From 92cb1d3a913f40a6afcbcb17e34ffc9184972b97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 13 Sep 2013 16:24:20 +0200 Subject: [PATCH] Make CBC an option, step 3: individual ciphers --- include/polarssl/aes.h | 2 + include/polarssl/blowfish.h | 6 +++ include/polarssl/camellia.h | 6 +++ include/polarssl/config.h | 4 +- include/polarssl/des.h | 4 ++ include/polarssl/xtea.h | 2 + library/aes.c | 10 ++++- library/blowfish.c | 2 + library/camellia.c | 8 ++++ library/cipher_wrap.c | 55 +++++++++++++++++++++++ library/des.c | 8 ++++ library/pem.c | 24 ++++++---- library/x509parse.c | 19 ++++---- library/xtea.c | 2 + programs/test/benchmark.c | 16 ++++--- tests/suites/test_suite_aes.function | 4 +- tests/suites/test_suite_blowfish.function | 4 +- tests/suites/test_suite_camellia.function | 4 +- tests/suites/test_suite_des.function | 8 ++-- tests/suites/test_suite_x509parse.data | 18 ++++---- tests/suites/test_suite_x509write.data | 2 +- 21 files changed, 162 insertions(+), 46 deletions(-) diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h index 16721dd03..27ba37380 100644 --- a/include/polarssl/aes.h +++ b/include/polarssl/aes.h @@ -100,6 +100,7 @@ int aes_crypt_ecb( aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /** * \brief AES-CBC buffer encryption/decryption * Length should be a multiple of the block @@ -120,6 +121,7 @@ int aes_crypt_cbc( aes_context *ctx, unsigned char iv[16], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CBC */ /** * \brief AES-CFB128 buffer encryption/decryption. diff --git a/include/polarssl/blowfish.h b/include/polarssl/blowfish.h index a2cbd4652..f8d79c56f 100644 --- a/include/polarssl/blowfish.h +++ b/include/polarssl/blowfish.h @@ -92,6 +92,7 @@ int blowfish_crypt_ecb( blowfish_context *ctx, const unsigned char input[BLOWFISH_BLOCKSIZE], unsigned char output[BLOWFISH_BLOCKSIZE] ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /** * \brief Blowfish-CBC buffer encryption/decryption * Length should be a multiple of the block @@ -112,7 +113,9 @@ int blowfish_crypt_cbc( blowfish_context *ctx, unsigned char iv[BLOWFISH_BLOCKSIZE], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CBC */ +#if defined(POLARSSL_CIPHER_MODE_CFB) /** * \brief Blowfish CFB buffer encryption/decryption. * @@ -133,7 +136,9 @@ int blowfish_crypt_cfb64( blowfish_context *ctx, unsigned char iv[BLOWFISH_BLOCKSIZE], const unsigned char *input, unsigned char *output ); +#endif /*POLARSSL_CIPHER_MODE_CFB */ +#if defined(POLARSSL_CIPHER_MODE_CTR) /** * \brief Blowfish-CTR buffer encryption/decryption * @@ -159,6 +164,7 @@ int blowfish_crypt_ctr( blowfish_context *ctx, unsigned char stream_block[BLOWFISH_BLOCKSIZE], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CTR */ #ifdef __cplusplus } diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h index 86e21253b..4ce10dc41 100644 --- a/include/polarssl/camellia.h +++ b/include/polarssl/camellia.h @@ -99,6 +99,7 @@ int camellia_crypt_ecb( camellia_context *ctx, const unsigned char input[16], unsigned char output[16] ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /** * \brief CAMELLIA-CBC buffer encryption/decryption * Length should be a multiple of the block @@ -119,7 +120,9 @@ int camellia_crypt_cbc( camellia_context *ctx, unsigned char iv[16], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CBC */ +#if defined(POLARSSL_CIPHER_MODE_CFB) /** * \brief CAMELLIA-CFB128 buffer encryption/decryption * @@ -144,7 +147,9 @@ int camellia_crypt_cfb128( camellia_context *ctx, unsigned char iv[16], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CFB */ +#if defined(POLARSSL_CIPHER_MODE_CTR) /** * \brief CAMELLIA-CTR buffer encryption/decryption * @@ -174,6 +179,7 @@ int camellia_crypt_ctr( camellia_context *ctx, unsigned char stream_block[16], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CTR */ #ifdef __cplusplus } diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 801483743..f75d94d2e 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -633,6 +633,7 @@ * * Requires: POLARSSL_AES_C * POLARSSL_SHA256_C + * POLARSSL_CIPHER_MODE_CBC * * Comment this macro