Commit graph

1293 commits

Author SHA1 Message Date
Gilles Peskine 785fd55a39 Whitespace fixes; removed redundant parentheses
No semantic change.
2018-09-05 12:13:23 +03:00
Gilles Peskine c425e87af7 Add cast to satisfy gcc -Wsign-compare 2018-09-05 12:13:23 +03:00
Moran Peker b34879b61a fix import_export_public_key test to use policy 2018-09-05 12:13:23 +03:00
Moran Peker 338a0cf569 fix import_export_public_key test 2018-09-05 12:13:23 +03:00
Moran Peker 4ff99f36a7 change test case descriptions + add newline of test_suite_psa_crypto.function 2018-09-05 12:13:22 +03:00
Moran Peker b4d0ddd2d3 psa_export_public_key 2018-09-05 12:13:20 +03:00
Moran Peker dd4ea38d58 export public key 2018-09-05 12:10:47 +03:00
itayzafrir 5c7533923a ECDSA sign and verify implementation and tests
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine a0655c3501 Merge remote-tracking branch 'psa/pr/13' into feature-psa
Conflicts:
	library/psa_crypto.c
	tests/suites/test_suite_psa_crypto.data
	tests/suites/test_suite_psa_crypto.function

All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
mohammad1603 5d7ec2033d fix key lifetime set implementation , tests accordingly 2018-09-05 12:01:37 +03:00
mohammad1603 ba178511f4 Remove unused and duplicated erros, fix documentation and tests
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603 060ad8ac34 Compilation and tests fixes 2018-09-05 12:01:37 +03:00
mohammad1603 804cd71bf8 initial key lifetime implementation and tests 2018-09-05 12:01:37 +03:00
Gilles Peskine c63b6ba754 Merge remote-tracking branch 'psa/pr/14' into feature-psa
Conflict resolution:

* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14,
  rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
  was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
mohammad1603 d926b88085 Fix Policy enforcement sign test
Fix Policy sign scenario for enforcement test
2018-09-05 11:53:26 +03:00
mohammad1603 6df908f234 Add static internal MAC finish function
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
mohammad1603 4eed757901 add new test scenarios 2018-09-05 11:53:26 +03:00
mohammad1603 a97cb8c303 Add calls for set policy in export/sign tests
Add calls for set policy in export/sign tests
2018-09-05 11:53:26 +03:00
Gilles Peskine a59262338a Rename PKCS1V15 to PKCS1V15_SIGN
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
mohammad1603 8cc1ceec3e Key Policy APIs implementation 2018-09-05 11:53:26 +03:00
Gilles Peskine 40f68b9863 Use unhexify_alloc where applicable 2018-09-05 11:53:25 +03:00
Gilles Peskine 8c9def3e7f PSA: Implement MAC functions
Implement psa_mac_start, psa_mac_update and psa_mac_final.

Implement HMAC anc CMAC.

Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine 9ef733faa0 Implement hash functions
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.

Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine 93aa0334d9 PSA asymmetric signature: set *signature_length = 0 on failure 2018-09-05 11:53:24 +03:00
Gilles Peskine 0189e7512d PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine 20035e3579 PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
Define hash algorithms and RSA signature algorithms.

New function psa_asymmetric_sign.

Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine c66ea6a921 PSA key import: support RSA public keys
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine 969ac726d9 PSA RSA key import: don't rely on pk so much
Don't use the pk module except as required for pkparse/pkwrite. The
PSA crypto layer is meant to work alongside pk, not on top of it.

Fix the compile-time dependencies on RSA/ECP handling in
psa_export_key, psa_destroy_key and psa_get_key_information.
2018-09-05 11:53:24 +03:00
Gilles Peskine 2f9c4dc5ad Add key management functions
Define psa_key_type_t and a first stab at a few values.

New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.

Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine 1d26709dbd New function mbedtls_rsa_get_bitlen
Add a new function mbedtls_rsa_get_bitlen which returns the RSA key
size, i.e. the bit size of the modulus. In the pk module, call
mbedtls_rsa_get_bitlen instead of mbedtls_rsa_get_len, which gave the
wrong result for key sizes that are not a multiple of 8.

This commit adds one non-regression test in the pk suite. More tests
are needed for RSA key sizes that are a multiple of 8.

This commit does not address RSA alternative implementations, which
only provide an interface that return the modulus size in bytes.
2018-09-05 11:53:24 +03:00
Gilles Peskine e59236fc17 Add PSA crypto module
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.

Implement psa_crypto_init function which sets up a RNG.

Add a mbedtls_psa_crypto_free function which deinitializes the
library.

