Commit graph

349 commits

Author SHA1 Message Date
Janos Follath
52735ef2fe ECDH: Prevent direct access in non-legacy mode
Some sample programs access structure fields directly. Making these work is
desirable in the long term, but these are not essential for the core
functionality in non-legacy mode.
2018-11-30 14:21:35 +00:00
Simon Butcher
1afc767f23 Merge remote-tracking branch 'public/pr/1758' into development 2018-09-27 11:35:19 +01:00
Hanno Becker
f34a4c176c UDP proxy: Correct debug output for delay_srv option 2018-08-28 17:52:53 +01:00
Hanno Becker
41038108e9 Style: Correct indentation in UDP proxy code 2018-08-28 11:15:32 +01:00
Hanno Becker
cf469458ca Style: Add empty line before comment in UDP proxy code 2018-08-28 10:09:47 +01:00
Hanno Becker
12b72c182e UDP proxy: Fix bug in freeing delayed messages 2018-08-23 13:15:36 +01:00
Hanno Becker
101bcba26f UDP proxy: Allow more than one message to be delayed
Previously, the UDP proxy could only remember one delayed message
for future transmission; if two messages were delayed in succession,
without another one being normally forwarded in between,
the message that got delayed first would be dropped.

This commit enhances the UDP proxy to allow to delay an arbitrary
(compile-time fixed) number of messages in succession.
2018-08-21 16:50:30 +01:00
Hanno Becker
caf8741891 Fix typo in documentation of UDP proxy argument 'delay_cli' 2018-08-20 09:45:51 +01:00
Hanno Becker
01ea778363 UDP proxy: Add option to delay specific handshake messages 2018-08-17 16:52:08 +01:00
Jaeden Amero
4ed32d065b cpp_dummy_build: Add NIST key wrapping header 2018-07-24 16:51:09 +01:00
Ron Eldor
9ab746c7c9 Add selftests
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Simon Butcher
7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher
fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Ron Eldor
278af4536c Fix hmac_drbg failure in benchmark, with threading
Remove redunadnat calls to `hmac_drbg_free()` between seeding operations,
which make the mutex invalid. Fixes #1095
2018-07-05 14:33:22 +03:00
Andrzej Kurek
991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Andrzej Kurek
037ec4b416 Replace tabs with spaces 2018-06-28 05:07:08 -04:00
Andrzej Kurek
89c048c101 Tests: add a test for cpp linking
Change the name of header_test to cpp_dumy_build
Update the test description to better reflect its contents
2018-06-28 05:07:08 -04:00
Andrzej Kurek
0211c32c9a Change the cpp test to be optional
Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
2018-06-28 05:07:08 -04:00
Andrzej Kurek
40741f8ce5 Add a test with a cpp executable including all mbed TLS headers
In case of any problems with the 'extern "C"' directives,
building the executable will fail
2018-06-28 05:05:40 -04:00
Manuel Pégourié-Gonnard
51d7cfe026 Fix coverity warnings in benchmark.c
Functions time with TIME_AND_TSC() didn't have their return values checked.
I'm not sure whether Coverity complained about existing uses, but it did about
new ones, since we consistently check their return values everywhere but here,
which it rightfully finds suspicious.

So, let's check return values. This probably adds a few cycles to existing
loop overhead, but on my machine (x86_64) the added overhead is less than the
random-looking variation between various runs, so it's acceptable.

