summaryrefslogtreecommitdiff
path: root/thirdparty/mbedtls/library/aes.c
diff options
context:
space:
mode:
Diffstat (limited to 'thirdparty/mbedtls/library/aes.c')
-rw-r--r--thirdparty/mbedtls/library/aes.c232
1 files changed, 159 insertions, 73 deletions
diff --git a/thirdparty/mbedtls/library/aes.c b/thirdparty/mbedtls/library/aes.c
index 5c939bba47..aff0a9939a 100644
--- a/thirdparty/mbedtls/library/aes.c
+++ b/thirdparty/mbedtls/library/aes.c
@@ -36,6 +36,7 @@
#include <string.h>
#include "mbedtls/aes.h"
+#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "mbedtls/padlock.h"
@@ -55,6 +56,12 @@
#if !defined(MBEDTLS_AES_ALT)
+/* Parameter validation macros based on platform_util.h */
+#define AES_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
+#define AES_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
/*
* 32-bit integer manipulation macros (little endian)
*/
@@ -388,9 +395,9 @@ static uint32_t RCON[10];
/*
* Tables generation code
*/
-#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
-#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
-#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
+#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
+#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
+#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
static int aes_init_done = 0;
@@ -510,6 +517,8 @@ static void aes_gen_tables( void )
void mbedtls_aes_init( mbedtls_aes_context *ctx )
{
+ AES_VALIDATE( ctx != NULL );
+
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
}
@@ -524,12 +533,17 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
#if defined(MBEDTLS_CIPHER_MODE_XTS)
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
{
+ AES_VALIDATE( ctx != NULL );
+
mbedtls_aes_init( &ctx->crypt );
mbedtls_aes_init( &ctx->tweak );
}
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
{
+ if( ctx == NULL )
+ return;
+
mbedtls_aes_free( &ctx->crypt );
mbedtls_aes_free( &ctx->tweak );
}
@@ -545,14 +559,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int i;
uint32_t *RK;
-#if !defined(MBEDTLS_AES_ROM_TABLES)
- if( aes_init_done == 0 )
- {
- aes_gen_tables();
- aes_init_done = 1;
-
- }
-#endif
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
switch( keybits )
{
@@ -562,6 +570,14 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
}
+#if !defined(MBEDTLS_AES_ROM_TABLES)
+ if( aes_init_done == 0 )
+ {
+ aes_gen_tables();
+ aes_init_done = 1;
+ }
+#endif
+
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
@@ -661,6 +677,9 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
uint32_t *RK;
uint32_t *SK;
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
+
mbedtls_aes_init( &cty );
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
@@ -751,6 +770,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
+
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -773,6 +795,9 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key1, *key2;
unsigned int key1bits, key2bits;
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( key != NULL );
+
ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
&key2, &key2bits );
if( ret != 0 )
@@ -790,51 +815,53 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ AES_FT0( ( Y0 ) & 0xFF ) ^ \
- AES_FT1( ( Y1 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y2 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y3 >> 24 ) & 0xFF ); \
- \
- X1 = *RK++ ^ AES_FT0( ( Y1 ) & 0xFF ) ^ \
- AES_FT1( ( Y2 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y3 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y0 >> 24 ) & 0xFF ); \
- \
- X2 = *RK++ ^ AES_FT0( ( Y2 ) & 0xFF ) ^ \
- AES_FT1( ( Y3 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y0 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y1 >> 24 ) & 0xFF ); \
- \
- X3 = *RK++ ^ AES_FT0( ( Y3 ) & 0xFF ) ^ \
- AES_FT1( ( Y0 >> 8 ) & 0xFF ) ^ \
- AES_FT2( ( Y1 >> 16 ) & 0xFF ) ^ \
- AES_FT3( ( Y2 >> 24 ) & 0xFF ); \
-}
-
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
-{ \
- X0 = *RK++ ^ AES_RT0( ( Y0 ) & 0xFF ) ^ \
- AES_RT1( ( Y3 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y2 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y1 >> 24 ) & 0xFF ); \
- \
- X1 = *RK++ ^ AES_RT0( ( Y1 ) & 0xFF ) ^ \
- AES_RT1( ( Y0 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y3 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y2 >> 24 ) & 0xFF ); \
- \
- X2 = *RK++ ^ AES_RT0( ( Y2 ) & 0xFF ) ^ \
- AES_RT1( ( Y1 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y0 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y3 >> 24 ) & 0xFF ); \
- \
- X3 = *RK++ ^ AES_RT0( ( Y3 ) & 0xFF ) ^ \
- AES_RT1( ( Y2 >> 8 ) & 0xFF ) ^ \
- AES_RT2( ( Y1 >> 16 ) & 0xFF ) ^ \
- AES_RT3( ( Y0 >> 24 ) & 0xFF ); \
-}
+#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+ do \
+ { \
+ (X0) = *RK++ ^ AES_FT0( ( (Y0) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y3) >> 24 ) & 0xFF ); \
+ \