Define a first batch of error codes.
2018-09-05 10:59:00 +03:00
Simon Butcher 4d075cd7d0 Update library version number to 2.13.0 2018-08-31 15:59:10 +01:00
Simon Butcher 6f032a60c9 Merge remote-tracking branch 'public/pr/1963' into development 2018-08-28 10:21:06 +01:00
Ron Eldor 6b13afe1a5 Fix indentation
Fix indentation in the test.
2018-08-21 16:11:13 +03:00
Ron Eldor 9434713368 Move the assertion
Move the assertion for checking the heap allocatino succeeded.
2018-08-20 14:59:33 +03:00
Mohammad Azim Khan 2c069dfad3 Fix typo in test_suite_entropy.function 2018-08-15 13:55:37 +01:00
Ron Eldor 446227a1bd Enhance nist_kw with some NULL buffers tests
Enhance the nist_kw test suite, with setting zero length input\output
buffers. Resolves #1882.
2018-08-13 14:46:45 +03:00
Mohammad Azim Khan 5cb7017077 Less obscure test suites template 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan d2d0112ca8 Style fixes 2018-08-06 11:42:56 +01:00
Azim Khan 8d686bfdb1 Incorporated code revoew comments. 2018-08-06 11:42:56 +01:00
Azim Khan 5fcca46a3a Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
Azim Khan 62a5d7d65a Document status/error codes in helper.function 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan cfd834274b Use integer instead of string as test result 2018-08-06 11:42:06 +01:00
Azim Khan 0fa3504a77 Add missing MSVC typedefs 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan b73159d639 Remove white spaces caught by check-files.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan ddde34c698 Remove git conflict marker from test_suite_timing.function 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 76135345c8 Fix gcc-7 -Wformat-truncation warning
Function test_snprintf() is called by run_test_snprintf() with constant test
data. It gets inlined and is subjected to snprintf format truncation checks
introduced by -Wformat-truncation in gcc-7. -Wformat-truncation is turned
On by -Wall and other similar options. It results in error with -Werror.

