t HH[16]; /*!< Precalculated HTable */
uint64_t len; /*!< Total data length */
@ -66,15 +66,17 @@ gcm_context;
* \brief GCM initialization (encryption)
*
* \param ctx GCM context to be initialized
* \param cipher cipher to use (a 128-bit block cipher)
* \param key encryption key
* \param keysize must be 128, 192 or 256
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
* \return 0 if successful, or a cipher specific error code
*/
int gcm_init( gcm_context *ctx, const unsigned char *key, unsigned int keysize );
int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
unsigned int keysize );
/**
* \brief GCM buffer encryption/decryption using AES
* \brief GCM buffer encryption/decryption using a block cipher
*
* \note On encryption, the output buffer can be the same as the input buffer.
* On decryption, the output buffer cannot be the same as input buffer.
@ -108,7 +110,7 @@ int gcm_crypt_and_tag( gcm_context *ctx,
unsigned char *tag );
/**
* \brief GCM buffer authenticated decryption using AES
* \brief GCM buffer authenticated decryption using a block cipher
*
* \note On decryption, the output buffer cannot be the same as input buffer.
* If buffers overlap, the output buffer must trail at least 8 bytes

9
library/cipher_wrap.c
View file

@ -298,9 +298,10 @@ static void gcm_ctx_free( void *ctx )
polarssl_free( ctx );
}
static int gcm_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
{
return gcm_init( (gcm_context *) ctx, key, key_length );
return gcm_init( (gcm_context *) ctx, POLARSSL_CIPHER_ID_AES,
key, key_length );
}
const cipher_base_t gcm_aes_info = {
@ -310,8 +311,8 @@ const cipher_base_t gcm_aes_info = {
NULL,
NULL,
NULL,
gcm_setkey_wrap,
gcm_setkey_wrap,
gcm_aes_setkey_wrap,
gcm_aes_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_free,
};

