Commit graph

10147 commits

Author SHA1 Message Date
Jaeden Amero
fe96fbec2c Initialize PSA Crypto operation contexts
It is now required to initialize PSA Crypto operation contexts before
calling psa_*_setup(). Otherwise, one gets a PSA_ERROR_BAD_STATE error.
2019-02-20 10:51:42 +00:00
Jaeden Amero
97eaea9fc8
Merge pull request #32 from itayzafrir/ipc-support-64-bit-key-ids
Prepare support for 64 bit key ids under SPM
2019-02-20 10:45:10 +00:00
Andres Amaya Garcia
e254f85c93 Fix ChangeLog entry to correct release version 2019-02-20 10:00:03 +00:00
Jaeden Amero
3971c10150
Merge pull request #53 from gilles-peskine-arm/storage_spec-initial
Specification of how keys and the random seed are stored
2019-02-20 09:12:50 +00:00
Gilles Peskine
e086652aef Test the length of cipher_update output
In multipart cipher tests, test that each step of psa_cipher_update
produces output of the expected length. The length is hard-coded in
the test data since it depends on the mode.

The length of the output of psa_cipher_finish is effectively tested
because it's the total output length minus the length produced by the
update steps.
2019-02-19 19:45:55 +01:00
Gilles Peskine
a04ba4ec52 Add some CTR multipart tests
Test data obtained with Python+PyCrypto:
AES.new(key, mode=AES.MODE_CTR, counter=Crypto.Util.Counter.new(128, initial_value=0x2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a)).encrypt(plaintext.decode('hex')).encode('hex')
2019-02-19 19:26:06 +01:00
Gilles Peskine
3215de4cf5 Add CBC multipart tests with 2 blocks
Test data obtained with Python+PyCrypto:
AES.new(key, AES.MODE_CBC, iv).encrypt(plaintext.decode('hex')).encode('hex')
2019-02-19 19:26:02 +01:00
Gilles Peskine
3b7e084077 Fix incorrect length check in multipart cipher tests
The output length can be equal to the input length.

This wasn't noticed at runtime because we happened to only test with
CBC with the first chunk being a partial block.
2019-02-19 19:22:51 +01:00
Gilles Peskine
ee46fe7b9b Fix output size calculations in cipher tests
Some calls to psa_cipher_finish or psa_cipher_update append to a
buffer. Several of these calls were not calculating the offset into
the buffer or the remaining buffer size correctly.

This did not lead to buffer overflows before because the buffer sizes
were sufficiently large for our test inputs. This did not lead to
incorrect output when the test was designed to append but actually
wrote too early because all the existing test cases either have no
output from finish (stream cipher) or have no output from update (CBC,
with less than one block of input).
2019-02-19 19:05:33 +01:00
Gilles Peskine
adc558e289 Fix test data missing some fake-random input
The test function pkcs1_rsaes_v15_encrypt gets its fake-random input
for padding from a test parameter. In one test case, the parameter was
too short, causing a fallback to rand(). The reference output depends
on this random input, so the test data was correct only for a platform
with one particular rand() implementation. Supply sufficient
fake-random input so that rand() isn't called.
2019-02-19 18:33:57 +01:00
Gilles Peskine
85a6dd40ba Add tests for RSA encrypt/decrypt with NULL for empty message 2019-02-19 18:33:57 +01:00
Jaeden Amero
2b88dc3717
Merge pull request #61 from Patater/travis-ci-seed-four
travis: Use seed 4 when running ssl-opt.sh
2019-02-19 14:16:36 +00:00
Jaeden Amero
bb2ce8a6a8 travis: Use seed 4 when running ssl-opt.sh
Seed 4 has been shown to result in a DTLS proxy that works more often
than not. This should help reduce the flakiness we observe from Travis
CI runs.
2019-02-19 13:12:30 +00:00
itayzafrir
7723ab1739 Add common header for crypto service integration 2019-02-19 15:09:14 +02:00
itayzafrir
7132dd9796 Prepare support for 64 bit key ids in a PSA system.
Preparation for type separation between SPE and NSPE.
2019-02-19 15:08:07 +02:00
k-stachowiak
cddbd01e4f Reword changelog entry 2019-02-19 12:40:34 +01:00
k-stachowiak
6409724059 Update change log 2019-02-19 12:25:24 +01:00
Jaeden Amero
7e2cda1d67
Merge pull request #11 from gilles-peskine-arm/psa-setup_bad_state-document
Document that multipart operation setup can return BAD_STATE
2019-02-19 10:24:23 +00:00
Jaeden Amero
065c426d75
Merge pull request #57 from Patater/check-generator-validity
psa: Check generator validity before read
2019-02-18 19:22:19 +00:00
Jaeden Amero
cf2010cf58 psa: Check generator validity before read
Check generator validity (i.e. that alg has been initialized) before
allowing reads from the generator or allowing reads of the generator's
capacity.

