Commit Graph

2042 Commits

Author SHA1 Message Date
Jaeden Amero
fa66c9eba2 Merge remote-tracking branch 'upstream-public/pr/1629' into evaluation 2018-05-14 17:54:25 +01:00
Janos Follath
f60c815dc7 CCM*: Add public API
Interface for CCM* (described in IEEE Std 802.15.4.).
2018-05-14 13:45:45 +01:00
Jaeden Amero
b1e4fc60ac Merge remote-tracking branch 'upstream-public/pr/1617' into evaluation-2 2018-05-11 11:07:30 +01:00
Jaeden Amero
7d8f00e1b5 Merge remote-tracking branch 'upstream-public/pr/1602' into evaluation-2 2018-05-11 10:56:21 +01:00
Jaeden Amero
b7f36548df Merge remote-tracking branch 'upstream-public/pr/1593' into evaluation-2 2018-05-11 10:24:43 +01:00
Thomas Fossati
eb01024a06 Add an HKDF (RFC 5869) implementation 2018-05-10 13:18:13 +01:00
Manuel Pégourié-Gonnard
e363ac78ec cipher: handle ChaCha20 as a stream cipher
That's what it is. So we shouldn't set a block size != 1.

While at it, move call to chachapoly_update() closer to the one for GCM, as
they are similar (AEAD).
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
d17d297a63 Add FEATURE_NOT_AVAILABLE error codes. 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
799b3903de chachapoly: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the GCM API that
very comparable to it, so switch to (pointer, len) for consistency.

Note that the crypt_and_tag() and auth_decrypt() functions were already using
the same convention as GCM, so this also increases intra-module consistency.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
9b7a93cf1f poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
6048e05d5c Update documentation to match new guidelines. 2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
52a56d3b86 chachapoly: split crypt_and_mac() to match GCM API
In addition to making the APIs of the various AEAD modules more consistent
with each other, it's useful to have an auth_decrypt() function so that we can
safely check the tag ourselves, as the user might otherwise do it in an
insecure way (or even forget to do it altogether).
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
453cf2850f Remove semi-internal chacha20_keystrem_block()
It's actually easy to implement chachapoly without it, so let's not clutter
the API (and avoid adding a burden to alt implementers).
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
02969bf882 ChaCha20: allow in-place en/decryption
All other ciphers so far allow this. In particular, the TLS layer depends on
this, despite what's documented in the Cipher layer, see
https://github.com/ARMmbed/mbedtls/issues/1085
https://github.com/ARMmbed/mbedtls/issues/1087

Also, this can be useful for implementing chachapoly without depending on the
semi-internal function keystream_block(), see next commit.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
d4bd8569d4 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-10 13:23:02 +02:00
Manuel Pégourié-Gonnard
54b1a7342c Rename poly1305_setkey() to poly1305_starts()
For consistency with the existing CMAC and HMAC APIs
2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
a9ed291d2d Add missing extern "C" guard to new headers 2018-05-10 13:22:14 +02:00
Manuel Pégourié-Gonnard
deda80e80d Adapt the _ALT style to our new standard
- in .h files: only put the context declaration inside the #ifdef _ALT
  (this was changed in 2.9.0, ie after the original PR)
- in .c file: only leave selftest out of _ALT: even though some function are
  trivial to build from other parts, alt implementors might want to go another
way about them (for efficiency or other reasons)
2018-05-10 13:22:14 +02:00
Daniel King
b437a98faf Add ChaCha20+Poly1305 to the Cipher module 2018-05-10 13:21:40 +02:00
Daniel King
f28c2aa64e Allow some parameters to be NULL if the length is 0.
This change permits users of the ChaCha20/Poly1305 algorithms
(and the AEAD construction thereof) to pass NULL pointers for
data that they do not need, and avoids the need to provide a valid
buffer for data that is not used.
2018-05-10 13:20:52 +02:00
Daniel King
31ac12e004 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-10 13:20:52 +02:00
Daniel King
5d77eaa233 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-10 13:20:52 +02:00
Daniel King
0fe7b5b8c5 Add ChaCha20 to the Cipher module 2018-05-10 13:19:31 +02:00
Daniel King
a98ff5eadf Initial implementation of ChaCha20 2018-05-10 13:19:31 +02:00
Jaeden Amero
e4daf77c2e cipher: Add wrappers for AES-XTS
AES-XTS does not support multipart use as it can only operate on an entire
sector at a time.
2018-05-10 09:17:25 +01:00
Jaeden Amero
9d3eba4666 aes: Add AES-XTS cipher block mode
Add XEX-based tweaked-codebook mode with ciphertext stealing (XTS) for
use with AES.
2018-05-09 17:41:48 +01:00
Jaeden Amero
a331e0f0af Merge remote-tracking branch 'upstream-restricted/pr/421' into development-proposed 2018-05-04 14:39:24 +01:00
Jaeden Amero
fb19399f41 Merge remote-tracking branch 'upstream-public/pr/1498' into development-proposed 2018-05-04 11:09:14 +01:00
Jaeden Amero
7d7bad6b1f Update version to 2.9.0
Bump SOVERSION for parity with 2.7.2 and 2.7.3.
2018-04-30 09:58:33 +01:00
Simon Butcher
f684c0e2e0 Update cipher.h for OFB block mode documentation
Raises the doxygen comments for OFB to the same level as other block modes.
2018-04-29 13:03:20 +01:00
Simon Butcher
91e254cdaa Add cipher abstraction and test cases for OFB block mode
Adds OFB as additional block mode in the cipher abstraction, and additional
test cases for that block mode.
2018-04-29 11:40:01 +01:00
Simon Butcher
fb9f661491 Add OFB block mode to AES-128/192/256
Adds a new configuration of MBEDTLS_CIPHER_MODE_OFB and OFB mode to AES.
2018-04-29 11:36:38 +01:00
Jaeden Amero
fe0669f52a ecp: Fix binary compatibility with group ID
We naturally added the new Curve448 ECP group ID in alphabetical order in
the mbedtls_ecp_group_id enum. However, this causes binary incompatibility
issues as previous binaries will use values for groups that now have a
different meaning. For example, MBEDTLS_ECP_DP_SECP192K1, old value 10,
would mean Curve448 (MBEDTLS_ECP_DP_CURVE448) and the wrong group ID used.

