Commit graph

245 commits

Author SHA1 Message Date
Neil Armstrong
ea54dbe7c2 Fix comment typo in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
19e6bc4c9f Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
8a44bb47ac Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34 Fix 80 characters indentation in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c Check psa_destroy_key() return in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212 Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
52f41f8228 PK: RSA verification PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Jerry Yu
bd1b3278b1 Remove useless code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Jerry Yu
7533982f68 guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:06:31 +08:00
Jerry Yu
e010de4be3 Rename ctx to rsa_ctx
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 11:45:55 +08:00
Jerry Yu
bf455e7516 rename pk_psa_rsa_sign_ext param
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:39:41 +08:00
Jerry Yu
89107d1bc2 fix ci fail without RSA_C
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
406cf27cb5 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
848ecce990 fix wrong typo in function name
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:52 +08:00
Jerry Yu
07869e804c fix psa crypto test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
b02ee18e64 replace use_psa_crypto with psa_crypto_c
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
1d172a3483 Add pk_psa_sign_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Manuel Pégourié-Gonnard
706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing
PK: ECDSA signing
2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard
472044f21e
Merge pull request #5525 from superna9999/5161-pk-rsa-encryption
PK: RSA encryption
2022-03-21 09:57:38 +01:00
Neil Armstrong
62e6ea2c22 Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:39:49 +01:00
Neil Armstrong
17a0655c8d Add documentation to find_ecdsa_private_key()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:27:38 +01:00
Neil Armstrong
05132ed490 md_alg is used in ecdsa_sign_wrap(), cleanup code
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:14:57 +01:00
Neil Armstrong
cb753a6945 Use mbedtls_eckey_info directly in ecdsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:14:48 +01:00
Manuel Pégourié-Gonnard
15c0e39fff
Merge pull request #5519 from superna9999/5150-pk-rsa-decryption
PK: RSA decryption
2022-03-17 11:02:13 +01:00
Neil Armstrong
da1d80db19 Use mbedtls_rsa_info directly in rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:36:32 +01:00
Neil Armstrong
7b1dc85919 Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:36:06 +01:00
Neil Armstrong
6b03a3de5c Use mbedtls_rsa_info directly in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:31:07 +01:00
Neil Armstrong
8e80504b46 Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:30:31 +01:00
Neil Armstrong
169e61add6 Zeroise stack buffer containing private key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-14 14:26:49 +01:00
Neil Armstrong
3aca61fdfc Zeroise stack buffer containing private key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-14 14:24:48 +01:00
Neil Armstrong
e87804920a Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:54:16 +01:00
Neil Armstrong
b556a42656 Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
f47135756c Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
0d46786034 Fix style issue in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
f1b564bb8d Check psa_destroy_key() return in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
18f43c7304 PK: RSA decrypt PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
e4edcf761d Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:46:41 +01:00
Neil Armstrong
ff70f0bf77 Check psa_destroy_key() return in rsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
edcc73c992 Fix 80 characters indentation in ecdsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
dab14de96a Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
15021659d1 Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
5874aa38f7 Fix style issue in find_ecdsa_private_key()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
cf5a215a43 Check psa_destroy_key() return in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
e960690b89 PK: ECDSA signing PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
db69c5213f Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:41:23 +01:00
Neil Armstrong
66fa769ae8 Fix 80 characters indentation in rsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
4b1a059f7d Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
48a9833cdf Check psa_destroy_key() return in rsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
e4f28688fd Fix comment typo in rsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
9854568204 PK: RSA signing PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
3770e2483f Use new PSA to mbedtls PK error mapping functions in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:37:33 +01:00
Neil Armstrong
deb4bfb2b9 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
9dccd866c3 Check psa_destroy_key() return in ecdsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
7dd3b20d36 Check psa_destroy_key() return in rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
ac014ca5d9 Fix comment typos in rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
96a16a429b PK: RSA encrypt PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls
Rename, move and refine PSA to mbedtls PK errors mappings
2022-03-03 13:30:29 +01:00
Neil Armstrong
19915c2c00 Rename error translation functions and move them to library/pk_wrap.*
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 15:21:02 +01:00
Neil Armstrong
0f49f83625 Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 10:05:33 +01:00
Neil Armstrong
3f9cef4547 Remove actual and use new PSA to mbedtls PK errors mapping functions
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 15:44:39 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Gilles Peskine
908982b275 Fix the build with MBEDTLS_ECP_RESTARTABLE enabled
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Manuel Pégourié-Gonnard
39be1410fd Add RNG parameter to check_pair functions
- mbedtls_ecp_check_pub_priv() because it calls ecp_mul()
- mbedtls_pk_check_pair() because it calls the former

