Skip to content

[RFC] Make all modes use the ECB mode API #524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

[RFC] Make all modes use the ECB mode API #524

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bc3a752
re-factor modes to use internal ECB implementation
sjaeckel Nov 15, 2019
f31c49c
refactor AEAD's and MAC's to use ECB API
sjaeckel Nov 19, 2019
91a0d61
fix scan-build warnings
sjaeckel Nov 25, 2019
4eeeafb
disable LTC_FAST for scan-build
sjaeckel Nov 25, 2019
2733eae
fix timing demo
sjaeckel Nov 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .ci/meta_builds.sh
View file
Original file line number Diff line number Diff line change
@@ -56,7 +56,7 @@ function run_clang() {
scan_build=$(which scan-build) || true
[ -z "$scan_build" ] && scan_build=$(find /usr/bin/ -name 'scan-build-[0-9]*' | sort -nr | head -n1) || true
[ -z "$scan_build" ] && { echo "couldn't find clang scan-build"; exit 1; } || echo "run $scan_build"
$scan_build --status-bugs make -j$MAKE_JOBS all CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5"
$scan_build --status-bugs make -j$MAKE_JOBS all CFLAGS="$2 $CFLAGS $4 -DLTC_NO_FAST" EXTRALIBS="$5"

make clean &>/dev/null

6 changes: 3 additions & 3 deletions demos/timing.c
View file
Original file line number Diff line number Diff line change
@@ -1154,7 +1154,7 @@ static void time_encmacs_(unsigned long MAC_SIZE)
ulong64 t1, t2;
unsigned long x, z;
int err, cipher_idx;
symmetric_key skey;
symmetric_ECB skey;

fprintf(stderr, "\nENC+MAC Timings (zero byte AAD, 16 byte IV, cycles/byte on %luKB blocks):\n", MAC_SIZE);

@@ -1233,7 +1233,7 @@ static void time_encmacs_(unsigned long MAC_SIZE)
}
fprintf(stderr, "CCM (no-precomp) \t%9"PRI64"u\n", t2/(ulong64)(MAC_SIZE*1024));

cipher_descriptor[cipher_idx].setup(key, 16, 0, &skey);
ecb_start(cipher_idx, key, 16, 0, &skey);
t2 = -1;
for (x = 0; x < 10000; x++) {
t_start();
@@ -1247,7 +1247,7 @@ static void time_encmacs_(unsigned long MAC_SIZE)
if (t1 < t2) t2 = t1;
}
fprintf(stderr, "CCM (precomp) \t\t%9"PRI64"u\n", t2/(ulong64)(MAC_SIZE*1024));
cipher_descriptor[cipher_idx].done(&skey);
ecb_done(&skey);
#endif

#ifdef LTC_GCM_MODE
4 changes: 2 additions & 2 deletions src/encauth/ccm/ccm_add_aad.c
View file
Original file line number Diff line number Diff line change
@@ -29,7 +29,7 @@ int ccm_add_aad(ccm_state *ccm,
for (y = 0; y < adatalen; y++) {
if (ccm->x == 16) {
/* full block so let's encrypt it */
if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
return err;
}
ccm->x = 0;
@@ -40,7 +40,7 @@ int ccm_add_aad(ccm_state *ccm,
/* remainder? */
if (ccm->aadlen == ccm->current_aadlen) {
if (ccm->x != 0) {
if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
return err;
}
}
2 changes: 1 addition & 1 deletion src/encauth/ccm/ccm_add_nonce.c
View file
Original file line number Diff line number Diff line change
@@ -60,7 +60,7 @@ int ccm_add_nonce(ccm_state *ccm,
}

/* encrypt PAD */
if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
return err;
}

6 changes: 3 additions & 3 deletions src/encauth/ccm/ccm_done.c
View file
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ int ccm_done(ccm_state *ccm,
LTC_ARGCHK(taglen != NULL);

if (ccm->x != 0) {
if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
return err;
}
}
@@ -37,11 +37,11 @@ int ccm_done(ccm_state *ccm,
for (y = 15; y > 15 - ccm->L; y--) {
ccm->ctr[y] = 0x00;
}
if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->ctr, ccm->CTRPAD, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ccm->ctr, ccm->CTRPAD, &ccm->K)) != CRYPT_OK) {
return err;
}

cipher_descriptor[ccm->cipher].done(&ccm->K);
ecb_done(&ccm->K);

/* store the TAG */
for (x = 0; x < 16 && x < *taglen; x++) {
3 changes: 1 addition & 2 deletions src/encauth/ccm/ccm_init.c
View file
Original file line number Diff line number Diff line change
@@ -41,10 +41,9 @@ int ccm_init(ccm_state *ccm, int cipher,
ccm->taglen = taglen;

