From 3a782a0fe4ac004d5645be9a82b19af916b1ee3a Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sun, 7 Nov 2021 14:01:16 +0100 Subject: [PATCH 1/8] Add IV and block size getters for cipher_info Signed-off-by: Max Fillinger --- include/mbedtls/cipher.h | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 892771e63..78d31498b 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -507,6 +507,41 @@ static inline const char *mbedtls_cipher_info_get_name( return( info->MBEDTLS_PRIVATE(name) ); } +/** + * \brief This function returns the size of the IV or nonce + * for the cipher info structure, in bytes. + * + * \param info The cipher info structure. This may be \c NULL. + * + * \return The recommended IV size. + * \return \c 0 for ciphers not using an IV or a nonce. + */ +static inline int mbedtls_cipher_info_get_iv_size( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( 0 ); + + return( (int) info->MBEDTLS_PRIVATE(iv_size) ); +} + +/** + * \brief This function returns the block size of the given + * cipher info structure. + * + * \param info The cipher info structure. This may be \c NULL. + * + * \return The block size of the cipher. + */ +static inline unsigned int mbedtls_cipher_info_get_block_size( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( 0 ); + + return( info->MBEDTLS_PRIVATE(block_size) ); +} + /** * \brief This function initializes a \p cipher_context as NONE. * From f057893035d0106488c66c3f1b319ce084194a57 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 9 Nov 2021 21:48:08 +0100 Subject: [PATCH 2/8] Allow checking variable IV/key size in cipher_info Signed-off-by: Max Fillinger --- include/mbedtls/cipher.h | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 78d31498b..a99a50ff6 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -542,6 +542,42 @@ static inline unsigned int mbedtls_cipher_info_get_block_size( return( info->MBEDTLS_PRIVATE(block_size) ); } +/** + * \brief This function returns a non-zero value if the key length for + * the given cipher is variable. + * + * \param info The cipher info structure. This may be \c NULL. + * + * \return Non-zero if the key length is variable, \c 0 otherwise. + * \return \c 0 if the given pointer is \c NULL. + */ +static inline int mbedtls_cipher_info_has_variable_key_bitlen( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( 0 ); + + return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ); +} + +/** + * \brief This function returns a non-zero value if the IV size for + * the given cipher is variable. + * + * \param info The cipher info structure. This may be \c NULL. + * + * \return Non-zero if the IV size is variable, \c 0 otherwise. + * \return \c 0 if the given pointer is \c NULL. + */ +static inline int mbedtls_cipher_info_has_variable_iv_size( + const mbedtls_cipher_info_t *info ) +{ + if( info == NULL ) + return( 0 ); + + return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_IV_LEN ); +} + /** * \brief This function initializes a \p cipher_context as NONE. * From c60c3a0c7751943b6cc976893e14d495715dea83 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Tue, 9 Nov 2021 22:38:56 +0100 Subject: [PATCH 3/8] Include new getters in test suites Signed-off-by: Max Fillinger --- tests/suites/test_suite_cipher.function | 38 +++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index e496856e2..20020c241 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -19,6 +19,7 @@ static int check_cipher_info( mbedtls_cipher_type_t type, const mbedtls_cipher_info_t *info ) { size_t key_bitlen; + int block_size, iv_size; TEST_ASSERT( info != NULL ); TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) ); @@ -33,8 +34,14 @@ static int check_cipher_info( mbedtls_cipher_type_t type, TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info ); key_bitlen = mbedtls_cipher_info_get_key_bitlen( info ); + block_size = mbedtls_cipher_info_get_block_size( info ); + iv_size = mbedtls_cipher_info_get_iv_size( info ); if( info->type == MBEDTLS_CIPHER_NULL ) + { TEST_ASSERT( key_bitlen == 0 ); + TEST_ASSERT( block_size == 1 ); + TEST_ASSERT( iv_size == 0 ); + } else if( info->mode == MBEDTLS_MODE_XTS ) { TEST_ASSERT( key_bitlen == 256 || @@ -44,14 +51,28 @@ static int check_cipher_info( mbedtls_cipher_type_t type, else if( ! strncmp( info->name, "DES-EDE3-", 9 ) ) { TEST_ASSERT( key_bitlen == 192 ); + TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); + TEST_ASSERT( block_size == 8 ); } else if( ! strncmp( info->name, "DES-EDE-", 8 ) ) { TEST_ASSERT( key_bitlen == 128 ); + TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); + TEST_ASSERT( block_size == 8 ); } else if( ! strncmp( info->name, "DES-", 4 ) ) { TEST_ASSERT( key_bitlen == 64 ); + TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); + TEST_ASSERT( block_size == 8 ); + } + else if( ! strncmp( info->name, "AES", 3 ) ) + { + TEST_ASSERT( key_bitlen == 128 || + key_bitlen == 192 || + key_bitlen == 256 ); + TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); + TEST_ASSERT( block_size == 16 ); } else { @@ -60,6 +81,23 @@ static int check_cipher_info( mbedtls_cipher_type_t type, key_bitlen == 256 ); } + if( strstr( info->name, "-ECB" ) != NULL ) + { + TEST_ASSERT( iv_size == 0 ); + TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) ); + } + else if( strstr( info->name, "-CBC" ) != NULL || + strstr( info->name, "-CTR" ) != NULL ) + { + TEST_ASSERT( iv_size == block_size ); + TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) ); + } + else if( strstr( info->name, "-GCM" ) != NULL ) + { + TEST_ASSERT( iv_size == block_size - 4 ); + TEST_ASSERT( mbedtls_cipher_info_has_variable_iv_size( info ) ); + } + return( 1 ); exit: From 7568d1a23880e2b11f0c19cc7fa55e78f41a69ac Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Wed, 10 Nov 2021 14:31:38 +0100 Subject: [PATCH 4/8] Add Changelog entry for additional getters Signed-off-by: Max Fillinger --- ChangeLog.d/additional_cipher_info_getters.