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Gilles Peskine
85b1bc65a0 pk_debug: build with RSA_ALT implementations
When MBEDTLS_RSA_ALT is defined, mbedtls_rsa_context does not necessarily
have fields called N and E of type mbedtls_mpi. Don't emit pk_debug
information with MBEDTLS_RSA_ALT. This is not ideal but at least the
library compiles.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Ronald Cron
c1905a1c3d Change mbedtls_rsa_init() signature
Remove padding parameters as mbedtls_rsa_init()
cannot return an error code when padding
parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Thomas Daubney
68d9cbca97 Removes mode param from mbedtls_rsa_pkcs1_verify
Commit removes mode parameter from
mbedtls_rsa_pkcs1_verify and propagates the
change throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:14:32 +01:00
Thomas Daubney
613d1a4fb7 Removes p_rng param from mbedtls_rsa_pkcs1_verify
Commit removes p_rng from mbedtls_rsa_pkcs1_verify
since p_rng has no relevance following the removal
of f_rng from this function.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
ac1331211e Removes f_rng parameter from mbedtls_rsa_pkcs1_verify
Commit removes f_rng parameter from
mbedtls_rsa_pkcs1_verify as a prerequisite
to removing the mode parameter. f_rng no
longer has relevance in this function if
mode is removed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
140184d029 Removes mode param from mbedtls_rsa_pkcs1_sign
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 18:02:24 +01:00
Thomas Daubney
fa1581ea03 Modifies typedef of mbedtls_pk_rsa_alt_sign_func
This commit modifies the typedef of
mbedtls_pk_rsa_alt_sign_func and propagates the
associated changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 12:38:33 +01:00
Thomas Daubney
2177277dda Removes mode param from mbedtls_rsa_pkcs1_encrypt
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
Thomas Daubney
99914146a4 Preparatory commit to remove tests
Removed a conditional compilation block
relating to MBEDTLS_PKCS1_V15 in
rsa_pkcs1_verify_raw function that was no
longer relevant.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 15:18:20 +01:00
Tomasz Rodziewicz
d6c246f5bf
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-21 12:31:43 +02:00
TRodziewicz
b579ccd529 The still used deprecated error codes replaced with _PLATFORM_ ones
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 14:29:29 +02:00
Chris Jones
daacb59c2e Rename <pk/md/cipher>_internal.h to *_wrap.h
Revert changes introduced in 50518f4195
as it is now clear that these headers are internal without the
`*_internal.h` suffix.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
e2191cd789 Update includes to use library/ instead of include/mbedtls/
Simple find and replace using `#include (<|")mbedtls/(.*)_internal.h(>|")`
and `#include $1$2_internal.h$3`.

Also re-generated visualc files by running
`scripts/generate_visualc_files.pl`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Ronald Cron
cf56a0a320 psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Gilles Peskine
6bf4f5fb65
Merge pull request #3585 from jdurkop/fix/undefined-reference-3294
Fix the build with MBEDTLS_USE_PSA_CRYPTO without ECDSA
2020-09-10 21:59:49 +02:00
John Durkop
2ec2eaac31 Fix test issues with depends-hashes
Needed to make additional fixes so that when MBEDTLS_USE_PSA_CRYPTO
is defined, the depends-hashes test will succeed. There are two
versions of the ecdsa_verify_wrap() function, one with
MBEDTLS_USE_PSA_CRYPTO and when when it is not enabled. The non PSA
version is not using the md_alg parameter since it is not required.
The PSA version was using that parameter to derive a different value
it needed for PSA_ALG_ECDSA. The arguement of PSA_ALG_ECDSA is
ignored for psa_sign_hash and psa_verify_hash. It is present because
it is used and must be a valid hash, not zero, for psa_sign_hash
(but not psa_verify_hash) with PSA_ALG_DETERMINISTIC_ECDSA, and it is
needed for psa_sign_message and psa_verify_message which are not
implemented yet. The local parameter now uses PSA_ALG_ECDSA_ANY for
the verify function to avoid using the md_alg parameter and avoids
returning incorrect error codes.