+ (X1) = *RK++ ^ AES_FT0( ( (Y1) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y0) >> 24 ) & 0xFF ); \
+ \
+ (X2) = *RK++ ^ AES_FT0( ( (Y2) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y1) >> 24 ) & 0xFF ); \
+ \
+ (X3) = *RK++ ^ AES_FT0( ( (Y3) ) & 0xFF ) ^ \
+ AES_FT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
+ AES_FT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
+ AES_FT3( ( (Y2) >> 24 ) & 0xFF ); \
+ } while( 0 )
+
+#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
+ do \
+ { \
+ (X0) = *RK++ ^ AES_RT0( ( (Y0) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y3) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y2) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y1) >> 24 ) & 0xFF ); \
+ \
+ (X1) = *RK++ ^ AES_RT0( ( (Y1) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y0) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y3) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y2) >> 24 ) & 0xFF ); \
+ \
+ (X2) = *RK++ ^ AES_RT0( ( (Y2) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y1) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y0) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y3) >> 24 ) & 0xFF ); \
+ \
+ (X3) = *RK++ ^ AES_RT0( ( (Y3) ) & 0xFF ) ^ \
+ AES_RT1( ( (Y2) >> 8 ) & 0xFF ) ^ \
+ AES_RT2( ( (Y1) >> 16 ) & 0xFF ) ^ \
+ AES_RT3( ( (Y0) >> 24 ) & 0xFF ); \
+ } while( 0 )
/*
* AES-ECB block encryption
@@ -976,10 +1003,16 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
* AES-ECB block encryption/decryption
*/
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16] )
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16] )
{
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
@@ -1017,6 +1050,13 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int i;
unsigned char temp[16];
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
if( length % 16 )
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
@@ -1142,11 +1182,18 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
unsigned char prev_tweak[16];
unsigned char tmp[16];
- /* Sectors must be at least 16 bytes. */
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( data_unit != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ /* Data units must be at least 16 bytes long. */
if( length < 16 )
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
- /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */
+ /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
if( length > ( 1 << 20 ) * 16 )
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
@@ -1241,7 +1288,20 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
unsigned char *output )
{
int c;
- size_t n = *iv_off;
+ size_t n;
+
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( iv_off != NULL );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ n = *iv_off;
+
+ if( n > 15 )
+ return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
if( mode == MBEDTLS_AES_DECRYPT )
{
@@ -1279,15 +1339,21 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
* AES-CFB8 buffer encryption/decryption
*/
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output )
+ int mode,
+ size_t length,
+ unsigned char iv[16],
+ const unsigned char *input,
+ unsigned char *output )
{
unsigned char c;
unsigned char ov[17];
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
+ mode == MBEDTLS_AES_DECRYPT );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
while( length-- )
{
memcpy( ov, iv, 16 );
@@ -1320,7 +1386,18 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
unsigned char *output )
{
int ret = 0;
- size_t n = *iv_off;
+ size_t n;
+
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( iv_off != NULL );
+ AES_VALIDATE_RET( iv != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ n = *iv_off;
+
+ if( n > 15 )
+ return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
while( length-- )
{
@@ -1355,7 +1432,16 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
unsigned char *output )
{
int c, i;
- size_t n = *nc_off;
+ size_t n;
+
+ AES_VALIDATE_RET( ctx != NULL );
+ AES_VALIDATE_RET( nc_off != NULL );
+ AES_VALIDATE_RET( nonce_counter != NULL );
+ AES_VALIDATE_RET( stream_block != NULL );
+ AES_VALIDATE_RET( input != NULL );
+ AES_VALIDATE_RET( output != NULL );
+
+ n = *nc_off;
if ( n > 0x0F )
return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
@@ -1757,7 +1843,7 @@ int mbedtls_aes_self_test( int verbose )
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
@@ -1821,7 +1907,7 @@ int mbedtls_aes_self_test( int verbose )
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
@@ -1886,7 +1972,7 @@ int mbedtls_aes_self_test( int verbose )
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
@@ -1949,7 +2035,7 @@ int mbedtls_aes_self_test( int verbose )
* there is an alternative underlying implementation i.e. when
* MBEDTLS_AES_ALT is defined.
*/
- if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
{
mbedtls_printf( "skipped\n" );
continue;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-04 19:52:48 +0000