diff --git a/sys/crypto/modes/cbc.c b/sys/crypto/modes/cbc.c index 15b5e57721..df3c59abc3 100644 --- a/sys/crypto/modes/cbc.c +++ b/sys/crypto/modes/cbc.c @@ -22,7 +22,7 @@ #include #include "crypto/modes/cbc.h" -int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16], +int cipher_encrypt_cbc(const cipher_t *cipher, uint8_t iv[16], const uint8_t *input, size_t length, uint8_t *output) { size_t offset = 0; @@ -54,7 +54,7 @@ int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16], } -int cipher_decrypt_cbc(cipher_t *cipher, uint8_t iv[16], +int cipher_decrypt_cbc(const cipher_t *cipher, uint8_t iv[16], const uint8_t *input, size_t length, uint8_t *output) { size_t offset = 0; diff --git a/sys/crypto/modes/ccm.c b/sys/crypto/modes/ccm.c index 322a568fd3..c76088dc1b 100644 --- a/sys/crypto/modes/ccm.c +++ b/sys/crypto/modes/ccm.c @@ -34,8 +34,8 @@ static inline int min(int a, int b) } } -static int ccm_compute_cbc_mac(cipher_t *cipher, const uint8_t iv[16], - const uint8_t *input, size_t length, uint8_t *mac) +static int ccm_compute_cbc_mac(const cipher_t *cipher, const uint8_t iv[16], + const uint8_t *input, size_t length, uint8_t *mac) { uint8_t block_size, mac_enc[16] = { 0 }; uint32_t offset; @@ -70,9 +70,9 @@ static int ccm_compute_cbc_mac(cipher_t *cipher, const uint8_t iv[16], } -static int ccm_create_mac_iv(cipher_t *cipher, uint8_t auth_data_len, uint8_t M, - uint8_t L, const uint8_t *nonce, uint8_t nonce_len, - size_t plaintext_len, uint8_t X1[16]) +static int ccm_create_mac_iv(const cipher_t *cipher, uint8_t auth_data_len, uint8_t M, + uint8_t L, const uint8_t *nonce, uint8_t nonce_len, + size_t plaintext_len, uint8_t X1[16]) { uint8_t M_, L_; @@ -106,8 +106,8 @@ static int ccm_create_mac_iv(cipher_t *cipher, uint8_t auth_data_len, uint8_t M, return 0; } -static int ccm_compute_adata_mac(cipher_t *cipher, const uint8_t *auth_data, - uint32_t auth_data_len, uint8_t X1[16]) +static int ccm_compute_adata_mac(const cipher_t *cipher, const uint8_t *auth_data, + uint32_t auth_data_len, uint8_t X1[16]) { if (auth_data_len > 0) { int len; @@ -174,7 +174,7 @@ static inline int _fits_in_nbytes(size_t value, uint8_t num_bytes) } -int cipher_encrypt_ccm(cipher_t *cipher, +int cipher_encrypt_ccm(const cipher_t *cipher, const uint8_t *auth_data, uint32_t auth_data_len, uint8_t mac_length, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, @@ -240,7 +240,7 @@ int cipher_encrypt_ccm(cipher_t *cipher, } -int cipher_decrypt_ccm(cipher_t *cipher, +int cipher_decrypt_ccm(const cipher_t *cipher, const uint8_t *auth_data, uint32_t auth_data_len, uint8_t mac_length, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, diff --git a/sys/crypto/modes/ctr.c b/sys/crypto/modes/ctr.c index 22c6da37a4..bf60adc6ab 100644 --- a/sys/crypto/modes/ctr.c +++ b/sys/crypto/modes/ctr.c @@ -21,7 +21,7 @@ #include "crypto/helper.h" #include "crypto/modes/ctr.h" -int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], +int cipher_encrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16], uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t *output) { @@ -49,7 +49,7 @@ int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], return offset; } -int cipher_decrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], +int cipher_decrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16], uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t *output) { diff --git a/sys/crypto/modes/ecb.c b/sys/crypto/modes/ecb.c