Fixes #3587

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-08 05:40:41 -07:00
John Durkop
d46ede0d37 Fix missing label for guard
Fixes #3294

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 09:51:00 -07:00
John Durkop
af5363c24e Updates to cleanup fixes for #3294
Minor updates to changelog for more concise wording and fixed styling
in other files as needed.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:29:39 -07:00
John Durkop
f35069a82d Fix undefined ref error when ECDSA not defined
Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors
are returned.
Remove warnings in pk.c for unused variables.
Add new test (test_depends_pkalgs_psa) to all.sh to confirm
when USE_PSA_CRYPTO is defined that features are working properly.

Fix #3294

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:20:56 -07:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Manuel Pégourié-Gonnard
fafe8553c6
Merge pull request #3392 from paul-elliott-arm/psa_ecc_dh_macros
PSA: update EC curve and DH group family macros
2020-07-07 09:20:44 +02:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Gilles Peskine
db09ef6d22 Include common.h instead of config.h in library source files
In library source files, include "common.h", which takes care of
including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE)
and other things that are used throughout the library.

FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 11:26:57 +02:00
Gilles Peskine
fc2459db13 Remove mbedtls_psa_translate_ecc_group
Internally, use the corresponding function from psa_crypto.c instead.
Externally, this function is not used in Mbed TLS and is documented as
"may change at any time".
2020-01-31 10:15:32 +01:00
Jaeden Amero
795c6bab62
Merge pull request #323 from yanesca/iotcrypt-942-initialise-return-values
Initialise return values to an error
2019-12-19 10:24:22 +00:00
Janos Follath
24eed8d2d2 Initialise return values to an error
Initialising the return values to and error is best practice and makes
the library more robust.
2019-12-03 16:07:18 +00:00
Gilles Peskine
89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine
5bcb24b56e Fix output buffer length check in pk_opaque_sign_wrap 2019-11-13 10:57:59 +01:00
Gilles Peskine
f48d6f2320 Add sanity checks for the mbedtls_pk_sign output size
mbedtls_pk_sign does not take the size of its output buffer as a
parameter. We guarantee that MBEDTLS_PK_SIGNATURE_MAX_SIZE is enough.
For RSA and ECDSA signatures made in software, this is ensured by the
way MBEDTLS_PK_SIGNATURE_MAX_SIZE is defined at compile time. For
signatures made through RSA-alt and PSA, this is not guaranteed
robustly at compile time, but we can test it at runtime, so do that.
2019-11-12 13:21:53 +01:00
Gilles Peskine
d2d45c1738 Convert cipher and pk to PSA attribute-based key creation
This fixes the build under MBEDTLS_USE_PSA_CRYPTO.
2019-06-05 11:34:54 +02:00
Gilles Peskine
87a5e565f4 Rename functions that inject key material to an allocated handle
This commit starts a migration to a new interface for key creation.
Today, the application allocates a handle, then fills its metadata,
and finally injects key material. The new interface fills metadata
into a temporary structure, and a handle is allocated at the same time
it gets filled with both metadata and key material.

This commit was obtained by moving the declaration of the old-style
functions to crypto_extra.h and renaming them with the to_handle
suffix, adding declarations for the new-style functions in crypto.h
under their new name, and running

    perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
    perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c

Many functions that are specific to the old interface, and which will
not remain under the same name with the new interface, are still in
crypto.h for now.

All functional tests should still pass. The documentation may have
some broken links.
2019-04-24 15:24:45 +02:00
Hanno Becker
ccf574e030 Fix outdated comment in ecdsa_verify_wrap() 2019-01-29 08:26:15 +00:00
Hanno Becker
a98511164f Adapt ecdsa_verify_wrap() to new EC public key format
Previously, PSA used SubjectPublicKeyInfo structures to serialize EC public keys.
This has recently been changed to using ECPoint structures instead, but the wrapper
making PSA ECDSA verification available through Mbed TLS' PK API hasn't yet been
adapted accordingly - which is what this commit does.

Luckily, Mbed TLS' PK API offers two functions mbedtls_pk_write_pubkey()
and mbedtls_pk_write_pubkey_der(), the latter exporting a SubjectPublicKeyInfo
structure and the former exporting an ECPoint structure in case of EC public
keys. For the adaptation of the ECDSA wrapper ecdsa_verify_wrap() it is therefore
sufficient to use mbedtls_pk_write_pubkey() instead of mbedtls_pk_write_pubkey_der().
2019-01-28 11:45:19 +00:00