Commit Graph

457 Commits

Author SHA1 Message Date
Steffen Jaeckel
d4945ac521 add (nearly) all defines from tomcrypt_custom.h to crypt_build_settings
... and provide a new make target to check if something is missing
2015-09-08 21:09:49 +02:00
Steffen Jaeckel
0b140206cf Merge branch 'feature/rsa-crt_hardening' into develop
This fixes #77
2015-09-08 21:04:54 +02:00
Steffen Jaeckel
733c52aa00 add LTC_RSA_CRT_HARDENING to crypt_build_settings 2015-09-08 21:04:33 +02:00
Steffen Jaeckel
01f1845402 harden RSA CRT by implementing the proposed countermeasure
... from ch. 1.3 of [1]

[1] https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
2015-09-08 02:44:17 +02:00
Steffen Jaeckel
19e2526b82 add some make targets regarding code coverage 2015-09-08 02:35:35 +02:00
Steffen Jaeckel
7db5760c91 add possibility to create combined coverage
Define the environment variable LTC_COVERAGE to something, run testme.sh
with all the coverage compile time options enabled and then 'make lcov'
creates the combined coverage for all combinations of compile-time
options handled in testme.sh.

e.g. LTC_COVERAGE=1 ./testme.sh "makefile -j3" "-DUSE_LTM -DLTM_DESC -I../libtommath -fprofile-arcs -ftest-coverage" "../libtommath/libtommath.a -lgcov"
2015-09-08 01:36:13 +02:00
Steffen Jaeckel
21ed315527 ignore output of 'make doxy' 2015-09-08 01:14:57 +02:00
Steffen Jaeckel
fd94034ba7 sort HEADERS in makefiles, so it doesn't change spontaneously 2015-09-01 17:36:43 +02:00
Steffen Jaeckel
6ec93afa3c clean-up test-build and extend tomcrypt_custom.h
added LTC_MINIMAL to be able do a build without nearly any
functionality :)
make sure timing resistant RSA & ECC are enabled if not said otherwise
2015-09-01 17:36:43 +02:00
Steffen Jaeckel
8cb20e6059 add more DES test vectors 2015-08-31 15:09:36 +02:00
Steffen Jaeckel
eb26b7efd4 Merge branch 'fix/ccm_constant_time' into develop
This closes #73 and closes #76
2015-08-26 00:16:09 +02:00
Sebastian Verschoor
75b114517a make sure no cache-based timing attack is possible
instead of two different buffers, there is just one buffer. Based upon the verification result, a mask is applied to the buffer before it is written to the output buffer.
2015-08-26 00:08:38 +02:00
Steffen Jaeckel
09e4b0ec9b don't reveal plaintext if authentication failed
Create two buffers of the same size as the input data.
Copy the input data to the first one and work with that version to hold the
decrypted data, zeroize the second one.
Copy depending on the verification result, either the zero-buffer or the
real plaintext to the output buffer.
2015-08-26 00:08:38 +02:00
Steffen Jaeckel
6c11ca771b fix compile error of tests 2015-08-26 00:08:38 +02:00
Sebastian Verschoor
25af184cd5 Quickfix for issue #73
The API of the function is changed (for decryption, tag is now an input
parameter). With the old API it is impossible to confirm to the NIST
specification and a timing sidechannel leak is inevitable.
2015-08-26 00:08:38 +02:00
Steffen Jaeckel
38bfef2996 Merge branch 'aes-xts-accel' into develop
This fixes #70
2015-08-26 00:05:31 +02:00
Steffen Jaeckel
f9c8c9c229 also test XTS accelerators 2015-08-26 00:05:07 +02:00
Steffen Jaeckel
181d2f2df7 auto-format xts code 2015-08-26 00:02:50 +02:00
Steffen Jaeckel
b25d04ed94 fix pointer check 2015-08-25 23:58:22 +02:00
Jerome Forissier
5c3f177b34 Add function pointers for accelerated XTS to ltc_cipher_descriptor
Similar to what already exists for other modes.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
2015-08-25 23:58:22 +02:00
Steffen Jaeckel
99214b53f6 add .clang-format 2015-08-25 23:58:08 +02:00
Steffen Jaeckel
a13257094e handle LTC_NO_FAST before handling LTC_FAST 2015-08-23 22:59:15 +02:00
Steffen Jaeckel
61efc10852 update makefiles 2015-08-23 22:59:14 +02:00
Steffen Jaeckel
ee03c97cde add crc32 2015-08-23 22:59:14 +02:00
Steffen Jaeckel
9585faca2b re-work debug output of some tests 2015-08-23 22:59:14 +02:00
Steffen Jaeckel
1987a2f975 add adler32 checksum algorithm 2015-08-23 22:59:14 +02:00
Steffen Jaeckel
d6cea55b13 Merge branch 'pascal-brand-st-dev/ecc_raw' into develop
This fixes #69
2015-08-21 22:18:42 +02:00
Pascal Brand
3605983f09 Introduce ECC raw algorithms for sign and verify
As it is performed on dsa, raw sign and verify on ECC
are introduced.

