TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,337 Commits 1 Branch 0 Tags 18 MiB
fff9fee129
Commit Graph

610 Commits

Author SHA1 Message Date
Karel Miko
784a009efe increase coverage 2017-04-28 19:24:58 +02:00
Karel Miko
da25a23712 increasing prngs/rc4 coverage 2017-04-28 19:24:58 +02:00
Karel Miko
0df0c9b12c LTC_CHACHA_STREAM >> LTC_CHACHA 2017-04-28 19:24:58 +02:00
Karel Miko
dd35e86c60 renaming rc4+sober128 stream API to *_stream_* 2017-04-28 19:24:58 +02:00
Karel Miko
fe14c8bfaf Move RC4 + SOBER128 to src/stream/ 2017-04-28 19:24:58 +02:00
Karel Miko
0d998fd4c8 stream/chacha ivlen cosmetics 2017-04-25 01:10:15 +02:00
Karel Miko
0f0f1e40be indentation 2017-04-24 21:59:21 +02:00
Karel Miko
61105b67f4 test vectors from https://github.com/BLAKE2 2017-04-23 23:27:54 +02:00
Karel Miko
0d585958c1 BLAKE2 based MACs 2017-04-23 23:27:54 +02:00
Steffen Jaeckel
7a83cea4db use appropriate names for sha3 hashes 2017-04-23 15:55:49 +02:00
Karel Miko
336c52ca5f Facelift of *_file functions 2017-04-21 16:11:22 +02:00
Kelvin Sherlock
56a2efa729 fix blake2s-160/224 hash sizes. 2017-04-20 11:22:16 -04:00
Kelvin Sherlock
4905232eda more tests. 2017-04-19 16:50:34 -04:00
Kelvin Sherlock
c65d24222e always zeromem hash_state when done 2017-04-19 16:47:03 -04:00
Kelvin Sherlock
2dc574d477 use - in hash descriptors. 2017-04-19 16:46:36 -04:00
Kelvin Sherlock
4ee9d767bb add key/keylen parameters to blake2x_init 2017-04-10 18:29:51 -04:00
Kelvin Sherlock
0f97bb7415 fix burn blake2b stack size. 2017-04-10 16:37:34 -04:00
Kelvin Sherlock
55450078ea use compare_testvector in tests. 2017-04-10 12:00:22 -04:00
Kelvin Sherlock
ea8dde7f63 formatting 2017-04-10 11:34:59 -04:00
Kelvin Sherlock
dfbdb626c3 add missing const. 2017-04-10 10:50:34 -04:00
Kelvin Sherlock
6b46b447b5 replace packed parameter struct with offsets into a unsigned char buffer. 2017-04-10 10:40:20 -04:00
Kelvin Sherlock
6acdfe9a55 cleanup, resins with updated reference source 2017-04-10 10:22:50 -04:00
Kelvin Sherlock
afc6e8d370 minor cleanup. 2017-04-10 10:21:51 -04:00
Kelvin Sherlock
b4594ab3c6 remove inline and c99 variable declarations. 2017-04-09 17:22:42 -04:00
Kelvin Sherlock
268c87e33d add LTC_ARGCHK for blake2b_process. 2017-04-08 17:00:39 -04:00
Kelvin Sherlock
6f6e2d30a8 clang-format 2017-04-08 15:43:38 -04:00
Kelvin Sherlock
7c5fef9b71 add blake2b hash 2017-04-08 15:40:56 -04:00
Kelvin Sherlock
5924bd43e6 tweak source to conform a little better 2017-04-08 15:40:20 -04:00
Kelvin Sherlock
51075724c1 use hash_state * for all arguments. 2017-04-07 23:46:52 -04:00
Kelvin Sherlock
063df0bffe more tests. 2017-04-07 23:46:17 -04:00
Kelvin Sherlock
4449cdcea3 sort and number the ltc_hash_descriptors. 2017-04-07 23:45:49 -04:00
Kelvin Sherlock
1b5ae955d2 moe clang-format 2017-04-07 21:24:47 -04:00
Kelvin Sherlock
51f6b063d6 clang format 2017-04-07 21:12:54 -04:00
Kelvin Sherlock
647b53d880 add blake2s to various places. 2017-04-07 20:50:28 -04:00
Kelvin Sherlock
68296e0608 blake2s hash 2017-04-07 20:47:44 -04:00
Francois Perrad
b6c27c2f08 no room for nul terminator 2017-04-07 12:16:48 +02:00
Francois Perrad
0be45a6341 remove unreachable code 2017-04-07 12:16:44 +02:00
Francois Perrad
9941648125 remove suspicious ; 2017-04-07 00:17:43 +02:00
