Merge remote-tracking branch 'public/pr/2298' into development
This commit is contained in:
commit
54b789aa74
12 changed files with 74 additions and 39 deletions
|
@ -41,6 +41,12 @@ API Changes
|
|||
mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret()
|
||||
mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
|
||||
* Extend ECDH interface to enable alternative implementations.
|
||||
* Deprecate the ARIA error MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
|
||||
in favour of a new generic error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA.
|
||||
* Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
|
||||
in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA.
|
||||
* Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
|
||||
in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA.
|
||||
|
||||
New deprecations
|
||||
* Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update
|
||||
|
|
|
@ -39,6 +39,8 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */
|
||||
#define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */
|
||||
|
||||
|
@ -46,8 +48,12 @@
|
|||
#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */
|
||||
#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
|
||||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
|
||||
*/
|
||||
|
@ -106,7 +112,7 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx );
|
|||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
|
||||
* \return \c 0 on success or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA
|
||||
* on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
||||
|
@ -123,7 +129,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
|||
* <li>192 bits</li>
|
||||
* <li>256 bits</li></ul>
|
||||
*
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure.
|
||||
* \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA on failure.
|
||||
*/
|
||||
int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
|
||||
const unsigned char *key,
|
||||
|
|
|
@ -33,6 +33,8 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_BLOWFISH_ENCRYPT 1
|
||||
#define MBEDTLS_BLOWFISH_DECRYPT 0
|
||||
#define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448
|
||||
|
@ -40,14 +42,17 @@
|
|||
#define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
|
||||
#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */
|
||||
|
||||
#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -91,7 +96,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
|
|||
* \param key encryption key
|
||||
* \param keybits must be between 32 and 448 bits
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
|
||||
* \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
|
||||
*/
|
||||
int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
|
|
@ -33,11 +33,17 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "platform_util.h"
|
||||
|
||||
#define MBEDTLS_CAMELLIA_ENCRYPT 1
|
||||
#define MBEDTLS_CAMELLIA_DECRYPT 0
|
||||
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */
|
||||
|
||||
#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
|
||||
|
||||
/* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
|
||||
*/
|
||||
|
@ -86,7 +92,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
|
|||
* \param key encryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
|
||||
* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
|
||||
*/
|
||||
int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
@ -98,7 +104,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
|
|||
* \param key decryption key
|
||||
* \param keybits must be 128, 192 or 256
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
|
||||
* \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
|
||||
*/
|
||||
int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
|
||||
unsigned int keybits );
|
||||
|
@ -175,7 +181,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
|
|||
* \param output buffer holding the output data
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
|
||||
* MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA.
|
||||
*/
|
||||
int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
|
||||
int mode,
|
||||
|
|
|
@ -353,15 +353,6 @@ int mbedtls_dhm_self_test( int verbose );
|
|||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_constant_t) ( VAL ) )
|
||||
#else
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
|
||||
#endif /* ! MBEDTLS_DEPRECATED_WARNING */
|
||||
|
||||
/**
|
||||
* \warning The origin of the primes in RFC 5114 is not documented and
|
||||
* their use therefore constitutes a security risk!
|
||||
|
|
|
@ -102,6 +102,27 @@ void mbedtls_param_failed( const char *failure_condition,
|
|||
|
||||
#endif /* MBEDTLS_CHECK_PARAMS */
|
||||
|
||||
/* Internal helper macros for deprecating API constants. */
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_DEPRECATED_WARNING)
|
||||
/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
|
||||
* to avoid conflict with other headers which define and use
|
||||
* it, too. We might want to move all these definitions here at
|
||||
* some point for uniformity. */
|
||||
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
|
||||
MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_string_constant_t) ( VAL ) )
|
||||
MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \
|
||||
( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
|
||||
#undef MBEDTLS_DEPRECATED
|
||||
#else /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
|
||||
#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
|
||||
#endif /* MBEDTLS_DEPRECATED_WARNING */
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief Securely zeroize a buffer
|
||||
*
|
||||
|
|
|
@ -451,7 +451,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
|
|||
uint32_t w[4][4], *w2;
|
||||
|
||||
if( keybits != 128 && keybits != 192 && keybits != 256 )
|
||||
return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH );
|
||||
return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
|
||||
|
||||
/* Copy key to W0 (and potential remainder to W1) */
|
||||
GET_UINT32_LE( w[0][0], key, 0 );
|
||||
|
|
|
@ -176,7 +176,7 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char
|
|||
if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
|
||||
( keybits % 8 ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH );
|
||||
return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
keybits >>= 3;
|
||||
|
|
|
@ -356,7 +356,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
|
|||
case 128: ctx->nr = 3; idx = 0; break;
|
||||
case 192:
|
||||
case 256: ctx->nr = 4; idx = 1; break;
|
||||
default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
|
||||
default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
for( i = 0; i < keybits / 8; ++i )
|
||||
|
|
|
@ -618,8 +618,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#endif /* MBEDTLS_ARC4_C */
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) )
|
||||
|
@ -672,17 +672,17 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
#if defined(MBEDTLS_BLOWFISH_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
|
||||
mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
|
||||
#endif /* MBEDTLS_BLOWFISH_C */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
|
||||
mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
|
||||
if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) )
|
||||
|
|
|
@ -203,13 +203,13 @@ BLOWFISH-ECB Decrypt SSLeay reference #34
|
|||
blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0
|
||||
|
||||
BLOWFISH-SETKEY Setkey SSLeay reference #1
|
||||
blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
|
||||
blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
|
||||
|
||||
BLOWFISH-SETKEY Setkey SSLeay reference #2
|
||||
blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
|
||||
blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
|
||||
|
||||
BLOWFISH-SETKEY Setkey SSLeay reference #3
|
||||
blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
|
||||
blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
|
||||
|
||||
BLOWFISH-SETKEY Setkey SSLeay reference #4
|
||||
blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0
|
||||
|
@ -281,7 +281,7 @@ BLOWFISH-SETKEY Setkey 448 bits
|
|||
blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0
|
||||
|
||||
BLOWFISH-SETKEY Setkey 456 bits
|
||||
blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
|
||||
blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA
|
||||
|
||||
BLOWFISH-CBC Encrypt
|
||||
blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0
|
||||
|
|
|
@ -185,10 +185,10 @@ depends_on:MBEDTLS_CIPHER_MODE_CFB
|
|||
camellia_decrypt_cfb128:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"555FC3F34BDD2D54C62D9E3BF338C1C4":"F69F2445DF4F9B17AD2B417BE66C3710":"5953ADCE14DB8C7F39F1BD39F359BFFA"
|
||||
|
||||
Camellia-ECB Encrypt (Invalid key length)
|
||||
camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
|
||||
camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
|
||||
|
||||
Camellia-ECB Decrypt (Invalid key length)
|
||||
camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
|
||||
camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA
|
||||
|
||||
Camellia-256-CBC Encrypt (Invalid input length)
|
||||
camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
|
||||
|
|
Loading…
Reference in a new issue