index 7859c27b5e..33098c225f 100644 --- a/sys/crypto/modes/ecb.c +++ b/sys/crypto/modes/ecb.c @@ -23,7 +23,7 @@ #include "crypto/modes/ecb.h" -int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input, +int cipher_encrypt_ecb(const cipher_t *cipher, const uint8_t *input, size_t length, uint8_t *output) { size_t offset; @@ -46,7 +46,7 @@ int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input, return offset; } -int cipher_decrypt_ecb(cipher_t *cipher, uint8_t *input, +int cipher_decrypt_ecb(const cipher_t *cipher, const uint8_t *input, size_t length, uint8_t *output) { size_t offset = 0; diff --git a/sys/crypto/modes/ocb.c b/sys/crypto/modes/ocb.c index 2aa3e43031..921064ef11 100644 --- a/sys/crypto/modes/ocb.c +++ b/sys/crypto/modes/ocb.c @@ -25,7 +25,7 @@ #define OCB_MODE_DECRYPT 2 struct ocb_state { - cipher_t *cipher; + const cipher_t *cipher; uint8_t l_star[16]; uint8_t l_zero[16]; uint8_t l_dollar[16]; @@ -35,7 +35,7 @@ struct ocb_state { typedef struct ocb_state ocb_state_t; -static void double_block(uint8_t source[16], uint8_t dest[16]) +static void double_block(const uint8_t source[16], uint8_t dest[16]) { uint8_t msb = source[0] >> 7; @@ -61,7 +61,7 @@ static size_t ntz(size_t n) return ret; } -static void calculate_l_i(uint8_t l_zero[16], size_t i, uint8_t output[16]) +static void calculate_l_i(const uint8_t l_zero[16], size_t i, uint8_t output[16]) { memcpy(output, l_zero, 16); while ((i--) > 0) { @@ -69,7 +69,7 @@ static void calculate_l_i(uint8_t l_zero[16], size_t i, uint8_t output[16]) } } -static void xor_block(uint8_t block1[16], uint8_t block2[16], +static void xor_block(const uint8_t block1[16], const uint8_t block2[16], uint8_t output[16]) { for (uint8_t i = 0; i < 16; ++i) { @@ -78,7 +78,8 @@ static void xor_block(uint8_t block1[16], uint8_t block2[16], } static void processBlock(ocb_state_t *state, size_t blockNumber, - uint8_t input[16], uint8_t output[16], uint8_t mode) + const uint8_t input[16], uint8_t output[16], + uint8_t mode) { /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ uint8_t l_i[16]; @@ -106,7 +107,7 @@ static void processBlock(ocb_state_t *state, size_t blockNumber, } } -static void hash(ocb_state_t *state, uint8_t *data, size_t data_len, +static void hash(ocb_state_t *state, const uint8_t *data, size_t data_len, uint8_t output[16]) { /* Calculate the number of full blocks in data */ @@ -149,8 +150,9 @@ static void hash(ocb_state_t *state, uint8_t *data, size_t data_len, } } -static void init_ocb(cipher_t *cipher, uint8_t tag_len, uint8_t *nonce, - size_t nonce_len, ocb_state_t *state) +static void init_ocb(const cipher_t *cipher, uint8_t tag_len, + const uint8_t *nonce, size_t nonce_len, + ocb_state_t *state) { state->cipher = cipher; @@ -203,12 +205,12 @@ static void init_ocb(cipher_t *cipher, uint8_t tag_len, uint8_t *nonce, memset(state->checksum, 0, 16); } -static int32_t run_ocb(cipher_t *cipher, uint8_t *auth_data, - uint32_t auth_data_len, - uint8_t tag[16], uint8_t tag_len, uint8_t *nonce, - size_t nonce_len, - uint8_t *input, size_t input_len, uint8_t *output, - uint8_t mode) +static int32_t run_ocb(const cipher_t *cipher, + const uint8_t *auth_data, uint32_t auth_data_len, + uint8_t tag[16], uint8_t tag_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *input, size_t input_len, + uint8_t *output, uint8_t mode) { /* OCB mode only works for ciphers of block length 16 */ @@ -288,10 +290,12 @@ static int32_t run_ocb(cipher_t *cipher, uint8_t *auth_data, return output_pos; } -int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data, - size_t auth_data_len, - uint8_t tag_len, uint8_t *nonce, size_t nonce_len, - uint8_t *input, size_t input_len, uint8_t *output) +int32_t cipher_encrypt_ocb(const cipher_t *cipher, + const uint8_t *auth_data, size_t auth_data_len, + uint8_t tag_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *input, size_t input_len, + uint8_t *output) { uint8_t tag[16]; @@ -314,10 +318,12 @@ int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data, return (cipher_text_length + tag_len); } -int32_t cipher_decrypt_ocb(cipher_t *cipher, uint8_t *auth_data, - size_t auth_data_len, - uint8_t tag_len, uint8_t *nonce, size_t nonce_len, - uint8_t *input, size_t input_len, uint8_t *output) +int32_t cipher_decrypt_ocb(const cipher_t *cipher, + const uint8_t *auth_data, size_t auth_data_len, + uint8_t tag_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *input, size_t input_len, + uint8_t *output) { if (input_len > (uint32_t)(INT32_MAX + tag_len)) { // We would not be able to return the proper output length for data this long diff --git a/sys/include/crypto/modes/cbc.h b/sys/include/crypto/modes/cbc.h index 5670cf0654..f37cbdf530 100644 --- a/sys/include/crypto/modes/cbc.h +++ b/sys/include/crypto/modes/cbc.h @@ -43,7 +43,7 @@ extern "C" { * @return CIPHER_ERR_ENC_FAILED on internal encryption error * @return otherwise number of input bytes that aren't consumed */ -int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16], const uint8_t *input, +int cipher_encrypt_cbc(const cipher_t *cipher, uint8_t iv[16], const uint8_t *input, size_t input_len, uint8_t *output); @@ -62,7 +62,7 @@ int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16], const uint8_t *input, * @return CIPHER_ERR_DEC_FAILED on internal decryption error * @return otherwise number of bytes decrypted */ -int cipher_decrypt_cbc(cipher_t *cipher, uint8_t iv[16], const uint8_t *input, +int cipher_decrypt_cbc(const cipher_t *cipher, uint8_t iv[16], const uint8_t *input, size_t input_len, uint8_t *output); #ifdef __cplusplus diff --git a/sys/include/crypto/modes/ccm.h b/sys/include/crypto/modes/ccm.h index 12912132cb..68d7c4c542 100644 --- a/sys/include/crypto/modes/ccm.h +++ b/sys/include/crypto/modes/ccm.h @@ -69,7 +69,7 @@ extern "C" { * can be 0 if input_len=0 (no plaintext) * @return A negative error code if something went wrong */ -int cipher_encrypt_ccm(cipher_t *cipher, +int cipher_encrypt_ccm(const cipher_t *cipher, const uint8_t *auth_data, uint32_t auth_data_len, uint8_t mac_length, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, @@ -99,7 +99,7 @@ int cipher_encrypt_ccm(cipher_t *cipher, * can be 0 if only auth_data and MAC is present. * @return A negative error code if something went wrong */ -int cipher_decrypt_ccm(cipher_t *cipher, +int cipher_decrypt_ccm(const cipher_t *cipher, const uint8_t *auth_data, uint32_t auth_data_len, uint8_t mac_length, uint8_t length_encoding, const uint8_t *nonce, size_t nonce_len, diff --git a/sys/include/crypto/modes/ctr.h b/sys/include/crypto/modes/ctr.h index 85f6cce4af..336b36d9c0 100644 --- a/sys/include/crypto/modes/ctr.h +++ b/sys/include/crypto/modes/ctr.h @@ -44,7 +44,7 @@ extern "C" { * @return Length of encrypted data on a successful encryption * @return A negative error code if something went wrong */ -int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], +int