Steffen Jaeckel
08415d37f3 fix compare_testvector() macro 2017-04-06 22:47:36 +02:00
Francois Perrad
168472f753 misuse of compare_testvector 2017-04-05 09:28:32 +02:00
Karel Miko
eefb8dc479 renaming prngs/chacha.c prngs/chacha20.c 2017-04-03 22:54:27 +02:00
Karel Miko
bfe9484a3d renaming chacha_prng > chacha20_prng 2017-04-03 22:52:17 +02:00
Karel Miko
2520e6c061 add link to arc4random.c which was the inspiration for chacha_prng 2017-04-03 20:04:00 +02:00
Karel Miko
7b93f04390 wrong use of sizeof(buf) 2017-04-03 19:54:51 +02:00
Karel Miko
ce37498ec6 chacha_prng_desc > chacha20_prng_desc 2017-04-03 19:52:03 +02:00
Karel Miko
08a028ab04 missing LTC_FILE_READ_BUFSIZE in crypt.c 2017-04-02 18:13:45 +02:00
Karel Miko
883db95da2 FILE_READ_BUFSIZE > LTC_FILE_READ_BUFSIZE 2017-04-02 18:13:45 +02:00
Karel Miko
06b1582de6 new #define FILE_READ_BUFSIZE 2017-04-02 18:13:45 +02:00
Karel Miko
ff5b02d371 LTC_CHACHA vs. LTC_CHACHA20_PRNG 2017-04-02 18:13:45 +02:00
Karel Miko
2656a040e0 chacha_prng > chacha20_prng 2017-04-02 18:13:45 +02:00
Karel Miko
3a05f0331d chachapoly_state > chacha20poly1305_state 2017-04-02 18:13:45 +02:00
Karel Miko
11a9dc50b3 poly_state > poly1305_state 2017-04-02 18:13:45 +02:00
Karel Miko
39028bbeed more tests in chacha20poly1305_test 2017-04-02 18:13:45 +02:00
Karel Miko
31b52a354d padlen in chacha20poly1305_decrypt 2017-04-02 18:13:45 +02:00
Karel Miko
5797b0cc1e test for chacha_ivctr64 (2) 2017-04-02 18:13:45 +02:00
Karel Miko
53c00d14e5 test for chacha_ivctr64 2017-04-02 18:13:45 +02:00
Karel Miko
a517db2514 cosmetics 2017-04-02 18:13:45 +02:00
Karel Miko
c8cb714e08 added chacha_done 2017-04-02 18:13:45 +02:00
Karel Miko
ff6abc776c RFC 7539 - ChaCha20 and Poly1305 + chacha based PRNG 2017-04-02 18:13:45 +02:00
Karel Miko
6844275e82 silence MSVC compiler warning 2017-04-02 17:42:28 +02:00
Steffen Jaeckel
2c52bf75f4 bugfixing 2017-03-31 18:24:42 +02:00
Steffen Jaeckel
08503a02f5 update error codes 
This closes #180
 2017-03-31 15:12:12 +02:00
Steffen Jaeckel
1f0daf1eff fix compiler warning 2017-03-31 00:57:22 +02:00
Steffen Jaeckel
83780d4764 add timezone-offset support to GeneralizedTime 
this also fixes a bug in the length generation
 2017-03-30 22:48:42 +02:00
Steffen Jaeckel
2bd517307c add GeneralizedTime DER en-/decode 2017-03-30 22:29:02 +02:00
Steffen Jaeckel
856d542a1c turn around the order when free'ing an rsa_key struct 2017-03-30 18:46:05 +02:00
Steffen Jaeckel
ec327b3d86 move x509 processing to rsa_import_x509() 2017-03-30 18:46:05 +02:00
Steffen Jaeckel
27722734b2 let's use an empty list element to signal an empty sequence 2017-03-30 18:46:04 +02:00
Steffen Jaeckel
f9bce83329 add possibility to rsa_import() the public key of an x.509 certificate 2017-03-30 18:46:04 +02:00
Steffen Jaeckel
2e822a80a8 add der_sequence_shrink() 
in case you want to keep a sequence over a longer time, but you don't
need all the raw constructed, set or sequence data
 2017-03-30 18:46:04 +02:00
Steffen Jaeckel
7ddce245b8 save the plain constructed-, sequence- or set-data details 2017-03-30 18:46:04 +02:00
Karel Miko
c6a0362c88 SHA3 2017-03-29 13:44:04 +02:00
Karel Miko
7bb7bdde1d improving MS Windows builds (msvc) 2017-03-29 08:48:33 +02:00
Steffen Jaeckel
8af93d1d0d Remove ccm_memory_ex() 2017-03-28 22:57:22 +02:00
