yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
8931 commits 1 branch 0 tags 94 MiB
Commit graph

4266 commits

Author SHA1 Message Date
Jaeden Amero
750a049a15
Merge pull request #229 from ARMmbed/dev/Patater/fix-its-typo 
storage: Correct typo of PSA_PS_ERROR_OFFSET
 2018-12-05 13:19:31 +00:00
Gilles Peskine
5a3c50e890 Don't use an enum in a bit-field 
This isn't standard C. GCC and Clang accept it but not every
compiler (e.g. Armcc 5).
 2018-12-04 12:27:09 +01:00
Gilles Peskine
9edc146237
Merge pull request #209 from ARMmbed/psa-init_tests 
Test psa_crypto_init and make it more robust
 2018-11-30 13:28:47 +01:00
Jaeden Amero
58600557bb storage: Correct typo of PSA_PS_ERROR_OFFSET 
Correct typo of PSA_PS_ERROR_OFFSET to PSA_ITS_ERROR_OFFSET.
 2018-11-30 12:10:29 +00:00
Gilles Peskine
b0b189f31f Add missing compilation guards for GCM and CCM 
Add missing compilation guards that broke the build if either GCM or
CCM was not defined.

Add missing guards on test cases that require GCM or CBC.

The build and tests now pass for any subset of {MBEDTLS_CCM_C,
MBEDTLS_GCM_C}. There are still unused variables warnings if neither
is defined.
 2018-11-28 17:30:58 +01:00
Gilles Peskine
5e76952235 Add a facility to configure entropy sources 
Add a function to configure entropy sources. For testing only.

Use it to test that the library initialization fails properly if there is no
entropy source.
 2018-11-23 22:58:38 +01:00
Hanno Becker
9edcc3e8fb Merge branch 'iotssl-2597-psa-hashing-x509_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 16:00:34 +00:00
Hanno Becker
8295695aca Merge branch 'iotssl-2578-psa-sig-verification_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 16:00:32 +00:00
Hanno Becker
02f20216bd Merge branch 'psa_cipher_integration_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:59:26 +00:00
Hanno Becker
6b01a9fa7c Merge branch 'psa_cipher_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:27 +00:00
Hanno Becker
e322d3edd5 Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:24 +00:00
Hanno Becker
a96cc8a9fd Merge branch 'iotssl-2596-opaque-csr-creation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:22 +00:00
Hanno Becker
7fde035ddc Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:20 +00:00
Jaeden Amero
82df32e3fd psa: Unused key_bits is OK 
When MD or CMAC are disabled, let the compiler know that it is OK that
`key_bits` is set but not used by casting `key_bits` to `(void)`.
 2018-11-23 15:20:56 +00:00
Andrzej Kurek
266d907c87 pk_wrap.c: fix length mismatch check placement 2018-11-22 13:37:14 -05:00
Andrzej Kurek
96cc1b3def pk_wrap.c: tidy up signature extraction 
Add a sanity check for signature length, remove superfluous bounds check.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
e30ad542a1 Cosmetic changes 
Move memset to a more relevant spot, fix one whitespace error
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
73bf6b9e00 pk_wrap: rework and tidy up signature extraction 
Improve comments, use a normal buffer instead of mbedtls_asn1_buf,
remove unneeded variables and use shared utilities where possible.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
688ea8d10d pk_wrap: reuse a static buffer for signature extraction 
Use a buffer left over after importing a key to hold an extracted signature.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
3016de3eeb pk_wrap: rework signature extraction to work with small r and s values 
There is a probability that r will be encoded as 31 or less bytes in DER,
so additional padding is added in such case.
Added a signature-part extraction function to tidy up the code further.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
45fc464156 pk_wrap: improve error codes returned from ecdsa_verify_wrap 
Use the shared PSA utilities to translate errors.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
ca6330992e pk_wrap: switch to helper functions defined in psa_util.h 
Remove duplicated helper functions.
Remove an unnecessary call to psa_crypto_init().
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
510ee70501 pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap 
Adjust tests to pass a valid algorithm
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
2f69b1a059 pk_wrap: destroy key slot on errors with policy or key importing 2018-11-22 13:37:14 -05:00
Andrzej Kurek
c097b0fded pk_wrap: add a check for equal signature parts 2018-11-22 13:37:14 -05:00
Andrzej Kurek
f8c94a811a pk_wrap: check if curve conversion is successful 2018-11-22 13:37:14 -05:00
Andrzej Kurek
6d49ae9223 pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig 
Fix a double free error in ecdsa_verify_wrap
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
1e3b6865d7 pk_wrap: cosmetic changes 
Adjust whitespaces and variable names
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
39d1f4b29f pk_wrap.c: add support for ecdsa signature verification using PSA 
Use PSA internally to verify signatures.
Add a conversion to a raw signature format.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek
60ea0fc185 Remove trailing whitespace 2018-11-22 13:02:29 -05:00
Andrzej Kurek
593fccdf97 x509: remove unnecessary calls to psa_hash_abort 
According to the documentation, it does not need to be called after a failed
psa_hash call.
 2018-11-22 12:53:32 -05:00
Andrzej Kurek
78276b1c73 x509: use the PSA API to perform hashing operations 
So far limited only to certificate verification withour CRL and CSR generation.
 2018-11-22 12:53:32 -05:00
Andrzej Kurek
3bd69dda1a pkwrite: add an explicit cast to size_t 2018-11-22 12:43:53 -05:00
Andrzej Kurek
16d6000577 pkwrite: add a safety check before calculating the buffer size 2018-11-22 12:43:53 -05:00
Andrzej Kurek
2f31122585 Cosmetic changes 
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
 2018-11-22 12:43:53 -05:00
Andrzej Kurek
6f249de706 pkwrite: add opaque key handling for public key exporting 
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
 2018-11-22 12:43:53 -05:00
Manuel Pégourié-Gonnard
2614562212 Add test utility function: wrap_as_opaque() 
The new function is not tested here, but will be in a subsequent PR.
 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
29a1325b0d Guard against PSA generating invalid signature 
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f4427678ae Use shared function for error translation 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1e48ebd306 Fix a compliance issue in signature encoding 
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
615530728f Improve documentation of an internal function 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f127e6080e Get rid of large stack buffers in PSA sign wrapper 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
276cb64e6c Align names to use "opaque" only everywhere 
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
7d51255ca7 Implement pk_sign() for opaque ECDSA keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
07b103fe07 Implement can_do for opaque ECC keypairs 
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
683632b78e Add support for get_(bit)len on opaque keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
274f521b9a Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
3bc2029a33 Clarify return value of pk_check_pair() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1ecf92c364 Skeleton for PK_OPAQUE_PSA 2018-11-22 16:39:39 +00:00
Hanno Becker
fc20c14e76 Use PSA-based ciphers for record protections in TLS-1.2 only 
Reasons:
- For the first release, we attempt to support TLS-1.2 only,
- At least TLS-1.0 is known to not work at the moment, as
  for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf()
  and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt()
  updates the structure field for the IV in the cipher context,
  which the PSA-based implementation currently doesn't.
 2018-11-22 16:38:06 +00:00