Commit Graph

7239 Commits

Author SHA1 Message Date
Jaeden Amero
cb2c935a54 aes: Clarify IV requirements for OFB mode
Combine the two "must be unique" phrases into one for clarity. An IV
that is universally unique is also unique for each encryption operation.
2018-06-11 14:03:22 +01:00
Simon Butcher
5db13621ec Clarify documentation for AES OFB
1. Changed reference/link to NIST SP800-38A
 2. Clarified language around AES-OFB usage
2018-06-11 14:03:22 +01:00
Simon Butcher
33cb519cda Add decrypt tests to AES OFB Cipher module
Adds additional tests for AES-128, AES-192, and AES-256, for OFB block mode, for
the cipher wrapper module.
2018-06-11 14:03:22 +01:00
Simon Butcher
b7836e1e8c Change AES OFB tests to memset sizeof buffer 2018-06-11 14:03:22 +01:00
Simon Butcher
e416bf93d2 Reduce stack usage for AES OFB tests
Reduced the size of allocated buffers to the minimum for OFB tests.
2018-06-11 14:03:22 +01:00
Simon Butcher
968646c079 Clarify comments on use of AES OFB block mode 2018-06-11 14:03:22 +01:00
Simon Butcher
00131446be Fix style and formatting for OFB feature 2018-06-11 14:03:22 +01:00
Simon Butcher
374bcd4255 Add to OFB cipher tests AES-192 and AES-256 OFB 2018-06-11 14:03:22 +01:00
Simon Butcher
dbe7fbf391 Remove unused variable in AES OFB test suite
Remove iv_len, an unused variable, in AES OFB test suite function, to fix gcc
compiler warning.
2018-06-11 14:03:22 +01:00
Simon Butcher
6873c845e8 Update cipher.h for OFB block mode documentation
Raises the doxygen comments for OFB to the same level as other block modes.
2018-06-11 14:03:22 +01:00
Simon Butcher
ad4e4938d1 Fix AES-OFB support for errors, tests and self-test
Adds error handling into mbedtls_aes_crypt_ofb for AES errors, a self-test
for the OFB mode using NIST SP 800-38A test vectors and adds a check to
potential return errors in setting the AES encryption key in the OFB test
suite.
2018-06-11 14:03:22 +01:00
Simon Butcher
7487c5b2c8 Add missing OFB entry to null ciphersuite
The OFB entry has been omitted from the the null cipher suite definition,
null_base_info.
2018-06-11 14:03:22 +01:00
Simon Butcher
8c0fd1e881 Add cipher abstraction and test cases for OFB block mode
Adds OFB as additional block mode in the cipher abstraction, and additional
test cases for that block mode.
2018-06-11 14:03:22 +01:00
Simon Butcher
0301884f00 Add test cases for AES OFB block mode
Adds test cases from NIST SP800-38A for OFB block mode to AES-128/192/256, for
the configuration of MBEDTLS_CIPHER_MODE_OFB.
2018-06-11 14:03:22 +01:00
Simon Butcher
76a5b22973 Add OFB block mode to AES-128/192/256
Adds a new configuration of MBEDTLS_CIPHER_MODE_OFB and OFB mode to AES.
2018-06-11 14:03:22 +01:00
Jaeden Amero
10e0e4d4ff hkdf: Add negative tests
Test for the expected bad input parameter error when given specific sets of
bad input parameters.
2018-06-11 13:10:14 +01:00
Jaeden Amero
3618962cab hkdf: Add tests for extract and expand
Add tests for mbedtls_hkdf_extract() and mbedtls_hkdf_expand() from the
test vectors in Appendix A of RFC 5869.
2018-06-11 13:10:14 +01:00
Jaeden Amero
798363e4dc Add ChangeLog entry for HKDF 2018-06-11 13:10:14 +01:00
Thomas Fossati
656864b360 Add an HKDF (RFC 5869) implementation 2018-06-11 13:10:14 +01:00
Simon Butcher
fcfa4c21c1 Merge remote-tracking branch 'public/pr/1699' into development 2018-06-11 11:24:33 +01:00
Darryl Green
2a1edacb1b Change symlink to hardlink to avoid permission issues 2018-06-08 10:07:32 +01:00
Gilles Peskine
0a0e08a618 mbedtls_gcm_crypt_and_tag: clarify what each mode does and doesn't do 2018-06-07 14:47:38 +02:00
Manuel Pégourié-Gonnard
f30dbdcaf0 Update generated file 2018-06-07 13:04:35 +02:00
Darryl Green
d75ee64c1f Fix out-of-tree testing symlinks on Windows 2018-06-07 11:55:50 +01:00
Manuel Pégourié-Gonnard
39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Manuel Pégourié-Gonnard
21a65e0011 Fix usage of inline with for some compilers 2018-06-07 11:54:17 +02:00
Manuel Pégourié-Gonnard
2adb375c50 Add option to avoid 64-bit multiplication
Motivation is similar to NO_UDBL_DIVISION.