Steffen Jaeckel
70ee598c5e fix LTC_NO_ASM rotate macros when compiling with clang 2017-03-28 21:18:22 +02:00
Steffen Jaeckel
ea355dbc79 there's no reason to disable DH when using GMP as MPI provider 2017-03-24 16:58:04 +01:00
Steffen Jaeckel
cd08a8cec3 disable ltc_rng by default 2017-03-22 11:24:21 +01:00
Steffen Jaeckel
fe7c4e3993 add ltc_rng function pointer 
the idea is to be able to easily provide a plug-in rng for a specific
platform without the need to touch the library.
 2017-03-22 11:24:21 +01:00
Karel Miko
39425a94c5 improved source checks 2017-03-15 23:13:46 +01:00
Karel Miko
54a26525dc avoid C++ style comments 2017-03-15 15:22:06 +01:00
Francois Perrad
937f186db1 use #ifdef instead of #if 2017-03-15 06:55:19 +01:00
Karel Miko
4503868da2 fix pkcs_5_test crash 2017-03-14 18:22:46 +01:00
Karel Miko
0e9b3da3ea PKCS#5 alg1 tests 2017-03-14 18:22:46 +01:00
BJ Black
c7d6c3ad28 Add OpenSSL-compatible PKCS#5v1 KDF, demo of OpenSSL-compatible aes-256-cbc command. 2017-03-14 18:22:46 +01:00
Karel Miko
e26078d2f7 fix #109 - improved arch/endianness detection + tomcrypt_cfg.h facelift 2017-03-14 18:14:57 +01:00
Karel Miko
591ef19c7a comment: it might happen that LTC_WCHAR_MAX is undefined 2017-03-09 20:48:24 +01:00
Karel Miko
02b92405e2 simplified #ifdef 2017-03-09 20:48:24 +01:00
Karel Miko
7ab76a464e introducing LTC_WCHAR_MAX 2017-03-09 20:48:24 +01:00
Karel Miko
2f9c426487 fix wchar_t related warnings on Visual Studio 2008 2017-03-09 20:48:24 +01:00
Karel Miko
a4d61e0bea fixes #122 adler32 vs. crc32 inconsistency (bad byte order) 2017-03-09 20:32:29 +01:00
Karel Miko
ac3f55fd92 there is no snprintf before Visual C++ 2015 2017-03-09 20:07:39 +01:00
Karel Miko
52eaabefa9 msvc 2008 does not like { } initialization 2017-03-06 19:53:04 +01:00
Karel Miko
fb749199db moving declaration to block beginning 2017-03-06 19:51:46 +01:00
Karel Miko
081ee45712 move declaration at block beginning 2017-03-06 10:43:39 +01:00
Karel Miko
1a1addcefd move declarations at the block beginning (ANSI C) 2017-03-01 15:02:08 +01:00
Steffen Jaeckel
9092470843 fix doxygen warnings 2017-03-01 15:00:41 +01:00
Steffen Jaeckel
00308d8651 fix base64url related errors when only LTC_BASE64 is defined 2017-03-01 11:37:49 +01:00
Steffen Jaeckel
0b79bbaf5b fix missing symbol rand_prime 2017-03-01 11:37:49 +01:00
Karel Miko
50aedb099c fixing warning introduced by __WCHAR_MAX__ patch 2017-02-28 23:20:19 +01:00
Francois Perrad
eca2290b1e missing prototypes 2017-02-28 23:07:06 +01:00
Francois Perrad
27280b86b3 static functions 2017-02-28 23:07:06 +01:00
Steffen Jaeckel
acfd16c60a fix compile error 2017-02-28 21:23:39 +01:00
Karel Miko
4bd327a4cc better handling wchar_t when __WCHAR_MAX__ is 0xFFFF (2 bytes only) 2017-02-28 20:24:49 +01:00
Karel Miko
05f85c3e6d RS2 remove 40bit limit 2017-02-28 20:20:51 +01:00
Steffen Jaeckel
03f0674985 add compare_testvector() prototype to tomcrypt_misc.h 2017-02-28 20:09:32 +01:00
Steffen Jaeckel
9a29428f8e Add secondary rc2 setup function 
...to be able to pass the effective key length.
 2017-02-28 20:09:32 +01:00
Steffen Jaeckel
43c50423ad add yet another testvector 2017-02-28 20:09:32 +01:00
Steffen Jaeckel
952caf3cd7 add testvectors for smaller RC2 keysizes 
originates from rfc2268

