Commit graph

9250 commits

Author SHA1 Message Date
Gilles Peskine
32668ce268 Pacify check-names.sh 2019-03-06 18:29:57 +01:00
Gilles Peskine
c079f5692d Pass check-files.py 2019-03-06 18:01:52 +01:00
Gilles Peskine
e5c025c7ab Fix Doxygen warnings 2019-03-06 18:01:43 +01:00
Gilles Peskine
c3044a6a36 Remove trailing whitespace
check-files.py doesn't like trailing whitespace.
2019-03-06 17:56:28 +01:00
Derek Miller
f0c1d0d375 Doxygen changes to match the code changes. clarifications. 2019-02-15 17:23:42 -06:00
Derek Miller
28d483ef2f removed * from entropy function pointers as they are already pointers 2019-02-15 17:18:03 -06:00
Derek Miller
8a241a5779 Replaced entropy driver context with void * to support multiple entropy drivers 2019-02-15 17:17:25 -06:00
Derek Miller
6aaa4fd73b added key_type parameter to asymmetric operations because the accelerator need this info 2019-02-15 17:15:54 -06:00
Derek Miller
34b33f198b Changed psa_drv_se_cipher_t.size to context_size to be consistent 2019-02-15 17:13:54 -06:00
Derek Miller
6211726c61 Removed key deriv. context struct, replaced with void* and a context_size 2019-02-15 17:12:26 -06:00
Derek Miller
0b3098a486 added generate key. Removed pubkey export 2019-02-15 17:10:49 -06:00
Derek Miller
0972fe548c added lifetime paramter to psa_drv_se_import_key_t as the SE needs to know this 2019-02-15 17:08:27 -06:00
Derek Miller
ea743cf6b0 Removed * from function pointers (as they were already pointers) 2019-02-15 17:06:29 -06:00
Derek Miller
b2a1cceaf7 temporarily changed psa_key_slot_t to psa_key_slot_number_t to avoid naming collision 2019-02-15 17:03:42 -06:00
Derek Miller
83d2662dfa Changed opaque/transparent in functions/structs to se/accel 2019-02-15 16:41:22 -06:00
Jaeden Amero
2d7e5fe31d
Merge pull request #46 from Patater/fix-windows-initializers
psa: Test fresh contexts have default behavior
2019-02-12 16:34:10 +00:00
Jaeden Amero
1fb011f2a6
Merge pull request #152 from ARMmbed/psa-test-psa_constant_names
Test psa_constant_names
2019-02-12 13:39:25 +00:00
Jaeden Amero
a3abf540d0
Merge pull request #52 from Patater/verbosify-cmake-tests
all.sh: Enable verbose failure messages for CMake
2019-02-12 13:31:20 +00:00
Jaeden Amero
d48e9c713e all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.
2019-02-12 11:38:14 +00:00
Jaeden Amero
8a23dc6642
Merge pull request #48 from dgreen-arm/fix-zero-key-copy
Allow NULL buffers in psa_copy_key_material when the key size is zero
2019-02-11 17:27:19 +00:00
Darryl Green
8096cafa94 Only zeroize buffer if the buffer length is non-zero 2019-02-11 14:03:03 +00:00
Darryl Green
8593bca7f8 Allow NULL buffers in psa_copy_key_material when the key size is zero 2019-02-11 13:26:36 +00:00
Jaeden Amero
2a0f48ae1f
Merge pull request #43 from Patater/update-2.16-dev
Update to a development version of Mbed TLS 2.16.0
2019-02-08 08:13:41 +00:00
Jaeden Amero
5229bbb08e psa: Test fresh contexts have default behavior
Test that freshly-initialized contexts exhibit default behavior through
the API. Do this without depending on the internal representation of the
contexts. This provides better portability of our tests on compilers
like MSVC.
2019-02-07 17:01:12 +00:00
Jaeden Amero
6fd4ee2af1
Merge pull request #20 from gilles-peskine-arm/psa-copy_key
New function psa_copy_key
2019-02-07 15:40:42 +00:00
Darryl Green
21b33b07df Run generate_psa_constants.py before building psa_constant_names with cmake 2019-02-07 13:08:34 +00:00
Jaeden Amero
7f04214cf4 psa: Rename PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
The macro PSA_HASH_FINAL_SIZE no longer exists and all instances of it
should be replaced by PSA_HASH_SIZE. Replace all remaining instances of
PSA_HASH_FINAL_SIZE with PSA_HASH_SIZE.
2019-02-07 12:19:59 +00:00
Jaeden Amero
c979f6ab38 psa: Test empty PKCS#1 v1.5 decryption
The tests use a ciphertext for PKCS#1 v1.5 encryption of a zero-length
buffer that was created with a call to psa_asymmetric_encrypt().
2019-02-07 12:19:59 +00:00
Jaeden Amero
f8daab78ff psa: Enable testing RSA decryption with output sizes
For must-fail asymmetric decryption tests, add an output size parameter
so that tests can directly control what output buffer size they allocate
and use independently from the key size used. This enables better
testing of behavior with various output buffer sizes.
2019-02-07 12:19:59 +00:00
Jaeden Amero
412654a605 psa: Expect output-buffer-sized RSA-decryption
When RSA decrypting, unlike with RSA encrypting, we sometimes expect the
output length will be less than the key size. For instance, in the case
where the plaintext is zero-length we expect the output length of the
decryption to be zero-length as well, not key size in length.

