riot-ci/RIOT
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #15156 from fabian18/add_const_to_ciphers

Browse Source 
Add const to ciphers
This commit is contained in:
Koen Zandberg 2020-10-05 13:04:31 +02:00 committed by GitHub
commit 31ce4ca406
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 66 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/crypto/modes/cbc.c
View File

@ -22,7 +22,7 @@
#include <string.h> #include <string.h>
#include "crypto/modes/cbc.h" #include "crypto/modes/cbc.h"
int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16], int cipher_encrypt_cbc(const cipher_t *cipher, uint8_t iv[16],
const uint8_t *input, size_t length, uint8_t *output) const uint8_t *input, size_t length, uint8_t *output)
{ {
size_t offset = 0; size_t offset = 0;
@ -54,7 +54,7 @@ int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16],
} }
int cipher_decrypt_cbc(cipher_t *cipher, uint8_t iv[16], int cipher_decrypt_cbc(const cipher_t *cipher, uint8_t iv[16],
const uint8_t *input, size_t length, uint8_t *output) const uint8_t *input, size_t length, uint8_t *output)
{ {
size_t offset = 0; size_t offset = 0;

18
sys/crypto/modes/ccm.c
View File

@ -34,8 +34,8 @@ static inline int min(int a, int b)
} }
} }
static int ccm_compute_cbc_mac(cipher_t *cipher, const uint8_t iv[16], static int ccm_compute_cbc_mac(const cipher_t *cipher, const uint8_t iv[16],
const uint8_t *input, size_t length, uint8_t *mac) const uint8_t *input, size_t length, uint8_t *mac)
{ {
uint8_t block_size, mac_enc[16] = { 0 }; uint8_t block_size, mac_enc[16] = { 0 };
uint32_t offset; uint32_t offset;
@ -70,9 +70,9 @@ static int ccm_compute_cbc_mac(cipher_t *cipher, const uint8_t iv[16],
} }
static int ccm_create_mac_iv(cipher_t *cipher, uint8_t auth_data_len, uint8_t M, static int ccm_create_mac_iv(const cipher_t *cipher, uint8_t auth_data_len, uint8_t M,
uint8_t L, const uint8_t *nonce, uint8_t nonce_len, uint8_t L, const uint8_t *nonce, uint8_t nonce_len,
size_t plaintext_len, uint8_t X1[16]) size_t plaintext_len, uint8_t X1[16])
{ {
uint8_t M_, L_; uint8_t M_, L_;
@ -106,8 +106,8 @@ static int ccm_create_mac_iv(cipher_t *cipher, uint8_t auth_data_len, uint8_t M,
return 0; return 0;
} }
static int ccm_compute_adata_mac(cipher_t *cipher, const uint8_t *auth_data, static int ccm_compute_adata_mac(const cipher_t *cipher, const uint8_t *auth_data,
uint32_t auth_data_len, uint8_t X1[16]) uint32_t auth_data_len, uint8_t X1[16])
{ {
if (auth_data_len > 0) { if (auth_data_len > 0) {
int len; int len;
@ -174,7 +174,7 @@ static inline int _fits_in_nbytes(size_t value, uint8_t num_bytes)
} }
int cipher_encrypt_ccm(cipher_t *cipher, int cipher_encrypt_ccm(const cipher_t *cipher,
const uint8_t *auth_data, uint32_t auth_data_len, const uint8_t *auth_data, uint32_t auth_data_len,
uint8_t mac_length, uint8_t length_encoding, uint8_t mac_length, uint8_t length_encoding,
const uint8_t *nonce, size_t nonce_len, const uint8_t *nonce, size_t nonce_len,
@ -240,7 +240,7 @@ int cipher_encrypt_ccm(cipher_t *cipher,
} }
int cipher_decrypt_ccm(cipher_t *cipher, int cipher_decrypt_ccm(const cipher_t *cipher,
const uint8_t *auth_data, uint32_t auth_data_len, const uint8_t *auth_data, uint32_t auth_data_len,
uint8_t mac_length, uint8_t length_encoding, uint8_t mac_length, uint8_t length_encoding,
const uint8_t *nonce, size_t nonce_len, const uint8_t *nonce, size_t nonce_len,

4
sys/crypto/modes/ctr.c
View File

@ -21,7 +21,7 @@
#include "crypto/helper.h" #include "crypto/helper.h"
#include "crypto/modes/ctr.h" #include "crypto/modes/ctr.h"
int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], int cipher_encrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16],
uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t nonce_len, const uint8_t *input, size_t length,
uint8_t *output) uint8_t *output)
{ {
@ -49,7 +49,7 @@ int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16],
return offset; return offset;
} }
int cipher_decrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], int cipher_decrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16],
uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t nonce_len, const uint8_t *input, size_t length,
uint8_t *output) uint8_t *output)
{ {