1 byte keylen is commented
 2017-02-28 20:09:32 +01:00
Steffen Jaeckel
19c81bbbee fix typo 2017-02-28 20:09:32 +01:00
Karel Miko
344620a0e7 fixes #135 RC2 min keylen 40bit (was 64bit) 2017-02-28 20:09:32 +01:00
Karel Miko
6c8d00d1fd part of feature/doc changes 2017-02-28 17:35:57 +01:00
Karel Miko
efbd73fbc8 move declarations at the block beginning (ANSI C) 2017-02-28 16:11:42 +01:00
Karel Miko
88412a9fc2 conversion related troubles (int, size_t, ptrdiff_t ..) 2017-02-28 11:30:19 +01:00
Steffen Jaeckel
eee936d752 add base64url_strict_encode() 2017-02-28 01:27:06 +01:00
Karel Miko
006c601efb no trailing = for base64url 2017-02-28 01:27:05 +01:00
Karel Miko
ff3a03a1d0 tuning base64 decoding implementation 2017-02-28 01:27:04 +01:00
Steffen Jaeckel
c1dd1cbe30 re-work strict/relaxed base64 decoding implementation 
Instead of one API function with an option parameter, provide two API
functions.
Instead of defaulting to strict decoding, default to relaxed decoding.
 2017-02-28 01:27:03 +01:00
Steffen Jaeckel
bc16c149fc fix base64[url] strict/relaxed decode 2017-02-28 01:27:01 +01:00
Steffen Jaeckel
063bac396d add LTC_BASE64_STRICT to crypt_build_settings and crypt_constants 2017-02-28 01:27:00 +01:00
Steffen Jaeckel
b10f9502f8 add RFC4648 base64 decoding compliance 2017-02-28 01:26:57 +01:00
Karel Miko
faa18e71c8 tuning indentation 2017-02-28 00:51:25 +01:00
Karel Miko
1e260eeaae fir coverity finding: dsa_import double free 2017-02-28 00:51:25 +01:00
Matt Kelly
e187f4cbf4 Fix all warnings from -Wcast-align 2017-02-26 10:12:16 -05:00
Karel Miko
7246ab50da fix coverity finding: cbc_decrypt out-of-bound read 2017-02-25 19:53:52 +01:00
Francois Perrad
4349993ad3 Suspicious use of & (part 2) 2017-02-25 13:21:34 +01:00
Karel Miko
477d621224 more trailing spaces + tabs in src 2017-02-24 20:31:48 +01:00
Francois Perrad
fc55a8fd1b remove trailing spaces 2017-02-24 19:02:43 +01:00
Francois Perrad
b0f06ed1ec add parenthese in macro 2017-02-24 19:00:36 +01:00
Francois Perrad
79d6e61aca use the variable 'err' 2017-02-24 19:00:32 +01:00
Francois Perrad
31f88a9c9b default for switch 2017-02-24 19:00:28 +01:00
Francois Perrad
203087d6d7 bug: wrong parentheses in condition with assignment 2017-02-24 19:00:24 +01:00
Karel Miko
649ef0faef forgotten trailing space 2017-02-24 16:54:01 +01:00
Francois Perrad
58353f51e2 remove trailing spaces 2017-02-24 16:29:54 +01:00
Francois Perrad
5d7036ebe2 remove hard tab 2017-02-24 16:26:48 +01:00
Francois Perrad
9f8df116be remove useless code 2017-02-24 16:23:27 +01:00
Francois Perrad
cebf33cdce add some const 2017-02-24 16:23:23 +01:00
Francois Perrad
9749958fe5 the comment FALLTHROUGH is common for several lint tool 2017-02-24 16:23:19 +01:00
Francois Perrad
c22acc2d07 remove useless include 2017-02-24 16:23:15 +01:00
Francois Perrad
7b48f4d5f7 fix indentation 2017-02-24 16:23:10 +01:00
Steffen Jaeckel
ecb2402ba8 remove [X]CLOCKS_PER_SEC 2017-02-24 00:28:59 +01:00
Karel Miko
979e9a9d15 fix for #90 ltc_ecc_mul2add.c integer sign issue (sjaeckel's way) 2017-02-24 00:18:55 +01:00
Karel Miko
0c226834cc introducing LTC_INLINE 2017-02-23 23:47:56 +01:00
Karel Miko
3d5b90d24d LTC_NO_PROTOTYPES related cosmetics 2017-02-23 11:03:55 +01:00
Steffen Jaeckel
76b289833c only define LTC_NO_PROTOTYPES on one point 
This closes #132
 2017-02-23 11:03:55 +01:00
Karel Miko
a2c87f54de adding rsa_import_radix 2017-02-21 16:55:09 +01:00
Karel Miko
10545366d2 adding dsa_import_radix 2017-02-21 16:54:10 +01:00
Karel Miko
bcf7753a26 use MIN macro 2017-02-21 16:36:17 +01:00
Karel Miko
ecbac7324e DSA: properly handle FIPS 186-4 (4.6 + 4.7) 2017-02-21 16:36:17 +01:00
Karel Miko
b36e75b7f1 don't read from c:\dev\random on windows 2017-02-21 13:34:52 +01:00
Steffen Jaeckel
d727b16898 use proper defines as of [1] 
[1] http://predef.sourceforge.net
 2017-02-21 13:34:52 +01:00
zeromus
c341d36c6a do it differently 2017-02-21 11:49:35 +01:00
zeromus
32f19995f8 do it differently 2017-02-21 11:49:35 +01:00
zeromus
793ff08986 do it differently 2017-02-21 11:49:35 +01:00
zeromus
c83763bd46 fix tiny compile error in tomcrypt_pk.h macro 
An ARM compiler gives me this: 