Fix the binary compatibility issue by adding new enum entries to the end of
the enum, even though this isn't so great for readbility as the list is no
longer in alphabetical order. However, the list wasn't perfectly in
alphabetical order before anyway.
2018-04-27 18:20:31 +01:00
Jaeden Amero
8945343a51 Merge branch 'development-proposed' into development-restricted-proposed
Resolve merge conflict in ecp.h, where `mbedtls_ecp_keypair` was moved.
2018-04-24 17:16:34 +01:00
Andres Amaya Garcia
56e06db102 Improve mbedtls_platform_zeroize() docs 2018-04-24 08:37:52 -05:00
Andres Amaya Garcia
d0ef468d39 Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT 2018-04-24 08:31:34 -05:00
Jaeden Amero
1afdec1812 Merge remote-tracking branch 'upstream-public/pr/1578' into development-proposed 2018-04-24 14:19:41 +01:00
Jaeden Amero
519b129f78 Merge remote-tracking branch 'upstream-public/pr/1580' into development-proposed 2018-04-24 13:20:11 +01:00
Rose Zadik
a7a6155272
Update ecp.h
One fix. Removed trailing whitespaces
2018-04-24 13:14:01 +01:00
Jaeden Amero
7c68878e17 Merge remote-tracking branch 'upstream-public/pr/1511' into development-proposed 2018-04-24 10:28:25 +01:00
Jaeden Amero
d803c1f1ab Merge remote-tracking branch 'upstream-public/pr/1510' into development-proposed
Resolve conflict in comment for mbedtls_ecdsa_read_signature in include/mbedtls/ecdsa.h
2018-04-24 10:27:38 +01:00
Jaeden Amero
f852f4c35b Merge remote-tracking branch 'upstream-public/pr/1506' into development-proposed 2018-04-24 10:27:05 +01:00
Jaeden Amero
ebfd3cad58 Merge remote-tracking branch 'upstream-public/pr/1505' into development-proposed 2018-04-24 10:26:48 +01:00
Rose Zadik
d35340550d
Update ecp.h
fixed omittion
2018-04-23 16:12:42 +01:00
Rose Zadik
c32efb3f64
Update ecp.h
Resolved last review comment
2018-04-23 09:38:29 +01:00
Rose Zadik
d76ac587d3
Update ecp.h
Changes based on review comments. Waiting for responses on 2 remaining comments
2018-04-23 06:29:34 +01:00
Rose Zadik
abc9ec73b0
Update ecdsa.h
Merged change to MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH from other commit for merging, as requested (lines 282+283).
2018-04-23 06:16:40 +01:00
Rose Zadik
f089fa3341
Update ecp.h
minor spacing/comment format fixes
2018-04-20 10:41:16 +01:00
Rose Zadik
b2e111a288
Update ecp.h
Changes based on review comments. 
2 comments still open pending decisions
2018-04-20 10:13:48 +01:00
Gilles Peskine
5450d1f597 Merge branch 'crypto_alt_revision' into development-restricted-proposed 2018-04-19 21:02:40 +02:00