Commit Graph

6670 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
550c20fcf9 poly1305: add test for parameter validation
Also fix two validation bugs found while adding the tests.

Also handle test dependencies the right way while at it.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
114f28b3d9 chacha20: add test for parameter validation 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
e9ea6d6e11 Fix selftest verbosity in test suites 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
996477d84b cipher: add chachapoly test vector + unauth case 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
97e34bf2f2 poly1305: fix bug in starts() and add test for it 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
b60045aacb chacha20: fix bug in starts() and add test for it
Previously the streaming API would fail when encrypting multiple messages with
the same key.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
2faaa10e68 chachapoly: add test with unauthentic data 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
f11d8e5f4d Reduce size of buffers in test suites 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
c975b2cc41 Add Chacha20-Poly1305 to benchmark.c 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
d17d297a63 Add FEATURE_NOT_AVAILABLE error codes. 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
799b3903de chachapoly: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the GCM API that
very comparable to it, so switch to (pointer, len) for consistency.

Note that the crypt_and_tag() and auth_decrypt() functions were already using
the same convention as GCM, so this also increases intra-module consistency.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
9b7a93cf1f poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
6048e05d5c Update documentation to match new guidelines. 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
4f522633eb cipher: use new functions from chachapoly 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
52a56d3b86 chachapoly: split crypt_and_mac() to match GCM API
In addition to making the APIs of the various AEAD modules more consistent
with each other, it's useful to have an auth_decrypt() function so that we can
safely check the tag ourselves, as the user might otherwise do it in an
insecure way (or even forget to do it altogether).
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
453cf2850f Remove semi-internal chacha20_keystrem_block()
It's actually easy to implement chachapoly without it, so let's not clutter
the API (and avoid adding a burden to alt implementers).
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
02969bf882 ChaCha20: allow in-place en/decryption
All other ciphers so far allow this. In particular, the TLS layer depends on
this, despite what's documented in the Cipher layer, see
https://github.com/ARMmbed/mbedtls/issues/1085
https://github.com/ARMmbed/mbedtls/issues/1087