For must-fail tests, we don't expect output-buffer-sized RSA-decryption,
only that the output length is less than or equal to the output size, so
these tests remain unchanged.

Change the must-pass tests to expect that the actual output size is
equal to the expected length of the output buffer instead of always
being the key size.
2019-02-07 12:19:59 +00:00
Jaeden Amero
4728469f53 rsa: Re-enable use of zero-length null output
After merging the latest RSA implementation from Mbed TLS, we have a
regression in that we no longer properly handle zero-length null output
in PKCS1 v1.5 decryption. Prevent undefined behavior by avoiding a
memcpy() to zero-length null output buffers.
2019-02-07 12:19:59 +00:00
Jaeden Amero
68933640f5 Merge commit '01b34fb316a5' into development
Merge a development version of Mbed TLS 2.16.0 that doesn't have
parameter validation into development.

The following conflicts were resolved:

- Update ChangeLog to include release notes merged from development so
  far, with a version of "2.14.0+01b34fb316a5" and release date of
  "xxxx-xx-xx" to show this is not a released version, but instead a
  snapshot of the development branch equivalent to version of the 2.14.0
  with additional commits from the mbedtls/development branch up through
  01b34fb316 included. Entries added for unreleased versions of Mbed
  Crypto remain at the top of the file for Mbed TLS 2.xx.x.
- Replace the Mbed Crypto version of
  mbedtls_rsa_rsaes_pkcs1_v15_decrypt() with the version from Mbed TLS
  which fixes timing variations and memory access variations that could
  lead to a Bleichenbacher-style padding oracle attack. This will
  prevent using psa_asymmetric_decrypt() with zero-length output buffers
  until a follow up commit is made to restore this capability.
- In ssl_srv.c, include changes for both the new ECDH interface and
  opaque PSK as already added to development previously.
2019-02-07 12:19:59 +00:00
Darryl Green
da7c80e3f1 Add dependency to Makefile 2019-02-06 16:24:43 +00:00
Gilles Peskine
c9516fbf13 Document exercise_key and fix one incorrect usage
In one place, exercise_key was used in a such a way that if the test
failed inside exercise_key, the test suite would correctly report the
test as failed but would not report the exact location of the failure.
Fix this.

Add documentation for exercise_key that explains how to use it.
2019-02-06 16:42:34 +01:00
Gilles Peskine
e84d5d2f1c psa_copy_key: Add test cases to specifically check non-exportability
Test that copying a non-exportable key doesn't make it exportable.
This complements similar tests that exercise a different usage flag.
2019-02-06 16:42:05 +01:00
Darryl Green
df72306e07 Fix typo in generate_psa_constants.py 2019-02-06 15:36:00 +00:00
Jaeden Amero
ae2f5f1795
Merge pull request #44 from mpg/fix-double-return
Fix double return statement in cipher.c
2019-02-06 15:05:06 +00:00
Darryl Green
45010a333e Move test_psa_constant_names to a full config build 2019-02-06 13:45:03 +00:00
Darryl Green
d519583ae3 Run generate_psa_constants.py in cmake builds 2019-02-06 13:45:03 +00:00
Darryl Green
b8fe06820b Document that ECDH and FFDH are excluded only temporarily 2019-02-06 13:44:30 +00:00
Gilles Peskine
aec5a7fd49 psa_copy_key: minor documentation clarification 2019-02-05 20:26:09 +01:00
Jaeden Amero
3dab69d625
Merge pull request #39 from gilles-peskine-arm/psa-api-1.0-beta-docs
Point to psa-crypto-api branch for the PSA Crypto API specification
2019-02-05 17:30:27 +00:00
Manuel Pégourié-Gonnard
f2a7529403 Fix double return statement in cipher.c
This was introduced in ce1ddee13a
2019-02-05 13:13:21 +01:00
Darryl Green
61b7f61d5e Change unknown hash algorithm value
0x010000ff corresponds to PSA_ALG_ANY_HASH, so this collides and
isn't an unknown algorithm.
2019-02-05 09:21:28 +00:00
Jaeden Amero
acdf07c033
Merge pull request #41 from hanno-arm/ec_pubkey_fmt_fixes
Make further adaptations to new EC public key format
2019-02-01 13:05:48 +00:00
Hanno Becker
00114d71f4 Adapt test in test_suite_pk to work with new PSA public key format 2019-02-01 11:56:42 +00:00
Hanno Becker
9acfd730ed Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.

Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.

Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.

The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.

By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.

The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.

That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 11:56:37 +00:00
Hanno Becker
69777ca867 Add function to find OID for PSA ECC curve identifiers 2019-02-01 11:52:59 +00:00
Hanno Becker
cd0f276cee Update pointer in PSA-based mbedtls_pk_write_pubkey() 2019-02-01 11:52:58 +00:00
Gilles Peskine
7b3950862f Documentation: link to the specification separately
Link to rendered copies of the specification on a separate branch,
since the implementation is not always up-to-date with the
specification.

Fix the broken link to the HTML to something that works on the web.

Add instructions to generate the library documentation in HTML locally.
2019-01-31 18:10:05 +01:00