yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
22551 commits 1 branch 0 tags 94 MiB
Commit graph

205 commits

Author SHA1 Message Date
Jaeden Amero
c653990ed5 cipher: Add wrappers for AES-XTS 
AES-XTS does not support multipart use as it can only operate on an entire
sector at a time.
 2018-06-13 12:13:56 +01:00
Simon Butcher
8c0fd1e881 Add cipher abstraction and test cases for OFB block mode 
Adds OFB as additional block mode in the cipher abstraction, and additional
test cases for that block mode.
 2018-06-11 14:03:22 +01:00
Manuel Pégourié-Gonnard
3dc62a0a9b chachapoly: force correct mode for integrated API 
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
 2018-06-04 12:18:19 +02:00
Manuel Pégourié-Gonnard
32902e6eae cipher: handle ChaCha20 as a stream cipher 
That's what it is. So we shouldn't set a block size != 1.

While at it, move call to chachapoly_update() closer to the one for GCM, as
they are similar (AEAD).
 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
5ef92d309a chachapoly: adjust parameter order 
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the GCM API that
very comparable to it, so switch to (pointer, len) for consistency.

Note that the crypt_and_tag() and auth_decrypt() functions were already using
the same convention as GCM, so this also increases intra-module consistency.
 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
fe725defae cipher: use new functions from chachapoly 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly 
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
 2018-05-24 13:37:31 +02:00
Daniel King
16b04ce641 Fix unused function warning under certain configurations. 
I refactored some code into the function mbedtls_constant_time_memcmp
in commit 7aad291 but this function is only used by GCM and
AEAD_ChaCha20_Poly1305 to check the tags. So this function is now
only enabled if either of these two ciphers is enabled.
 2018-05-24 13:37:31 +02:00
Daniel King
8fe4701abe Add ChaCha20+Poly1305 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King
bd92062269 Add ChaCha20 to the Cipher module 2018-05-24 13:37:31 +02:00
Andres Amaya Garcia
1f6301b3c8 Rename mbedtls_zeroize to mbedtls_platform_zeroize 2018-04-17 10:00:21 -05:00
Andres Amaya Garcia
e32df087fb Remove individual copies of mbedtls_zeroize() 
This commit removes all the static occurrencies of the function
mbedtls_zeroize() in each of the individual .c modules. Instead the
function has been moved to utils.h that is included in each of the
modules.
 2018-04-17 09:19:05 -05:00
Andy Leiserson
79e7789d44 return plaintext data faster on unpadded decryption 2018-03-27 10:55:24 -07:00
Micha Kraus
ba8316f790 fix bug in get_one_and_zeros_padding() 
add test case (“0000000082”) which fails with the old implementation.
 2017-12-23 23:40:08 +01:00
Andres Amaya Garcia
6a54336897 Fix integer overflows in buffer bound checks 
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
 2017-02-15 23:31:07 +02:00
Simon Butcher
327398ad3a Refactor and change CMAC interface 
Change the CMAC interface to match the mbedtls_md_hmac_xxxx() interface. This
changes the overall design of the CMAC interface to make it more consistent with
the existing HMAC interface, and will allow incremental updates of input data
rather than requiring all data to be presented at once, which is what the
current interface requires.
 2016-10-05 14:19:18 +01:00
Janos Follath
98e28a74e3 Address user reported coverity issues. 2016-06-09 13:41:28 +01:00
Simon Butcher
88ffc089bc Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
898e0aa210 Rename key_length in cipher_info 2015-06-18 15:31:10 +02:00
Manuel Pégourié-Gonnard
b8186a5e54 Rename len to bitlen in function parameters 
Clarify a few comments too.
 2015-06-18 14:58:58 +02:00
Manuel Pégourié-Gonnard
cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
50518f4195 Rename _wrap headers to _internal 
Makes it clearer that the user is not supposed to include them
 2015-05-26 11:06:12 +02:00
Manuel Pégourié-Gonnard
8473f87984 Rename cipher_init_ctx() to cipher_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
47723147f5 Remove functions deprecated in 1.3 2015-03-20 18:21:12 +00:00
Manuel Pégourié-Gonnard
7c4e60fa7d Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Mark a few additional deprecations
  Use proper doxygen markup to mark deprecations
  Add -fdata-sections in memory.sh too
 2015-03-20 17:30:31 +00:00
Manuel Pégourié-Gonnard
71432849ed Use proper doxygen markup to mark deprecations 2015-03-20 17:26:50 +00:00
Manuel Pégourié-Gonnard
240b092a6c Drop dummy self_test functions 2015-03-19 15:30:28 +00:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Rich Evans
00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
b4fe3cb1fa Rename to mbed TLS in the documentation/comments 2015-01-22 16:11:05 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Paul Bakker
84bbeb58df Adapt cipher and MD layer with _init() and _free() 2014-07-09 10:19:24 +02:00
Manuel Pégourié-Gonnard
8f625632bb Fix dependencies: GCM != AEAD != CCM 2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard
398c57b0b3 Blowfish accepts variable key len in cipher layer 2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard
81754a0c35 Create a 'flags' field in cipher_info 2014-06-23 11:33:18 +02:00
Paul Bakker
66d5d076f7 Fix formatting in various code to match spacing from coding style 2014-06-17 17:06:47 +02:00
Paul Bakker
d8bb82665e Fix code styling for return statements 2014-06-17 14:06:49 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Manuel Pégourié-Gonnard