Also, this can be useful for implementing chachapoly without depending on the
semi-internal function keystream_block(), see next commit.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
d4bd8569d4 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
54b1a7342c Rename poly1305_setkey() to poly1305_starts()
For consistency with the existing CMAC and HMAC APIs
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
726cf72fce Avoid using %zu in selftest functions
This is a C99 feature and unfortunately we can't rely on it yet considering
the set of toolchain (versions) we want to support.
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
a9ed291d2d Add missing extern "C" guard to new headers 2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
deda80e80d Adapt the _ALT style to our new standard
- in .h files: only put the context declaration inside the #ifdef _ALT
  (this was changed in 2.9.0, ie after the original PR)
- in .c file: only leave selftest out of _ALT: even though some function are
  trivial to build from other parts, alt implementors might want to go another
way about them (for efficiency or other reasons)
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
690d9e6fad Add ChangeLog entry for new features.
Fixes #346
2018-05-10 13:22:14 +02:00
Daniel King
f589275d80 Minor style and formatting fixes.
This change corrects some minor style violations, mostly for spacing
around parentheses.
2018-05-10 13:22:14 +02:00
Daniel King
47252c739d Correct signedness of printf specifier in self tests 2018-05-10 13:22:14 +02:00
Daniel King
b9a069d096 Fix unused function warning under certain configurations.
I refactored some code into the function mbedtls_constant_time_memcmp
in commit 7aad291 but this function is only used by GCM and
AEAD_ChaCha20_Poly1305 to check the tags. So this function is now
only enabled if either of these two ciphers is enabled.
2018-05-10 13:22:14 +02:00
Daniel King
5b7f1d8035 Fix test suite when GCM Is disabled, but AEAD_ChaCha20_Poly1305 is enabled. 2018-05-10 13:21:40 +02:00
Daniel King
89c7b10c6a Add ChaCha20 test vectors from RFC 7539 2018-05-10 13:21:40 +02:00
Daniel King
a7472e16bc Add ChaCha20/Poly1305 ciphers to the selftest program 2018-05-10 13:21:40 +02:00
Daniel King
d00afaf2ba Adjust verbose self-test output to match other ciphers. 2018-05-10 13:21:40 +02:00
Daniel King
b437a98faf Add ChaCha20+Poly1305 to the Cipher module 2018-05-10 13:21:40 +02:00
Daniel King
f28c2aa64e Allow some parameters to be NULL if the length is 0.
This change permits users of the ChaCha20/Poly1305 algorithms
(and the AEAD construction thereof) to pass NULL pointers for
data that they do not need, and avoids the need to provide a valid
buffer for data that is not used.
2018-05-10 13:20:52 +02:00
Daniel King
31ac12e004 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-10 13:20:52 +02:00
Daniel King
5d77eaa233 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-10 13:20:52 +02:00
Daniel King
0fe7b5b8c5 Add ChaCha20 to the Cipher module 2018-05-10 13:19:31 +02:00
Daniel King
a98ff5eadf Initial implementation of ChaCha20 2018-05-10 13:19:31 +02:00
Jaeden Amero
a331e0f0af Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed 2018-05-04 14:39:24 +01:00
Jaeden Amero
fb19399f41 Merge remote-tracking branch 'upstream-public/pr/1498' into development-proposed 2018-05-04 11:09:14 +01:00
Jaeden Amero
09c4e7ef5a Merge remote-tracking branch 'upstream-public/pr/1486' into development-proposed 2018-05-04 11:03:16 +01:00
Jaeden Amero
070e356476 Merge remote-tracking branch 'upstream-restricted/pr/481' into development-restricted 2018-05-01 15:28:18 +01:00
Simon Butcher
e6a2a1aa97 Add the uodate to the soversion to the ChangeLog 2018-05-01 14:02:24 +01:00
Jaeden Amero
78d2f7d5df Merge remote-tracking branch 'upstream-restricted/pr/478' into development-restricted 2018-04-30 17:37:42 +01:00
Simon Butcher
b03120ad41 Fix the ChangeLog for clarity, english and credit 2018-04-30 17:13:42 +01:00
Jaeden Amero
00cbed23b8 Merge remote-tracking branch 'upstream-restricted/pr/474' into development-restricted 2018-04-30 10:21:25 +01:00
Jaeden Amero
7d7bad6b1f Update version to 2.9.0
Bump SOVERSION for parity with 2.7.2 and 2.7.3.
2018-04-30 09:58:33 +01:00
Jaeden Amero
8b98498e9a Merge remote-tracking branch 'upstream-restricted/pr/477' into development-restricted-proposed 2018-04-27 18:27:47 +01:00
Jaeden Amero
fe0669f52a ecp: Fix binary compatibility with group ID
We naturally added the new Curve448 ECP group ID in alphabetical order in
the mbedtls_ecp_group_id enum. However, this causes binary incompatibility
issues as previous binaries will use values for groups that now have a
different meaning. For example, MBEDTLS_ECP_DP_SECP192K1, old value 10,
would mean Curve448 (MBEDTLS_ECP_DP_CURVE448) and the wrong group ID used.

Fix the binary compatibility issue by adding new enum entries to the end of
the enum, even though this isn't so great for readbility as the list is no
longer in alphabetical order. However, the list wasn't perfectly in
alphabetical order before anyway.
2018-04-27 18:20:31 +01:00
Jaeden Amero
c64a300027 Merge remote-tracking branch 'upstream-restricted/pr/471' into development-restricted-proposed
Remove trailing whitespace in ChangeLog.
2018-04-26 09:06:33 +01:00
Jaeden Amero
bd05dfd49f Merge branch 'development-proposed' into development-restricted-proposed
Resolve conflicts in ChangeLog
2018-04-26 09:03:03 +01:00
Jaeden Amero
84a1107818 Merge remote-tracking branch 'upstream-public/pr/1592' into development-proposed 2018-04-25 14:22:12 +01:00