Commit graph

11444 commits

Author SHA1 Message Date
Jaeden Amero
21db2a94a4
Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
2019-08-29 11:31:23 +01:00
Jaeden Amero
932e496ef5
Merge pull request #224 from tempesta-tech/development
Remove unused TG variable in mbedtls_mpi_gcd()
2019-08-27 12:05:21 +01:00
Jaeden Amero
85c78b48a9
Merge pull request #225 from RonEld/iotssl_2739
Remove a redundant function call
2019-08-23 17:43:58 +01:00
Jaeden Amero
b14a48baac
Merge pull request #235 from athoelke/at-key-handles
Clarify the documented behavior and lifetime of key handles [v2]
2019-08-23 17:31:01 +01:00
Andrew Thoelke
8824daec6f Editorial fixes. 2019-08-22 15:52:32 +01:00
Andrew Thoelke
3c2b80377b Cross reference 'key handles' from INVALID_HANDLE 2019-08-22 15:52:32 +01:00
Andrew Thoelke
07f16b78ff Update documentation for psa_destroy_key
Define the affect on handles to the key and on active multipart 
operations.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
3daba812d7 Update documentation for psa_close_key
Adjust the wording to permit multiple handles to a single key - closing
a handle does not necessarily release volatile memory associated with
the key, that only occurs when the last handle is closed.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
9741b11440 Update psa_open_key documentation
- Describe the implementation defined behavior for opening multiple 
keys, and provide a reference to the relevant section.

- Describe the use of INSUFFICENT_MEMORY error to indicate additional 
implementation resource constaints.

- Clarify the distinction between DOES_NOT_EXIST and INVALID_HANDLE 
error conditions.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
203491c65d Remove duplicated information in psa_open_key
The information about implmementation keys is duplicated.
2019-08-22 15:52:31 +01:00
Jaeden Amero
de4453d960
Merge pull request #174 from dgreen-arm/psa-se-driver-hooks
Add mock tests for hooks for secure element drivers
2019-08-22 14:10:37 +01:00
Darryl Green
0892d0fbbf Initialize key bits to max size + 1 in psa_import_key
In psa_import_key, the key bits value was uninitialized before
calling the secure element driver import function. There is a
potential issue if the driver returns PSA_SUCCESS without setting
the key bits. This shouldn't happen, but shouldn't be discounted
either, so we initialize the key bits to an invalid issue.
2019-08-21 16:56:16 +01:00
Darryl Green
74c932e596 Parametrize key bits in import mock test 2019-08-21 16:56:16 +01:00
Jaeden Amero
4abb40cab3 Clean up core storage between tests 2019-08-21 16:56:16 +01:00
Unknown
f740b0abbb crypto_se_driver: add verification mock test 2019-08-21 16:56:16 +01:00
Unknown
b7656a8a85 crypto_se_driver: add signing mock test 2019-08-21 16:56:16 +01:00
Unknown
136901c24c crypto_se_driver: add public key exporting test 2019-08-21 16:56:16 +01:00
Unknown
903b5da51c crypto_se_driver: add an error injection mechanism to the mocks 2019-08-21 16:56:16 +01:00
Unknown
9fd6b0cb6f crypto_se_driver: add key generation mock and test 2019-08-21 16:56:16 +01:00
Unknown
c9ad5910aa crypto_se_driver: add mock tests
Mock key importing and exporting
2019-08-21 16:56:16 +01:00
Jaeden Amero
b090d5dc2a
Merge pull request #231 from dgreen-arm/api-to-development
Merge psa api branch into development
2019-08-21 11:50:57 +01:00
Darryl Green
ecfd050633
Merge pull request #230 from AndrzejKurek/remove-double-underscore
Remove double underscores from macro and add a check for it
2019-08-21 11:23:32 +01:00
Darryl Green
572a16e694 Merge branch 'psa-api-1.0-beta' into api-to-development 2019-08-21 10:31:12 +01:00
Unknown
712f7a804e Add a check for double underscores in identifiers in check-names.sh 2019-08-21 03:34:00 -04:00
Unknown
e2e19959d7 Rename AEAD macro to not use double underscores
This pattern (identifiers containing a double underscore anywhere in them)
is reserved.
2019-08-21 03:33:04 -04:00
Ron Eldor
c95d9eedbf Remove a redundant function call
Remove a call to `mbedtls_mpi_bitlen()` since the returned value is
overwritten in the line after. This is redundant since da31fa137a.
Fixes #2377.
2019-08-18 17:24:09 +03:00
Alexander K
e8ad49f069 Remove unused TG variable in mbedtls_mpi_gcd() 2019-08-16 16:16:07 +03:00
Jaeden Amero
89e7655691 Merge remote-tracking branch 'crypto/pr/212' into development
* crypto/pr/212: (337 commits)
  Make TODO comments consistent
  Fix PSA tests
  Fix psa_generate_random for >1024 bytes
  Add tests to generate more random than MBEDTLS_CTR_DRBG_MAX_REQUEST
  Fix double free in psa_generate_key when psa_generate_random fails
  Fix copypasta in test data
  Avoid a lowercase letter in a macro name
  Correct some comments
  Fix PSA init/deinit in mbedtls_xxx tests when using PSA
  Make psa_calculate_key_bits return psa_key_bits_t
  Adjust secure element code to the new ITS interface
  More refactoring: consolidate attribute validation
  Fix policy validity check on key creation.
  Add test function for import with a bad policy
  Test key creation with an invalid type (0 and nonzero)
  Remove "allocated" flag from key slots
  Take advantage of psa_core_key_attributes_t internally #2
  Store the key size in the slot in memory
  Take advantage of psa_core_key_attributes_t internally: key loading
  Switch storage functions over to psa_core_key_attributes_t
  ...
2019-08-16 11:02:31 +01:00
Jaeden Amero
c26591a8f2
Merge pull request #196 from RonEld/fix_license_header
Fix the license header of hkdf
2019-08-16 09:26:41 +01:00
k-stachowiak
b9b4f09c47 Document new error type returned from the key derivation API 2019-08-15 19:01:59 +02:00
Jaeden Amero
24b8f9f171
Merge pull request #223 from Patater/tls-development-20190815
Update Mbed Crypto with latest Mbed TLS changes as of 2018-08-15
2019-08-15 16:37:13 +01:00
Jaeden Amero
9d20e1f2c4 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following actions:
- Reject changes to ChangeLog, as Mbed Crypto doesn't have one
- Reject changes to tests/compat.sh, as Mbed Crypto doesn't have it
- Reject changes to programs/fuzz/onefile.c, as Mbed Crypto doesn't have
  it
- Resolve minor whitespace differences in library/ecdsa.c by taking the
  version from Mbed TLS upstream.

