Merge branch 'mbedtls'

Replace Crypto++ 5.6.2 with Mbed TLS 3.6.0

Newer compilers are starting to show the age of the crypto library we've
been using, as it is sometimes a pain to recompile compass lately.  So,
the tracked version of Crypto++ was at least due for an upgrade.

However, I plan to soon begin reimplementing compass in C.  So, I'm
taking this opportunity to first just migrate the cryptography library
to a newer C alternative.  This branch does so, and integrates its use
into the current C++ version of compass.

* mbedtls:
  Remove unnecessary exception handler catch block
  Refactor random password generation to use mbedtls entropy source
  Refactor SHA256 function to use mbedtls
  Refactor AES functions to use mbedtls
  Add Mbedtls library
  Remove Crypto++ library

1 files changed, 0 insertions, 180 deletions

diff --git a/cryptopp562/authenc.cpp b/cryptopp562/authenc.cpp
deleted file mode 100644
index 0ca5da6..0000000
--- a/cryptopp562/authenc.cpp
+++ /dev/null
@@ -1,180 +0,0 @@
-// authenc.cpp - written and placed in the public domain by Wei Dai

-

-#include "pch.h"

-

-#ifndef CRYPTOPP_IMPORTS

-

-#include "authenc.h"

-

-NAMESPACE_BEGIN(CryptoPP)

-

-void AuthenticatedSymmetricCipherBase::AuthenticateData(const byte *input, size_t len)

-{

-	unsigned int blockSize = AuthenticationBlockSize();

-	unsigned int &num = m_bufferedDataLength;

-	byte* data = m_buffer.begin();

-

-	if (num != 0)	// process left over data

-	{

-		if (num+len >= blockSize)

-		{

-			memcpy(data+num, input, blockSize-num);

-			AuthenticateBlocks(data, blockSize);

-			input += (blockSize-num);

-			len -= (blockSize-num);

-			num = 0;

-			// drop through and do the rest

-		}

-		else

-		{

-			memcpy(data+num, input, len);

-			num += (unsigned int)len;

-			return;

-		}

-	}

-

-	// now process the input data in blocks of blockSize bytes and save the leftovers to m_data

-	if (len >= blockSize)

-	{

-		size_t leftOver = AuthenticateBlocks(input, len);

-		input += (len - leftOver);

-		len = leftOver;

-	}

-

-	memcpy(data, input, len);

-	num = (unsigned int)len;

-}

-

-void AuthenticatedSymmetricCipherBase::SetKey(const byte *userKey, size_t keylength, const NameValuePairs &params)

-{

-	m_bufferedDataLength = 0;

-	m_state = State_Start;

-

-	SetKeyWithoutResync(userKey, keylength, params);

-	m_state = State_KeySet;

-

-	size_t length;

-	const byte *iv = GetIVAndThrowIfInvalid(params, length);

-	if (iv)

-		Resynchronize(iv, (int)length);

-}

-

-void AuthenticatedSymmetricCipherBase::Resynchronize(const byte *iv, int length)

-{

-	if (m_state < State_KeySet)

-		throw BadState(AlgorithmName(), "Resynchronize", "key is set");

-

-	m_bufferedDataLength = 0;

-	m_totalHeaderLength = m_totalMessageLength = m_totalFooterLength = 0;

-	m_state = State_KeySet;

-

-	Resync(iv, this->ThrowIfInvalidIVLength(length));

-	m_state = State_IVSet;

-}

-

-void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)

-{

-	if (length == 0)

-		return;

-

-	switch (m_state)

-	{

-	case State_Start:

-	case State_KeySet:

-		throw BadState(AlgorithmName(), "Update", "setting key and IV");

-	case State_IVSet:

-		AuthenticateData(input, length);

-		m_totalHeaderLength += length;

-		break;

-	case State_AuthUntransformed:

-	case State_AuthTransformed:

-		AuthenticateLastConfidentialBlock();

-		m_bufferedDataLength = 0;

-		m_state = State_AuthFooter;

-		// fall through

-	case State_AuthFooter:

-		AuthenticateData(input, length);

-		m_totalFooterLength += length;

-		break;

-	default:

-		assert(false);

-	}

-}

-

-void AuthenticatedSymmetricCipherBase::ProcessData(byte *outString, const byte *inString, size_t length)

-{

-	m_totalMessageLength += length;

-	if (m_state >= State_IVSet && m_totalMessageLength > MaxMessageLength())

-		throw InvalidArgument(AlgorithmName() + ": message length exceeds maximum");

-

-reswitch:

-	switch (m_state)

-	{

-	case State_Start:

-	case State_KeySet:

-		throw BadState(AlgorithmName(), "ProcessData", "setting key and IV");

-	case State_AuthFooter:

-		throw BadState(AlgorithmName(), "ProcessData was called after footer input has started");

-	case State_IVSet:

-		AuthenticateLastHeaderBlock();

-		m_bufferedDataLength = 0;

-		m_state = AuthenticationIsOnPlaintext()==IsForwardTransformation() ? State_AuthUntransformed : State_AuthTransformed;

-		goto reswitch;

-	case State_AuthUntransformed:

-		AuthenticateData(inString, length);

-		AccessSymmetricCipher().ProcessData(outString, inString, length);

-		break;

-	case State_AuthTransformed:

-		AccessSymmetricCipher().ProcessData(outString, inString, length);

-		AuthenticateData(outString, length);

-		break;

-	default:

-		assert(false);

-	}

-}

-

-void AuthenticatedSymmetricCipherBase::TruncatedFinal(byte *mac, size_t macSize)

-{

-	if (m_totalHeaderLength > MaxHeaderLength())

-		throw InvalidArgument(AlgorithmName() + ": header length of " + IntToString(m_totalHeaderLength) + " exceeds the maximum of " + IntToString(MaxHeaderLength()));

-

-	if (m_totalFooterLength > MaxFooterLength())

-	{

-		if (MaxFooterLength() == 0)

-			throw InvalidArgument(AlgorithmName() + ": additional authenticated data (AAD) cannot be input after data to be encrypted or decrypted");

-		else

-			throw InvalidArgument(AlgorithmName() + ": footer length of " + IntToString(m_totalFooterLength) + " exceeds the maximum of " + IntToString(MaxFooterLength()));

-	}

-

-	switch (m_state)

-	{

-	case State_Start:

-	case State_KeySet:

-		throw BadState(AlgorithmName(), "TruncatedFinal", "setting key and IV");

-

-	case State_IVSet:

-		AuthenticateLastHeaderBlock();

-		m_bufferedDataLength = 0;

-		// fall through

-

-	case State_AuthUntransformed:

-	case State_AuthTransformed:

-		AuthenticateLastConfidentialBlock();

-		m_bufferedDataLength = 0;

-		// fall through

-

-	case State_AuthFooter:

-		AuthenticateLastFooterBlock(mac, macSize);

-		m_bufferedDataLength = 0;

-		break;

-

-	default:

-		assert(false);

-	}

-

-	m_state = State_KeySet;

-}

-

-NAMESPACE_END

-

-#endif