to disable support for SSL session tickets */ @@ -1606,7 +1607,8 @@ #endif #if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \ - ( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) ) + ( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \ + !defined(POLARSSL_CIPHER_MODE_CBC) ) #error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites" #endif diff --git a/include/polarssl/des.h b/include/polarssl/des.h index 0dedf6299..74d5acb12 100644 --- a/include/polarssl/des.h +++ b/include/polarssl/des.h @@ -177,6 +177,7 @@ int des_crypt_ecb( des_context *ctx, const unsigned char input[8], unsigned char output[8] ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /** * \brief DES-CBC buffer encryption/decryption * @@ -193,6 +194,7 @@ int des_crypt_cbc( des_context *ctx, unsigned char iv[8], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CBC */ /** * \brief 3DES-ECB block encryption/decryption @@ -207,6 +209,7 @@ int des3_crypt_ecb( des3_context *ctx, const unsigned char input[8], unsigned char output[8] ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /** * \brief 3DES-CBC buffer encryption/decryption * @@ -225,6 +228,7 @@ int des3_crypt_cbc( des3_context *ctx, unsigned char iv[8], const unsigned char *input, unsigned char *output ); +#endif /* POLARSSL_CIPHER_MODE_CBC */ #ifdef __cplusplus } diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h index 4b435aeb2..752199317 100644 --- a/include/polarssl/xtea.h +++ b/include/polarssl/xtea.h @@ -83,6 +83,7 @@ int xtea_crypt_ecb( xtea_context *ctx, const unsigned char input[8], unsigned char output[8] ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /** * \brief XTEA CBC cipher function * @@ -102,6 +103,7 @@ int xtea_crypt_cbc( xtea_context *ctx, unsigned char iv[8], const unsigned char *input, unsigned char *output); +#endif /* POLARSSL_CIPHER_MODE_CBC */ #ifdef __cplusplus } diff --git a/library/aes.c b/library/aes.c index 6456c54d1..a3835cead 100644 --- a/library/aes.c +++ b/library/aes.c @@ -769,6 +769,7 @@ int aes_crypt_ecb( aes_context *ctx, return( 0 ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * AES-CBC buffer encryption/decryption */ @@ -832,6 +833,7 @@ int aes_crypt_cbc( aes_context *ctx, return( 0 ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) /* @@ -947,6 +949,7 @@ static const unsigned char aes_test_ecb_enc[3][16] = 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 } }; +#if defined(POLARSSL_CIPHER_MODE_CBC) static const unsigned char aes_test_cbc_dec[3][16] = { { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, @@ -966,6 +969,7 @@ static const unsigned char aes_test_cbc_enc[3][16] = { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 } }; +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) /* @@ -1104,8 +1108,10 @@ int aes_self_test( int verbose ) int i, j, u, v; unsigned char key[32]; unsigned char buf[64]; - unsigned char prv[16]; unsigned char iv[16]; +#if defined(POLARSSL_CIPHER_MODE_CBC) + unsigned char prv[16]; +#endif #if defined(POLARSSL_CIPHER_MODE_CTR) || defined(POLARSSL_CIPHER_MODE_CFB) size_t offset; #endif @@ -1170,6 +1176,7 @@ int aes_self_test( int verbose ) if( verbose != 0 ) printf( "\n" ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * CBC mode */ @@ -1231,6 +1238,7 @@ int aes_self_test( int verbose ) if( verbose != 0 ) printf( "\n" ); +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) /* diff --git a/library/blowfish.c b/library/blowfish.c index 719aea61a..910d610d1 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -233,6 +233,7 @@ int blowfish_crypt_ecb( blowfish_context *ctx, return( 0 ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * Blowfish-CBC buffer encryption/decryption */ @@ -284,6 +285,7 @@ int blowfish_crypt_cbc( blowfish_context *ctx, return( 0 ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) /* diff --git a/library/camellia.c b/library/camellia.c index bb8787503..2366caed6 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -523,6 +523,7 @@ int camellia_crypt_ecb( camellia_context *ctx, return( 0 ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * Camellia-CBC