Commit graph

15913 commits

Author SHA1 Message Date
gabor-mezei-arm
d5218df572
Enable fallback to software implementation in psa_sign/verify_message driver
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
f048618b43
Unify variable type and rename to be unambiguous
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
2b8373f856
Update documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
4bc0edb919
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
041887bfc3
Update key usage determination for exercise key tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
4a6fcda031
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
256443e64e
Change the driver calling logic for psa_sign/verify_messsage
The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
6883fd248d
Rename sign/verify builtin functions called by driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
6e2a8daef4
Add new tests for psa_sign/verify_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
d785a79477
Fix test
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
e088985496
Fix test names
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
ce8804fd6e
Update tests dependencies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
4fabc5666b
Use non-deterministic ecdsa algorithm for verify_hash/message tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
474a35f635
Return error if algorithm is not hash-then-sign for psa_sign_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
8b3e88614c
Use bool variable instead of enum values
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
12b4f34fff
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
6cdf637f88
Use switch-case for error handling
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
6dcaa3b5a1
Update driver tests for psa_hash/verify_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
f9820f92cf
Fix for algorithms other than hash-then-sign
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
b5c1e37aff
Use driver-wrapper functions for psa_sign/verify_message
To avoid code duplication of the old-style SE interface usage
call psa_driver_wrapper_sign/verify_hash function instead of
the direct internal functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
df0f230762
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
0f62240942
Enable algorithms other than hash-then-sign
For psa_hash/verify_message other algorithms than hash-then-sign is
enabled like PureEdDSA.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
46c23a051c
Fix error checking
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
2522c0b1cd
Update macro names
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
4c6a47a833
Add test for sign/verify message key policies
Update the mbedtls_test_psa_exercise_key to handle and use
PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE key policies.
Add new tests for PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE
policies.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
816886c8f3
Add driver tests for sign/verify_message
Adopting the tests for sign/verify_hash.
The expected ouput data was created with python-ecdsa.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
2fcb393ebd
Rename driver test funtions and test cases
Modify function and test case names that testing psa_sign_hash and
psa_verify_hash funtions to be less confusing with the newly introduced
function and test case names which tests psa_sign_message and
psa_verify_message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
50eac35d58
Dispatch sign/verify funtions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
38cbaf2881
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
5b44652593
Unify similar functions
Use common funtion for psa_sign_hash and psa_sign_message and one for
psa_verify_hash and psa_verify_message to unify them.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
36658e46ba
Update PSA_ALG_IS_SIGN_MESSAGE
Add missing algorithm for PSA_ALG_IS_SIGN_MESSAGE and update documentation.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
5302848ba5
Add tests for psa_sign_message and psa_verify_message
The reference output data was created with cryptodome for RSA algorithms and
python-ecdsa for ECDSA algorithms.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
b95302358f
Rename test funtions and test cases
Modify function and test case names that testing psa_sign_hash and
psa_verify_hash funtions to be less confusing with the newly introduced
function and test case names which tests psa_sign_message and
psa_verify_message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:51 +02:00
gabor-mezei-arm
4a21019653 Implement psa_sign_message and psa_verify_message functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:49 +02:00
Hanno Becker
845ceb7cc8 Improve readability and efficiency of SSL cache reference impl
The reference session cache implementation may end up storing multiple
sessions associated to the same session ID if the set()-call for the
second session finds an outdated cache entry prior to noticing the entry
with the matching session ID. While this logically overwrites the existing
entry since we always search the cache in order, this is at least a waste
of resources.

This commit fixes this by always checking first whether the given ID is
already present in the cache.

It also restructures the code for easier readability.

Fixes #4509.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 07:11:30 +01:00
Hanno Becker
f47199da26 Improve naming of helper function for reference session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 07:09:09 +01:00
Hanno Becker
0248785081 Document session cache callbacks
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 07:09:09 +01:00
Hanno Becker
df56402623 Fix memory leak upon ciphersuite mismatch during session resumption
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 07:09:06 +01:00
Hanno Becker
7ad77963d1 Use shorthand local variable for session under negotiation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 06:13:34 +01:00
Hanno Becker
f6e09c6f83 Don't use ssl_check_xxx() for functions with void return
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 06:12:38 +01:00
Micah N Gorrell
21d4bdbb39 Add OID for User ID
Signed-off-by: Micah N Gorrell <micah.gorrell@venafi.com>
2021-05-12 17:46:56 -06:00
Gilles Peskine
d7b3d92476 Change sha256 output type from an array to a pointer
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-13 00:46:29 +02:00
Gilles Peskine
3e3a6789d1 Remove a kludge for the output size of mbedtls_sha512_finish_ret
Remove a kludge to avoid a warning in GCC 11 when calling
mbedtls_sha512_finish_ret with a 48-byte output buffer. This is correct
since we're calculating SHA-384. When mbedtls_sha512_finish_ret's output
parameter was declared as a 64-byte array, GCC 11 -Wstringop-overflow
emitted a well-meaning, but inaccurate buffer overflow warning, which we
tried to work around (successfully with beta releases but unsuccessfully
with GCC 11.1.0 as released). Now that the output parameter is declared as a
pointer, no workaround is necessary.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-13 00:46:10 +02:00
Gilles Peskine
e02e02f203 Change sha512 output type from an array to a pointer
The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-13 00:32:45 +02:00
eugene
b46d1a74f9 fix changelog entry
Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
2021-05-12 14:36:24 -04:00
Thomas Daubney
3473308b5d Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt
Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt
and also modify and remove relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:55:58 +01:00
Thomas Daubney
d21e0b780a Remove mode parameter from mbedtls_rsa_rsaes_oaep_decrypt function
Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt
function. The change is progagated to all function calls, including in
test suite .function files. Additionally fully removing one test
where the wrong mode was being tested.

Signed-off-by: Tom Daubney <Thomas.Daubney@arm.com>
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:49:41 +01:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
eugene
e42a50da04 use proper formatting macros when using MinGW provided stdio
add changelog entry

Signed-off-by: eugene <eugene.kobyakov@netfoundry.io>
2021-05-12 12:59:30 -04:00
Ronald Cron
e0f06c624c
Merge pull request #4473 from tniessen/typos-in-header-files
Fix typos in C header files
2021-05-12 18:23:48 +02:00