The alternative implementation of 64-bit mult is straightforward and aims at
obvious correctness. Also, visual examination of the generate assembly show
that it's quite efficient with clang, armcc5 and arm-clang. However current
GCC generates fairly inefficient code for it.

I tried to rework the code in order to make GCC generate more efficient code.
Unfortunately the only way to do that is to get rid of 64-bit add and handle
the carry manually, but this causes other compilers to generate less efficient
code with branches, which is not acceptable from a side-channel point of view.

So let's keep the obvious code that works for most compilers and hope future
versions of GCC learn to manage registers in a sensible way in that context.

See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
2018-06-07 11:05:33 +02:00
Gilles Peskine
80f679b938 Correct and clarify the documentation of GCM whole-message functions
Clarify the roles of the buffer parameter and their sizes.

Remove a statement about input size restrictions that only applies to
mbedtls_gcm_update, not to the whole-message functions.

Document the possible error codes.

Warn that mbedtls_gcm_crypt_and_tag in decrypt mode does not
authenticate the data and recommend using mbedtls_gcm_auth_decrypt
instead.
2018-06-06 16:55:41 +02:00
Simon Butcher
c041435fcf Merge remote-tracking branch 'public/pr/1694' into development 2018-06-06 15:17:03 +01:00
Simon Butcher
d5a09f1e68 Updated version number to 2.10.0 for release 2018-06-06 14:52:00 +01:00
Simon Butcher
390641e0d3 Merge remote-tracking branch 'public/pr/1693' into development 2018-06-06 14:39:42 +01:00
Krzysztof Stachowiak
ab72727da4 Add a disabled CMAC define in the no-entropy configuration 2018-06-06 13:55:05 +02:00
Azim Khan
1a8ef0772c Fix coverity defects 2018-06-06 03:44:03 +01:00
Simon Butcher
33dd3236de Merge remote-tracking branch 'public/pr/1690' into development 2018-06-05 18:24:10 +01:00
Simon Butcher
d08a2f7245 Adapt the ARIA test cases for new ECB function
Commit 08c337d058 "Remove useless parameter from function" removed the
parameter mode from the functions mbedtls_aria_crypt_ecb() which broke their
respective test suite.

This commit fixes those test cases.
2018-06-05 15:53:06 +01:00
Philippe Antoine
747fd53938 Fixes different off by ones 2018-06-05 16:13:10 +02:00
Simon Butcher
10438e17fc Merge remote-tracking branch 'public/pr/1683' into development 2018-06-05 11:43:10 +01:00
Simon Butcher
6e962b2762 Fix file permissions for ssl.h
Correct the file permissions for ssl.h which were inadvertently made executable
in PR#1402
2018-06-05 10:25:04 +01:00
Gilles Peskine
d0e55a4657 ssl_decrypt_buf: remove code for hashes that aren't used in TLS 2018-06-04 14:41:19 +02:00
Manuel Pégourié-Gonnard
94175a50f7 Refresh generated file 2018-06-04 12:42:17 +02:00
Manuel Pégourié-Gonnard
d2db09f435 Fix typo in documentation 2018-06-04 12:31:12 +02:00
Manuel Pégourié-Gonnard
9c82e2ce49 Fix some whitespace issues 2018-06-04 12:30:16 +02:00
Manuel Pégourié-Gonnard
e533b22153 Fix ordering and repetitions in config.h 2018-06-04 12:23:19 +02:00
Manuel Pégourié-Gonnard
3dc62a0a9b chachapoly: force correct mode for integrated API
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00
Manuel Pégourié-Gonnard
26c3b0a4b1 Fix return type of internal function
Fixes incomplete change in f4f01b6b7a
2018-06-04 12:06:23 +02:00
Gilles Peskine
5c38984fa7 Use our habitual INTERNAL_ERROR debug message 2018-06-04 12:02:43 +02:00
Gilles Peskine
a7fe25d5a5 Remove tests of #define's that don't exist 2018-06-04 12:01:18 +02:00
Gilles Peskine
1bd9d58b21 Clarify comment about integer division by a variable 2018-06-04 11:58:44 +02:00
Simon Butcher
eb6ed719e3 Merge remote-tracking branch 'public/pr/1267' into development 2018-06-01 19:28:18 +01:00
Simon Butcher
2041a31ca8 Merge remote-tracking branch 'public/pr/1402' into development 2018-06-01 19:27:23 +01:00