result_t Cipher::process(const mbedtls_operation_t operation, Buffer_base *data, obj_ptr<Buffer_base> &retVal) { int32_t ret; ret = mbedtls_cipher_setkey(&m_ctx, (unsigned char *)m_key.c_str(), (int32_t)m_key.length() * 8, operation); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); ret = mbedtls_cipher_reset(&m_ctx); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); exlib::string input; exlib::string output; unsigned char buffer[1024]; size_t olen, ilen, offset, block_size, data_size; data->toString(input); block_size = mbedtls_cipher_get_block_size(&m_ctx); data_size = input.length(); for (offset = 0; offset < data_size; offset += block_size) { ilen = ((uint32_t)data_size - offset > block_size) ? block_size : (uint32_t)(data_size - offset); ret = mbedtls_cipher_update(&m_ctx, (unsigned char *)input.c_str() + offset, ilen, buffer, &olen); if (ret != 0) { reset(); return CHECK_ERROR(_ssl::setError(ret)); } output.append((const char *)buffer, olen); } ret = mbedtls_cipher_finish(&m_ctx, buffer, &olen); reset(); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); output.append((const char *)buffer, olen); retVal = new Buffer(output); return 0; }
int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, unsigned char *output, size_t *olen ) { if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); *olen = 0; if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode || MBEDTLS_MODE_CTR == ctx->cipher_info->mode || MBEDTLS_MODE_GCM == ctx->cipher_info->mode || MBEDTLS_MODE_STREAM == ctx->cipher_info->mode ) { return( 0 ); } if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode ) { if( ctx->unprocessed_len != 0 ) return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); return( 0 ); } #if defined(MBEDTLS_CIPHER_MODE_CBC) if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode ) { int ret = 0; if( MBEDTLS_ENCRYPT == ctx->operation ) { /* check for 'no padding' mode */ if( NULL == ctx->add_padding ) { if( 0 != ctx->unprocessed_len ) return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); return( 0 ); } ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ), ctx->unprocessed_len ); } else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len ) { /* * For decrypt operations, expect a full block, * or an empty block if no padding */ if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len ) return( 0 ); return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); } /* cipher block */ if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, ctx->unprocessed_data, output ) ) ) { return( ret ); } /* Set output size for decryption */ if( MBEDTLS_DECRYPT == ctx->operation ) return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ), olen ); /* Set output size for encryption */ *olen = mbedtls_cipher_get_block_size( ctx ); return( 0 ); } #else ((void) output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); }
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { int ret; if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } *olen = 0; if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) { if( ilen != mbedtls_cipher_get_block_size( ctx ) ) return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); *olen = ilen; if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, ctx->operation, input, output ) ) ) { return( ret ); } return( 0 ); } #if defined(MBEDTLS_GCM_C) if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM ) { *olen = ilen; return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, output ); } #endif if( input == output && ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } #if defined(MBEDTLS_CIPHER_MODE_CBC) if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC ) { size_t copy_len = 0; /* * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && ilen + ctx->unprocessed_len <= mbedtls_cipher_get_block_size( ctx ) ) || ( ctx->operation == MBEDTLS_ENCRYPT && ilen + ctx->unprocessed_len < mbedtls_cipher_get_block_size( ctx ) ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); ctx->unprocessed_len += ilen; return( 0 ); } /* * Process cached data first */ if( ctx->unprocessed_len != 0 ) { copy_len = mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len; memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, copy_len ); if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, ctx->unprocessed_data, output ) ) ) { return( ret ); } *olen += mbedtls_cipher_get_block_size( ctx ); output += mbedtls_cipher_get_block_size( ctx ); ctx->unprocessed_len = 0; input += copy_len; ilen -= copy_len; } /* * Cache final, incomplete block */ if( 0 != ilen ) { copy_len = ilen % mbedtls_cipher_get_block_size( ctx ); if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) copy_len = mbedtls_cipher_get_block_size( ctx ); memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len ); ctx->unprocessed_len += copy_len; ilen -= copy_len; } /* * Process remaining full blocks */ if( ilen ) { if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, ctx->operation, ilen, ctx->iv, input, output ) ) ) { return( ret ); } *olen += ilen; } return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB ) { if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx, ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR ) { if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, ilen, &ctx->unprocessed_len, ctx->iv, ctx->unprocessed_data, input, output ) ) ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_STREAM) if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM ) { if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx, ilen, input, output ) ) ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_STREAM */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); }
result_t Cipher::get_blockSize(int32_t &retVal) { retVal = mbedtls_cipher_get_block_size(&m_ctx); return 0; }
int CipherContext::getBlockSize(State & state, mbedtls_cipher_context_t * context){ Stack * stack = state.stack; stack->push<int>(mbedtls_cipher_get_block_size(context)); return 1; }
int cipher_ctx_block_size(const mbedtls_cipher_context_t *ctx) { return mbedtls_cipher_get_block_size(ctx); }
int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { int ret; size_t block_size = 0; if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } *olen = 0; block_size = mbedtls_cipher_get_block_size( ctx ); if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) { if( ilen != block_size ) return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); *olen = ilen; if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, ctx->operation, input, output ) ) ) { return( ret ); } return( 0 ); } #if defined(MBEDTLS_GCM_C) if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM ) { *olen = ilen; return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, output ); } #endif #if defined(MBEDTLS_CHACHAPOLY_C) if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) { *olen = ilen; return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx, ilen, input, output ); } #endif if ( 0 == block_size ) { return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; } if( input == output && ( ctx->unprocessed_len != 0 || ilen % block_size ) ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } #if defined(MBEDTLS_CIPHER_MODE_CBC) if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC ) { size_t copy_len = 0; /* * If there is not enough data for a full block, cache it. */ if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && ilen <= block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && ilen < block_size - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && ilen < block_size - ctx->unprocessed_len ) ) { memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, ilen ); ctx->unprocessed_len += ilen; return( 0 ); } /* * Process cached data first */ if( 0 != ctx->unprocessed_len ) { copy_len = block_size - ctx->unprocessed_len; memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, copy_len ); if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, ctx->operation, block_size, ctx->iv, ctx->unprocessed_data, output ) ) ) { return( ret ); } *olen += block_size; output += block_size; ctx->unprocessed_len = 0; input += copy_len; ilen -= copy_len; } /* * Cache final, incomplete block */ if( 0 != ilen ) { if( 0 == block_size ) { return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; } /* Encryption: only cache partial blocks * Decryption w/ padding: always keep at least one whole block * Decryption w/o padding: only cache partial blocks */ copy_len = ilen % block_size; if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding) { copy_len = block_size; } memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len ); ctx->unprocessed_len += copy_len; ilen -= copy_len; } /* * Process remaining full blocks */ if( ilen ) { if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, ctx->operation, ilen, ctx->iv, input, output ) ) ) { return( ret ); } *olen += ilen; } return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB ) { if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx, ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB ) { if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx, ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR ) { if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, ilen, &ctx->unprocessed_len, ctx->iv, ctx->unprocessed_data, input, output ) ) ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS ) { if( ctx->unprocessed_len > 0 ) { /* We can only process an entire data unit at a time. */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx, ctx->operation, ilen, ctx->iv, input, output ); if( ret != 0 ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_CIPHER_MODE_STREAM) if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM ) { if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx, ilen, input, output ) ) ) { return( ret ); } *olen = ilen; return( 0 ); } #endif /* MBEDTLS_CIPHER_MODE_STREAM */ return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); }