-Wformat-truncation makes tests performed by run_test_snprintf() redundant
on gcc. But they are still relevant for other compilers. This commit prevents
inlining of test_snprintf() to avoid gcc compile time checks.
2018-08-06 11:40:58 +01:00
Azim Khan 05d83fa406 Put parentheses around macro arguments 2018-08-06 11:40:58 +01:00
Azim Khan 36e5fac0fb Rephrase confusing function description 2018-08-06 11:40:58 +01:00
Azim Khan 317efe85e1 Adapt new test gcm_bad_parameters() to on target testing changes 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 9540261a76 Incorporated code review comments 2018-08-06 11:40:58 +01:00
Azim Khan b1c2d0f946 Use switch instead if if-else for dependency and expression checks. 2018-08-06 11:40:58 +01:00
Azim Khan d61a4384d8 incorporate code review comment in embedded_test.function 2018-08-06 11:40:58 +01:00
Azim Khan 13c6bfbc2a Gaurd test suite headers with suite dependency
Test suite header code was not gaurded with test suite dependency.
But some test suites have additional code in the headers section.
Variables in that section become unused if suite functions are
gaurded. Hence gaurded the headers section.
But this changed cuased missing types in get_expression() function
that was originally accessing types defined through suite headers.
Hence had to gaurd expressions code as well.
Gaurding expressions does not allow parsing the parameters when
some types or hash defs are gaurded. Hence added function
check_test() to check if test is allowed or not before parsing the
parameters.
2018-08-06 11:40:57 +01:00
Mohammad Azim Khan cf32c45bfd Add missing headers and fix name change issues 2018-08-06 11:40:57 +01:00
Azim Khan 1de892b85f Update code as old template and generator is replaced with new one 2018-08-06 11:40:57 +01:00
Azim Khan 191e904bb2 Replace old template and code generator with new ones. Keep names 2018-08-06 11:40:57 +01:00
Azim Khan d30ca130e8 Combine hex parameters in a struct 2018-08-06 11:40:57 +01:00
Azim Khan 5cfc06832e Fix name conflict in function params after hexify/unhexify change 2018-08-06 11:40:57 +01:00
Azim Khan 3e5d0004ab Update Greentea API header 2018-08-06 11:40:57 +01:00
Azim Khan 47b40609de Fix RSA test suite bugged by hexify/unhexify change 2018-08-06 11:40:57 +01:00
Azim Khan 392267a7c8 Fix missing data in the RSA test vectors file 2018-08-06 11:40:57 +01:00
Azim Khan b3a103c499 Put else in it's own line 2018-08-06 11:40:57 +01:00
Azim Khan d59391afcd Add support for sending hex parameters 2018-08-06 11:40:57 +01:00
Azim Khan 46c9b1f196 Fix test functions and data after moving hexify/unhexify out
- Separate string and hex parameter as unhexify is moved out of the function. It's input should only be hex.
- Fix test mbedtls_ccm_encrypt_and_tag that grows input message buffer with tag
- Add missing expected length parameter in ECP TLS tests
- Add deleted TEST_ASSERT and mbedtls calls that got removed in script based code generation
2018-08-06 11:40:57 +01:00
Azim Khan 184447e7e4 Add proper handling of hex data 2018-08-06 11:40:57 +01:00
Azim Khan f1aaec9888 Intermediate hexify out change 2018-08-06 11:40:57 +01:00
Azim Khan 9079170f6e Adapt code for scripting out hexify/unhexify code 2018-08-06 11:40:57 +01:00
Azim Khan 3499a9e41b Add hex comparison function 2018-08-06 11:40:57 +01:00
Azim Khan 0574632b30 Update Greentea client API calls 2018-08-06 11:40:57 +01:00
Azim Khan ee6c0189df Unify test setup errors for sending to host 2018-08-06 11:40:57 +01:00
Azim Khan ec024483ae Fix line no. directive 2018-08-06 11:40:57 +01:00
Mohammad Azim Khan 67735d540b Fix name conflict and implicit use of functions from string.h 2018-08-06 11:40:57 +01:00
Mohammad Azim Khan fff4904e6b mbed-os test code generator 2018-08-06 11:40:57 +01:00
Simon Butcher 5f26b11ffa Change test dependencies to RC4 from DES
Some tests were dependent on DES yet actually used RC4. Likely a copy and paste
error. This change fixes them.
2018-07-27 17:15:39 +01:00
Jaeden Amero 193c86425e Update version to 2.12.0 2018-07-25 15:42:26 +01:00
Simon Butcher 2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Ron Eldor 8dd03cd1aa Add tests for the nist key wrapping feature
Add tests for Key wrapping.
Test vectors taken from the standards.
2018-07-24 16:43:20 +01:00
Simon Butcher be685ba337 Merge remote-tracking branch 'public/pr/1836' into development 2018-07-19 20:01:23 +01:00
Simon Butcher 727325baa7 Merge remote-tracking branch 'public/pr/1788' into development 2018-07-10 14:54:52 +01:00
Jaeden Amero cdb5cc570c tests: dhm: Rename Hallman to Hellman
Fix typo of Diffie-Hallman to Diffie-Hellman.
2018-07-06 13:20:09 +01:00
k-stachowiak b056dd86d0 Remove a redundant dependency clause 2018-06-28 12:58:56 +02:00
k-stachowiak 7972334090 Enable ARIA self test in the unit testing 2018-06-25 15:29:52 +02:00
Nicholas Wilson 2682edf205 Fix build using -std=c99
In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
2018-06-25 12:00:26 +01:00
Manuel Pégourié-Gonnard 0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Simon Butcher 2fcd3e4441 Change the library version to 2.11.0
* Change the Mbed TLS library version to 2.11.0
 * Increase the soversion of libmbedcrypto
 * Increase the soversion of libmbedtls
2018-06-18 14:39:06 +01:00
Jaeden Amero d906b818f3 tests: cipher: Allocate enough space for XTS keys
XTS keys can be double the size, since XTS uses two keys concatenated
together as a key (one for the tweak, one for encryption).
2018-06-13 12:16:25 +01:00
Jaeden Amero c28012acdd tests: Remove NIST AES-XTS test vectors
The IEEE P1619 XTS test vectors should suffice. Remove the NIST test