Some calls had their own particular error checking; remove that in favour of
the new general solution.
2018-06-25 11:19:51 +02:00
Manuel Pégourié-Gonnard
0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Andres Amaya Garcia
7d42965ea8 Fix typo in platform macro defines for examples 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
357b0b283a Fix ret code in ssl_cert_test.c 2018-06-14 23:01:55 +01:00
Andres Amaya Garcia
80081a68cd Fix ret code in udp_proxy.c 2018-06-14 23:01:55 +01:00
Jaeden Amero
09317083b5 benchmark: Add comma at end of help message
The help message was missing a comma after "hmac_drbg". Add the missing
comma.
2018-06-13 12:16:25 +01:00
Jaeden Amero
9366feb504 aes: xts: Add new context structure
Add a new context structure for XTS. Adjust the API for XTS to use the new
context structure, including tests suites and the benchmark program. Update
Doxgen documentation accordingly.
2018-06-13 12:05:04 +01:00
Jaeden Amero
e9ecf00007 aes: Remove AES-XEX
AES-XEX is a building block for other cryptographic standards and not yet a
standard in and of itself. We'll just provide the standardized AES-XTS
algorithm, and not AES-XEX. The AES-XTS algorithm and interface provided
can be used to perform the AES-XEX algorithm when the length of the input
is a multiple of the AES block size.
2018-06-13 12:03:29 +01:00
Aorimn
5f77801ac3 Implement AES-XTS mode
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn
daf7045372 Add benchmark for AES-XEX
This commit adds benchmark based on what has already been done with
AES-CBC mode.
2018-06-13 12:02:30 +01:00
Manuel Pégourié-Gonnard
39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Azim Khan
1a8ef0772c Fix coverity defects 2018-06-06 03:44:03 +01:00
Manuel Pégourié-Gonnard
9c82e2ce49 Fix some whitespace issues 2018-06-04 12:30:16 +02:00
Manuel Pégourié-Gonnard
3dc62a0a9b chachapoly: force correct mode for integrated API
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00
Manuel Pégourié-Gonnard
d6aea18749 Add Chacha20-Poly1305 to benchmark.c 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
b1ac5e7842 poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-24 13:37:31 +02:00
Daniel King
4d8f87b1ca Add ChaCha20/Poly1305 ciphers to the selftest program 2018-05-24 13:37:31 +02:00
Daniel King
adc32c0b50 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-24 13:37:31 +02:00
Daniel King
34b822ce7b Initial implementation of ChaCha20 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
a3712beb9b Merge branch 'development' into iotssl-1941-aria-ciphersuites
* development: (504 commits)
  Fix minor code style issues
  Add the uodate to the soversion to the ChangeLog
  Fix the ChangeLog for clarity, english and credit
  Update version to 2.9.0
  ecp: Fix binary compatibility with group ID
  Changelog entry
  Change accepted ciphersuite versions when parsing server hello
  Remove preprocessor directives around platform_util.h include
  Fix style for mbedtls_mpi_zeroize()
  Improve mbedtls_platform_zeroize() docs
  mbedtls_zeroize -> mbedtls_platform_zeroize in docs
  Reword config.h docs for MBEDTLS_PLATFORM_ZEROIZE_ALT
  Organize CMakeLists targets in alphabetical order
  Organize output objs in alfabetical order in Makefile
  Regenerate errors after ecp.h updates
  Update ecp.h
  Change variable bytes_written to header_bytes in record decompression
  Update ecp.h
  Update ecp.h
  Update ecp.h
  ...
2018-05-22 15:58:50 +02:00
Andres Amaya Garcia
eecea0e281 Update zeroize test to use mbedtls_platform_zeroize() 2018-04-17 10:14:53 -05:00
Andres Amaya Garcia
82934be144 Do not install zeroize program in CMakeLists 2018-04-17 10:02:17 -05:00
Andres Amaya Garcia
ae8e306973 Fix docs typos for zeroize related features/test 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
757cd72edf Update license headers year and branding 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
42defd10a6 Improve docs for zeroize.c and test_zeroize.gdb 2018-04-17 09:21:49 -05:00
Andres Amaya Garcia
6e34e63eb3 Fix style in programs/test/zeroize.c 2018-04-17 09:19:05 -05:00
Andres Amaya Garcia
88f8f41e5a Move zeroize func call to end of program in zeroize.c 2018-04-17 09:19:05 -05:00
Andres Amaya Garcia
5ab74a1401 Add programs/test/zeroize.c to test mbedtls_zeroize
The idea is to use the simple program that is expected to be modified
rarely to set a breakpoint in a specific line and check that the
function mbedtls_zeroize() does actually set the buffer to 0 and is not
optimised out by the compiler.
2018-04-17 09:17:38 -05:00
Gilles Peskine
80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Nicholas Wilson
08f3ef1861 Basic support for Curve448, similar to the current level of support for Curve25519 2018-03-29 14:29:06 +01:00