Manuel Pégourié-Gonnard
c2bd7a2f2f
Add test vectors for Camellia-GCM via cipher layer
2013-10-24 16:49:51 +02:00
Manuel Pégourié-Gonnard
0684f74023
Add failing test vectors for Camellia-GCM auth
2013-10-24 16:19:30 +02:00
Manuel Pégourié-Gonnard
2009718fbe
Add tests for AES-{192,256}-GCM in cipher layer
2013-10-24 16:02:02 +02:00
Manuel Pégourié-Gonnard
87181d1deb
Add Camellia-GCM to th cipher layer
2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
7bd8a99e11
Fix GCM dependencies
2013-10-24 13:39:39 +02:00
Manuel Pégourié-Gonnard
13e0d449f7
Add Camellia-GCM test vectors
...
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
083d66821e
Make GCM tests accept any cipher, not just AES
2013-10-24 13:21:39 +02:00
Manuel Pégourié-Gonnard
94dd5b4dd4
Rename GCM test suites to AES-GCM
2013-10-24 13:21:39 +02:00
Manuel Pégourié-Gonnard
e783f06f73
Start working on mod_p224
...
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8
Make ecp_mod_p521 a bit faster
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd
Rework ecp_mod_p192()
...
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
748190d319
Fix some dependency issues
2013-10-17 13:26:48 +02:00
Manuel Pégourié-Gonnard
75c7882de3
Add PK test for forbidden operations
2013-10-17 12:57:47 +02:00
Manuel Pégourié-Gonnard
67d4583835
Add PK tests for rsa encrypt/decrypt
2013-10-17 12:57:47 +02:00
Manuel Pégourié-Gonnard
b0a467fdbe
Start adding a PK test suite
2013-10-15 15:19:59 +02:00
Paul Bakker
5c17ccdf2a
Bumped version to 1.3.1
2013-10-15 13:12:41 +02:00
Manuel Pégourié-Gonnard
48ac3db551
Add OIDs for brainpool curves
2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard
201401646e
Fix a few selftest typos
2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard
43545c8b4f
Add test vectors for brainpool curves
2013-10-10 12:56:00 +02:00
Paul Bakker
1337affc91
Buffer allocator threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
1ffefaca1e
Introduced entropy_free()
2013-09-29 15:01:42 +02:00
Manuel Pégourié-Gonnard
420edcaf1d
Clean up config-suite-b.h thanks to new certs
2013-09-25 11:52:38 +02:00
Manuel Pégourié-Gonnard
cc648d19dc
Adapt test cases to new certs and file names
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861
RSA and ECDSA key exchanges don't depend on CRL
2013-09-24 21:25:53 +02:00
Paul Bakker
c27c4e2efb
Support faulty X509 v1 certificates with extensions
...
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
a7496f00ff
Fix a few more warnings in small configurations
2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
4fee79b885
Fix some more depend issues
2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
387a211fad
Fix some dependencies in tests
2013-09-20 10:58:59 +02:00
Paul Bakker
5ad403f5b5
Prepared for 1.3.0 RC0
2013-09-18 21:21:30 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
456d3b9b0b
Make ECP error codes more specific
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
dd0f57f186
Check key size in cipher_setkey()
2013-09-18 14:34:32 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e
Generalized function names of x509 functions not parse-specific
...
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211
Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
2013-09-17 14:36:05 +02:00
Paul Bakker
36713e8ed9
Fixed bunch of X509_PARSE related defines / dependencies
2013-09-17 13:25:29 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39
POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C
2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0
Move *_pemify() function to PEM module
2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6
Moved DHM parsing from X509 module to DHM module
2013-09-15 17:43:54 +02:00
Paul Bakker
dce7fdcbc9
Fixed warnings in case POLARSSL_PEM_C is not defined
2013-09-15 17:15:26 +02:00
Paul Bakker
2292d1fad0
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
2013-09-15 17:06:49 +02:00
Paul Bakker
de56ca1097
The suite specific header should only be used when the suite is active
2013-09-15 17:05:21 +02:00
Paul Bakker
4606c7317b
Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C
2013-09-15 17:04:23 +02:00
Paul Bakker
428b9ba3b7
Moved POLARSSL_FS_IO check to .function from .data
2013-09-15 15:20:37 +02:00
Paul Bakker
e827ce013f
Fix for parse commit
2013-09-15 15:08:31 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2
Make CBC an option, step 2: cipher layer
2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
4fe9200f47
Fix memory leak in GCM by adding gcm_free()
2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard
735b8fcb0b
Fix blunder in 8a109f1
2013-09-13 12:57:23 +02:00
Paul Bakker
9013af76a3
Merged major refactoring of x509write module into development
...