vectors.
2018-06-13 12:13:58 +01:00
Jaeden Amero 142383e25b aes: xts: Add tests for invalid key sizes
Test that we get the error we expect when using various valid and invalid
keysizes with mbedtls_aes_xts_setkey_enc() and
mbedtls_aes_xts_setkey_dec().
2018-06-13 12:13:58 +01:00
Jaeden Amero c653990ed5 cipher: Add wrappers for AES-XTS
AES-XTS does not support multipart use as it can only operate on an entire
sector at a time.
2018-06-13 12:13:56 +01:00
Jaeden Amero 425382d4fb tests: Extend AES-XTS suite
Extend the existing test suite for AES-XTS with checks for error reporting
and the IEEE P1619/D16 test vectors.
2018-06-13 12:05:04 +01:00
Jaeden Amero e5c4b07b92 tests: Make AES-XTS suite more stack friendly
Remove stack-allocated buffers from the AES-XTS test suites.
2018-06-13 12:05:04 +01:00
Jaeden Amero cd9fc5e541 aes: xts: Rename iv to data_unit
XTS doesn't have an IV, it has a "Data Unit". Rename iv for parity with the
XTS standard.
2018-06-13 12:05:04 +01:00
Jaeden Amero 5162b932a2 aes: Use length instead of bits_length in XTS
mbedtls_aes_crypt_xts() currently takes a `bits_length` parameter, unlike
the other block modes. Change the parameter to accept a bytes length
instead, as the `bits_length` parameter is not actually ever used in the
current implementation.
2018-06-13 12:05:04 +01:00
Jaeden Amero 9366feb504 aes: xts: Add new context structure
Add a new context structure for XTS. Adjust the API for XTS to use the new
context structure, including tests suites and the benchmark program. Update
Doxgen documentation accordingly.
2018-06-13 12:05:04 +01:00
Jaeden Amero e9ecf00007 aes: Remove AES-XEX
AES-XEX is a building block for other cryptographic standards and not yet a
standard in and of itself. We'll just provide the standardized AES-XTS
algorithm, and not AES-XEX. The AES-XTS algorithm and interface provided
can be used to perform the AES-XEX algorithm when the length of the input
is a multiple of the AES block size.
2018-06-13 12:03:29 +01:00
Aorimn 5f77801ac3 Implement AES-XTS mode
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn fb67fae83a Add AES-XEX tests cases
The test cases come from the XTS test vectors given by the CAVP initiative
from NIST (see [1]).
As mentioned in a previous commit, XEX is a simpler case of XTS.
Therefore, to construct the test_suite_aes.xex.data file, extraction of
the XEX-possible cases has been done on the given test vectors.
All of the extracted test vectors pass the tests on a Linux x86_64 machine.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:01:50 +01:00
Jaeden Amero 9f52aebe2e tests: Fix name of 33 byte AES cipher tests
We named the tests "32 bytes", but actually tested with 33 bytes. Fix the
mistake.
2018-06-13 11:56:03 +01:00
Simon Butcher e47d6fd97e Merge remote-tracking branch 'public/pr/1497' into development 2018-06-12 16:53:04 +01:00
Simon Butcher f0d7629771 Merge remote-tracking branch 'public/pr/1593' into development 2018-06-12 16:41:41 +01:00
Simon Butcher 263498ac36 Merge remote-tracking branch 'public/pr/1667' into development 2018-06-12 16:40:07 +01:00
Simon Butcher 33cb519cda Add decrypt tests to AES OFB Cipher module
Adds additional tests for AES-128, AES-192, and AES-256, for OFB block mode, for
the cipher wrapper module.
2018-06-11 14:03:22 +01:00
Simon Butcher b7836e1e8c Change AES OFB tests to memset sizeof buffer 2018-06-11 14:03:22 +01:00
Simon Butcher e416bf93d2 Reduce stack usage for AES OFB tests
Reduced the size of allocated buffers to the minimum for OFB tests.
2018-06-11 14:03:22 +01:00
Simon Butcher 00131446be Fix style and formatting for OFB feature 2018-06-11 14:03:22 +01:00
Simon Butcher 374bcd4255 Add to OFB cipher tests AES-192 and AES-256 OFB 2018-06-11 14:03:22 +01:00
Simon Butcher dbe7fbf391 Remove unused variable in AES OFB test suite
Remove iv_len, an unused variable, in AES OFB test suite function, to fix gcc
compiler warning.
2018-06-11 14:03:22 +01:00
Simon Butcher ad4e4938d1 Fix AES-OFB support for errors, tests and self-test
Adds error handling into mbedtls_aes_crypt_ofb for AES errors, a self-test
for the OFB mode using NIST SP 800-38A test vectors and adds a check to
potential return errors in setting the AES encryption key in the OFB test
suite.
2018-06-11 14:03:22 +01:00
Simon Butcher 8c0fd1e881 Add cipher abstraction and test cases for OFB block mode
Adds OFB as additional block mode in the cipher abstraction, and additional
test cases for that block mode.
2018-06-11 14:03:22 +01:00
Simon Butcher 0301884f00 Add test cases for AES OFB block mode
Adds test cases from NIST SP800-38A for OFB block mode to AES-128/192/256, for
the configuration of MBEDTLS_CIPHER_MODE_OFB.
2018-06-11 14:03:22 +01:00
Jaeden Amero 10e0e4d4ff hkdf: Add negative tests
Test for the expected bad input parameter error when given specific sets of
bad input parameters.
2018-06-11 13:10:14 +01:00
Jaeden Amero 3618962cab hkdf: Add tests for extract and expand
Add tests for mbedtls_hkdf_extract() and mbedtls_hkdf_expand() from the
test vectors in Appendix A of RFC 5869.
2018-06-11 13:10:14 +01:00
Thomas Fossati 656864b360 Add an HKDF (RFC 5869) implementation 2018-06-11 13:10:14 +01:00
Manuel Pégourié-Gonnard 39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Simon Butcher d5a09f1e68 Updated version number to 2.10.0 for release 2018-06-06 14:52:00 +01:00
Simon Butcher d08a2f7245 Adapt the ARIA test cases for new ECB function
Commit 08c337d058 "Remove useless parameter from function" removed the
parameter mode from the functions mbedtls_aria_crypt_ecb() which broke their
respective test suite.

