Skip to content

2.16 - to rebase: New password-based authenticated encryption sample program pbcrypt#4216

Closed
gilles-peskine-arm wants to merge 13 commits intoMbed-TLS:archive/mbedtls-2.16from
gilles-peskine-arm:pbcrypt-2.16
Closed

2.16 - to rebase: New password-based authenticated encryption sample program pbcrypt#4216
gilles-peskine-arm wants to merge 13 commits intoMbed-TLS:archive/mbedtls-2.16from
gilles-peskine-arm:pbcrypt-2.16

Conversation

@gilles-peskine-arm
Copy link
Copy Markdown
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Mar 10, 2021

This PR introduces programs/cipher/pbcrypt, a new sample program to demonstrate password-based authenticated encryption.

This is meant to illustrate good practice (with the limitation of using PBKDF2 rather than something more modern like Argon2), so please review accordingly. A few caveats:

  • The program works in a specific way: streaming AEAD. Since the library doesn't support streaming CCM, the program doesn't support it.
  • The use of PKCS#12 key derivation is hard-coded because the library doesn't have a generic interface to password-based key derivation.
  • The program should build in all configurations for which the library builds, but it may not run usefully in some “exotic” configurations (e.g. GCM enabled but no block cipher that supports GCM).
  • The program relies on argv and stdio. It does password-based key derivation so it isn't meant for microcontrollers anyway.

Provide a demo usage script and run it from all.sh.

Remove the badly designed aescrypt2. Fix #1906.

This PR is for 2.16. I'll forward-port it to other branches once it's approved.

  • Add ChachaPoly to the #ifdef about main and to cipher_is_aead.
  • Replace mbedtls_zeroize by mbedtls_platform_zeroize.

@gilles-peskine-arm
New sample program pbcrypt
d90ad7a 
Sample program for authenticated encryption using a key derived from a
password.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Add sample usage script with pbcrypt
b94a126 
Test it in all.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Remove the sample program aescrypt2
5822060 
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.

Fix Mbed-TLS#1906

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Update Visual Studio files for aescrypt2 replacement by pbcrypt
3fd9070 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Add changelog entry for aescrypt2 replacement by pbcrypt
18f509a 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Declare dependencies of the demo script
a072a76 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Make unsigned long long to size_t cast explicit
f7838a9 
This is a cast to a smaller type on 32-bit platforms. It's ok because
the size was checked just above, but Visual Studio wants the cast to
be explicit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Make size_t to int cast explicit
2fbd7cc 
This cast is needed because mbedtls_cipher_setkey uses int instead of
size_t for the key size. It's safe because the key size fits in an
int. Visual Studio wants the cast to be explicit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Fix crash when requesting to encrypt with an invalid cipher
c1a2592 
The metadata needs to be checked before it's used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Refuse unauthenticated ciphers
086ed71 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Use more modern defaults
1ab673e 
Prefer SHA-512 to SHA-256 and ChaChaPoly to AES-GCM.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm added bug enhancement mbed TLS team needs-review Every commit must be reviewed by at least two team members, needs-backports Backports are missing or are pending review and approval. needs-reviewer This PR needs someone to pick it up for review labels Mar 10, 2021
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Mar 10, 2021
Closed
@gilles-peskine-arm
Fix build failure without MBEDTLS_PLATFORM_C
9cb98f1 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Replace aescrypt2 with pbcrypt in the programs readme
aaa1d29 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Apr 28, 2021
Merged
@mpg mpg changed the title 2.16: New password-based authenticated encryption sample program pbcrypt 2.16 - to rebase: New password-based authenticated encryption sample program pbcrypt Dec 28, 2021
@mpg mpg added the needs-work label Dec 28, 2021
@mpg
Copy link
Copy Markdown
Contributor

mpg commented Dec 28, 2021

This needs to be rebased on one of the active branches now that 2.16 is EOL.

@tom-daubney-arm tom-daubney-arm added the historical-reviewing Currently reviewing (for legacy PR/issues) label Jul 1, 2022
@tom-daubney-arm
Copy link
Copy Markdown
Contributor

tom-daubney-arm commented Jul 20, 2022

This PR will now be closed. The aescrypt2 program has already been removed from the library and there is a PR currently in progress (#5064) that will add a good selection of example programs.

@gilles-peskine-arm
Copy link
Copy Markdown
Contributor Author

gilles-peskine-arm commented Aug 2, 2022

The PSA crypto API example programs are not relevant. There's nothing else in the works that's like pbcrypt — showing how to build a relatively simple but still decent PBKDF algorithm out of the mbedtls API.

That being said, we've been putting no effort in example programs for years and I don't see thing changing any time soon. So ok, let's just forget about this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug enhancement historical-reviewing Currently reviewing (for legacy PR/issues) needs-backports Backports are missing or are pending review and approval. needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review needs-work

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@gilles-peskine-arm @mpg @tom-daubney-arm @daverodgman @bensze01 @laumor01