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
0237620a78
Fix some dependencies declaration
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2
Add missing f_rng/p_rng arguments to x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5
Convert x509write_crt interface to PK
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d
Add EC support to x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4
Add test for x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e
Add EC support to x509write_pubkey
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb
Adapt x509write_pubkey interface to use PK
...
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
33250b0461
Add test for x509write_pubkey_pem()
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f
Adapt x509write_csr prototypes for PK
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
27d87fa6c4
Fix many off-by-one errors
2013-09-12 11:57:00 +02:00
Paul Bakker
c0dcf0ceb1
Merged blinding additions for EC, RSA and DHM into development
2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7
Merged GCM refactoring into development
...
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Paul Bakker
a5943858d8
x509_verify() now case insensitive for cn (RFC 6125 6.4)
2013-09-09 17:21:45 +02:00
Paul Bakker
cd35803684
Changes x509_csr to x509write_csr
2013-09-09 12:38:45 +02:00
Paul Bakker
43aff2aec4
Moved GCM to use cipher layer instead of AES directly
2013-09-09 00:10:27 +02:00
Paul Bakker
5e0efa7ef5
Added POLARSSL_MODE_ECB to the cipher layer
2013-09-08 23:04:04 +02:00
Paul Bakker
2397cf3ede
First certificate writing test. Full server1.crt reconstruction
2013-09-08 15:58:15 +02:00
Manuel Pégourié-Gonnard
b8bd593741
Restrict cipher_update() for GCM
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b
Cipher: test multiple cycles
...
GCM-cipher: just trust the user to call update_ad at the right time
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae
Simplify DH blinding a bit
2013-09-04 17:18:28 +02:00
Manuel Pégourié-Gonnard
143b5028a5
Implement DH blinding
2013-09-04 16:29:59 +02:00
Manuel Pégourié-Gonnard
2d627649bf
Change dhm_calc_secret() prototype
2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
f7ce67f0d2
Add tests for gcm via cipher
2013-09-04 12:14:11 +02:00
Manuel Pégourié-Gonnard
8eccab5077
Add test vectors to the cipher test suite
...
Ensures the selected cipher/mode/padding is actually used
and padding and tag are actually checked.
2013-09-04 12:12:44 +02:00
Manuel Pégourié-Gonnard
43a4780b03
Ommit AEAD functions if GCM not defined
2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98
Split tag handling out of cipher_finish()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346
Split cipher_update_ad() out or cipher_reset()
2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
9c853b910c
Split cipher_set_iv() out of cipher_reset()
2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
e09d2f8261
Change ecp_mul() prototype to allow randomization
...
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Manuel Pégourié-Gonnard
9241be7ac5
Change cipher prototypes for GCM
2013-08-31 18:07:42 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69
GCM in the cipher layer, step 1
...
- no support for additional data
- no support for tag
2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de
Handle NULL as a stream cipher for more uniformity
2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022
Add arc4 support in the cipher layer
2013-08-30 17:11:28 +02:00
Paul Bakker
48377d9834
Configuration option to enable/disable POLARSSL_PKCS1_V15 operations
2013-08-30 13:41:14 +02:00
Paul Bakker
548957dd49
Refactored RSA to have random generator in every RSA operation
...
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80
Merged refactored x509write module into development
2013-08-28 16:32:51 +02:00
Paul Bakker
577e006c2f
Merged ECDSA-based key-exchange and ciphersuites into development
...
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
a0f07478ee
Rm redundant dependencies in test files
2013-08-28 10:10:09 +02:00
Manuel Pégourié-Gonnard
df0142bd17
Fix some dependencies in tests
2013-08-27 22:21:21 +02:00
Paul Bakker
82e2945ed2
Changed naming and prototype convention for x509write functions
...
