Commit Graph

6654 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
02969bf882 ChaCha20: allow in-place en/decryption
All other ciphers so far allow this. In particular, the TLS layer depends on
this, despite what's documented in the Cipher layer, see
https://github.com/ARMmbed/mbedtls/issues/1085
https://github.com/ARMmbed/mbedtls/issues/1087

Also, this can be useful for implementing chachapoly without depending on the
semi-internal function keystream_block(), see next commit.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
d4bd8569d4 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
54b1a7342c Rename poly1305_setkey() to poly1305_starts()
For consistency with the existing CMAC and HMAC APIs
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
726cf72fce Avoid using %zu in selftest functions
This is a C99 feature and unfortunately we can't rely on it yet considering
the set of toolchain (versions) we want to support.
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
a9ed291d2d Add missing extern "C" guard to new headers 2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
deda80e80d Adapt the _ALT style to our new standard
- in .h files: only put the context declaration inside the #ifdef _ALT
  (this was changed in 2.9.0, ie after the original PR)
- in .c file: only leave selftest out of _ALT: even though some function are
  trivial to build from other parts, alt implementors might want to go another
way about them (for efficiency or other reasons)
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
690d9e6fad Add ChangeLog entry for new features.
Fixes #346
2018-05-10 13:22:14 +02:00
Daniel King
f589275d80 Minor style and formatting fixes.
This change corrects some minor style violations, mostly for spacing
around parentheses.
2018-05-10 13:22:14 +02:00
Daniel King
47252c739d Correct signedness of printf specifier in self tests 2018-05-10 13:22:14 +02:00
Daniel King
b9a069d096 Fix unused function warning under certain configurations.
I refactored some code into the function mbedtls_constant_time_memcmp
in commit 7aad291 but this function is only used by GCM and
AEAD_ChaCha20_Poly1305 to check the tags. So this function is now
only enabled if either of these two ciphers is enabled.
2018-05-10 13:22:14 +02:00
Daniel King
5b7f1d8035 Fix test suite when GCM Is disabled, but AEAD_ChaCha20_Poly1305 is enabled. 2018-05-10 13:21:40 +02:00
Daniel King
89c7b10c6a Add ChaCha20 test vectors from RFC 7539 2018-05-10 13:21:40 +02:00
Daniel King
a7472e16bc Add ChaCha20/Poly1305 ciphers to the selftest program 2018-05-10 13:21:40 +02:00
Daniel King
d00afaf2ba Adjust verbose self-test output to match other ciphers. 2018-05-10 13:21:40 +02:00
Daniel King
b437a98faf Add ChaCha20+Poly1305 to the Cipher module 2018-05-10 13:21:40 +02:00
Daniel King
f28c2aa64e Allow some parameters to be NULL if the length is 0.
This change permits users of the ChaCha20/Poly1305 algorithms
(and the AEAD construction thereof) to pass NULL pointers for
data that they do not need, and avoids the need to provide a valid
buffer for data that is not used.
2018-05-10 13:20:52 +02:00
Daniel King
31ac12e004 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-10 13:20:52 +02:00
Daniel King
5d77eaa233 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-10 13:20:52 +02:00
Daniel King
0fe7b5b8c5 Add ChaCha20 to the Cipher module 2018-05-10 13:19:31 +02:00
Daniel King
a98ff5eadf Initial implementation of ChaCha20 2018-05-10 13:19:31 +02:00
Jaeden Amero
a331e0f0af Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed 2018-05-04 14:39:24 +01:00
Jaeden Amero
fb19399f41 Merge remote-tracking branch 'upstream-public/pr/1498' into development-proposed 2018-05-04 11:09:14 +01:00
Jaeden Amero
09c4e7ef5a Merge remote-tracking branch 'upstream-public/pr/1486' into development-proposed 2018-05-04 11:03:16 +01:00
Jaeden Amero
070e356476 Merge remote-tracking branch 'upstream-restricted/pr/481' into development-restricted 2018-05-01 15:28:18 +01:00
Simon Butcher
e6a2a1aa97 Add the uodate to the soversion to the ChangeLog 2018-05-01 14:02:24 +01:00
Jaeden Amero
78d2f7d5df Merge remote-tracking branch 'upstream-restricted/pr/478' into development-restricted 2018-04-30 17:37:42 +01:00
Simon Butcher
b03120ad41 Fix the ChangeLog for clarity, english and credit 2018-04-30 17:13:42 +01:00
Jaeden Amero
00cbed23b8 Merge remote-tracking branch 'upstream-restricted/pr/474' into development-restricted 2018-04-30 10:21:25 +01:00
Jaeden Amero
7d7bad6b1f Update version to 2.9.0
Bump SOVERSION for parity with 2.7.2 and 2.7.3.
2018-04-30 09:58:33 +01:00
Jaeden Amero
8b98498e9a Merge remote-tracking branch 'upstream-restricted/pr/477' into development-restricted-proposed 2018-04-27 18:27:47 +01:00
Jaeden Amero
fe0669f52a ecp: Fix binary compatibility with group ID
We naturally added the new Curve448 ECP group ID in alphabetical order in
the mbedtls_ecp_group_id enum. However, this causes binary incompatibility
issues as previous binaries will use values for groups that now have a
different meaning. For example, MBEDTLS_ECP_DP_SECP192K1, old value 10,
would mean Curve448 (MBEDTLS_ECP_DP_CURVE448) and the wrong group ID used.