4
sys/crypto/modes/ecb.c
View File

@ -23,7 +23,7 @@
#include "crypto/modes/ecb.h" #include "crypto/modes/ecb.h"
int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input, int cipher_encrypt_ecb(const cipher_t *cipher, const uint8_t *input,
size_t length, uint8_t *output) size_t length, uint8_t *output)
{ {
size_t offset; size_t offset;
@ -46,7 +46,7 @@ int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input,
return offset; return offset;
} }
int cipher_decrypt_ecb(cipher_t *cipher, uint8_t *input, int cipher_decrypt_ecb(const cipher_t *cipher, const uint8_t *input,
size_t length, uint8_t *output) size_t length, uint8_t *output)
{ {
size_t offset = 0; size_t offset = 0;

50
sys/crypto/modes/ocb.c
View File

@ -25,7 +25,7 @@
#define OCB_MODE_DECRYPT 2 #define OCB_MODE_DECRYPT 2
struct ocb_state { struct ocb_state {
cipher_t *cipher; const cipher_t *cipher;
uint8_t l_star[16]; uint8_t l_star[16];
uint8_t l_zero[16]; uint8_t l_zero[16];
uint8_t l_dollar[16]; uint8_t l_dollar[16];
@ -35,7 +35,7 @@ struct ocb_state {
typedef struct ocb_state ocb_state_t; typedef struct ocb_state ocb_state_t;
static void double_block(uint8_t source[16], uint8_t dest[16]) static void double_block(const uint8_t source[16], uint8_t dest[16])
{ {
uint8_t msb = source[0] >> 7; uint8_t msb = source[0] >> 7;
@ -61,7 +61,7 @@ static size_t ntz(size_t n)
return ret; return ret;
} }
static void calculate_l_i(uint8_t l_zero[16], size_t i, uint8_t output[16]) static void calculate_l_i(const uint8_t l_zero[16], size_t i, uint8_t output[16])
{ {
memcpy(output, l_zero, 16); memcpy(output, l_zero, 16);
while ((i--) > 0) { while ((i--) > 0) {
@ -69,7 +69,7 @@ static void calculate_l_i(uint8_t l_zero[16], size_t i, uint8_t output[16])
} }
} }
static void xor_block(uint8_t block1[16], uint8_t block2[16], static void xor_block(const uint8_t block1[16], const uint8_t block2[16],
uint8_t output[16]) uint8_t output[16])
{ {
for (uint8_t i = 0; i < 16; ++i) { for (uint8_t i = 0; i < 16; ++i) {
@ -78,7 +78,8 @@ static void xor_block(uint8_t block1[16], uint8_t block2[16],
} }
static void processBlock(ocb_state_t *state, size_t blockNumber, static void processBlock(ocb_state_t *state, size_t blockNumber,
uint8_t input[16], uint8_t output[16], uint8_t mode) const uint8_t input[16], uint8_t output[16],
uint8_t mode)
{ {
/* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
uint8_t l_i[16]; uint8_t l_i[16];
@ -106,7 +107,7 @@ static void processBlock(ocb_state_t *state, size_t blockNumber,
} }
} }
static void hash(ocb_state_t *state, uint8_t *data, size_t data_len, static void hash(ocb_state_t *state, const uint8_t *data, size_t data_len,
uint8_t output[16]) uint8_t output[16])
{ {
/* Calculate the number of full blocks in data */ /* Calculate the number of full blocks in data */
@ -149,8 +150,9 @@ static void hash(ocb_state_t *state, uint8_t *data, size_t data_len,
} }
} }
static void init_ocb(cipher_t *cipher, uint8_t tag_len, uint8_t *nonce, static void init_ocb(const cipher_t *cipher, uint8_t tag_len,
size_t nonce_len, ocb_state_t *state) const uint8_t *nonce, size_t nonce_len,
ocb_state_t *state)
{ {
state->cipher = cipher; state->cipher = cipher;
@ -203,12 +205,12 @@ static void init_ocb(cipher_t *cipher, uint8_t tag_len, uint8_t *nonce,
memset(state->checksum, 0, 16); memset(state->checksum, 0, 16);
} }
static int32_t run_ocb(cipher_t *cipher, uint8_t *auth_data, static int32_t run_ocb(const cipher_t *cipher,
uint32_t auth_data_len, const uint8_t *auth_data, uint32_t auth_data_len,
uint8_t tag[16], uint8_t tag_len, uint8_t *nonce, uint8_t tag[16], uint8_t tag_len,
size_t nonce_len, const uint8_t *nonce, size_t nonce_len,
uint8_t *input, size_t input_len, uint8_t *output, const uint8_t *input, size_t input_len,
uint8_t mode) uint8_t *output, uint8_t mode)
{ {
/* OCB mode only works for ciphers of block length 16 */ /* OCB mode only works for ciphers of block length 16 */
@ -288,10 +290,12 @@ static int32_t run_ocb(cipher_t *cipher, uint8_t *auth_data,
return output_pos; return output_pos;
} }
int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data, int32_t cipher_encrypt_ocb(const cipher_t *cipher,
size_t auth_data_len, const uint8_t *auth_data, size_t auth_data_len,
uint8_t tag_len, uint8_t *nonce, size_t nonce_len, uint8_t tag_len,
uint8_t *input, size_t input_len, uint8_t *output) const uint8_t *nonce, size_t nonce_len,
const uint8_t *input, size_t input_len,
uint8_t *output)
{ {
uint8_t tag[16]; uint8_t tag[16];
@ -314,10 +318,12 @@ int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data,
return (cipher_text_length + tag_len); return (cipher_text_length + tag_len);
} }
int32_t cipher_decrypt_ocb(cipher_t *cipher, uint8_t *auth_data, int32_t cipher_decrypt_ocb(const cipher_t *cipher,
size_t auth_data_len, const uint8_t *auth_data, size_t auth_data_len,
uint8_t tag_len, uint8_t *nonce, size_t nonce_len, uint8_t tag_len,
uint8_t *input, size_t input_len, uint8_t *output) const uint8_t *nonce, size_t nonce_len,
const uint8_t *input, size_t input_len,
uint8_t *output)
{ {
if (input_len > (uint32_t)(INT32_MAX + tag_len)) { if (input_len > (uint32_t)(INT32_MAX + tag_len)) {
// We would not be able to return the proper output length for data this long // We would not be able to return the proper output length for data this long