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
2130796658
Switched order of storing x509_req_names to match inputed order
2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461
Rewrote x509 certificate request writing to use structure for storing
2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c
PK: rename members for consistency CIPHER, MD
...
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
c6ac8870d5
Nicer interface between PK and debug.
...
Finally get rid of pk_context.type member, too.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
b4e9ca9650
Add some more x509_verify tests
...
- trust chain of depth 0
- invalid signature
- trust chain of depth 2
- multiple trusted CA's
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
05b9dce20b
Add tests for crl_info with EC CA
2013-08-20 20:26:29 +02:00
Manuel Pégourié-Gonnard
6d29ff209b
Add cert_info tests for EC and mixed certificates
2013-08-20 20:26:29 +02:00
Manuel Pégourié-Gonnard
6009c3ae5e
Add tests for EC cert and crl validation
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
e7f64a8e71
Add missing depends to some x509parse tests
2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
20e9fad4c1
Add test files for EC cert & crl validation
2013-08-20 20:21:02 +02:00
Manuel Pégourié-Gonnard
8eebd012b9
Add an ecdsa_genkey() function
2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard
b694b4896c
Add ecdsa_{read,write}_signature()
2013-08-20 20:04:16 +02:00
Paul Bakker
5a8a62ce1c
Fixed some x509parse tests after merge of new test framework
2013-08-20 14:27:21 +02:00
Paul Bakker
898edb7744
Merged the revamped test framework into development
2013-08-20 14:23:02 +02:00
Paul Bakker
68a4fce8aa
Added missing dependencies on functions and tests
2013-08-20 12:42:31 +02:00
Paul Bakker
bb20f4b720
Failing TEST_ASSERT now breaks off test
2013-08-20 12:41:33 +02:00
Paul Bakker
b34fef2f3c
Suite dependencies handled correctly now
2013-08-20 12:06:33 +02:00
Paul Bakker
33b43f1ec3
Converted .function file to c-like format and adapted generator code
2013-08-20 11:48:36 +02:00
Paul Bakker
55a7e908f2
Enhanced test output presentation
2013-08-19 14:02:21 +02:00
Manuel Pégourié-Gonnard
b03de8bcbe
Add test for EC keys with all curves.
...
(Made possible by the OID fix.)
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
06dab806ce
Fix memory error in asn1_get_bitstring_null()
...
When *len is 0, **p would be read, which is out of bounds.
2013-08-16 14:00:52 +02:00
Paul Bakker
dbd443dca6
Adapted .function files and .data files to new test framework
...
Changes include:
- Integers marked with '#' in the .function files.
- Strings should have "" in .data files.
- String comparison instead of preprocessor-like replace for e.g. '=='
- Params and variables cannot have the same name in .function files
2013-08-16 13:51:37 +02:00
Paul Bakker
1934318dce
Introduced own scripted test framework to replace fct.h and reduce
...
compile time
The new test framework generates a data file parsing engine plus the
templated function code. In order to 'understand' defines, during
the generation phase, a mapping is made to check for dependencies and
result code mappings.
2013-08-16 13:51:37 +02:00
Paul Bakker
51e73135ec
Fixed expected test result case for unknown padding modes
2013-08-15 11:41:39 +02:00
Manuel Pégourié-Gonnard
ebdc413f44
Add 'no padding' mode
2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95
Add zero padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a
Add zeros-and-length (ANSI X.923) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad
Add one-and-zeros (ISO/IEC 7816-4) padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
6c9789932e
Adapt cipher tests to configurable padding
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
a640849b55
Add tests for get_padding() (PKCS#7)
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
725680ffd2
Make cipher tests less dependant on padding size
2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5
Add cipher_set_padding() (no effect yet)
...
Fix pattern in tests/.gitignore along the way.
2013-08-14 14:02:46 +02:00
Paul Bakker
bd5fd4d1da
RFC6229 ARC4 test vectors added to testsuite
2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard
4f47538ad8
Fix some 'depends' in tests
2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac
Some more EC pubkey parsing refactoring
...