41936957b3 Add AES-CCM and CAMELLIA-CCM to the cipher layer 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
4562ffe2e6 Add cipher_auth_{en,de}crypt() 2014-05-14 14:10:36 +02:00
Manuel Pégourié-Gonnard
3c1d150b3d Add cipher_crypt() 2014-05-14 14:10:35 +02:00
Paul Bakker
b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Paul Bakker
9af723cee7 Fix formatting: remove trailing spaces, #endif with comments (> 10 lines) 2014-05-01 13:03:14 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
7dc4c44267 Library files moved to use platform layer 2014-02-06 13:20:16 +01:00
Paul Bakker
6c21276342 Place olen initalization after reference check in cipher_update() 2013-12-17 13:09:12 +01:00
Paul Bakker
6edcd41c0a Addition conditions for UEFI environment under MSVC 2013-10-29 15:44:13 +01:00
Paul Bakker
fa6a620b75 Defines for UEFI environment under MSVC added 2013-10-29 14:05:38 +01:00
Paul Bakker
7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Manuel Pégourié-Gonnard
e68bf171eb Make get_zeros_padding() constant-time 2013-10-27 18:26:39 +01:00
Manuel Pégourié-Gonnard
6c32990114 Make get_one_and_zeros_padding() constant-time 2013-10-27 18:25:03 +01:00
Manuel Pégourié-Gonnard
d17df51277 Make get_zeros_and_len_padding() constant-time 2013-10-27 17:32:43 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a Make get_pkcs_padding() constant-time 2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
e0dca4ad78 Cipher layer: check iv_len more carefully 2013-10-24 17:03:39 +02:00
Paul Bakker
b9cfaa0c7f Explicit conversions and minor changes to prevent MSVC compiler warnings 2013-10-14 15:50:40 +02:00
Manuel Pégourié-Gonnard
4fee79b885 Fix some more depend issues 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
dace82f805 Refactor cipher information management 2013-09-18 15:37:44 +02:00
Manuel Pégourié-Gonnard
dd0f57f186 Check key size in cipher_setkey() 2013-09-18 14:34:32 +02:00
Manuel Pégourié-Gonnard
989ed38de2 Make CBC an option, step 2: cipher layer 2013-09-13 15:48:40 +02:00
Paul Bakker
2a6a3a7e69 Better checking on cipher_info_from_values() 2013-09-10 14:29:28 +02:00
Paul Bakker
f46b6955e3 Added cipher_info_from_values() to cipher layer (Search by ID+keylen+mode) 2013-09-09 00:08:26 +02:00
Paul Bakker
5e0efa7ef5 Added POLARSSL_MODE_ECB to the cipher layer 2013-09-08 23:04:04 +02:00
Manuel Pégourié-Gonnard
b8bd593741 Restrict cipher_update() for GCM 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b Cipher: test multiple cycles 
GCM-cipher: just trust the user to call update_ad at the right time
 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
83f3fc0d77 Add AES-192-GCM 2013-09-04 12:14:13 +02:00
Manuel Pégourié-Gonnard
43a4780b03 Ommit AEAD functions if GCM not defined 2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
a235b5b5bd Fix iv_len interface. 
cipher_info->iv_size == 0 is no longer ambiguous, and
cipher_get_iv_size() always returns something useful to generate an IV.
 2013-09-03 13:25:52 +02:00
Manuel Pégourié-Gonnard
9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69 GCM in the cipher layer, step 1 
- no support for additional data
- no support for tag
 2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de Handle NULL as a stream cipher for more uniformity 2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022 Add arc4 support in the cipher layer 2013-08-30 17:11:28 +02:00
Paul Bakker
48e93c84b7 Made padding modes configurable from config.h 2013-08-14 14:02:48 +02:00
Paul Bakker
1a45d91cf2 Restructured cipher_set_padding_mode() to use switch statement 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
ebdc413f44 Add 'no padding' mode 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95 Add zero padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a Add zeros-and-length (ANSI X.923) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad Add one-and-zeros (ISO/IEC 7816-4) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
b7d24bc7ca Fix bug in get_pkcs_padding(): cannot be 0-length 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
ac56a1aec4 Make cipher_set_padding() actually work 
(Only one padding mode recognized yet.)
 2013-08-14 14:02:46 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5 Add cipher_set_padding() (no effect yet) 
Fix pattern in tests/.gitignore along the way.
 2013-08-14 14:02:46 +02:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker
6132d0aa93 - Added Blowfish to generic cipher layer 
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
 2012-07-04 17:10:40 +00:00
Paul Bakker
279432a7c0 - Fixed size of clean 2012-04-26 10:09:35 +00:00
Paul Bakker
fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00
Paul Bakker
ec1b9842c4 - Fixed type of length in get_pkcs_padding() 2012-01-14 18:24:43 +00:00
Paul Bakker
ff61a78a27 - Added and updated cipher error codes and documentation 2011-06-09 15:42:02 +00:00
Paul Bakker
343a870daa - Expanded generic cipher layer with support for CTR and CFB128 modes of operation. 2011-06-09 14:27:58 +00:00
Paul Bakker
23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker
af5c85fc10 - Improved portability with Microsoft Visual C 2011-04-18 03:47:52 +00:00
Paul Bakker
a885d6835f - Require different input and output buffer in cipher_update() 
- Fixed style typos
 2011-01-20 16:35:05 +00:00
Paul Bakker
d61e7d98cb - Cleaned up warning-generating code 2011-01-18 16:17:47 +00:00
Paul Bakker
72f6266f02 - Improved information provided about current Hashing, Cipher and Suite capabilities 2011-01-16 21:27:44 +00:00
Paul Bakker
8123e9d8f1 - Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT) 2011-01-06 15:37:30 +00:00