4
sys/include/crypto/modes/cbc.h
View File

@ -43,7 +43,7 @@ extern "C" {
* @return CIPHER_ERR_ENC_FAILED on internal encryption error * @return CIPHER_ERR_ENC_FAILED on internal encryption error
* @return otherwise number of input bytes that aren't consumed * @return otherwise number of input bytes that aren't consumed
*/ */
int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16], const uint8_t *input, int cipher_encrypt_cbc(const cipher_t *cipher, uint8_t iv[16], const uint8_t *input,
size_t input_len, uint8_t *output); size_t input_len, uint8_t *output);
@ -62,7 +62,7 @@ int cipher_encrypt_cbc(cipher_t *cipher, uint8_t iv[16], const uint8_t *input,
* @return CIPHER_ERR_DEC_FAILED on internal decryption error * @return CIPHER_ERR_DEC_FAILED on internal decryption error
* @return otherwise number of bytes decrypted * @return otherwise number of bytes decrypted
*/ */
int cipher_decrypt_cbc(cipher_t *cipher, uint8_t iv[16], const uint8_t *input, int cipher_decrypt_cbc(const cipher_t *cipher, uint8_t iv[16], const uint8_t *input,
size_t input_len, uint8_t *output); size_t input_len, uint8_t *output);
#ifdef __cplusplus #ifdef __cplusplus

4
sys/include/crypto/modes/ccm.h
View File

@ -69,7 +69,7 @@ extern "C" {
* can be 0 if input_len=0 (no plaintext) * can be 0 if input_len=0 (no plaintext)
* @return A negative error code if something went wrong * @return A negative error code if something went wrong
*/ */
int cipher_encrypt_ccm(cipher_t *cipher, int cipher_encrypt_ccm(const cipher_t *cipher,
const uint8_t *auth_data, uint32_t auth_data_len, const uint8_t *auth_data, uint32_t auth_data_len,
uint8_t mac_length, uint8_t length_encoding, uint8_t mac_length, uint8_t length_encoding,
const uint8_t *nonce, size_t nonce_len, const uint8_t *nonce, size_t nonce_len,
@ -99,7 +99,7 @@ int cipher_encrypt_ccm(cipher_t *cipher,
* can be 0 if only auth_data and MAC is present. * can be 0 if only auth_data and MAC is present.
* @return A negative error code if something went wrong * @return A negative error code if something went wrong
*/ */
int cipher_decrypt_ccm(cipher_t *cipher, int cipher_decrypt_ccm(const cipher_t *cipher,
const uint8_t *auth_data, uint32_t auth_data_len, const uint8_t *auth_data, uint32_t auth_data_len,
uint8_t mac_length, uint8_t length_encoding, uint8_t mac_length, uint8_t length_encoding,
const uint8_t *nonce, size_t nonce_len, const uint8_t *nonce, size_t nonce_len,