buffer encryption/decryption */ @@ -574,6 +575,7 @@ int camellia_crypt_cbc( camellia_context *ctx, return( 0 ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CFB) /* @@ -732,6 +734,7 @@ static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = } }; +#if defined(POLARSSL_CIPHER_MODE_CBC) #define CAMELLIA_TESTS_CBC 3 static const unsigned char camellia_test_cbc_key[3][32] = @@ -793,6 +796,7 @@ static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 } } }; +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_CIPHER_MODE_CTR) /* @@ -867,7 +871,9 @@ int camellia_self_test( int verbose ) unsigned char buf[64]; unsigned char src[16]; unsigned char dst[16]; +#if defined(POLARSSL_CIPHER_MODE_CBC) unsigned char iv[16]; +#endif #if defined(POLARSSL_CIPHER_MODE_CTR) size_t offset, len; unsigned char nonce_counter[16]; @@ -917,6 +923,7 @@ int camellia_self_test( int verbose ) if( verbose != 0 ) printf( "\n" ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * CBC mode */ @@ -965,6 +972,7 @@ int camellia_self_test( int verbose ) if( verbose != 0 ) printf( "passed\n" ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ if( verbose != 0 ) printf( "\n" ); diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index ede299bf6..c5abae948 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -77,7 +77,18 @@ static int aes_crypt_ecb_wrap( void *ctx, operation_t operation, static int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { +#if defined(POLARSSL_CIPHER_MODE_CBC) return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input, output ); +#else + ((void) ctx); + ((void) operation); + ((void) length); + ((void) iv); + ((void) input); + ((void) output); + + return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; +#endif /* POLARSSL_CIPHER_MODE_CBC */ } static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length, @@ -367,7 +378,18 @@ static int camellia_crypt_ecb_wrap( void *ctx, operation_t operation, static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { +#if defined(POLARSSL_CIPHER_MODE_CBC) return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv, input, output ); +#else + ((void) ctx); + ((void) operation); + ((void) length); + ((void) iv); + ((void) input); + ((void) output); + + return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; +#endif /* POLARSSL_CIPHER_MODE_CBC */ } static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length, @@ -600,13 +622,35 @@ static int des3_crypt_ecb_wrap( void *ctx, operation_t operation, static int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { +#if defined(POLARSSL_CIPHER_MODE_CBC) return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input, output ); +#else + ((void) ctx); + ((void) operation); + ((void) length); + ((void) iv); + ((void) input); + ((void) output); + + return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; +#endif /* POLARSSL_CIPHER_MODE_CBC */ } static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { +#if defined(POLARSSL_CIPHER_MODE_CBC) return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input, output ); +#else + ((void) ctx); + ((void) operation); + ((void) length); + ((void) iv); + ((void) input); + ((void) output); + + return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; +#endif /* POLARSSL_CIPHER_MODE_CBC */ } static int des_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length, @@ -817,7 +861,18 @@ static int blowfish_crypt_ecb_wrap( void *ctx, operation_t operation, static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length, unsigned char *iv, const unsigned char *input, unsigned char *output ) { +#if defined(POLARSSL_CIPHER_MODE_CBC) return blowfish_crypt_cbc( (blowfish_context *) ctx, operation, length, iv, input, output ); +#else + ((void) ctx); + ((void) operation); + ((void) length); + ((void) iv); + ((void) input); + ((void) output); + + return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; +#endif /* POLARSSL_CIPHER_MODE_CBC */ } static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation, size_t length, diff --git a/library/des.c b/library/des.c index 0cf4b3d50..153810d72 