libtomcrypt\pk\asn1\der\sequence\der_decode_subject_public_key_info.c(65,4): error #188-D: enumerated type mixed with another type

Since der_decode_subject_public_key_info's parameters_type is of type 'unsigned long', an attempt to assign it to ltc_asn1_list's member 'ltc_asn1_type type' fails.

My fix solves this in a simple way by casting it at the point of assignment.

But while studying this I noticed there's no use of enum in the codebase other than a few PK-related things.  Perhaps a more appropriate solution would be to remove these enums. I mean, enums seem like an OK enough idea, but I don't know anything about the practicality of using enums in archaic C dialects like libtomcrypt conforms (thankfully!) to...
 2017-02-21 11:49:35 +01:00
Steffen Jaeckel
383f200cb6 fix LTC_MINIMAL 2017-02-20 19:19:44 +01:00
Steffen Jaeckel
fd99c3e3c0 remove duplicate define 2017-02-20 18:58:20 +01:00
Steffen Jaeckel
08aabc7f8c improve print_hex() prototype 2017-02-17 11:53:14 +01:00
Steffen Jaeckel
8fc1af1b7e make implementation easier to read 
damn you negated logic...
 2017-02-15 23:15:43 +01:00
Steffen Jaeckel
7d418b34b3 Fix GCM counter reuse 
GCM should error out after processing (2^32)-1 blocks / (2^39)-256 bits
 2016-09-28 20:18:09 +02:00
Karel Miko
6ad5225268 removing forgotten debug comment 2016-07-07 15:03:33 +02:00
Karel Miko
966496ea1a fixing GCM troubles at HP-UX/IA64 2016-01-23 18:09:03 +01:00
Karel Miko
af77f1fae9 RORc instead of ROR 2016-01-19 00:03:54 +01:00
Karel Miko
d0a534393a fix for issue #92 - const is meaningless on cast type 2016-01-19 00:03:54 +01:00
Karel Miko
15b3f39a4f avoid using declaration after statements (rng_win32) 2016-01-14 21:46:53 +01:00
Karel Miko
7c1e251e75 avoid using declaration after statements 2016-01-14 21:46:53 +01:00
Steffen Jaeckel
10e577e24a there's no need to check out on function entry 
...someone could then do something like this...

unsigned char* out = NULL;
unsigned long len = 0;
while(ecc_ansi_x963_export(key, out, &len) == CRYPT_BUFFER_OVERFLOW &&
	len == 0) {
  out = malloc(len);
}

...as if someone would ever like to do something like that...
 2016-01-14 21:32:33 +01:00
Karel Miko
42bad9f580 fix for issue #58 - possible overflow in ecc_ansi_x963_export 2016-01-11 00:25:13 +01:00
Karel Miko
8cf7eb1801 fix for issue #91 - redefinition of macro "setbit" 2016-01-10 18:45:04 +01:00
Steffen Jaeckel
7c2ff8ebfe show ROtate operator configuration in build settings 
[skip ci]
 2016-01-05 23:55:06 +01:00
Steffen Jaeckel
f5016d88dd Prevent undefined behavior 
Don't call XMEMCPY() in case info (the source parameter to memcpy) is NULL
as this would trigger UB
 2015-12-05 14:31:38 +01:00
Steffen Jaeckel
318dbbccc3 fix wrongly used LTC_ARGCHK/LTC_ARGCHKVD macros 2015-12-05 14:31:37 +01:00
Steffen Jaeckel
460b8716c9 fix clang-analyzer warnings 
This fixes #80
 2015-12-05 14:31:01 +01:00
Steffen Jaeckel
16f397d55c prevent segfault in case we hit an empty sequence 2015-09-10 19:17:42 +02:00
Steffen Jaeckel
d4945ac521 add (nearly) all defines from tomcrypt_custom.h to crypt_build_settings 
... and provide a new make target to check if something is missing
 2015-09-08 21:09:49 +02:00
Steffen Jaeckel
733c52aa00 add LTC_RSA_CRT_HARDENING to crypt_build_settings 2015-09-08 21:04:33 +02:00
Steffen Jaeckel
01f1845402 harden RSA CRT by implementing the proposed countermeasure 
... from ch. 1.3 of [1]