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
893879adbd
Adapt debug_print_crt() for EC keys
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
a3c86c334c
Certificates with EC key and/or sig parsed
2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
72ef0b775d
Add test certificate signed with ECDSA
2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
244569f4b1
Use generic x509_get_pubkey() for RSA functions
2013-07-17 15:59:40 +02:00
Paul Bakker
8ea6c61477
Rename of prvkey -> privkey fix in test suite files
2013-07-16 17:16:58 +02:00
Manuel Pégourié-Gonnard
de44a4aecf
Rename ecp_check_prvkey with a 'i' for consistency
2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
8838099330
Add x509parse_{,public}_key{,file}()
...
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
2b9252cd8f
Add tests for x509parse_key_ec()
...
Test files were generated as follows:
openssl ecparam -name prime192v1 -genkey > key.pem
openssl ec -in key.pem -pubout -outform PEM > pub.pem
openssl ec -in key.pem -pubout -outform DER > pub.der
openssl ec -in key.pem -outform pem > prv.sec1.pem
openssl ec -in key.pem -outform der > prv.sec1.der
openssl ec -in key.pem -des -passout pass:polar -outform pem > prv.sec1.pw.pem
openssl pkcs8 -topk8 -in key.pem -nocrypt -outform pem > prv.pk8.pem
openssl pkcs8 -topk8 -in key.pem -nocrypt -outform der > prv.pk8.der
openssl pkcs8 -topk8 -in key.pem -passout pass:polar -outform der \
> prv.pk8.pw.der
openssl pkcs8 -topk8 -in key.pem -passout pass:polar -outform pem \
> prv.pk8.pw.pem
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
1bc6931f8c
Add test for x509parse_public_keyfile_ec
2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
ba4878aa64
Rename x509parse_key & co with _rsa suffix
2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83
Add ecp_check_prvkey, with test
...
Also group key checking and generation functions in ecp.h and ecp.c.
2013-07-08 15:31:18 +02:00
Paul Bakker
92b8dc0535
Fixed memory leaks in tests
2013-07-03 17:22:31 +02:00
Paul Bakker
e07c431eb3
Test suite automatically uses buffer-based memory allocator if present
...
Eat your own dog-food..
2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2
Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h}
2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f
SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
...
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
fd3eac5786
Cleaned up ECP error codes
2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05
Made supported curves configurable
2013-06-29 23:26:34 +02:00
Paul Bakker
f8d018a274
Made asn1_get_alg() and asn1_get_alg_null() as generic functions
...
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
2013-06-29 18:35:40 +02:00
Paul Bakker
b9d3cfa114
Split up GCM into a start/update/finish cycle
2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a
Made ctr_drbg_init_entropy_len() non-static and defined
2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6
Cleanup up non-prototyped functions (static) and const-correctness
...
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
f67edd9db8
Made x509parse PKCS#12 and PKCS#5 tests dependent on defines
...
(cherry picked from commit db7ea6f16262cf87fdfa0f98b58707d724531f3d)
2013-06-25 15:06:53 +02:00
Paul Bakker
38b50d73a1
Moved PKCS#12 PBE functions to cipher / md layer where possible
...
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).
In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2699bd3da884662f7e56e097a12b1a0)
2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb
x509parse_crt() and x509parse_crt_der() return X509 password related codes
...
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED
Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c755f9fd3c8b755d78d7a92d66245c57)
2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef
PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
...
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2016dfaff2b48c11f731fc9ccbd7ccf)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
b0c19a4b3d
PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
...
old PBKDF2 module.
(cherry picked from commit 19bd297dc896410e0d859729f9e8d4b1e107e6c8)
Conflicts:
include/polarssl/error.h
scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
28837ff2f4
Make sure polarssl/config.h is included at the start
...
(cherry picked from commit 9691bbe9b32fead5d5268f171d1e185f61a43ac3)
2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825
Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
...
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a81c7b22271beb58a09b5c756148e62a)
Conflicts:
scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876
Internally split up x509parse_key()
...
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6ff7b93f0a231a5a49d98d968c9bcdc)
Conflicts:
library/x509parse.c
2013-06-25 15:06:50 +02:00
Paul Bakker
ef3f8c747e
Fixed const correctness issues in programs and tests
...
