diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 8bf8c3238..018db64b6 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -40,7 +40,7 @@ #include "mbedtls/cipher.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "mbedtls/block_cipher.h" #endif @@ -84,10 +84,10 @@ typedef struct mbedtls_ccm_context { #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or #MBEDTLS_CCM_STAR_DECRYPT. */ -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ +#else + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ #endif int MBEDTLS_PRIVATE(state); /*!< Working value holding context's state. Used for chunked data input */ diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 3925f6827..631b392fd 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -24,7 +24,7 @@ #include "mbedtls/cipher.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "mbedtls/block_cipher.h" #endif @@ -50,10 +50,10 @@ extern "C" { * \brief The GCM context structure. */ typedef struct mbedtls_gcm_context { -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ +#else + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ #endif uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */ diff --git a/library/ccm.c b/library/ccm.c index 6700dc743..392ceb84b 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -23,7 +23,7 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "block_cipher_internal.h" #endif @@ -56,7 +56,17 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); + + if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } +#else const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, @@ -79,16 +89,6 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, MBEDTLS_ENCRYPT)) != 0) { return ret; } -#else - mbedtls_block_cipher_free(&ctx->block_cipher_ctx); - - if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { - return MBEDTLS_ERR_CCM_BAD_INPUT; - } - - if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { - return MBEDTLS_ERR_CCM_BAD_INPUT; - } #endif return 0; @@ -102,10 +102,10 @@ void mbedtls_ccm_free(mbedtls_ccm_context *ctx) if (ctx == NULL) { return; } -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_free(&ctx->cipher_ctx); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_free(&ctx->block_cipher_ctx); +#else + mbedtls_cipher_free(&ctx->cipher_ctx); #endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context)); } @@ -128,11 +128,11 @@ static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char tmp_buf[16] = { 0 }; -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf); +#else size_t olen = 0; ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen); -#else - ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -158,7 +158,7 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; size_t len_left; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen; #endif @@ -206,10 +206,10 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) } /* Start CBC-MAC with first block*/ -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -292,7 +292,7 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t use_len, offset; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen; #endif @@ -334,10 +334,10 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx, add += use_len; if (use_len + offset == 16 || ctx->processed == ctx->add_len) { -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -363,7 +363,7 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; size_t use_len, offset; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen; #endif @@ -403,10 +403,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len); if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; @@ -438,10 +438,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, memcpy(output, local_output, use_len); if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #endif if (ret != 0) { ctx->state |= CCM_STATE__ERROR; diff --git a/library/gcm.c b/library/gcm.c index 8181ec88a..ac6b94530 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -25,7 +25,7 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" -#if !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) #include "block_cipher_internal.h" #endif @@ -66,11 +66,11 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) memset(h, 0, 16); -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); +#else size_t olen = 0; ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen); -#else - ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); #endif if (ret != 0) { return ret; @@ -139,7 +139,17 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, return MBEDTLS_ERR_GCM_BAD_INPUT; } -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); + + if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { + return ret; + } + + if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { + return ret; + } +#else const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, @@ -162,16 +172,6 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, MBEDTLS_ENCRYPT)) != 0) { return ret; } -#else - mbedtls_block_cipher_free(&ctx->block_cipher_ctx); - - if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { - return ret; - } - - if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { - return ret; - } #endif if ((ret = gcm_gen_table(ctx)) != 0) { @@ -277,7 +277,7 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, const unsigned char *p; size_t use_len; uint64_t iv_bits; -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_BLOCK_CIPHER_C) size_t olen = 0; #endif @@ -320,10 +320,10 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, } -#if defined(MBEDTLS_CIPHER_C) - ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr); +#else + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen); #endif if (ret != 0) { return ret; @@ -419,11 +419,11 @@ static int gcm_mask(mbedtls_gcm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_BLOCK_CIPHER_C) + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr); +#else size_t olen = 0; ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen); -#else - ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr); #endif if (ret != 0) { mbedtls_platform_zeroize(ectr, 16); @@ -649,10 +649,10 @@ void mbedtls_gcm_free(mbedtls_gcm_context *ctx) if (ctx == NULL) { return; } -#if defined(MBEDTLS_CIPHER_C) - mbedtls_cipher_free(&ctx->cipher_ctx); -#else +#if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_free(&ctx->block_cipher_ctx); +#else + mbedtls_cipher_free(&ctx->cipher_ctx); #endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); }