From a6916fada8beb93f112e0c8d4cd14b51fdc13411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 2 May 2014 15:17:29 +0200 Subject: [PATCH] Add (placeholder) CCM module --- include/polarssl/ccm.h | 52 +++++++++++++++++++++ include/polarssl/config.h | 14 ++++++ include/polarssl/error.h | 1 + library/CMakeLists.txt | 1 + library/Makefile | 2 +- library/ccm.c | 67 ++++++++++++++++++++++++++++ library/error.c | 11 +++++ library/version_features.c | 3 ++ programs/test/selftest.c | 8 +++- scripts/generate_errors.pl | 2 +- tests/CMakeLists.txt | 1 + tests/Makefile | 7 ++- tests/suites/test_suite_ccm.data | 2 + tests/suites/test_suite_ccm.function | 15 +++++++ visualc/VS2010/PolarSSL.vcxproj | 2 + visualc/VS6/polarssl.dsp | 8 ++++ 16 files changed, 192 insertions(+), 4 deletions(-) create mode 100644 include/polarssl/ccm.h create mode 100644 library/ccm.c create mode 100644 tests/suites/test_suite_ccm.data create mode 100644 tests/suites/test_suite_ccm.function diff --git a/include/polarssl/ccm.h b/include/polarssl/ccm.h new file mode 100644 index 000000000..b794cd895 --- /dev/null +++ b/include/polarssl/ccm.h @@ -0,0 +1,52 @@ +/** + * \file ccm.h + * + * \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers + * + * Copyright (C) 2014, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_CCM_H +#define POLARSSL_CCM_H + +#include "cipher.h" + +#define POLARSSL_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ +#define POLARSSL_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int ccm_self_test( int verbose ); +#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */ + +#ifdef __cplusplus +} +#endif + +#endif /* POLARSSL_CGM_H */ diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 500d04173..5bfce9cc2 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -1274,6 +1274,20 @@ */ #define POLARSSL_CAMELLIA_C +/** + * \def POLARSSL_GCM_C + * + * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. + * + * Module: library/ccm.c + * + * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C + * + * This module enables the AES-CCM ciphersuites, if other requisites are + * enabled as well. + */ +#define POLARSSL_CCM_C + /** * \def POLARSSL_CERTS_C * diff --git a/include/polarssl/error.h b/include/polarssl/error.h index d27b0e555..cdee952e0 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -77,6 +77,7 @@ * PBKDF2 1 0x007C-0x007C * RIPEMD160 1 0x007E-0x007E * HMAC_DRBG 4 0x0003-0x0009 + * CCM 2 0x000D-0x000F * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 86ccee19e..4cbd1629e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -11,6 +11,7 @@ set(src bignum.c blowfish.c camellia.c + ccm.c certs.c cipher.c cipher_wrap.c diff --git a/library/Makefile b/library/Makefile index e02a258e5..281353ad7 100644 --- a/library/Makefile +++ b/library/Makefile @@ -37,7 +37,7 @@ endif OBJS= aes.o aesni.o arc4.o \ asn1parse.o \ asn1write.o base64.o bignum.o \ - blowfish.o camellia.o \ + blowfish.o camellia.o ccm.o \ certs.o cipher.o cipher_wrap.o \ ctr_drbg.o debug.o des.o \ dhm.o ecdh.o ecdsa.o \ diff --git a/library/ccm.c b/library/ccm.c new file mode 100644 index 000000000..b4ba3d5d0 --- /dev/null +++ b/library/ccm.c @@ -0,0 +1,67 @@ +/* + * NIST SP800-38C compliant CCM implementation + * + * Copyright (C) 2014, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* + * Definition of CCM: + * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf + * RFC 3610 "Counter with CBC-MAC (CCM)" + * + * Related: + * RFC 5116 "An Interface and Algorithms for Authenticated Encryption" + */ + +#if !defined(POLARSSL_CONFIG_FILE) +#include "polarssl/config.h" +#else +#include POLARSSL_CONFIG_FILE +#endif + +#if defined(POLARSSL_CCM_C) + +#include "polarssl/ccm.h" + + +#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C) + +#if defined(POLARSSL_PLATFORM_C) +#include "polarssl/platform.h" +#else +#define polarssl_printf printf +#endif + +int ccm_self_test( int verbose ) +{ + if( verbose != 0 ) + polarssl_printf( " CCM: skip\n" ); + + if( verbose != 0 ) + polarssl_printf( "\n" ); + + return( 0 ); +} + +#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */ + +#endif /* POLARSSL_CCM_C */ diff --git a/library/error.c b/library/error.c index 1eac108c0..8afc09202 100644 --- a/library/error.c +++ b/library/error.c @@ -53,6 +53,10 @@ #include "polarssl/camellia.h" #endif +#if defined(POLARSSL_CCM_C) +#include "polarssl/ccm.h" +#endif + #if defined(POLARSSL_CIPHER_C) #include "polarssl/cipher.h" #endif @@ -575,6 +579,13 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); #endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_CCM_C) + if( use_ret == -(POLARSSL_ERR_CCM_BAD_INPUT) ) + snprintf( buf, buflen, "CCM - Bad input parameters to function" ); + if( use_ret == -(POLARSSL_ERR_CCM_AUTH_FAILED) ) + snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); +#endif /* POLARSSL_CCM_C */ + #if defined(POLARSSL_CTR_DRBG_C) if( use_ret == -(POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); diff --git a/library/version_features.c b/library/version_features.c index 68955c3ac..8dc530a6d 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -366,6 +366,9 @@ const char *features[] = { #if defined(POLARSSL_CAMELLIA_C) "POLARSSL_CAMELLIA_C", #endif /* POLARSSL_CAMELLIA_C */ +#if defined(POLARSSL_CCM_C) + "POLARSSL_CCM_C", +#endif /* POLARSSL_CCM_C */ #if defined(POLARSSL_CERTS_C) "POLARSSL_CERTS_C", #endif /* POLARSSL_CERTS_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index a2e7f7539..07e2b122a 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -36,6 +36,7 @@ #include "polarssl/ctr_drbg.h" #include "polarssl/dhm.h" #include "polarssl/gcm.h" +#include "polarssl/ccm.h" #include "polarssl/md2.h" #include "polarssl/md4.h" #include "polarssl/md5.h" @@ -132,11 +133,16 @@ int main( int argc, char *argv[] ) return( ret ); #endif -#if defined(POLARSSL_GCM_C) +#if defined(POLARSSL_GCM_C) && defined(POLARSSL_AES_C) if( ( ret = gcm_self_test( v ) ) != 0 ) return( ret ); #endif +#if defined(POLARSSL_CCM_C) && defined(POLARSSL_AES_C) + if( ( ret = ccm_self_test( v ) ) != 0 ) + return( ret ); +#endif + #if defined(POLARSSL_BASE64_C) if( ( ret = base64_self_test( v ) ) != 0 ) return( ret ); diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 5631ae8e2..d16d0ce96 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -12,7 +12,7 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM", "BASE64", "XTEA", "PBKDF2", "OID", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160", - "SHA1", "SHA256", "SHA512", "GCM", "THREADING" ); + "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", "PK", "PKCS12", "PKCS5" ); diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 0460c63fa..142ebf146 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -43,6 +43,7 @@ add_test_suite(arc4) add_test_suite(base64) add_test_suite(blowfish) add_test_suite(camellia) +add_test_suite(ccm) add_test_suite(cipher cipher.aes) add_test_suite(cipher cipher.arc4) add_test_suite(cipher cipher.blowfish) diff --git a/tests/Makefile b/tests/Makefile index ce458ca07..a0d136a0a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -34,7 +34,8 @@ APPS = test_suite_aes.ecb test_suite_aes.cbc \ test_suite_aes.cfb test_suite_aes.rest \ test_suite_arc4 \ test_suite_base64 test_suite_blowfish \ - test_suite_camellia test_suite_cipher.aes \ + test_suite_camellia test_suite_ccm \ + test_suite_cipher.aes \ test_suite_cipher.arc4 test_suite_cipher.gcm \ test_suite_cipher.blowfish \ test_suite_cipher.camellia \ @@ -198,6 +199,10 @@ test_suite_camellia: test_suite_camellia.c $(DEP) echo " CC $@.c" $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ +test_suite_ccm: test_suite_ccm.c $(DEP) + echo " CC $@.c" + $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ + test_suite_cipher.aes: test_suite_cipher.aes.c $(DEP) echo " CC $@.c" $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data new file mode 100644 index 000000000..223e28a7e --- /dev/null +++ b/tests/suites/test_suite_ccm.data @@ -0,0 +1,2 @@ +CCM self test +ccm_self_test: diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function new file mode 100644 index 000000000..487d1c590 --- /dev/null +++ b/tests/suites/test_suite_ccm.function @@ -0,0 +1,15 @@ +/* BEGIN_HEADER */ +#include +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:POLARSSL_CCM_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:POLARSSL_SELF_TEST:POLARSSL_AES_C */ +void ccm_self_test( ) +{ + TEST_ASSERT( ccm_self_test( 0 ) == 0 ); +} +/* END_CASE */ diff --git a/visualc/VS2010/PolarSSL.vcxproj b/visualc/VS2010/PolarSSL.vcxproj index 529794adb..fce156d42 100644 --- a/visualc/VS2010/PolarSSL.vcxproj +++ b/visualc/VS2010/PolarSSL.vcxproj @@ -152,6 +152,7 @@ + @@ -216,6 +217,7 @@ + diff --git a/visualc/VS6/polarssl.dsp b/visualc/VS6/polarssl.dsp index 71dfd7f12..37a9e6e9a 100644 --- a/visualc/VS6/polarssl.dsp +++ b/visualc/VS6/polarssl.dsp @@ -121,6 +121,10 @@ SOURCE=..\..\library\camellia.c # End Source File # Begin Source File +SOURCE=..\..\library\ccm.c +# End Source File +# Begin Source File + SOURCE=..\..\library\certs.c # End Source File # Begin Source File @@ -401,6 +405,10 @@ SOURCE=..\..\include\polarssl\camellia.h # End Source File # Begin Source File +SOURCE=..\..\include\polarssl\ccm.h +# End Source File +# Begin Source File + SOURCE=..\..\include\polarssl\certs.h # End Source File # Begin Source File