From a235b5b5bd551172e0e41598c0b909119f3e2628 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 3 Sep 2013 13:25:52 +0200 Subject: [PATCH] Fix iv_len interface. cipher_info->iv_size == 0 is no longer ambiguous, and cipher_get_iv_size() always returns something useful to generate an IV. --- include/polarssl/cipher.h | 15 +++++++++------ library/cipher.c | 15 +++++++-------- library/cipher_wrap.c | 32 ++++++++++++++++++++++++++++++-- library/pkcs12.c | 4 ++-- library/pkcs5.c | 2 +- 5 files changed, 49 insertions(+), 19 deletions(-) diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h index e540c925f..93a0015d7 100644 --- a/include/polarssl/cipher.h +++ b/include/polarssl/cipher.h @@ -185,10 +185,13 @@ typedef struct { /** Name of the cipher */ const char * name; - /** IV/NONCE size, in bytes, for ciphers with fixed-length IVs), or - * 0 for ciphers with variable-length IVs or not using IVs */ + /** IV/NONCE size, in bytes. + * For cipher that accept many sizes: recommended size */ unsigned int iv_size; + /** Flag for ciphers that accept many sizes of IV/NONCE */ + int accepts_variable_iv_size; + /** block size, in bytes */ unsigned int block_size; @@ -323,8 +326,8 @@ static inline cipher_mode_t cipher_get_cipher_mode( const cipher_context_t *ctx * * \param ctx cipher's context. Must have been initialised. * - * \return If IV has not been set yet: desired size for ciphers - * with fixed-size IVs, 0 for other ciphers. + * \return If IV has not been set yet: (recommended) IV size + * (0 for ciphers not using IV/NONCE). * If IV has already been set: actual size. */ static inline int cipher_get_iv_size( const cipher_context_t *ctx ) @@ -439,8 +442,8 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode ); * \brief Set the initialization vector (IV) or nonce * * \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers) - * \param iv_len IV length for ciphers with variable-size IV, - * Discarded by ciphers with fixed-size IV. + * \param iv_len IV length for ciphers with variable-size IV; + * discarded by ciphers with fixed-size IV. * * \returns O on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA * diff --git a/library/cipher.c b/library/cipher.c index d90abe1ab..a5f6e1186 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -399,19 +399,18 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, int cipher_set_iv( cipher_context_t *ctx, const unsigned char *iv, size_t iv_len ) { - size_t fixed_iv_size; + size_t actual_iv_size; if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv ) return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; - fixed_iv_size = cipher_get_iv_size( ctx ); + if( ctx->cipher_info->accepts_variable_iv_size ) + actual_iv_size = iv_len; + else + actual_iv_size = ctx->cipher_info->iv_size; - /* 0 means variable size (or no IV): use given len */ - if( fixed_iv_size == 0 ) - fixed_iv_size = iv_len; - - memcpy( ctx->iv, iv, fixed_iv_size ); - ctx->iv_size = fixed_iv_size; + memcpy( ctx->iv, iv, actual_iv_size ); + ctx->iv_size = actual_iv_size; return 0; } diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 5c9810056..ebe60cf20 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -150,6 +150,7 @@ const cipher_info_t aes_128_cbc_info = { 128, "AES-128-CBC", 16, + 0, 16, &aes_info }; @@ -160,6 +161,7 @@ const cipher_info_t aes_192_cbc_info = { 192, "AES-192-CBC", 16, + 0, 16, &aes_info }; @@ -170,6 +172,7 @@ const cipher_info_t aes_256_cbc_info = { 256, "AES-256-CBC", 16, + 0, 16, &aes_info }; @@ -181,6 +184,7 @@ const cipher_info_t aes_128_cfb128_info = { 128, "AES-128-CFB128", 16, + 0, 16, &aes_info }; @@ -191,6 +195,7 @@ const cipher_info_t aes_192_cfb128_info = { 192, "AES-192-CFB128", 16, + 0, 16, &aes_info }; @@ -201,6 +206,7 @@ const cipher_info_t