/* schedule key */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_start(cipher, key, keylen, 0, &ccm->K)) != CRYPT_OK) {
return err;
}
ccm->cipher = cipher;

/* let's get the L value */
ccm->ptlen = ptlen;
37 changes: 20 additions & 17 deletions src/encauth/ccm/ccm_memory.c
View file
Original file line number Diff line number Diff line change
@@ -32,7 +32,7 @@
*/
int ccm_memory(int cipher,
const unsigned char *key, unsigned long keylen,
symmetric_key *uskey,
symmetric_ECB *uskey,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
unsigned char *pt, unsigned long ptlen,
@@ -42,7 +42,7 @@ int ccm_memory(int cipher,
{
unsigned char PAD[16], ctr[16], CTRPAD[16], ptTag[16], b, *pt_real;
unsigned char *pt_work = NULL;
symmetric_key *skey;
symmetric_ECB *skey;
int err;
unsigned long len, L, x, y, z, CTRlen;

@@ -78,12 +78,15 @@ int ccm_memory(int cipher,
if (*taglen < 4 || *taglen > 16 || (*taglen % 2) == 1) {
return CRYPT_INVALID_ARG;
}
if (noncelen < 7) {
return CRYPT_INVALID_ARG;
}

/* is there an accelerator? */
if (cipher_descriptor[cipher].accel_ccm_memory != NULL) {
return cipher_descriptor[cipher].accel_ccm_memory(
key, keylen,
uskey,
&uskey->key,
nonce, noncelen,
header, headerlen,
pt, ptlen,
@@ -117,7 +120,7 @@ int ccm_memory(int cipher,
}

/* initialize the cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
if ((err = ecb_start(cipher, key, keylen, 0, skey)) != CRYPT_OK) {
XFREE(skey);
return err;
}
@@ -141,7 +144,7 @@ int ccm_memory(int cipher,
(L-1));

/* nonce */
for (y = 0; y < (16 - (L + 1)); y++) {
for (y = 0; y < noncelen; y++) {
PAD[x++] = nonce[y];
}

@@ -163,7 +166,7 @@ int ccm_memory(int cipher,
}

/* encrypt PAD */
if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
goto error;
}

@@ -188,7 +191,7 @@ int ccm_memory(int cipher,
for (y = 0; y < headerlen; y++) {
if (x == 16) {
/* full block so let's encrypt it */
if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
goto error;
}
x = 0;
@@ -197,7 +200,7 @@ int ccm_memory(int cipher,
}

/* remainder */
if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
goto error;
}
}
@@ -232,7 +235,7 @@ int ccm_memory(int cipher,
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ctr, CTRPAD, skey)) != CRYPT_OK) {
goto error;
}

@@ -241,7 +244,7 @@ int ccm_memory(int cipher,
*(LTC_FAST_TYPE_PTR_CAST(&PAD[z])) ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z]));
*(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z]));
}
if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
goto error;
}
}
@@ -252,7 +255,7 @@ int ccm_memory(int cipher,
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ctr, CTRPAD, skey)) != CRYPT_OK) {
goto error;
}

@@ -261,7 +264,7 @@ int ccm_memory(int cipher,
*(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z]));
*(LTC_FAST_TYPE_PTR_CAST(&PAD[z])) ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z]));
}
if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
goto error;
}
}
@@ -276,7 +279,7 @@ int ccm_memory(int cipher,
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ctr, CTRPAD, skey)) != CRYPT_OK) {
goto error;
}
CTRlen = 0;
@@ -292,7 +295,7 @@ int ccm_memory(int cipher,
}

if (x == 16) {
if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
goto error;
}
x = 0;
@@ -301,7 +304,7 @@ int ccm_memory(int cipher,
}

if (x != 0) {
if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(PAD, PAD, skey)) != CRYPT_OK) {
goto error;
}
}
@@ -311,12 +314,12 @@ int ccm_memory(int cipher,
for (y = 15; y > 15 - L; y--) {
ctr[y] = 0x00;
}
if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ctr, CTRPAD, skey)) != CRYPT_OK) {
goto error;
}

if (skey != uskey) {
cipher_descriptor[cipher].done(skey);
ecb_done(skey);
#ifdef LTC_CLEAN_STACK
zeromem(skey, sizeof(*skey));
#endif
4 changes: 2 additions & 2 deletions src/encauth/ccm/ccm_process.c
View file
Original file line number Diff line number Diff line change
@@ -47,7 +47,7 @@ int ccm_process(ccm_state *ccm,
ccm->ctr[z] = (ccm->ctr[z] + 1) & 255;
if (ccm->ctr[z]) break;
}
if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->ctr, ccm->CTRPAD, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ccm->ctr, ccm->CTRPAD, &ccm->K)) != CRYPT_OK) {
return err;
}
ccm->CTRlen = 0;
@@ -63,7 +63,7 @@ int ccm_process(ccm_state *ccm,
}