* origin/development:
  Honor MBEDTLS_CONFIG_FILE in fuzz tests
  Test that a shared library build produces a dynamically linked executable
  Test that the shared library build with CMake works
  Add a test of MBEDTLS_CONFIG_FILE
  Exclude DTLS 1.2 only with older OpenSSL
  Document the rationale for the armel build
  Switch armel build to -Os
  Add a build on ARMv5TE in ARM mode
  Add changelog entry for ARM assembly fix
  bn_mul.h: require at least ARMv6 to enable the ARM DSP code
  Adapt ChangeLog
  ECP restart: Don't calculate address of sub ctx if ctx is NULL
2019-08-15 15:49:46 +01:00
k-stachowiak
3794dec52b Change the expected error for two key derivation tests 2019-08-14 19:23:24 +02:00
Gilles Peskine
61fc108d25 Merge remote-tracking branch 'upstream-public/pr/2728' into development 2019-08-14 16:00:58 +02:00
Gilles Peskine
1435767d2a Merge remote-tracking branch 'upstream-public/pr/2753' into development 2019-08-14 16:00:11 +02:00
Gilles Peskine
681edbeaa6 Merge remote-tracking branch 'upstream-public/pr/2777' into development 2019-08-14 15:59:01 +02:00
Gilles Peskine
787d1515eb Merge remote-tracking branch 'upstream-public/pr/2779' into development 2019-08-14 15:58:07 +02:00
Gilles Peskine
0ed1df6206
Merge pull request #184 from hanno-arm/ecp_restartable_offset
Fix fragile method for passing from ECDSA to ECP restart contexts
2019-08-14 15:40:08 +02:00
Gilles Peskine
317f940304
Merge pull request #144 from gilles-peskine-arm/oss-fuzz-fix-build-crypto
Fix full build including non-boolean with Asan: crypto part
2019-08-14 15:30:18 +02:00
Gilles Peskine
bbdf310c66
Merge pull request #221 from gilles-peskine-arm/annotate_todo_comments-20190813
SE keys: fix psa_destroy_key; add Github issue numbers for missing code
2019-08-14 13:59:53 +02:00
k-stachowiak
012dcc4b87 Remove PSA_PRE_1_0_KEY_DERIVATION and the corresponding code 2019-08-13 18:42:40 +02:00
k-stachowiak
0b74cf85ea Remove psa_key_derivation() and associated static functions 2019-08-13 18:42:27 +02:00
Gilles Peskine
26f3e2800d Honor MBEDTLS_CONFIG_FILE in fuzz tests 2019-08-13 18:00:02 +02:00
Gilles Peskine
56c0161b68 Test that a shared library build produces a dynamically linked executable 2019-08-13 17:54:26 +02:00
Gilles Peskine
cf74050fea Test that the shared library build with CMake works 2019-08-13 17:54:26 +02:00
Gilles Peskine
abf9b4dee8 Add a test of MBEDTLS_CONFIG_FILE
configs/README.txt documents that you can use an alternative
configuration file by defining the preprocessor symbol
MBEDTLS_CONFIG_FILE. Test this.
2019-08-13 17:54:26 +02:00
Gilles Peskine
c9d7f94a65 Add issue numbers for some missing parts of secure element support 2019-08-13 16:17:16 +02:00
Gilles Peskine
5da7b3e55c Drivers must have a psa_destroy_key method
Drivers that allow destroying a key must have a destroy method. This
test bug was previously not caught because of an implementation bug
that lost the error triggered by the missing destroy method.
2019-08-13 16:04:34 +02:00
Gilles Peskine
4b7f340fbf Clean up status code handling inside psa_destroy_key
Adopt a simple method for tracking whether there was a failure: each
fallible operation sets overall_status, unless overall_status is
already non-successful. Thus in case of multiple failures, the
function always reports whatever failed first. This may not always be
the right thing, but it's simple.

This revealed a bug whereby if the only failure was the call to
psa_destroy_se_key(), i.e. if the driver reported a failure or if the
driver lacked support for destroying keys, psa_destroy_key() would
ignore that failure.

For a key in a secure element, if creating a transaction file fails,
don't touch storage, but close the key in memory. This may not be
right, but it's no wronger than it was before. Tracked in
https://github.com/ARMmbed/mbed-crypto/issues/215
2019-08-13 15:58:36 +02:00
Gilles Peskine
9ce31c466d Note about destroying a key with other open handles
https://github.com/ARMmbed/mbed-crypto/issues/214
2019-08-13 15:14:20 +02:00