(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)
Conflicts:
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
programs/test/ssl_test.c
programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
286bf3c501
Split up largest test suite data files into smaller chunks
2013-04-08 18:09:51 +02:00
Paul Bakker
c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
00c1f43743
Merge branch 'ecc-devel-mpg' into development
2013-03-13 16:31:01 +01:00
Paul Bakker
90f042d4cb
Prepared for PolarSSL 1.2.6 release
2013-03-11 11:38:44 +01:00
Manuel Pégourié-Gonnard
424fda5d7b
Add ecdh_calc_secret()
2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c
Add ecdh_{make,read}_public()
2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2
Add ecdh_read_params().
2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
98f51815d6
Fix ecp_tls_read_point's signature
2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418
Fix ecp_tls_read_group's signature
2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
8c16f96259
Add a few tests for ecp_tls_read_point
2013-02-10 13:00:20 +01:00
Manuel Pégourié-Gonnard
46106a9d75
Add tests for (and fix bug in) ecp_tls_write_group
2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675
Fix ecp_tls_write_point's signature
2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
6282acaec2
Add basic tests for ecp_tls_*_point
2013-02-10 11:15:11 +01:00
Manuel Pégourié-Gonnard
7e86025f32
Rename ecp_*_binary to ecp_point_*_binary
2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22
Supress 'format' argument to ecp_read_binary.
...
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
1a96728964
Add function parsing a TLS ECParameters record
2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e
Updated for PolarSSL 1.2.5
2013-02-02 19:23:57 +01:00
Manuel Pégourié-Gonnard
cf4a70c8ed
Adjust names of ECDSA tests.
2013-01-27 09:10:53 +01:00
Manuel Pégourié-Gonnard
450a163c81
Fix valgrind warning in ECDSA test suite.
2013-01-27 09:08:18 +01:00
Manuel Pégourié-Gonnard
007b7177ef
ECDH : add test vectors from RFC 5903.
2013-01-27 09:00:02 +01:00
Manuel Pégourié-Gonnard
602a8973d7
ECDSA : test vectors from RFC 4754
2013-01-27 08:10:28 +01:00
Manuel Pégourié-Gonnard
d1c7150bf5
Basic tests for ECDSA.
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
61ce13b728
Basic tests for ECDH primitive
2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
45a035a9ac
Add ecp_gen_keypair()
2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378
Updated for PolarSSL 1.2.4
2013-01-25 17:11:37 +01:00
Manuel Pégourié-Gonnard
5e402d88ea
Added ecp_read_binary().
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3
Added support for writing points compressed
2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46
Added ecp_write_binary().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63
Added ecp_check_pubkey().
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
c554e9acf1
Added test vectors from RFC 5903
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5
Made ecp_mul() faster and truly SPA resistant
2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b4a310b472
Added a selftest about SPA resistance
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e
Added ecp_sub() as a variant of ecp_add()
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c
Changed to jacobian coordinates everywhere
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb
Multiplication by negative is now forbidden
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
8433824d5f
Added fast mod_p192
2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
e739f0133b
Added test vectors from RFC 5114 to test suite
2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c
Moved tests from selftest to tests/test_suite_ecp
2013-01-16 16:31:50 +01:00
Paul Bakker
58ef6ec613
Cleaner test-memory cleanups
2013-01-03 11:33:48 +01:00
Paul Bakker
fb1ba781b3
Updated for release 1.2.3
2012-11-26 16:28:25 +01:00
Paul Bakker
df5069cb97
Updated for 1.2.2 release
2012-11-24 12:20:19 +01:00
Manuel Pégourié-Gonnard
e44ec108be
Fixed segfault in mpi_shift_r()
...
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
e0f41f3086
- Updated version to 1.2.1
2012-11-13 12:55:02 +00:00
Paul Bakker
9daf0d0651
- Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1
2012-11-13 12:13:27 +00:00
Paul Bakker
f02c5642d0
- Allow R and A to point to same mpi in mpi_div_mpi
2012-11-13 10:25:21 +00:00
Paul Bakker
8f387e6605
- Updated trunk base version to 1.2.0 for prerelease 1
2012-10-02 15:26:45 +00:00
Paul Bakker
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
31417a71f8
- Fixed tests for enhanced rsa_check_privkey()
2012-09-27 20:41:37 +00:00
Paul Bakker
1a0f552030
- Fixed test for 'trust extension' change
2012-09-25 21:53:55 +00:00
Paul Bakker
17a9790918
- Added regression check for latest mpi_add_abs() issue
2012-09-17 08:44:35 +00:00
Paul Bakker
68b6d88f5e
- Clear all memory
2012-09-08 14:04:13 +00:00
Paul Bakker
f518b16f97
- Added PKCS#5 PBKDF2 key derivation function
2012-08-23 13:03:18 +00:00
Paul Bakker
9195662a4c
- Added test for no-subject certificates with altSubjectNames
2012-08-23 10:46:54 +00:00
Paul Bakker
6132d0aa93
- Added Blowfish to generic cipher layer
...