[1] https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
 2015-09-08 02:44:17 +02:00
Steffen Jaeckel
6ec93afa3c clean-up test-build and extend tomcrypt_custom.h 
added LTC_MINIMAL to be able do a build without nearly any
functionality :)
make sure timing resistant RSA & ECC are enabled if not said otherwise
 2015-09-01 17:36:43 +02:00
Steffen Jaeckel
8cb20e6059 add more DES test vectors 2015-08-31 15:09:36 +02:00
Sebastian Verschoor
75b114517a make sure no cache-based timing attack is possible 
instead of two different buffers, there is just one buffer. Based upon the verification result, a mask is applied to the buffer before it is written to the output buffer.
 2015-08-26 00:08:38 +02:00
Steffen Jaeckel
09e4b0ec9b don't reveal plaintext if authentication failed 
Create two buffers of the same size as the input data.
Copy the input data to the first one and work with that version to hold the
decrypted data, zeroize the second one.
Copy depending on the verification result, either the zero-buffer or the
real plaintext to the output buffer.
 2015-08-26 00:08:38 +02:00
Steffen Jaeckel
6c11ca771b fix compile error of tests 2015-08-26 00:08:38 +02:00
Sebastian Verschoor
25af184cd5 Quickfix for issue #73 
The API of the function is changed (for decryption, tag is now an input
parameter). With the old API it is impossible to confirm to the NIST
specification and a timing sidechannel leak is inevitable.
 2015-08-26 00:08:38 +02:00
Steffen Jaeckel
f9c8c9c229 also test XTS accelerators 2015-08-26 00:05:07 +02:00
Steffen Jaeckel
181d2f2df7 auto-format xts code 2015-08-26 00:02:50 +02:00
Steffen Jaeckel
b25d04ed94 fix pointer check 2015-08-25 23:58:22 +02:00
Jerome Forissier
5c3f177b34 Add function pointers for accelerated XTS to ltc_cipher_descriptor 
Similar to what already exists for other modes.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
 2015-08-25 23:58:22 +02:00
Steffen Jaeckel
a13257094e handle LTC_NO_FAST before handling LTC_FAST 2015-08-23 22:59:15 +02:00
Steffen Jaeckel
ee03c97cde add crc32 2015-08-23 22:59:14 +02:00
Steffen Jaeckel
9585faca2b re-work debug output of some tests 2015-08-23 22:59:14 +02:00
Steffen Jaeckel
1987a2f975 add adler32 checksum algorithm 2015-08-23 22:59:14 +02:00
Pascal Brand
3605983f09 Introduce ECC raw algorithms for sign and verify 
As it is performed on dsa, raw sign and verify on ECC
are introduced.

Signed-off-by: Pascal Brand <pascal.brand@st.com>
 2015-08-21 22:14:03 +02:00
Sebastian Verschoor
67973b04ae fix #74 2015-08-21 21:29:56 +02:00
Steffen Jaeckel
c28cc9e3e9 crypt_build_settings: remove build date and time 2015-05-07 10:32:12 +02:00
Karel Miko
aeaa6d4a51 cygwin related fix - variable name B0 changed to B_0 (part 2) 2015-04-17 08:59:35 +02:00
Karel Miko
6a257e15cd cygwin related fix - variable name B0 changed to B_0 as it caused collision when compiling libtomcrypt as a perl module (for some reason only on cygwin) 2015-04-17 08:56:42 +02:00
Karel Miko
a8e91afb16 cygwin/64bit related fix - added !defined(__x86_64__) 2015-04-17 08:50:38 +02:00
Uli Köhler
d24e9cd32d Fix config file reference 2015-03-27 21:41:51 +01:00
Pascal Brand
f20b5daf39 Use XMEM_NEQ instead of mem_neq 
mem_neq is no more used directly. XMEM_NEQ is used instead,
in the same way XMEMCMP, XMEMCPY,... are.

Signed-off-by: Pascal Brand <pascal.brand@st.com>
 2015-02-27 08:54:30 +01:00
Steffen Jaeckel
dfa938a4f6 verify outcome when defining LTC_NOTHING 
check that LTC_NOTHING really creates nothing but the libraries' basic
API functions
 2015-02-15 17:25:45 +01:00
Steffen Jaeckel
90e968a202 der_decode_subject_public_key_info: fix compile error 
also make it possible to define min/max RSA key sizes externally

This closes #59
 2015-02-15 16:32:12 +01:00
Saleem Abdulrasool
62878de0c5 adjust inline asm requiring constants 
In order to ensure that the shift is within range, convert the inline assembly
routines into macros with compound statements.
 2015-01-20 22:36:07 +01:00
Steffen Jaeckel
0b6915740c saferp: enclose macros in do{}while(0) loop 2015-01-20 22:36:07 +01:00
Steffen Jaeckel
9782c09a3a use XMEM{CMP, CPY, SET} macros instead of standard versions 2015-01-20 22:36:06 +01:00
Steffen Jaeckel
1e9e98aa0d make pkcs#1 decode functions constant-time 
as proposed in RFC 3447 only one error return code is used when there are
errors while decoding the pkcs#1 format.
also, all steps are executed and only the "output" is skipped if something
went wrong.