56
library/gcm.c
View file

@ -54,15 +54,17 @@
}
#endif
static void gcm_gen_table( gcm_context *ctx )
static int gcm_gen_table( gcm_context *ctx )
{
int i, j;
int ret, i, j;
uint64_t hi, lo;
uint64_t vl, vh;
unsigned char h[16];
size_t olen = 0;
memset( h, 0, 16 );
aes_crypt_ecb( &ctx->aes_ctx, AES_ENCRYPT, h, h );
if( ( ret = cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
return( ret );
ctx->HH[0] = 0;
ctx->HL[0] = 0;
@ -99,18 +101,33 @@ static void gcm_gen_table( gcm_context *ctx )
HiL[j] = vl ^ ctx->HL[j];
}
}
return( 0 );
}
int gcm_init( gcm_context *ctx, const unsigned char *key, unsigned int keysize )
int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
unsigned int keysize )
{
int ret;
const cipher_info_t *cipher_info;
memset( ctx, 0, sizeof(gcm_context) );
if( ( ret = aes_setkey_enc( &ctx->aes_ctx, key, keysize ) ) != 0 )
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_GCM_BAD_INPUT );
if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 )
return( ret );
gcm_gen_table( ctx );
if( ( ret = cipher_setkey( &ctx->cipher_ctx, key, keysize,
POLARSSL_ENCRYPT ) ) != 0 )
{
return( ret );
}
if( ( ret = gcm_gen_table( ctx ) ) != 0 )
return( ret );
return( 0 );
}
@ -176,10 +193,11 @@ int gcm_starts( gcm_context *ctx,
const unsigned char *add,
size_t add_len )
{
int ret;
unsigned char work_buf[16];
size_t i;
const unsigned char *p;
size_t use_len;
size_t use_len, olen = 0;
memset( ctx->y, 0x00, sizeof(ctx->y) );
memset( ctx->buf, 0x00, sizeof(ctx->buf) );
@ -218,7 +236,11 @@ int gcm_starts( gcm_context *ctx,
gcm_mult( ctx, ctx->y, ctx->y );
}
aes_crypt_ecb( &ctx->aes_ctx, AES_ENCRYPT, ctx->y, ctx->base_ectr );
if( ( ret = cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr,
&olen ) ) != 0 )
{
return( ret );
}
ctx->add_len = add_len;
p = add;
@ -243,11 +265,12 @@ int gcm_update( gcm_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
unsigned char ectr[16];
size_t i;
const unsigned char *p;
unsigned char *out_p = output;
size_t use_len;
size_t use_len, olen = 0;
if( output > input && (size_t) ( output - input ) < length )
return( POLARSSL_ERR_GCM_BAD_INPUT );
@ -263,7 +286,11 @@ int gcm_update( gcm_context *ctx,
if( ++ctx->y[i - 1] != 0 )
break;
aes_crypt_ecb( &ctx->aes_ctx, AES_ENCRYPT, ctx->y, ectr );
if( ( ret = cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
&olen ) ) != 0 )
{
return( ret );
}
for( i = 0; i < use_len; i++ )
{
@ -613,6 +640,7 @@ int gcm_self_test( int verbose )
unsigned char buf[64];
unsigned char tag_buf[16];
int i, j, ret;
cipher_id_t cipher = POLARSSL_CIPHER_ID_AES;
for( j = 0; j < 3; j++ )
{
@ -623,7 +651,7 @@ int gcm_self_test( int verbose )
if( verbose != 0 )
printf( " AES-GCM-%3d #%d (%s): ", key_len, i, "enc" );
gcm_init( &ctx, key[key_index[i]], key_len );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
ret = gcm_crypt_and_tag( &ctx, GCM_ENCRYPT,
pt_len[i],
@ -647,7 +675,7 @@ int gcm_self_test( int verbose )
if( verbose != 0 )
printf( " AES-GCM-%3d #%d (%s): ", key_len, i, "dec" );
gcm_init( &ctx, key[key_index[i]], key_len );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
ret = gcm_crypt_and_tag( &ctx, GCM_DECRYPT,
pt_len[i],
@ -671,7 +699,7 @@ int gcm_self_test( int verbose )
if( verbose != 0 )
printf( " AES-GCM-%3d #%d split (%s): ", key_len, i, "enc" );
gcm_init( &ctx, key[key_index[i]], key_len );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
ret = gcm_starts( &ctx, GCM_ENCRYPT,
iv[iv_index[i]], iv_len[i],
@ -734,7 +762,7 @@ int gcm_self_test( int verbose )
if( verbose != 0 )
printf( " AES-GCM-%3d #%d split (%s): ", key_len, i, "dec" );
gcm_init( &ctx, key[key_index[i]], key_len );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
ret = gcm_starts( &ctx, GCM_DECRYPT,
iv[iv_index[i]], iv_len[i],

4
tests/suites/test_suite_gcm.function
View file

@ -39,7 +39,7 @@ void gcm_encrypt_and_tag( char *hex_key_string, char *hex_src_string,
iv_len = unhexify( iv_str, hex_iv_string );
add_len = unhexify( add_str, hex_add_string );
TEST_ASSERT( gcm_init( &ctx, key_str, key_len * 8 ) == init_result );
TEST_ASSERT( gcm_init( &ctx, POLARSSL_CIPHER_ID_AES, key_str, key_len * 8 ) == init_result );
if( init_result == 0 )
{
TEST_ASSERT( gcm_crypt_and_tag( &ctx, GCM_ENCRYPT, pt_len, iv_str, iv_len, add_str, add_len, src_str, output, tag_len, tag_output ) == 0 );
@ -84,7 +84,7 @@ void gcm_decrypt_and_verify( char *hex_key_string, char *hex_src_string,
add_len = unhexify( add_str, hex_add_string );
unhexify( tag_str, hex_tag_string );
TEST_ASSERT( gcm_init( &ctx, key_str, key_len * 8 ) == init_result );
TEST_ASSERT( gcm_init( &ctx, POLARSSL_CIPHER_ID_AES, key_str, key_len * 8 ) == init_result );
if( init_result == 0 )
{
ret = gcm_auth_decrypt( &ctx, pt_len, iv_str, iv_len, add_str, add_len, tag_str, tag_len, src_str, output );