cipher_encrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16], uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t *output); @@ -68,7 +68,7 @@ int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], * @return Length of decrypted data on a successful decryption * @return A negative error code if something went wrong */ -int cipher_decrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], +int cipher_decrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16], uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t *output); diff --git a/sys/include/crypto/modes/ecb.h b/sys/include/crypto/modes/ecb.h index c89fd47289..b07c21013b 100644 --- a/sys/include/crypto/modes/ecb.h +++ b/sys/include/crypto/modes/ecb.h @@ -42,8 +42,8 @@ extern "C" { * @return A negative error code if something went wrong * */ -int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input, size_t length, - uint8_t *output); +int cipher_encrypt_ecb(const cipher_t *cipher, const uint8_t *input, + size_t length, uint8_t *output); /** @@ -59,8 +59,8 @@ int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input, size_t length, * @return Length of decrypted data on a successful decryption * @return A negative error code if something went wrong */ -int cipher_decrypt_ecb(cipher_t *cipher, uint8_t *input, size_t length, - uint8_t *output); +int cipher_decrypt_ecb(const cipher_t *cipher, const uint8_t *input, + size_t length, uint8_t *output); #ifdef __cplusplus } diff --git a/sys/include/crypto/modes/ocb.h b/sys/include/crypto/modes/ocb.h index 1e22071bc2..ef076b40a5 100644 --- a/sys/include/crypto/modes/ocb.h +++ b/sys/include/crypto/modes/ocb.h @@ -77,10 +77,12 @@ extern "C" { * It has to be of size data_len + tag_len. * @return Length of the encrypted data (including the tag) or a (negative) error code */ -int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data, - size_t auth_data_len, - uint8_t tag_len, uint8_t *nonce, size_t nonce_len, - uint8_t *input, size_t input_len, uint8_t *output); +int32_t cipher_encrypt_ocb(const cipher_t *cipher, + const uint8_t *auth_data, size_t auth_data_len, + uint8_t tag_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *input, size_t input_len, + uint8_t *output); /** * @brief Decrypt and verify the authentication of OCB encrypted data. @@ -100,10 +102,12 @@ int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data, * Will contain only zeroes, if the authentication fails. * @return Length of the plaintext data or a (negative) error code */ -int32_t cipher_decrypt_ocb(cipher_t *cipher, uint8_t *auth_data, - size_t auth_data_len, - uint8_t tag_len, uint8_t *nonce, size_t nonce_len, - uint8_t *input, size_t input_len, uint8_t *output); +int32_t cipher_decrypt_ocb(const cipher_t *cipher, + const uint8_t *auth_data, size_t auth_data_len, + uint8_t tag_len, + const uint8_t *nonce, size_t nonce_len, + const uint8_t *input, size_t input_len, + uint8_t *output); #ifdef __cplusplus } #endif diff --git a/tests/sys_crypto/tests-crypto-modes-ccm.c b/tests/sys_crypto/tests-crypto-modes-ccm.c index 930e298587..ea6be9724b 100644 --- a/tests/sys_crypto/tests-crypto-modes-ccm.c +++ b/tests/sys_crypto/tests-crypto-modes-ccm.c @@ -1255,7 +1255,7 @@ static void test_crypto_modes_ccm_decrypt(void) } -typedef int (*func_ccm_t)(cipher_t *, const uint8_t *, uint32_t, +typedef int (*func_ccm_t)(const cipher_t *, const uint8_t *, uint32_t, uint8_t, uint8_t, const uint8_t *, size_t, const uint8_t *, size_t, uint8_t *);