100644 --- a/library/des.c +++ b/library/des.c @@ -606,6 +606,7 @@ int des_crypt_ecb( des_context *ctx, return( 0 ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * DES-CBC buffer encryption/decryption */ @@ -657,6 +658,7 @@ int des_crypt_cbc( des_context *ctx, return( 0 ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ /* * 3DES-ECB block encryption/decryption @@ -701,6 +703,7 @@ int des3_crypt_ecb( des3_context *ctx, return( 0 ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * 3DES-CBC buffer encryption/decryption */ @@ -752,6 +755,7 @@ int des3_crypt_cbc( des3_context *ctx, return( 0 ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* !POLARSSL_DES_ALT */ @@ -819,8 +823,10 @@ int des_self_test( int verbose ) des3_context ctx3; unsigned char key[24]; unsigned char buf[8]; +#if defined(POLARSSL_CIPHER_MODE_CBC) unsigned char prv[8]; unsigned char iv[8]; +#endif memset( key, 0, 24 ); @@ -895,6 +901,7 @@ int des_self_test( int verbose ) if( verbose != 0 ) printf( "\n" ); +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * CBC mode */ @@ -985,6 +992,7 @@ int des_self_test( int verbose ) if( verbose != 0 ) printf( "passed\n" ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ if( verbose != 0 ) printf( "\n" ); diff --git a/library/pem.c b/library/pem.c index 3f6d330a6..8a6de3a95 100644 --- a/library/pem.c +++ b/library/pem.c @@ -48,7 +48,8 @@ void pem_init( pem_context *ctx ) memset( ctx, 0, sizeof( pem_context ) ); } -#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ + ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) /* * Read a 16-byte hex string and convert it to binary */ @@ -183,7 +184,8 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, } #endif /* POLARSSL_AES_C */ -#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ +#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC && + ( POLARSSL_AES_C || POLARSSL_DES_C ) */ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, const unsigned char *data, const unsigned char *pwd, @@ -193,13 +195,15 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, size_t len; unsigned char *buf; const unsigned char *s1, *s2, *end; -#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ + ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) unsigned char pem_iv[16]; cipher_type_t enc_alg = POLARSSL_CIPHER_NONE; #else ((void) pwd); ((void) pwdlen); -#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ +#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC && + ( POLARSSL_AES_C || POLARSSL_DES_C ) */ if( ctx == NULL ) return( POLARSSL_ERR_PEM_BAD_INPUT_DATA ); @@ -229,7 +233,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { -#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ + ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) enc++; s1 += 22; @@ -289,7 +294,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, else return( POLARSSL_ERR_PEM_INVALID_DATA ); #else return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE ); -#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ +#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC && + ( POLARSSL_AES_C || POLARSSL_DES_C ) */ } len = 0; @@ -309,7 +315,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, if( enc != 0 ) { -#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ + ( defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C) ) if( pwd == NULL ) { polarssl_free( buf ); @@ -346,7 +353,8 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer, #else polarssl_free( buf ); return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE ); -#endif +#endif /* POLARSSL_MD5_C && POLARSSL_CIPHER_MODE_CBC && + ( POLARSSL_AES_C || POLARSSL_DES_C ) */ } ctx->buf = buf; diff --git a/library/x509parse.c b/library/x509parse.c index d606615c8..f5e8688b9 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -4270,7 +4270,6 @@ int x509_self_test( int verbose ) #if defined(POLARSSL_CERTS_C) && defined(POLARSSL_MD5_C) int ret; int flags; - size_t i, j; x509_cert cacert; x509_cert clicert; pk_context pkey; @@ -4305,23 +4304,25 @@ int x509_self_test( int verbose ) return( ret ); } +#if