4
sys/include/crypto/modes/ctr.h
View File

@ -44,7 +44,7 @@ extern "C" {
* @return Length of encrypted data on a successful encryption * @return Length of encrypted data on a successful encryption
* @return A negative error code if something went wrong * @return A negative error code if something went wrong
*/ */
int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], int cipher_encrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16],
uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t nonce_len, const uint8_t *input, size_t length,
uint8_t *output); uint8_t *output);
@ -68,7 +68,7 @@ int cipher_encrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16],
* @return Length of decrypted data on a successful decryption * @return Length of decrypted data on a successful decryption
* @return A negative error code if something went wrong * @return A negative error code if something went wrong
*/ */
int cipher_decrypt_ctr(cipher_t *cipher, uint8_t nonce_counter[16], int cipher_decrypt_ctr(const cipher_t *cipher, uint8_t nonce_counter[16],
uint8_t nonce_len, const uint8_t *input, size_t length, uint8_t nonce_len, const uint8_t *input, size_t length,
uint8_t *output); uint8_t *output);

8
sys/include/crypto/modes/ecb.h
View File

@ -42,8 +42,8 @@ extern "C" {
* @return A negative error code if something went wrong * @return A negative error code if something went wrong
* *
*/ */
int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input, size_t length, int cipher_encrypt_ecb(const cipher_t *cipher, const uint8_t *input,
uint8_t *output); size_t length, uint8_t *output);
/** /**
@ -59,8 +59,8 @@ int cipher_encrypt_ecb(cipher_t *cipher, uint8_t *input, size_t length,
* @return Length of decrypted data on a successful decryption * @return Length of decrypted data on a successful decryption
* @return A negative error code if something went wrong * @return A negative error code if something went wrong
*/ */
int cipher_decrypt_ecb(cipher_t *cipher, uint8_t *input, size_t length, int cipher_decrypt_ecb(const cipher_t *cipher, const uint8_t *input,
uint8_t *output); size_t length, uint8_t *output);
#ifdef __cplusplus #ifdef __cplusplus
} }

20
sys/include/crypto/modes/ocb.h
View File

@ -77,10 +77,12 @@ extern "C" {
* It has to be of size data_len + tag_len. * It has to be of size data_len + tag_len.
* @return Length of the encrypted data (including the tag) or a (negative) error code * @return Length of the encrypted data (including the tag) or a (negative) error code
*/ */
int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data, int32_t cipher_encrypt_ocb(const cipher_t *cipher,
size_t auth_data_len, const uint8_t *auth_data, size_t auth_data_len,
uint8_t tag_len, uint8_t *nonce, size_t nonce_len, uint8_t tag_len,
uint8_t *input, size_t input_len, uint8_t *output); const uint8_t *nonce, size_t nonce_len,
const uint8_t *input, size_t input_len,
uint8_t *output);
/** /**
* @brief Decrypt and verify the authentication of OCB encrypted data. * @brief Decrypt and verify the authentication of OCB encrypted data.
@ -100,10 +102,12 @@ int32_t cipher_encrypt_ocb(cipher_t *cipher, uint8_t *auth_data,
* Will contain only zeroes, if the authentication fails. * Will contain only zeroes, if the authentication fails.
* @return Length of the plaintext data or a (negative) error code * @return Length of the plaintext data or a (negative) error code
*/ */
int32_t cipher_decrypt_ocb(cipher_t *cipher, uint8_t *auth_data, int32_t cipher_decrypt_ocb(const cipher_t *cipher,
size_t auth_data_len, const uint8_t *auth_data, size_t auth_data_len,
uint8_t tag_len, uint8_t *nonce, size_t nonce_len, uint8_t tag_len,
uint8_t *input, size_t input_len, uint8_t *output); const uint8_t *nonce, size_t nonce_len,
const uint8_t *input, size_t input_len,
uint8_t *output);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

2
tests/sys_crypto/tests-crypto-modes-ccm.c
View File

@ -1255,7 +1255,7 @@ static void test_crypto_modes_ccm_decrypt(void)
} }
typedef int (*func_ccm_t)(cipher_t *, const uint8_t *, uint32_t, typedef int (*func_ccm_t)(const cipher_t *, const uint8_t *, uint32_t,
uint8_t, uint8_t, const uint8_t *, size_t, uint8_t, uint8_t, const uint8_t *, size_t,
const uint8_t *, size_t, uint8_t *); const uint8_t *, size_t, uint8_t *);