Signed-off-by: Pascal Brand <pascal.brand@st.com>
2015-08-21 22:14:03 +02:00
Steffen Jaeckel
0e8d8f8d81 Merge branch 'pascal-brand-st-dev/ecctest' into develop
This fixes #68
2015-08-21 22:12:02 +02:00
Pascal Brand
7313d1e6b0 Update ECC timing tests
Signed-off-by: Pascal Brand <pascal.brand@st.com>
2015-08-21 22:09:25 +02:00
Steffen Jaeckel
08629ed2b0 Merge branch 'fix/issue74' into develop
This closes #74
2015-08-21 21:30:38 +02:00
Sebastian Verschoor
67973b04ae fix #74 2015-08-21 21:29:56 +02:00
Steffen Jaeckel
c28cc9e3e9 crypt_build_settings: remove build date and time 2015-05-07 10:32:12 +02:00
Karel Miko
aeaa6d4a51 cygwin related fix - variable name B0 changed to B_0 (part 2) 2015-04-17 08:59:35 +02:00
Karel Miko
6a257e15cd cygwin related fix - variable name B0 changed to B_0 as it caused collision when compiling libtomcrypt as a perl module (for some reason only on cygwin) 2015-04-17 08:56:42 +02:00
Karel Miko
a8e91afb16 cygwin/64bit related fix - added !defined(__x86_64__) 2015-04-17 08:50:38 +02:00
Steffen Jaeckel
4981e2ab3f Merge pull request #61 from ulikoehler/reffix
Fix config file reference
2015-03-28 08:31:21 -04:00
Uli Köhler
d24e9cd32d Fix config file reference 2015-03-27 21:41:51 +01:00
Steffen Jaeckel
925f1ec0e6 Merge pull request #60 from pascal-brand-st-dev/memneq
Use XMEM_NEQ instead of mem_neq
2015-02-27 10:11:14 +01:00
Pascal Brand
f20b5daf39 Use XMEM_NEQ instead of mem_neq
mem_neq is no more used directly. XMEM_NEQ is used instead,
in the same way XMEMCMP, XMEMCPY,... are.

Signed-off-by: Pascal Brand <pascal.brand@st.com>
2015-02-27 08:54:30 +01:00
Steffen Jaeckel
dfa938a4f6 verify outcome when defining LTC_NOTHING
check that LTC_NOTHING really creates nothing but the libraries' basic
API functions
2015-02-15 17:25:45 +01:00
Steffen Jaeckel
90e968a202 der_decode_subject_public_key_info: fix compile error
also make it possible to define min/max RSA key sizes externally

This closes #59
2015-02-15 16:32:12 +01:00
Saleem Abdulrasool
62878de0c5 adjust inline asm requiring constants
In order to ensure that the shift is within range, convert the inline assembly
routines into macros with compound statements.
2015-01-20 22:36:07 +01:00
Steffen Jaeckel
e9f9c6fa55 create a makefile.include
it contains all the preparation and targets for the static and shared lib
2015-01-20 22:36:07 +01:00
Steffen Jaeckel
0b6915740c saferp: enclose macros in do{}while(0) loop 2015-01-20 22:36:07 +01:00
Steffen Jaeckel
9782c09a3a use XMEM{CMP, CPY, SET} macros instead of standard versions 2015-01-20 22:36:06 +01:00
Steffen Jaeckel
b8bf2f13b8 Merge branch 'feature/const_memcmp' into develop
This closes #57
2015-01-20 22:35:44 +01:00
Steffen Jaeckel
46c038f7d4 adapt rsa_test() to modified pkcs#1 decoding routines 2014-11-13 22:30:07 +01:00
Steffen Jaeckel
1e9e98aa0d make pkcs#1 decode functions constant-time
as proposed in RFC 3447 only one error return code is used when there are
errors while decoding the pkcs#1 format.
also, all steps are executed and only the "output" is skipped if something
went wrong.

Sorry this could break backwards compatibility, since there's no more
BUFFER_OVERFLOW messaging.
Former error-handling code could also be affected because now there's only
OK as return code in cases where "res" is also set to '1'.
2014-11-13 22:26:59 +01:00
Steffen Jaeckel
e57c92fd23 replace calls to standard memcmp with constant memcmp where necessary 2014-11-13 22:09:45 +01:00