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
a9379c0ed1
- Added base blowfish algorithm
2012-07-04 11:02:11 +00:00
Paul Bakker
f6198c1513
- mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52 )
2012-05-16 08:02:29 +00:00
Paul Bakker
40dd5303c2
- Fixed test on Big Endian systems (Fixed Ticket #54 )
2012-05-15 15:02:38 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
0c8f73ba8b
- Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong
2012-03-22 14:08:57 +00:00
Paul Bakker
89e80c9a43
- Added base Galois/Counter mode (GCM) for AES
2012-03-20 13:50:09 +00:00
Paul Bakker
6d6205091b
- First tests for x509_write_cert_req() compat with OpenSSL output
2012-02-16 14:09:13 +00:00
Paul Bakker
b08e6843c2
- Removed test memory leaks
2012-02-11 18:43:20 +00:00
Paul Bakker
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7
- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3
- Made changes for 1.1.1 release
2012-01-23 09:44:43 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0
- Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work
2011-12-10 21:42:49 +00:00
Paul Bakker
c50132d4fa
- Updated version of PolarSSL to 1.1.0
2011-12-05 14:38:36 +00:00
Paul Bakker
c0a1a319df
- Moved test to entropy and CTR_DRBG
2011-12-04 17:12:15 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
cb37aa5912
- Better buffer handling in mpi_read_file()
2011-11-30 16:00:20 +00:00
Paul Bakker
a3d195c41f
- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs
2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3
- Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
2011-11-27 14:46:59 +00:00
Paul Bakker
fae618fa8b
- Updated tests to reflect recent changes
2011-10-12 11:53:52 +00:00
Paul Bakker
fa1c592860
- Fixed faulty HMAC-MD2 implementation (Fixes ticket #37 )
2011-10-06 14:18:49 +00:00
Paul Bakker
968bc9831b
- Preparations for v1.0.0 release of PolarSSL
2011-07-27 17:03:00 +00:00
Paul Bakker
46c1794110
- Split cipher test suite into three different sets
...
- Adapted test source code generation accordingly
2011-07-13 14:54:54 +00:00
Paul Bakker
26b41a8370
- Fixed compiler warning
2011-07-13 14:53:58 +00:00
Paul Bakker
eaf90d9a9c
- Removed unused but initialized variables
2011-07-13 14:21:52 +00:00
Paul Bakker
36f1b197ca
- Added test for PKCS#8 wrapped private and public keys
2011-07-13 11:32:29 +00:00
Paul Bakker
c65ab340a7
- Fixed error code
2011-06-09 15:44:37 +00:00
Paul Bakker
343a870daa
- Expanded generic cipher layer with support for CTR and CFB128 modes of operation.
2011-06-09 14:27:58 +00:00
Paul Bakker
1ef71dffc7
- Updated unsignedness in some missed cases
2011-06-09 14:14:58 +00:00
Paul Bakker
cd43a0beec
- Adjusted to use proper size_t arguments
2011-06-09 13:55:44 +00:00
Paul Bakker
828acb2234
- Updated for release 0.99-pre5
2011-05-27 09:25:42 +00:00
Paul Bakker
d7d8dbe3bf
- Fixed two typos
2011-05-26 15:29:38 +00:00
Paul Bakker
c3f5656ff6
- Fixed dependency of MD4 and MD2 of POLARSSL_FS_IO
2011-05-26 14:38:05 +00:00
Paul Bakker
5690efccc4
- Fixed a whole bunch of dependencies on defines between files, examples and tests
2011-05-26 13:16:06 +00:00