This aligns our implementation with the documented error code behavior
in our crypto.h and the PSA Crypto API.
2019-02-18 17:05:50 +00:00
Hanno Becker
135baef1bd Define maximum EC public key length depending on enabled curves 2019-02-18 17:04:24 +00:00
Hanno Becker
28f78440d8 Grep for debug output witnessing use of PSA in ECDHE ssl-opt.sh 2019-02-18 16:47:50 +00:00
Hanno Becker
4af484e29a Regenerate VS2010 project file 2019-02-18 16:42:02 +00:00
Hanno Becker
3b7c4a0ff0 Regenerate VisualStudio project file 2019-02-18 16:42:02 +00:00
Hanno Becker
354e248d81 Add ssl-opt.sh tests for PSA-based ECDH with various ECC curves 2019-02-18 16:42:02 +00:00
Hanno Becker
0a94a64bbd Add debugging output to confirm that PSA was used for ECDHE 2019-02-18 16:42:02 +00:00
Hanno Becker
c14a3bb5a6 Make variable in ssl_write_client_key_exchange() more descriptive 2019-02-18 16:42:02 +00:00
Hanno Becker
4a63ed421c Implement ClientKeyExchange writing in PSA-based ECDHE suites
- Populate the ECDH private key slot with a fresh private EC key
  designated for the correct algorithm.
- Export the public part of the ECDH private key from PSA and
  reformat it to suite the format of the ClientKeyExchange message.
- Perform the PSA-based ECDH key agreement and store the result
  as the premaster secret for the connection.
2019-02-18 16:42:01 +00:00
Hanno Becker
bb89e2727f Implement ServerKeyExchange parsing for PSA-based ECDHE suites
- Reformat the server's ECDH public key to make it suitable
  for the PSA key agreement API. Currently, the key agreement
  API needs a full SubjectPublicKeyInfo structure, while the
  TLS ServerKeyExchange message only contains a ECPoint structure.
2019-02-18 16:42:01 +00:00
Hanno Becker
df51dbe17f Add fields for PSA-based ECDHE to handshake structure
This is the first in a series of commits adding client-side
support for PSA-based ECDHE.

Previously, the state of an ECDHE key agreement was maintained
in the field mbedtls_ssl_handshake_params::ecdh_ctx, of type
::mbedtls_ecdh_context and manipulated through the ECDH API.

The ECDH API will be superseeded by the PSA Crypto API for key
agreement, which needs the following data:
(a) A raw buffer holding the public part of the key agreement
    received from our peer.
(b) A key slot holding the private part of the key agreement.
(c) The algorithm to use.
The commit adds fields to ::mbedtls_ssl_handshake_params
representing these three inputs to PSA-based key agreement.

Specifically, it adds a field for the key slot holding the
ECDH private key, a field for the EC curve identifier, and
a buffer holding the peer's public key.

Note: Storing the peer's public key buffer is slightly
inefficient, as one could perform the ECDH computation
as soon as the peer sends its public key, either working
with in-place or using a stack-buffer to reformat the
public key before passing it to PSA. This optimization
is left for a later commit.
2019-02-18 16:41:55 +00:00
Hanno Becker
f75f912c31 Add functions to psa_util module to convert EC public keys 2019-02-18 16:37:12 +00:00
Jaeden Amero
9654e11b1d
Merge pull request #55 from davidsaada/david_its_ps_err_codes
Modify PSA related error codes and types
2019-02-18 15:39:27 +00:00
k-stachowiak
17a38d3a74 Reenable GnuTLS next based tests 2019-02-18 15:29:56 +01:00
David Saada
a2523b2c6d Replace ITS specific types with more generic PSA storage types
PSA spec now defines more generic PSA storage types instead of the ITS
specific ones. This is necessary in order to integrate with
the newer implementation of PSA ITS landing in Mbed OS soon.
Changes include the following:
- psa_status_t replaces psa_its_status_t
- psa_storage_info_t replaces psa_its_info_t
- psa_storage_uid_t replaces psa_its_uid_t
2019-02-18 13:56:26 +02:00
David Saada
b4ecc27629 Replace PSA error code definitions with the ones defined in PSA spec 2019-02-18 13:53:13 +02:00
k-stachowiak
28cb6fbd47 Unbump version to 0.0.0 2019-02-18 12:01:03 +01:00
Manuel Pégourié-Gonnard
9c99dc862c
Merge pull request #2395 from ARMmbed/development-psa-merged-dev-8e76332
Merge updated development-psa into development
2019-02-18 11:55:54 +01:00
Derek Miller
f0c1d0d375 Doxygen changes to match the code changes. clarifications. 2019-02-15 17:23:42 -06:00
Derek Miller
28d483ef2f removed * from entropy function pointers as they are already pointers 2019-02-15 17:18:03 -06:00
Derek Miller
8a241a5779 Replaced entropy driver context with void * to support multiple entropy drivers 2019-02-15 17:17:25 -06:00
Derek Miller
6aaa4fd73b added key_type parameter to asymmetric operations because the accelerator need this info 2019-02-15 17:15:54 -06:00
Derek Miller
34b33f198b Changed psa_drv_se_cipher_t.size to context_size to be consistent 2019-02-15 17:13:54 -06:00
Derek Miller
6211726c61 Removed key deriv. context struct, replaced with void* and a context_size 2019-02-15 17:12:26 -06:00
Derek Miller
0b3098a486 added generate key. Removed pubkey export 2019-02-15 17:10:49 -06:00
Derek Miller
0972fe548c added lifetime paramter to psa_drv_se_import_key_t as the SE needs to know this 2019-02-15 17:08:27 -06:00
Derek Miller
ea743cf6b0 Removed * from function pointers (as they were already pointers) 2019-02-15 17:06:29 -06:00
Derek Miller
b2a1cceaf7 temporarily changed psa_key_slot_t to psa_key_slot_number_t to avoid naming collision 2019-02-15 17:03:42 -06:00
Derek Miller
83d2662dfa Changed opaque/transparent in functions/structs to se/accel 2019-02-15 16:41:22 -06:00
Andrzej Kurek
064128c1b0 Update submodule pointer to commit 0574e6a of mbed-crypto/development 2019-02-15 10:20:05 -05:00
Andrzej Kurek
1b20be59e2 Write documentation for TEST_ASSERT 2019-02-15 10:13:35 -05:00