Merge more test improvements and tests
Conflicts:
tests/suites/test_suite_cipher.blowfish.data
diff --git a/ChangeLog b/ChangeLog
index 4b266d5..c1df109 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@
* Support for CCM and CCM_8 ciphersuites
* Support for parsing and verifying RSASSA-PSS signatures in the X.509
modules (certificates, CRLs and CSRs).
+ * Blowfish in the cipher layer now supports variable length keys.
Changes
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is
diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h
index 4325f9f..5153461 100644
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@@ -61,6 +61,9 @@
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
#define POLARSSL_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
+#define POLARSSL_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
+#define POLARSSL_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -238,8 +241,8 @@
* For cipher that accept many sizes: recommended size */
unsigned int iv_size;
- /** Flag for ciphers that accept many sizes of IV/NONCE */
- int accepts_variable_iv_size;
+ /** Flags for variable IV size, variable key size, etc. */
+ int flags;
/** block size, in bytes */
unsigned int block_size;
diff --git a/library/cipher.c b/library/cipher.c
index edef2f9..558c4b3 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -168,8 +168,11 @@
if( NULL == ctx || NULL == ctx->cipher_info )
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
- if( (int) ctx->cipher_info->key_length != key_length )
+ if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
+ (int) ctx->cipher_info->key_length != key_length )
+ {
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
+ }
ctx->key_length = key_length;
ctx->operation = operation;
@@ -204,7 +207,7 @@
if( iv_len > POLARSSL_MAX_IV_LENGTH )
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
- if( ctx->cipher_info->accepts_variable_iv_size )
+ if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_IV_LEN ) != 0 )
actual_iv_size = iv_len;
else
{
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 3492cce..070963a 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -374,7 +374,7 @@
128,
"AES-128-GCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
@@ -385,7 +385,7 @@
192,
"AES-192-GCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
@@ -396,7 +396,7 @@
256,
"AES-256-GCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
@@ -429,7 +429,7 @@
128,
"AES-128-CCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
@@ -440,7 +440,7 @@
192,
"AES-192-CCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
@@ -451,7 +451,7 @@
256,
"AES-256-CCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
@@ -728,7 +728,7 @@
128,
"CAMELLIA-128-GCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
@@ -739,7 +739,7 @@
192,
"CAMELLIA-192-GCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
@@ -750,7 +750,7 @@
256,
"CAMELLIA-256-GCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
@@ -783,7 +783,7 @@
128,
"CAMELLIA-128-CCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
@@ -794,7 +794,7 @@
192,
"CAMELLIA-192-CCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
@@ -805,7 +805,7 @@
256,
"CAMELLIA-256-CCM",
12,
- 1,
+ POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
@@ -1150,7 +1150,7 @@
128,
"BLOWFISH-ECB",
8,
- 0,
+ POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
@@ -1162,7 +1162,7 @@
128,
"BLOWFISH-CBC",
8,
- 0,
+ POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
@@ -1175,7 +1175,7 @@
128,
"BLOWFISH-CFB64",
8,
- 0,
+ POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
@@ -1188,7 +1188,7 @@
128,
"BLOWFISH-CTR",
8,
- 0,
+ POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
diff --git a/library/pkcs12.c b/library/pkcs12.c
index c6372a1..b025450 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -49,6 +49,11 @@
#include "polarssl/des.h"
#endif
+/* Implementation that should never be optimized out by the compiler */
+static void polarssl_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
static int pkcs12_parse_pbe_params( asn1_buf *params,
asn1_buf *salt, int *iterations )
{
@@ -205,6 +210,8 @@
ret = POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH;
exit:
+ polarssl_zeroize( key, sizeof( key ) );
+ polarssl_zeroize( iv, sizeof( iv ) );
cipher_free_ctx( &cipher_ctx );
return( ret );
@@ -330,6 +337,11 @@
ret = 0;
exit:
+ polarssl_zeroize( salt_block, sizeof( salt_block ) );
+ polarssl_zeroize( pwd_block, sizeof( pwd_block ) );
+ polarssl_zeroize( hash_block, sizeof( hash_block ) );
+ polarssl_zeroize( hash_output, sizeof( hash_output ) );
+
md_free_ctx( &md_ctx );
return( ret );
diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh
new file mode 100755
index 0000000..df9450e
--- /dev/null
+++ b/scripts/tmp_ignore_makefiles.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Temporarily (de)ignore Makefiles generated by CMake to allow easier
+# git development
+
+IGNORE=""
+
+# Parse arguments
+#
+until [ -z "$1" ]
+do
+ case "$1" in
+ -u|--undo)
+ IGNORE="0"
+ ;;
+ -v|--verbose)
+ # Be verbose
+ VERBOSE="1"
+ ;;
+ -h|--help)
+ # print help
+ echo "Usage: $0"
+ echo -e " -h|--help\t\tPrint this help."