aes_256_cfb128_info = { 256, "AES-256-CFB128", 16, + 0, 16, &aes_info }; @@ -213,6 +219,7 @@ const cipher_info_t aes_128_ctr_info = { 128, "AES-128-CTR", 16, + 0, 16, &aes_info }; @@ -223,6 +230,7 @@ const cipher_info_t aes_192_ctr_info = { 192, "AES-192-CTR", 16, + 0, 16, &aes_info }; @@ -233,6 +241,7 @@ const cipher_info_t aes_256_ctr_info = { 256, "AES-256-CTR", 16, + 0, 16, &aes_info }; @@ -271,7 +280,8 @@ const cipher_info_t aes_128_gcm_info = { POLARSSL_MODE_GCM, 128, "AES-128-GCM", - 0, + 12, + 1, 16, &gcm_aes_info }; @@ -281,7 +291,8 @@ const cipher_info_t aes_256_gcm_info = { POLARSSL_MODE_GCM, 256, "AES-256-GCM", - 0, + 12, + 1, 16, &gcm_aes_info }; @@ -373,6 +384,7 @@ const cipher_info_t camellia_128_cbc_info = { 128, "CAMELLIA-128-CBC", 16, + 0, 16, &camellia_info }; @@ -383,6 +395,7 @@ const cipher_info_t camellia_192_cbc_info = { 192, "CAMELLIA-192-CBC", 16, + 0, 16, &camellia_info }; @@ -393,6 +406,7 @@ const cipher_info_t camellia_256_cbc_info = { 256, "CAMELLIA-256-CBC", 16, + 0, 16, &camellia_info }; @@ -404,6 +418,7 @@ const cipher_info_t camellia_128_cfb128_info = { 128, "CAMELLIA-128-CFB128", 16, + 0, 16, &camellia_info }; @@ -414,6 +429,7 @@ const cipher_info_t camellia_192_cfb128_info = { 192, "CAMELLIA-192-CFB128", 16, + 0, 16, &camellia_info }; @@ -424,6 +440,7 @@ const cipher_info_t camellia_256_cfb128_info = { 256, "CAMELLIA-256-CFB128", 16, + 0, 16, &camellia_info }; @@ -436,6 +453,7 @@ const cipher_info_t camellia_128_ctr_info = { 128, "CAMELLIA-128-CTR", 16, + 0, 16, &camellia_info }; @@ -446,6 +464,7 @@ const cipher_info_t camellia_192_ctr_info = { 192, "CAMELLIA-192-CTR", 16, + 0, 16, &camellia_info }; @@ -456,6 +475,7 @@ const cipher_info_t camellia_256_ctr_info = { 256, "CAMELLIA-256-CTR", 16, + 0, 16, &camellia_info }; @@ -581,6 +601,7 @@ const cipher_info_t des_cbc_info = { POLARSSL_KEY_LENGTH_DES, "DES-CBC", 8, + 0, 8, &des_info }; @@ -603,6 +624,7 @@ const cipher_info_t des_ede_cbc_info = { POLARSSL_KEY_LENGTH_DES_EDE, "DES-EDE-CBC", 8, + 0, 8, &des_ede_info }; @@ -625,6 +647,7 @@ const cipher_info_t des_ede3_cbc_info = { POLARSSL_KEY_LENGTH_DES_EDE3, "DES-EDE3-CBC", 8, + 0, 8, &des_ede3_info }; @@ -709,6 +732,7 @@ const cipher_info_t blowfish_cbc_info = { 128, "BLOWFISH-CBC", 8, + 0, 8, &blowfish_info }; @@ -720,6 +744,7 @@ const cipher_info_t blowfish_cfb64_info = { 128, "BLOWFISH-CFB64", 8, + 0, 8, &blowfish_info }; @@ -732,6 +757,7 @@ const cipher_info_t blowfish_ctr_info = { 128, "BLOWFISH-CTR", 8, + 0, 8, &blowfish_info }; @@ -781,6 +807,7 @@ const cipher_info_t arc4_128_info = { 128, "ARC4-128", 0, + 0, 1, &arc4_base_info }; @@ -834,6 +861,7 @@ const cipher_info_t null_cipher_info = { 0, "NULL", 0, + 0, 1, &null_base_info }; diff --git a/library/pkcs12.c b/library/pkcs12.c index 3634ce139..cc59d6845 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -184,10 +184,10 @@ int pkcs12_pbe( asn1_buf *pbe_params, int mode, if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) goto exit; - if( ( ret = cipher_set_iv( &cipher_ctx, iv, 0 ) ) != 0 ) + if( ( ret = cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 ) goto exit; - if( ( ret = cipher_reset( &cipher_ctx, iv, 0 ) ) != 0 ) + if( ( ret = cipher_reset( &cipher_ctx, NULL, 0 ) ) != 0 ) goto exit; if( ( ret = cipher_update( &cipher_ctx, data, len, diff --git a/library/pkcs5.c b/library/pkcs5.c index 6582fd05f..10adbb49e 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -187,7 +187,7 @@ int pkcs5_pbes2( asn1_buf *pbe_params, int mode, if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 ) goto exit; - if( ( ret = cipher_set_iv( &cipher_ctx, iv, 0 ) ) != 0 ) + if( ( ret = cipher_set_iv( &cipher_ctx, iv, enc_scheme_params.len ) ) != 0 ) goto exit; if( ( ret = cipher_reset( &cipher_ctx, NULL, 0 ) ) != 0 )