From 6963ff096963a7875a76cbe9e94b14cabc20857a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Apr 2015 18:02:54 +0200 Subject: [PATCH] Split mbedtls_ccm_init() -> setkey() --- ChangeLog | 3 +++ include/mbedtls/ccm.h | 15 +++++++++++++-- library/ccm.c | 15 ++++++++++++--- library/cipher_wrap.c | 4 ++-- programs/test/benchmark.c | 4 +++- tests/suites/test_suite_ccm.data | 8 ++++---- tests/suites/test_suite_ccm.function | 18 +++++++++++++----- 7 files changed, 50 insertions(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index c7d86ad8a..69d7e1948 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ API Changes Migration helpers scripts/rename.pl and include/mbedlts/compat-1.3.h are provided. * Headers are now found in the 'mbedtls' directory (previously 'polarssl'). + * The following _init() functions that could return errors have + been split into an _init() that returns void and another function: + mbedtls_ccm_init() -> mbedtls_ccm_setkey() * In the threading layer, mbedtls_mutex_init() and mbedtls_mutex_free() now return void. * ecdsa_write_signature() gained an addtional md_alg argument and diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 7ee3a379b..894794d82 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -41,6 +41,15 @@ typedef struct { } mbedtls_ccm_context; +/** + * \brief Initialize CCM context (just makes references valid) + * Makes the context ready for mbedtls_ccm_setkey() or + * mbedtls_ccm_free(). + * + * \param ctx CCM context to initialize + */ +void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); + /** * \brief CCM initialization (encryption and decryption) * @@ -51,8 +60,10 @@ mbedtls_ccm_context; * * \return 0 if successful, or a cipher specific error code */ -int mbedtls_ccm_init( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, - const unsigned char *key, unsigned int keysize ); +int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keysize ); /** * \brief Free a CCM context and underlying cipher sub-context diff --git a/library/ccm.c b/library/ccm.c index 72eed388d..957fda9ea 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -61,8 +61,15 @@ static void mbedtls_zeroize( void *v, size_t n ) { /* * Initialize context */ -int mbedtls_ccm_init( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher, - const unsigned char *key, unsigned int keysize ) +void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) +{ + memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); +} + +int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keysize ) { int ret; const mbedtls_cipher_info_t *cipher_info; @@ -398,7 +405,9 @@ int mbedtls_ccm_self_test( int verbose ) size_t i; int ret; - if( mbedtls_ccm_init( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) + mbedtls_ccm_init( &ctx ); + + if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 ) { if( verbose != 0 ) mbedtls_printf( " CCM: setup failed" ); diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index ebc3c4f47..eb291b683 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -395,7 +395,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length ) { - return mbedtls_ccm_init( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, + return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, key, key_length ); } @@ -752,7 +752,7 @@ static const mbedtls_cipher_info_t camellia_256_gcm_info = { static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length ) { - return mbedtls_ccm_init( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, + return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, key, key_length ); } diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 56e31e02a..afb4652ca 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -433,13 +433,15 @@ int main( int argc, char *argv[] ) { int keysize; mbedtls_ccm_context ccm; + + mbedtls_ccm_init( &ccm ); for( keysize = 128; keysize <= 256; keysize += 64 ) { mbedtls_snprintf( title, sizeof( title ), "AES-CCM-%d", keysize ); memset( buf, 0, sizeof( buf ) ); memset( tmp, 0, sizeof( tmp ) ); - mbedtls_ccm_init( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); + mbedtls_ccm_setkey( &ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize ); TIME_AND_TSC( title, mbedtls_ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp, diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 9ce19eeec..90ba42d83 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -3,19 +3,19 @@ mbedtls_ccm_self_test: CCM init #1 AES-128: OK depends_on:MBEDTLS_AES_C -mbedtls_ccm_init:MBEDTLS_CIPHER_ID_AES:128:0 +mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0 CCM init #2 CAMELLIA-256: OK depends_on:MBEDTLS_CAMELLIA_C -mbedtls_ccm_init:MBEDTLS_CIPHER_ID_CAMELLIA:256:0 +mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:256:0 CCM init #3 AES-224: bad key size depends_on:MBEDTLS_AES_C -mbedtls_ccm_init:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CCM_BAD_INPUT +mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CCM_BAD_INPUT CCM init #4 BLOWFISH-128: bad block size depends_on:MBEDTLS_BLOWFISH_C -mbedtls_ccm_init:MBEDTLS_CIPHER_ID_BLOWFISH:128:MBEDTLS_ERR_CCM_BAD_INPUT +mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_BLOWFISH:128:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #1 all OK ccm_lengths:5:10:5:8:0 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 6769ed6c1..13371eb9e 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -15,16 +15,18 @@ void mbedtls_ccm_self_test( ) /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_ccm_init( int cipher_id, int key_size, int result ) +void mbedtls_ccm_setkey( int cipher_id, int key_size, int result ) { mbedtls_ccm_context ctx; unsigned char key[32]; int ret; + mbedtls_ccm_init( &ctx ); + memset( key, 0x2A, sizeof( key ) ); TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) ); - ret = mbedtls_ccm_init( &ctx, cipher_id, key, key_size ); + ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size ); TEST_ASSERT( ret == result ); exit: @@ -44,6 +46,8 @@ void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) unsigned char tag[18]; int decrypt_ret; + mbedtls_ccm_init( &ctx ); + memset( key, 0, sizeof( key ) ); memset( msg, 0, sizeof( msg ) ); memset( iv, 0, sizeof( iv ) ); @@ -51,7 +55,7 @@ void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) memset( out, 0, sizeof( out ) ); memset( tag, 0, sizeof( tag ) ); - TEST_ASSERT( mbedtls_ccm_init( &ctx, MBEDTLS_CIPHER_ID_AES, + TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof( key ) ) == 0 ); TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len, @@ -84,6 +88,8 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, mbedtls_ccm_context ctx; size_t key_len, msg_len, iv_len, add_len, tag_len, result_len; + mbedtls_ccm_init( &ctx ); + memset( key, 0x00, sizeof( key ) ); memset( msg, 0x00, sizeof( msg ) ); memset( iv, 0x00, sizeof( iv ) ); @@ -97,7 +103,7 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, result_len = unhexify( result, result_hex ); tag_len = result_len - msg_len; - TEST_ASSERT( mbedtls_ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); /* Test with input == output */ TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len, @@ -129,6 +135,8 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, size_t key_len, msg_len, iv_len, add_len, result_len; int ret; + mbedtls_ccm_init( &ctx ); + memset( key, 0x00, sizeof( key ) ); memset( msg, 0x00, sizeof( msg ) ); memset( iv, 0x00, sizeof( iv ) ); @@ -154,7 +162,7 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, result_len = unhexify( result, result_hex ); } - TEST_ASSERT( mbedtls_ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); /* Test with input == output */ TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,