This commit fixes those test cases.
2018-06-05 15:53:06 +01:00
Manuel Pégourié-Gonnard 3dc62a0a9b chachapoly: force correct mode for integrated API
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00
Simon Butcher 246cb05a92 Merge remote-tracking branch 'public/pr/1410' into development 2018-06-01 19:25:56 +01:00
Simon Butcher ba9199458d Merge remote-tracking branch 'public/pr/1604' into development 2018-06-01 19:15:40 +01:00
Darryl Green 0daf4caaf8 Add test vectors for CCM* 2018-05-31 10:05:35 +01:00
Janos Follath 95ab93d417 CCM*: Add minimal tests 2018-05-29 11:59:22 +01:00
Manuel Pégourié-Gonnard 3798b6be6b Add some error codes and merge others
- need HW failure codes too
- re-use relevant poly codes for chachapoly to save on limited space

Values were chosen to leave 3 free slots at the end of the NET odd range.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 234e1cef73 cipher: add stream test vectors for chacha20(poly1305) 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard ceb1225d46 chachapoly: add test for state flow 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 444f711216 poly1305: add test with multiple small fragments
This exercises the code path where data is just appended to the waiting queue
while it isn't empty.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 59d2c30eba chachapoly: add test for parameter validation
Also fix two bugs found by the new tests.

Also remove redundant test case dependency declarations while at it.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard a8fa8b8f96 poly1305: add test for parameter validation
Also fix two validation bugs found while adding the tests.

Also handle test dependencies the right way while at it.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 2aca236881 chacha20: add test for parameter validation 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard fce88b2533 Fix selftest verbosity in test suites 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 69767d1c7b cipher: add chachapoly test vector + unauth case 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 1465602ee1 poly1305: fix bug in starts() and add test for it 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 55c0d096b7 chacha20: fix bug in starts() and add test for it
Previously the streaming API would fail when encrypting multiple messages with
the same key.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 7296771194 chachapoly: add test with unauthentic data 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 528524bf3c Reduce size of buffers in test suites 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard b1ac5e7842 poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard 346b8d5050 chachapoly: split crypt_and_mac() to match GCM API
In addition to making the APIs of the various AEAD modules more consistent
with each other, it's useful to have an auth_decrypt() function so that we can
safely check the tag ourselves, as the user might otherwise do it in an
insecure way (or even forget to do it altogether).
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-24 13:37:31 +02:00
Daniel King dca6abb24b Fix test suite when GCM Is disabled, but AEAD_ChaCha20_Poly1305 is enabled. 2018-05-24 13:37:31 +02:00
Daniel King 6155cc82ba Add ChaCha20 test vectors from RFC 7539 2018-05-24 13:37:31 +02:00
Daniel King 8fe4701abe Add ChaCha20+Poly1305 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King b8025c5826 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-24 13:37:31 +02:00
Daniel King adc32c0b50 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-24 13:37:31 +02:00
Daniel King bd92062269 Add ChaCha20 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King 34b822ce7b Initial implementation of ChaCha20 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard a3712beb9b Merge branch 'development' into iotssl-1941-aria-ciphersuites
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
2018-05-22 15:58:50 +02:00
Darryl Green 11999bb72e Fix minor code style issues 2018-05-15 09:21:57 +01:00
Mohammad Azim Khan 0b3f00c3cf Avoid -Wformat-truncation warning on gcc7 2018-05-01 10:17:48 +01:00
Jaeden Amero 7d7bad6b1f Update version to 2.9.0
Bump SOVERSION for parity with 2.7.2 and 2.7.3.
2018-04-30 09:58:33 +01:00
Jaeden Amero 38c42d5afa Merge remote-tracking branch 'upstream-public/pr/1570' into development-proposed
Resolve merge conflict in ChangeLog.
2018-04-25 14:20:08 +01:00