ccm/gcm: improve code maintainability

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-11-20 15:17:53 +01:00
parent dd426da7b8
commit d0eebc1f94
2 changed files with 21 additions and 38 deletions

View file

@ -130,20 +130,15 @@ static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx,
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_CIPHER_C)
size_t olen = 0; size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen);
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
&olen)) != 0) {
ctx->state |= CCM_STATE__ERROR;
mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
return ret;
}
#else #else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf)) != 0) { ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR; ctx->state |= CCM_STATE__ERROR;
mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
return ret; return ret;
} }
#endif
mbedtls_xor(output, input, tmp_buf + offset, use_len); mbedtls_xor(output, input, tmp_buf + offset, use_len);
@ -212,16 +207,14 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
/* Start CBC-MAC with first block*/ /* Start CBC-MAC with first block*/
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_CIPHER_C)
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) { ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen);
ctx->state |= CCM_STATE__ERROR;
return ret;
}
#else #else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y)) != 0) { ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y);
#endif
if (ret != 0) {
ctx->state |= CCM_STATE__ERROR; ctx->state |= CCM_STATE__ERROR;
return ret; return ret;
} }
#endif
return 0; return 0;
} }

View file

@ -68,15 +68,13 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx)
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_CIPHER_C)
size_t olen = 0; size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen);
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) {
return ret;
}
#else #else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h)) != 0) { ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h);
#endif
if (ret != 0) {
return ret; return ret;
} }
#endif
/* pack h as two 64-bits ints, big-endian */ /* pack h as two 64-bits ints, big-endian */
hi = MBEDTLS_GET_UINT32_BE(h, 0); hi = MBEDTLS_GET_UINT32_BE(h, 0);
@ -323,16 +321,13 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_CIPHER_C)
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen);
ctx->base_ectr, &olen)) != 0) {
return ret;
}
#else #else
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr);
ctx->base_ectr)) != 0) { #endif
if (ret != 0) {
return ret; return ret;
} }
#endif
return 0; return 0;
} }
@ -423,22 +418,17 @@ static int gcm_mask(mbedtls_gcm_context *ctx,
unsigned char *output) unsigned char *output)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_CIPHER_C)
size_t olen = 0; size_t olen = 0;
ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen);
if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
&olen)) != 0) {
mbedtls_platform_zeroize(ectr, 16);
return ret;
}
#else #else
ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr);
if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr)) != 0) { #endif
if (ret != 0) {
mbedtls_platform_zeroize(ectr, 16); mbedtls_platform_zeroize(ectr, 16);
return ret; return ret;
} }
#endif
if (ctx->mode == MBEDTLS_GCM_DECRYPT) { if (ctx->mode == MBEDTLS_GCM_DECRYPT) {
mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len); mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len);