if (ccm->x == 16) {
if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
return err;
}
ccm->x = 0;
6 changes: 3 additions & 3 deletions src/encauth/ccm/ccm_test.c
View file
Original file line number Diff line number Diff line change
@@ -108,7 +108,7 @@ int ccm_test(void)
unsigned long taglen, x, y;
unsigned char buf[64], buf2[64], tag[16], tag2[16], tag3[16], zero[64];
int err, idx;
symmetric_key skey;
symmetric_ECB skey;
ccm_state ccm;

zeromem(zero, 64);
@@ -125,7 +125,7 @@ int ccm_test(void)
for (y = 0; y < 2; y++) {
taglen = tests[x].taglen;
if (y == 0) {
if ((err = cipher_descriptor[idx].setup(tests[x].key, 16, 0, &skey)) != CRYPT_OK) {
if ((err = ecb_start(idx, tests[x].key, 16, 0, &skey)) != CRYPT_OK) {
return err;
}

@@ -235,7 +235,7 @@ int ccm_test(void)
}

if (y == 0) {
cipher_descriptor[idx].done(&skey);
ecb_done(&skey);
}
}
}
5 changes: 0 additions & 5 deletions src/encauth/gcm/gcm_add_aad.c
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,6 @@ int gcm_add_aad(gcm_state *gcm,
const unsigned char *adata, unsigned long adatalen)
{
unsigned long x;
int err;
#ifdef LTC_FAST
unsigned long y;
#endif
@@ -34,10 +33,6 @@ int gcm_add_aad(gcm_state *gcm,
return CRYPT_INVALID_ARG;
}

if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}

/* in IV mode? */
if (gcm->mode == LTC_GCM_MODE_IV) {
/* IV length must be > 0 */
6 changes: 0 additions & 6 deletions src/encauth/gcm/gcm_add_iv.c
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,6 @@ int gcm_add_iv(gcm_state *gcm,
const unsigned char *IV, unsigned long IVlen)
{
unsigned long x, y;
int err;

LTC_ARGCHK(gcm != NULL);
if (IVlen > 0) {
@@ -36,11 +35,6 @@ int gcm_add_iv(gcm_state *gcm,
return CRYPT_INVALID_ARG;
}

if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}


/* trip the ivmode flag */
if (IVlen + gcm->buflen > 12) {
gcm->ivmode |= 1;
8 changes: 2 additions & 6 deletions src/encauth/gcm/gcm_done.c
View file
Original file line number Diff line number Diff line change
@@ -30,10 +30,6 @@ int gcm_done(gcm_state *gcm,
return CRYPT_INVALID_ARG;
}

if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}

if (gcm->mode == LTC_GCM_MODE_IV) {
/* let's process the IV */
if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err;
@@ -63,15 +59,15 @@ int gcm_done(gcm_state *gcm,
gcm_mult_h(gcm, gcm->X);

/* encrypt original counter */
if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(gcm->Y_0, gcm->buf, &gcm->K)) != CRYPT_OK) {
return err;
}
for (x = 0; x < 16 && x < *taglen; x++) {
tag[x] = gcm->buf[x] ^ gcm->X[x];
}
*taglen = x;

cipher_descriptor[gcm->cipher].done(&gcm->K);
ecb_done(&gcm->K);

return CRYPT_OK;
}
5 changes: 2 additions & 3 deletions src/encauth/gcm/gcm_init.c
View file
Original file line number Diff line number Diff line change
@@ -44,20 +44,19 @@ int gcm_init(gcm_state *gcm, int cipher,
}

/* schedule key */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &gcm->K)) != CRYPT_OK) {
if ((err = ecb_start(cipher, key, keylen, 0, &gcm->K)) != CRYPT_OK) {
return err;
}

/* H = E(0) */
zeromem(B, 16);
if ((err = cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K)) != CRYPT_OK) {
if ((err = ecb_encrypt_block(B, gcm->H, &gcm->K)) != CRYPT_OK) {
return err;
}

/* setup state */
zeromem(gcm->buf, sizeof(gcm->buf));
zeromem(gcm->X, sizeof(gcm->X));
gcm->cipher = cipher;
gcm->mode = LTC_GCM_MODE_IV;
gcm->ivmode = 0;
gcm->buflen = 0;
Loading