* - All operations are single-shot (no streaming possible)
* - Context is not used
* - For now only digest and symmetric ciphers are supported
+ * - Disabling PKCS#5 padding for ECB and CBC chaining is not supported.
* - GCM and CCM chaining is not supported
* - All outputs are allocated by the library
*/
*
* @param[in] algo Encryption algorithm (select #YACA_ENCRYPT_AES if unsure)
* @param[in] bcm Chaining mode (select #YACA_BCM_CBC if unsure)
- * @param[in] sym_key Symmetric encryption key (see key.h for key generation functions)
+ * @param[in] sym_key Symmetric encryption key (see yaca_key.h for key generation functions)
* @param[in] iv Initialization vector
* @param[in] plaintext Plaintext to be encrypted
* @param[in] plaintext_len Length of the plaintext
/**
* ECB block cipher mode.
- * Encrypts 64 bit at a time. No IV is used.
+ * No IV is used.
+ *
+ * By default the input data is padded using standard block padding (aka PKCS#5 padding).
+ * Padding can be disabled using yaca_context_set_property() and #YACA_PROPERTY_PADDING, #YACA_PADDING_NONE,
+ * then the total length of data passed until *_finalize() MUST be a multiple of block size.
+ * #YACA_PROPERTY_PADDING can be set at the latest before the *_finalize() call.
*/
YACA_BCM_ECB,
/**
* CBC block cipher mode.
* 16-byte initialization vector is mandatory.
+ *
+ * By default the input data is padded using standard block padding (aka PKCS#5 padding).
+ * Padding can be disabled using yaca_context_set_property() and #YACA_PROPERTY_PADDING, #YACA_PADDING_NONE,
+ * then the total length of data passed until *_finalize() MUST be a multiple of block size.
+ * #YACA_PROPERTY_PADDING can be set at the latest before the *_finalize() call.
*/
YACA_BCM_CBC,
*/
typedef enum {
/**
- * Padding for the sign/verify operation. Property type is #yaca_padding_e.
+ * Padding for the encrypt/decrypt or sign/verify operation. Property type is #yaca_padding_e.
*
* This property can be set at the latest before the *_finalize() call.
*/
case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED):
case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE):
case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA):
+ case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
+ case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
ret = YACA_ERROR_INVALID_PARAMETER;
break;
case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG):
ret = encrypt_ctx_set_ccm_tag_len(c, *(size_t*)value);
break;
+ case YACA_PROPERTY_PADDING:
+ if ((mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE) ||
+ value_len != sizeof(yaca_padding_e) ||
+ *(yaca_padding_e*)value != YACA_PADDING_NONE)
+ return YACA_ERROR_INVALID_PARAMETER;
+
+ if (EVP_CIPHER_CTX_set_padding(c->cipher_ctx, 0) != 1) {
+ ERROR_DUMP(YACA_ERROR_INTERNAL);
+ return YACA_ERROR_INTERNAL;
+ }
+ break;
default:
return YACA_ERROR_INVALID_PARAMETER;
}
if (EVP_CIPHER_CTX_mode(c->cipher_ctx) != EVP_CIPH_WRAP_MODE) {
ret = EVP_CipherFinal(c->cipher_ctx, output, &loutput_len);
- if (ret != 1 || loutput_len < 0) {
- ret = YACA_ERROR_INTERNAL;
- ERROR_DUMP(ret);
- return ret;
- }
+ if (ret != 1 || loutput_len < 0)
+ return ERROR_HANDLE();
}
*output_len = loutput_len;
projects / platform / core / security / yaca.git / commitdiff