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/additional_cipher_info_getters.txt diff --git a/ChangeLog.d/additional_cipher_info_getters.txt b/ChangeLog.d/additional_cipher_info_getters.txt new file mode 100644 index 000000000..5cb1ad6bb --- /dev/null +++ b/ChangeLog.d/additional_cipher_info_getters.txt @@ -0,0 +1,3 @@ +Features + * Add functions to get the IV and block size from cipher_info structs. + * Add functions to check if a cipher supports variable IV or key size. From 5fee208ff24dae6351d5e56a7482142067a4cb44 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sun, 21 Nov 2021 16:10:54 +0100 Subject: [PATCH 5/8] Make new IV and block size getters return size_t Signed-off-by: Max Fillinger --- include/mbedtls/cipher.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index a99a50ff6..b5d3e6136 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -516,13 +516,13 @@ static inline const char *mbedtls_cipher_info_get_name( * \return The recommended IV size. * \return \c 0 for ciphers not using an IV or a nonce. */ -static inline int mbedtls_cipher_info_get_iv_size( +static inline size_t mbedtls_cipher_info_get_iv_size( const mbedtls_cipher_info_t *info ) { if( info == NULL ) return( 0 ); - return( (int) info->MBEDTLS_PRIVATE(iv_size) ); + return( (size_t) info->MBEDTLS_PRIVATE(iv_size) ); } /** @@ -533,13 +533,13 @@ static inline int mbedtls_cipher_info_get_iv_size( * * \return The block size of the cipher. */ -static inline unsigned int mbedtls_cipher_info_get_block_size( +static inline size_t mbedtls_cipher_info_get_block_size( const mbedtls_cipher_info_t *info ) { if( info == NULL ) return( 0 ); - return( info->MBEDTLS_PRIVATE(block_size) ); + return( (size_t) info->MBEDTLS_PRIVATE(block_size) ); } /** From e85bb7096fa1fcbad7b64bebc4a226109c2fe1e9 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sun, 21 Nov 2021 16:25:23 +0100 Subject: [PATCH 6/8] Fix documentation for block size getters - Document unit (bytes) - Explain what happens for stream ciphers Signed-off-by: Max Fillinger --- include/mbedtls/cipher.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index b5d3e6136..6ce82a34c 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -527,11 +527,13 @@ static inline size_t mbedtls_cipher_info_get_iv_size( /** * \brief This function returns the block size of the given - * cipher info structure. + * cipher info structure in bytes. * * \param info The cipher info structure. This may be \c NULL. * * \return The block size of the cipher. + * \return \c 1 if the cipher is a stream cipher. + * \return \c 0 if \p info is \c NULL. */ static inline size_t mbedtls_cipher_info_get_block_size( const mbedtls_cipher_info_t *info ) @@ -654,11 +656,13 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** - * \brief This function returns the block size of the given cipher. + * \brief This function returns the block size of the given cipher + * in bytes. * - * \param ctx The context of the cipher. This must be initialized. + * \param ctx The context of the cipher. * * \return The block size of the underlying cipher. + * \return \c 1 if the cipher is a stream cipher. * \return \c 0 if \p ctx has not been initialized. */ static inline unsigned int mbedtls_cipher_get_block_size( From c3cffae420c4d4b75a2d8136d6cdb82d2d8660af Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sun, 28 Nov 2021 13:59:44 +0100 Subject: [PATCH 7/8] Document return value for IV size getter on NULL Signed-off-by: Max Fillinger --- include/mbedtls/cipher.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 6ce82a34c..c04097dad 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -515,6 +515,7 @@ static inline const char *mbedtls_cipher_info_get_name( * * \return The recommended IV size. * \return \c 0 for ciphers not using an IV or a nonce. + * \return \c 0 if \p info is \c NULL. */ static inline size_t mbedtls_cipher_info_get_iv_size( const mbedtls_cipher_info_t *info ) From 72abd8a9c31eb0a2404c9ccb8243e4ea3c0a06e3 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sun, 28 Nov 2021 14:02:36 +0100 Subject: [PATCH 8/8] Fix type for iv size and block size in tests Signed-off-by: Max Fillinger --- tests/suites/test_suite_cipher.function | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 20020c241..2efc434dc 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -18,8 +18,7 @@ static int check_cipher_info( mbedtls_cipher_type_t type, const mbedtls_cipher_info_t *info ) { - size_t key_bitlen; - int block_size, iv_size; + size_t key_bitlen, block_size, iv_size; TEST_ASSERT( info != NULL ); TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) );