defined(POLARSSL_MD5_C) && defined(POLARSSL_CIPHER_MODE_CBC) && \ + defined(POLARSSL_DES_C) && defined(POLARSSL_AES_C) if( verbose != 0 ) printf( "passed\n X.509 private key load: " ); - i = strlen( test_ca_key ); - j = strlen( test_ca_pwd ); - pk_init( &pkey ); if( ( ret = x509parse_key( &pkey, - (const unsigned char *) test_ca_key, i, - (const unsigned char *) test_ca_pwd, j ) ) != 0 ) + (const unsigned char *) test_ca_key, + strlen( test_ca_key ), + (const unsigned char *) test_ca_pwd, + strlen( test_ca_pwd ) ) ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); return( ret ); } +#endif if( verbose != 0 ) printf( "passed\n X.509 signature verify: "); @@ -4341,10 +4342,8 @@ int x509_self_test( int verbose ) if( verbose != 0 ) printf( "passed\n X.509 DHM parameter load: " ); - i = strlen( test_dhm_params ); - j = strlen( test_ca_pwd ); - - if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, i ) ) != 0 ) + if( ( ret = x509parse_dhm( &dhm, (const unsigned char *) test_dhm_params, + strlen( test_dhm_params ) ) ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); diff --git a/library/xtea.c b/library/xtea.c index 94049277c..2cb2f30d1 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -111,6 +111,7 @@ int xtea_crypt_ecb( xtea_context *ctx, int mode, return( 0 ); } +#if defined(POLARSSL_CIPHER_MODE_CBC) /* * XTEA-CBC buffer encryption/decryption */ @@ -159,6 +160,7 @@ int xtea_crypt_cbc( xtea_context *ctx, int mode, size_t length, return( 0 ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ #endif /* !POLARSSL_XTEA_ALT */ #if defined(POLARSSL_SELF_TEST) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index baf7f4ffb..52aecf2b8 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -98,20 +98,22 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_ARC4_C) arc4_context arc4; #endif -#if defined(POLARSSL_DES_C) +#if defined(POLARSSL_DES_C) && defined(POLARSSL_CIPHER_MODE_CBC) des3_context des3; des_context des; #endif #if defined(POLARSSL_AES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) aes_context aes; +#endif #if defined(POLARSSL_GCM_C) gcm_context gcm; #endif #endif -#if defined(POLARSSL_BLOWFISH_C) +#if defined(POLARSSL_BLOWFISH_C) && defined(POLARSSL_CIPHER_MODE_CBC) blowfish_context blowfish; #endif -#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC) camellia_context camellia; #endif #if defined(POLARSSL_RSA_C) && defined(POLARSSL_BIGNUM_C) && \ @@ -233,7 +235,7 @@ int main( int argc, char *argv[] ) ( hardclock() - tsc ) / ( j * BUFSIZE ) ); #endif -#if defined(POLARSSL_DES_C) +#if defined(POLARSSL_DES_C) && defined(POLARSSL_CIPHER_MODE_CBC) printf( HEADER_FORMAT, "3DES" ); fflush( stdout ); @@ -268,6 +270,7 @@ int main( int argc, char *argv[] ) #endif #if defined(POLARSSL_AES_C) +#if defined(POLARSSL_CIPHER_MODE_CBC) for( keysize = 128; keysize <= 256; keysize += 64 ) { printf( " AES-CBC-%d : ", keysize ); @@ -289,6 +292,7 @@ int main( int argc, char *argv[] ) printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, ( hardclock() - tsc ) / ( j * BUFSIZE ) ); } +#endif /* POLARSSL_CIPHER_MODE_CBC */ #if defined(POLARSSL_GCM_C) for( keysize = 128; keysize <= 256; keysize += 64 ) { @@ -314,7 +318,7 @@ int main( int argc, char *argv[] ) #endif #endif -#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC) for( keysize = 128; keysize <= 256; keysize += 64 ) { printf( " CAMELLIA-CBC-%d: ", keysize ); @@ -338,7 +342,7 @@ int main( int argc, char *argv[] ) } #endif -#if defined(POLARSSL_BLOWFISH_C) +#if defined(POLARSSL_BLOWFISH_C) && defined(POLARSSL_CIPHER_MODE_CBC) for( keysize = 128; keysize <= 256; keysize += 64 ) { printf( " BLOWFISH-CBC-%d: ", keysize ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 747abf145..f6793503e 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -67,7 +67,7 @@ void aes_decrypt_ecb( char *hex_key_string, char *hex_src_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void aes_encrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) @@ -101,7 +101,7 @@ void aes_encrypt_cbc( char *hex_key_string, char *hex_iv_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void