Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Additional cipher_info getters #5149

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions ChangeLog.d/additional_cipher_info_getters.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Features
* Add functions to get the IV and block size from cipher_info structs.
* Add functions to check if a cipher supports variable IV or key size.
80 changes: 78 additions & 2 deletions include/mbedtls/cipher.h
Original file line number Diff line number Diff line change
Expand Up @@ -507,6 +507,80 @@ static inline const char *mbedtls_cipher_info_get_name(
return( info->MBEDTLS_PRIVATE(name) );
}

/**
* \brief This function returns the size of the IV or nonce
* for the cipher info structure, in bytes.
*
* \param info The cipher info structure. This may be \c NULL.
*
* \return The recommended IV size.
* \return \c 0 for ciphers not using an IV or a nonce.
davidhorstmann-arm marked this conversation as resolved.
Show resolved Hide resolved
* \return \c 0 if \p info is \c NULL.
*/
static inline size_t mbedtls_cipher_info_get_iv_size(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( 0 );

return( (size_t) info->MBEDTLS_PRIVATE(iv_size) );
}

/**
* \brief This function returns the block size of the given
* cipher info structure in bytes.
*
* \param info The cipher info structure. This may be \c NULL.
*
* \return The block size of the cipher.
gilles-peskine-arm marked this conversation as resolved.
Show resolved Hide resolved
* \return \c 1 if the cipher is a stream cipher.
* \return \c 0 if \p info is \c NULL.
*/
static inline size_t mbedtls_cipher_info_get_block_size(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( 0 );

return( (size_t) info->MBEDTLS_PRIVATE(block_size) );
}

/**
* \brief This function returns a non-zero value if the key length for
* the given cipher is variable.
*
* \param info The cipher info structure. This may be \c NULL.
*
* \return Non-zero if the key length is variable, \c 0 otherwise.
* \return \c 0 if the given pointer is \c NULL.
*/
static inline int mbedtls_cipher_info_has_variable_key_bitlen(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( 0 );

return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_KEY_LEN );
}

/**
* \brief This function returns a non-zero value if the IV size for
* the given cipher is variable.
*
* \param info The cipher info structure. This may be \c NULL.
*
* \return Non-zero if the IV size is variable, \c 0 otherwise.
* \return \c 0 if the given pointer is \c NULL.
*/
static inline int mbedtls_cipher_info_has_variable_iv_size(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( 0 );

return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_IV_LEN );
}

/**
* \brief This function initializes a \p cipher_context as NONE.
*
Expand Down Expand Up @@ -583,11 +657,13 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_USE_PSA_CRYPTO */

/**
* \brief This function returns the block size of the given cipher.
* \brief This function returns the block size of the given cipher
* in bytes.
*
* \param ctx The context of the cipher. This must be initialized.
* \param ctx The context of the cipher.
*
* \return The block size of the underlying cipher.
* \return \c 1 if the cipher is a stream cipher.
* \return \c 0 if \p ctx has not been initialized.
*/
static inline unsigned int mbedtls_cipher_get_block_size(
Expand Down
39 changes: 38 additions & 1 deletion tests/suites/test_suite_cipher.function
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
static int check_cipher_info( mbedtls_cipher_type_t type,
const mbedtls_cipher_info_t *info )
{
size_t key_bitlen;
size_t key_bitlen, block_size, iv_size;

TEST_ASSERT( info != NULL );
TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) );
Expand All @@ -33,8 +33,14 @@ static int check_cipher_info( mbedtls_cipher_type_t type,
TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );

key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
block_size = mbedtls_cipher_info_get_block_size( info );
iv_size = mbedtls_cipher_info_get_iv_size( info );
if( info->type == MBEDTLS_CIPHER_NULL )
{
TEST_ASSERT( key_bitlen == 0 );
TEST_ASSERT( block_size == 1 );
TEST_ASSERT( iv_size == 0 );
}
else if( info->mode == MBEDTLS_MODE_XTS )
{
TEST_ASSERT( key_bitlen == 256 ||
Expand All @@ -44,14 +50,28 @@ static int check_cipher_info( mbedtls_cipher_type_t type,
else if( ! strncmp( info->name, "DES-EDE3-", 9 ) )
{
TEST_ASSERT( key_bitlen == 192 );
TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) );
TEST_ASSERT( block_size == 8 );
}
else if( ! strncmp( info->name, "DES-EDE-", 8 ) )
{
TEST_ASSERT( key_bitlen == 128 );
TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) );
TEST_ASSERT( block_size == 8 );
}
else if( ! strncmp( info->name, "DES-", 4 ) )
{
TEST_ASSERT( key_bitlen == 64 );
TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) );
TEST_ASSERT( block_size == 8 );
}
else if( ! strncmp( info->name, "AES", 3 ) )
{
TEST_ASSERT( key_bitlen == 128 ||
key_bitlen == 192 ||
key_bitlen == 256 );
TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) );
TEST_ASSERT( block_size == 16 );
}
else
{
Expand All @@ -60,6 +80,23 @@ static int check_cipher_info( mbedtls_cipher_type_t type,
key_bitlen == 256 );
}

if( strstr( info->name, "-ECB" ) != NULL )
{
TEST_ASSERT( iv_size == 0 );
TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) );
}
else if( strstr( info->name, "-CBC" ) != NULL ||
strstr( info->name, "-CTR" ) != NULL )
{
TEST_ASSERT( iv_size == block_size );
TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) );
}
else if( strstr( info->name, "-GCM" ) != NULL )
{
TEST_ASSERT( iv_size == block_size - 4 );
TEST_ASSERT( mbedtls_cipher_info_has_variable_iv_size( info ) );
}

return( 1 );

exit:
Expand Down