Sorry this could break backwards compatibility, since there's no more
BUFFER_OVERFLOW messaging.
Former error-handling code could also be affected because now there's only
OK as return code in cases where "res" is also set to '1'.
 2014-11-13 22:26:59 +01:00
Steffen Jaeckel
e57c92fd23 replace calls to standard memcmp with constant memcmp where necessary 2014-11-13 22:09:45 +01:00
Steffen Jaeckel
26c5d54e5c add constant-time memcmp() 
[skip ci]
 2014-11-12 23:59:27 +01:00
Steffen Jaeckel
f2f8342c43 ccm test: add missing AAD 2014-11-02 17:01:56 +01:00
Steffen Jaeckel
943a858d6c also run testvectors on new CCM API 
[skip ci]
 2014-10-31 19:41:14 +01:00
Steffen Jaeckel
4efa27ead1 add missing pointer checks 2014-10-31 19:39:03 +01:00
Steffen Jaeckel
53917750d8 trim trailing spaces 2014-10-31 19:38:47 +01:00
Pascal Brand
992506cb49 Add incremental CCM authentication processing 
CCM is only meant for packet mode where the length of the input is known in
advance. Since it is a packet mode function, CCM only had one function that
performs the protocol.

However, incremental authentication is usefull in some usecases. It also
ensure some kind of coherencies when processing with a given authentication
mode or another. To achieve this aim, this commit adds the following functions:
    ccm_init()
    ccm_add_aad()
    cm_add_nonce()
    ccm_process()
    ccm_done()
    ccm_reset()
as well as the data structure
    ccm_state

Change-Id: I5225a42bb098708c4af07518b561bb00f85bc243
 2014-10-17 09:00:19 +02:00
Steffen Jaeckel
ed28703804 der_decode_sequence_multi: calm coverity 2014-10-10 01:07:58 +02:00
Steffen Jaeckel
ee1631f8b3 dsa import: no output on stderr please 2014-10-06 19:00:50 +02:00
Steffen Jaeckel
6bd6319fb0 der flexi decoder: implement decoding of context-specific data 2014-10-06 18:57:42 +02:00
Steffen Jaeckel
2d8933e4f1 der: add new enum element for context-specific encodings 2014-10-06 18:57:42 +02:00
Steffen Jaeckel
f0a1235614 der flexi decoder: remove duplicate code 2014-10-06 18:57:41 +02:00
Steffen Jaeckel
3d1231ab15 der flexi decoder: improve CONSTRUCTED type decoding 
remove all teh flags
save the entire original identifier
 2014-10-06 17:51:25 +02:00
Steffen Jaeckel
c1e81ad469 minor changes 
print MP_DIGIT_BIT when running test
der_test: improve error output of 'short integer' test
 2014-09-30 13:26:18 +02:00
Steffen Jaeckel
eea24fe2c0 bring back possibility to import/export old DSA key format 2014-09-29 23:44:47 +02:00
Steffen Jaeckel
f58c87866e add possibility to export RSA public key in SubjectPublicKeyInfo format 2014-09-29 23:44:47 +02:00
Steffen Jaeckel
7842e338bf fix API of dynamic language helpers 
it is easier to handle 'int' than 'long' in the foreign language
 2014-09-29 23:30:02 +02:00
Steffen Jaeckel
1924e6fd47 add sha512/224 and sha512/256 to tests and crypt_build_settings 2014-09-29 19:57:21 +02:00
Steffen Jaeckel
23fb224e19 add sha512/224 and sha512/256 2014-09-29 19:57:21 +02:00
Steffen Jaeckel
3d905ca178 add testcase for multiple XTS encryption/decryption 2014-09-29 19:47:18 +02:00
Pascal Brand
adc54d08d0 Enable multiple XTS encryption or decryption 
multiple xts_encrypt() cannot be performed because the
tweak is not updated. That means that
  xts_encrypt(buffer1, tweak)
  xts_encrypt(buffer2, tweak)
is not the same as
  xts_encrypt(concat(buffer1, buffer2), tweak)

Current patch enables such functionalities by
updating the tweak as output of the encryption.
Note that the tweak is no more constant.

The very same modification is performed
on xts_decrypt()

Signed-off-by: Pascal Brand <pascal.brand@st.com>
 2014-09-28 22:55:02 +02:00
Pascal Brand
a6e89d58d4 RSA in CRT optimization parameters are empty 2014-09-28 22:48:21 +02:00
Pascal Brand
2bb3f0246f RSA in case CRT optimization parameters are not populated 
rsa_exptmod(), ran on the private key, makes use of CRT optimization
parameters. In some use-cases, the given key does not include the
optimization parameters.

This patch allows rsa_exptmod() to run without the CRT parameters,
using directly mp_exptmod().