aes_decrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 6bdcb6546..edfd3060b 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -67,7 +67,7 @@ void blowfish_decrypt_ecb( char *hex_key_string, char *hex_src_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void blowfish_encrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) @@ -102,7 +102,7 @@ void blowfish_encrypt_cbc( char *hex_key_string, char *hex_iv_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void blowfish_decrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index a219e7ad0..50c42a6ba 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -67,7 +67,7 @@ void camellia_decrypt_ecb( char *hex_key_string, char *hex_src_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void camellia_encrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) @@ -101,7 +101,7 @@ void camellia_encrypt_cbc( char *hex_key_string, char *hex_iv_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void camellia_decrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 865a46787..8eb0c00a7 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -59,7 +59,7 @@ void des_decrypt_ecb( char *hex_key_string, char *hex_src_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void des_encrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) { @@ -92,7 +92,7 @@ void des_encrypt_cbc( char *hex_key_string, char *hex_iv_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void des_decrypt_cbc( char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) { @@ -189,7 +189,7 @@ void des3_decrypt_ecb( int key_count, char *hex_key_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void des3_encrypt_cbc( int key_count, char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) @@ -230,7 +230,7 @@ void des3_encrypt_cbc( int key_count, char *hex_key_string, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_CBC */ void des3_decrypt_cbc( int key_count, char *hex_key_string, char *hex_iv_string, char *hex_src_string, char *hex_dst_string, int cbc_result ) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1da991e26..0ac7e09a3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -127,35 +127,35 @@ depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:07\:01\nnext update \: 2023-08-07 08\:07\:01\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA512\n" X509 Parse RSA Key #1 (No password when required) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/test-ca.key":"NULL":POLARSSL_ERR_X509_PASSWORD_REQUIRED X509 Parse RSA Key #2 (Correct password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 X509 Parse RSA Key #3 (Wrong password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_X509_PASSWORD_MISMATCH X509 Parse RSA Key #4 (DES Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/keyfile.des":"testkey":0 X509 Parse RSA Key #5 (3DES Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/keyfile.3des":"testkey":0 X509 Parse RSA Key #6 (AES-128 Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/keyfile.aes128":"testkey":0 X509 Parse RSA Key #7 (AES-192 Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/keyfile.aes192":"testkey":0 X509 Parse RSA Key #8 (AES-256 Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_rsa:"data_files/keyfile.aes256":"testkey":0 X509 Parse RSA Key #9 (PKCS#8 wrapped) @@ -267,7 +267,7 @@ depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R x509parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 X509 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_CIPHER_MODE_CBC x509parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 X509 Parse EC Key #4 (PKCS8 DER) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index fc9bb92a3..dcb137af1 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -27,7 +27,7 @@ depends_on:POLARSSL_MD5_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 x509_csr_check:"data_files/server1.key":POLARSSL_MD_MD5:"data_files/server1.req.md5" Certificate write check Server1 SHA1 -depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 +depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:"data_files/server1.crt" Public key write check RSA