Fix the binary compatibility issue by adding new enum entries to the end of
the enum, even though this isn't so great for readbility as the list is no
longer in alphabetical order. However, the list wasn't perfectly in
alphabetical order before anyway.
2018-04-27 18:20:31 +01:00
Jaeden Amero
c64a300027 Merge remote-tracking branch 'upstream-restricted/pr/471' into development-restricted-proposed
Remove trailing whitespace in ChangeLog.
2018-04-26 09:06:33 +01:00
Jaeden Amero
bd05dfd49f Merge branch 'development-proposed' into development-restricted-proposed
Resolve conflicts in ChangeLog
2018-04-26 09:03:03 +01:00
Jaeden Amero
84a1107818 Merge remote-tracking branch 'upstream-public/pr/1592' into development-proposed 2018-04-25 14:22:12 +01:00
Jaeden Amero
38c42d5afa Merge remote-tracking branch 'upstream-public/pr/1570' into development-proposed
Resolve merge conflict in ChangeLog.
2018-04-25 14:20:08 +01:00
Andrzej Kurek
b7a18c0498 Changelog entry 2018-04-25 05:25:30 -04:00
Andrzej Kurek
03bac448db Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:06:07 -04:00
Jaeden Amero
8945343a51 Merge branch 'development-proposed' into development-restricted-proposed
Resolve merge conflict in ecp.h, where `mbedtls_ecp_keypair` was moved.
2018-04-24 17:16:34 +01:00
Andres Amaya Garcia
8491406803 Remove preprocessor directives around platform_util.h include 2018-04-24 08:40:46 -05:00
Andres Amaya Garcia
6698d2fc5c Fix style for mbedtls_mpi_zeroize() 2018-04-24 08:39:07 -05:00
Andres Amaya Garcia
56e06db102 Improve mbedtls_platform_zeroize() docs 2018-04-24 08:37:52 -05:00
Andres Amaya Garcia
708c5cb6ab mbedtls_zeroize -> mbedtls_platform_zeroize in docs 2018-04-24 08:33:31 -05:00
Andres Amaya Garcia
d0ef468d39 Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT 2018-04-24 08:31:34 -05:00
Andres Amaya Garcia
bc7bdbf5c8 Organize CMakeLists targets in alphabetical order 2018-04-24 08:29:20 -05:00
Andres Amaya Garcia
21b376b56c Organize output objs in alfabetical order in Makefile 2018-04-24 08:28:26 -05:00
Jaeden Amero
1afdec1812 Merge remote-tracking branch 'upstream-public/pr/1578' into development-proposed 2018-04-24 14:19:41 +01:00
Jaeden Amero
3dd8abd037 Regenerate errors after ecp.h updates
The error descriptions were updated in ecp.h (PR #1578), so also update
the strings in error.c.
2018-04-24 14:13:15 +01:00
Jaeden Amero
519b129f78 Merge remote-tracking branch 'upstream-public/pr/1580' into development-proposed 2018-04-24 13:20:11 +01:00
Rose Zadik
a7a6155272
Update ecp.h
One fix. Removed trailing whitespaces
2018-04-24 13:14:01 +01:00
Andrzej Kurek
a9ceef8e03 Change variable bytes_written to header_bytes in record decompression
The name is changed to better reflect the input, decompression case
2018-04-24 06:34:17 -04:00