Signed-off-by: Pascal Brand <pascal.brand@st.com>
 2014-09-28 22:45:46 +02:00
Steffen Jaeckel
afaef3993c fix compiler warning when compiling with GMP_DESC 2014-09-10 16:16:46 +02:00
Steffen Jaeckel
f597f29ece math: change get_digit() return value 
unsigned long is 32bit wide when compiling with the compiler flag "-mx32"
but the digit size of the math libraries is still 64 bit which lead to
the buggy ecc code.

Therefore define a new type ltc_mp_digit with the correct width and use
that as return value of get_digit()

Has been tested with all three math providers
 2014-09-10 16:15:35 +02:00
Steffen Jaeckel
67b9cd8a95 trim trailing spaces 2014-09-02 02:17:43 +02:00
Steffen Jaeckel
ee4c00b753 some more ASN.1 fixes 
these should have been in #49
 2014-08-31 18:26:14 +02:00
Steffen Jaeckel
7a5ea10e60 add missing ASN1 types in der_encode_set() 2014-08-28 14:02:57 +02:00
Steffen Jaeckel
ddede01d16 trim trailing spaces 2014-08-28 14:02:57 +02:00
Steffen Jaeckel
b06270645e add missing check of the OID 2014-08-28 14:02:57 +02:00
Steffen Jaeckel
6bba3a2a70 change the ASN1 type to be a typedef 
replace all 'default' cases in the switch statements
 2014-08-28 14:02:57 +02:00
Steffen Jaeckel
00c111b1c8 add missing types to decode routines 2014-08-28 14:02:57 +02:00
Steffen Jaeckel
800182338e unwind conditional expressions 
I prefer readability
 2014-08-28 14:02:57 +02:00
Christopher Brown
3cdb64eca6 bypass constructed type identification for sets / sequences 2014-08-28 14:02:56 +02:00
Christopher Brown
678b6d9641 fix constructed type identifier check 2014-08-28 14:02:56 +02:00
Steffen Jaeckel
171eae5378 asn1: use LTC_SET_ASN1 macro to access ltc_asn1_list elements 2014-08-28 14:02:56 +02:00
Steffen Jaeckel
8ce125f8a8 mp_rand() assumes the number of digits and not the bitsize as parameter 2014-08-28 13:30:26 +02:00
Steffen Jaeckel
d51715db72 pkcs#1 v1.5 decode: fix missing check of PS length in EMSA mode 2014-08-28 13:30:26 +02:00
Steffen Jaeckel
5eb9743410 rsa_verify_hash: fix possible bleichenbacher signature attack 2014-08-28 13:30:26 +02:00
Jonathan Herzog
3324da2601 Fixed small padding error in the PKCS#1 PSS code. 
The existing LTC code for padding meassages for PSS signatures
contained a small error. In particular, the PSS-passing algorithms is
supposed to be given (bitlength of key - 1) as an argument. The LTC
code passes (bitlength of key), and subtracts 1 in the middle of the
PSS-padding. This subtraction unfortunately comes too late: a
calculation using that argument has already been made. Fortunately,
this bug only appeared if the bit-length of the key was 1 mod 8, and
so is unlikely to show up in practice. Still, this patch fixes the
problem.

Conflicts:
	src/pk/pkcs1/pkcs_1_pss_decode.c
 2014-08-28 13:30:25 +02:00
Steffen Jaeckel
47b8ccc07c fix hash ID's of ripemd 256 & 320 2014-08-26 17:42:10 +02:00
Steffen Jaeckel
473b0319ad re-enable "unused-parameters" warning 2014-08-24 18:25:24 +02:00
Steffen Jaeckel
01c34dc236 trim trailing spaces 2014-08-24 18:25:24 +02:00
Steffen Jaeckel
1fb649d394 chc: don't execute tests if LTC_TEST is not defined 2014-08-07 01:36:03 +02:00
Steffen Jaeckel
f8449f55d9 trim trailing spaces 2014-08-07 01:36:03 +02:00
Jonathan Herzog
ff736a61bb Hash functions now check for input-length overflow. 
Because many of the hash-functions implemented by LTC use the length
of the input when padding the input out to a block-length, LTC keeps
track of the input length in a 64-bit integer. However, it did not
previously test for overflow of this value. Since many of the
hash-functions implemented by LTC are defined for inputs of length
2^128 bits or more, this means that LTC was incorrectly implementing
these hash functions for extremely long inputs. Also, this might have
been a minor security problem: A clever attacker might have been able
to take a message with a known hash and find another message (longer
by 2^64 bits) that would be hashed to the same value by LTC.

Fortunately, LTC uses a pre-processor macro to make the actual code
for hashing, and so this problem could be fixed by adding an
overflow-check to that macro.
 2014-08-06 19:06:00 +02:00