+ echo -e " -u|--undo\t\tRemove ignores and continue tracking."
+ echo -e " -v|--verbose\t\tVerbose."
+ exit 1
+ ;;
+ *)
+ # print error
+ echo "Unknown argument: '$1'"
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+if [ "X" = "X$IGNORE" ];
+then
+ [ $VERBOSE ] && echo "Ignoring Makefiles"
+ git update-index --assume-unchanged Makefile library/Makefile programs/Makefile tests/Makefile
+else
+ [ $VERBOSE ] && echo "Tracking Makefiles"
+ git update-index --no-assume-unchanged Makefile library/Makefile programs/Makefile tests/Makefile
+fi
diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data
index f9cfd36..57cb049 100644
--- a/tests/suites/test_suite_cipher.blowfish.data
+++ b/tests/suites/test_suite_cipher.blowfish.data
@@ -550,6 +550,18 @@
depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CTR
enc_dec_buf_multipart:POLARSSL_CIPHER_BLOWFISH_CTR:128:16:16:
+BLOWFISH CBC Encrypt and decrypt 7 bytes, 192-bits key
+depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_CIPHER_PADDING_PKCS7
+enc_dec_buf:POLARSSL_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":192:7:-1
+
+BLOWFISH CTR Encrypt and decrypt 7 bytes, 192-bits key
+depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CTR
+enc_dec_buf:POLARSSL_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":192:7:-1
+
+BLOWFISH CFB64 Encrypt and decrypt 7 bytes, 192-bits key
+depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CFB
+enc_dec_buf:POLARSSL_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":192:7:-1
+
BLOWFISH ECB Encrypt test vector (SSLeay) #1
depends_on:POLARSSL_BLOWFISH_C
test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"00000000000000000000000000000000":"0000000000000000":"4ef997456198dd78":0
@@ -562,6 +574,14 @@
depends_on:POLARSSL_BLOWFISH_C
test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0
+BLOWFISH ECB Encrypt test vector (SSLeay) #3, 64-bit key
+depends_on:POLARSSL_BLOWFISH_C
+test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0
+
+BLOWFISH ECB Encrypt test vector (SSLeay) #3, 192-bit key
+depends_on:POLARSSL_BLOWFISH_C
+test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_ENCRYPT:"fedcba9876543210fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0
+
BLOWFISH ECB Decrypt test vector (SSLeay) #1
depends_on:POLARSSL_BLOWFISH_C
test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"00000000000000000000000000000000":"4ef997456198dd78":"0000000000000000":0
@@ -573,3 +593,11 @@
BLOWFISH ECB Decrypt test vector (SSLeay) #3
depends_on:POLARSSL_BLOWFISH_C
test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0
+
+BLOWFISH ECB Decrypt test vector (SSLeay) #3, 64-bit key
+depends_on:POLARSSL_BLOWFISH_C
+test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0
+
+BLOWFISH ECB Decrypt test vector (SSLeay) #3, 192-bit key
+depends_on:POLARSSL_BLOWFISH_C
+test_vec_ecb:POLARSSL_CIPHER_BLOWFISH_ECB:POLARSSL_DECRYPT:"3849674c2602319e3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0