Split mbedtls_gcm_init() -> gcm_setkey()

This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-28 21:42:17 +02:00
parent 6963ff0969
commit c34e8dd265
6 changed files with 43 additions and 13 deletions

View file

@ -16,6 +16,7 @@ API Changes
* The following _init() functions that could return errors have * The following _init() functions that could return errors have
been split into an _init() that returns void and another function: been split into an _init() that returns void and another function:
mbedtls_ccm_init() -> mbedtls_ccm_setkey() mbedtls_ccm_init() -> mbedtls_ccm_setkey()
mbedtls_gcm_init() -> mbedtls_gcm_setkey()
* In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now
return void. return void.
* ecdsa_write_signature() gained an addtional md_alg argument and * ecdsa_write_signature() gained an addtional md_alg argument and

View file

@ -54,6 +54,15 @@ typedef struct {
} }
mbedtls_gcm_context; mbedtls_gcm_context;
/**
* \brief Initialize GCM context (just makes references valid)
* Makes the context ready for mbedtls_gcm_setkey() or
* mbedtls_gcm_free().
*
* \param ctx GCM context to initialize
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
/** /**
* \brief GCM initialization (encryption) * \brief GCM initialization (encryption)
* *
@ -64,8 +73,10 @@ mbedtls_gcm_context;
* *
* \return 0 if successful, or a cipher specific error code * \return 0 if successful, or a cipher specific error code
*/ */
int mbedtls_gcm_init( mbedtls_gcm_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
unsigned int keysize ); mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keysize );
/** /**
* \brief GCM buffer encryption/decryption using a block cipher * \brief GCM buffer encryption/decryption using a block cipher

View file

@ -332,7 +332,7 @@ static const mbedtls_cipher_info_t aes_256_ctr_info = {
static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key, static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length ) unsigned int key_length )
{ {
return mbedtls_gcm_init( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
key, key_length ); key, key_length );
} }
@ -689,7 +689,7 @@ static const mbedtls_cipher_info_t camellia_256_ctr_info = {
static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key, static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length ) unsigned int key_length )
{ {
return mbedtls_gcm_init( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
key, key_length ); key, key_length );
} }

View file

@ -83,6 +83,14 @@ static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
/*
* Initialize a context
*/
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
{
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
}
/* /*
* Precompute small multiples of H, that is set * Precompute small multiples of H, that is set
* HH[i] || HL[i] = H times i, * HH[i] || HL[i] = H times i,
@ -151,8 +159,10 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
return( 0 ); return( 0 );
} }
int mbedtls_gcm_init( mbedtls_gcm_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key, int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
unsigned int keysize ) mbedtls_cipher_id_t cipher,
const unsigned char *key,
unsigned int keysize )
{ {
int ret; int ret;
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
@ -736,6 +746,8 @@ int mbedtls_gcm_self_test( int verbose )
int i, j, ret; int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES; mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
mbedtls_gcm_init( &ctx );
for( j = 0; j < 3; j++ ) for( j = 0; j < 3; j++ )
{ {
int key_len = 128 + 64 * j; int key_len = 128 + 64 * j;
@ -746,7 +758,7 @@ int mbedtls_gcm_self_test( int verbose )
mbedtls_printf( " AES-GCM-%3d #%d (%s): ", mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "enc" ); key_len, i, "enc" );
mbedtls_gcm_init( &ctx, cipher, key[key_index[i]], key_len ); mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
pt_len[i], pt_len[i],
@ -773,7 +785,7 @@ int mbedtls_gcm_self_test( int verbose )
mbedtls_printf( " AES-GCM-%3d #%d (%s): ", mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "dec" ); key_len, i, "dec" );
mbedtls_gcm_init( &ctx, cipher, key[key_index[i]], key_len ); mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT, ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
pt_len[i], pt_len[i],
@ -800,7 +812,7 @@ int mbedtls_gcm_self_test( int verbose )
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "enc" ); key_len, i, "enc" );
mbedtls_gcm_init( &ctx, cipher, key[key_index[i]], key_len ); mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT, ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
iv[iv_index[i]], iv_len[i], iv[iv_index[i]], iv_len[i],
@ -867,7 +879,7 @@ int mbedtls_gcm_self_test( int verbose )
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "dec" ); key_len, i, "dec" );
mbedtls_gcm_init( &ctx, cipher, key[key_index[i]], key_len ); mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT, ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
iv[iv_index[i]], iv_len[i], iv[iv_index[i]], iv_len[i],

View file

@ -412,13 +412,15 @@ int main( int argc, char *argv[] )
{ {
int keysize; int keysize;
mbedtls_gcm_context gcm; mbedtls_gcm_context gcm;
mbedtls_gcm_init( &gcm );
for( keysize = 128; keysize <= 256; keysize += 64 ) for( keysize = 128; keysize <= 256; keysize += 64 )
{ {
mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize ); mbedtls_snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) ); memset( tmp, 0, sizeof( tmp ) );
mbedtls_gcm_init( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); mbedtls_gcm_setkey( &gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title, TIME_AND_TSC( title,
mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp, mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,

View file

@ -26,6 +26,8 @@ void gcm_encrypt_and_tag( int cipher_id,
unsigned int key_len; unsigned int key_len;
size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
mbedtls_gcm_init( &ctx );
memset(key_str, 0x00, 128); memset(key_str, 0x00, 128);
memset(src_str, 0x00, 128); memset(src_str, 0x00, 128);
memset(dst_str, 0x00, 257); memset(dst_str, 0x00, 257);
@ -40,7 +42,7 @@ void gcm_encrypt_and_tag( int cipher_id,
iv_len = unhexify( iv_str, hex_iv_string ); iv_len = unhexify( iv_str, hex_iv_string );
add_len = unhexify( add_str, hex_add_string ); add_len = unhexify( add_str, hex_add_string );
TEST_ASSERT( mbedtls_gcm_init( &ctx, cipher_id, key_str, key_len * 8 ) == init_result ); TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
if( init_result == 0 ) if( init_result == 0 )
{ {
TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, pt_len, iv_str, iv_len, add_str, add_len, src_str, output, tag_len, tag_output ) == 0 ); TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, pt_len, iv_str, iv_len, add_str, add_len, src_str, output, tag_len, tag_output ) == 0 );
@ -75,6 +77,8 @@ void gcm_decrypt_and_verify( int cipher_id,
size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
int ret; int ret;
mbedtls_gcm_init( &ctx );
memset(key_str, 0x00, 128); memset(key_str, 0x00, 128);
memset(src_str, 0x00, 128); memset(src_str, 0x00, 128);
memset(dst_str, 0x00, 257); memset(dst_str, 0x00, 257);
@ -89,7 +93,7 @@ void gcm_decrypt_and_verify( int cipher_id,
add_len = unhexify( add_str, hex_add_string ); add_len = unhexify( add_str, hex_add_string );
unhexify( tag_str, hex_tag_string ); unhexify( tag_str, hex_tag_string );
TEST_ASSERT( mbedtls_gcm_init( &ctx, cipher_id, key_str, key_len * 8 ) == init_result ); TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
if( init_result == 0 ) if( init_result == 0 )
{ {
ret = mbedtls_gcm_auth_decrypt( &ctx, pt_len, iv_str, iv_len, add_str, add_len, tag_str, tag_len, src_str, output ); ret = mbedtls_gcm_auth_decrypt( &ctx, pt_len, iv_str, iv_len, add_str, add_len, tag_str, tag_len, src_str, output );