Gilles Peskine
9ad29e2bee
Add what little was missing to fully support DES
...
Also add what was missing in the test suite to support block ciphers
with a block size that isn't 16.
Fix some buggy test data that passed only due to problems with DES
support in the product.
2018-09-12 16:24:50 +03:00
Gilles Peskine
9a94480685
Convert ERR_ASN1 error codes to PSA
...
This fixes the error code when psa_export_key on an asymmetric key
reports that the output buffer is too small.
2018-09-12 16:24:50 +03:00
Gilles Peskine
b54979a297
Refuse non-byte-sized raw data keys
...
Since the key size is stored in bytes, we can't have a key whose size
isn't a whole number of bytes.
2018-09-12 16:24:50 +03:00
Gilles Peskine
c06e07128c
Favor INVALID_ARGUMENT over NOT_SUPPORTED for bad algorithm types
...
In psa_hash_start, psa_mac_start and psa_cipher_setup, return
PSA_ERROR_INVALID_ARGUMENT rather than PSA_ERROR_NOT_SUPPORTED when
the algorithm parameter is not the right category.
2018-09-12 16:23:54 +03:00
Gilles Peskine
248051acb6
Add missing #ifdef guards around psa_hmac_start
2018-09-12 16:23:54 +03:00
Gilles Peskine
16c0f4f787
Fix potential memory corruption on MAC/cipher setup failure
...
When psa_mac_start(), psa_encrypt_setup() or psa_cipher_setup()
failed, depending on when the failure happened, it was possible that
psa_mac_abort() or psa_cipher_abort() would crash because it would try
to call a free() function uninitialized data in the operation
structure. Refactor the functions so that they initialize the
operation structure before doing anything else.
Add non-regression tests and a few more positive and negative unit
tests for psa_mac_start() and psa_cipher_setup() (the latter via
psa_encrypt_setip()).
2018-09-12 16:23:53 +03:00
Gilles Peskine
12313cd84c
Implement psa_generate_key: AES, DES, RSA, ECP
...
In the test cases, try exporting the generated key and perform sanity
checks on it.
2018-09-12 16:22:51 +03:00
Gilles Peskine
e66ca3bbf3
psa_export_key: zero out potential garbage in the output buffer
...
In psa_export_key, ensure that each byte of the output buffer either
contains its original value, is zero, or is part of the actual output.
Specifically, don't risk having partial output on error, and don't
leave extra data at the end of the buffer when exporting an asymmetric
key.
Test that exporting to a previously zeroed buffer leaves the buffer
zeroed outside the actual output if any.
2018-09-12 16:22:51 +03:00
Gilles Peskine
0e2315859f
psa_export_key: fix asymmetric key in larger buffer
...
Exporting an asymmetric key only worked if the target buffer had
exactly the right size, because psa_export_key uses
mbedtls_pk_write_key_der or mbedtls_pk_write_pubkey_der and these
functions write to the end of the buffer, which psa_export_key did not
correct for. Fix this by moving the data to the beginning of the
buffer if necessary.
Add non-regression tests.
2018-09-12 16:22:51 +03:00
Gilles Peskine
05d69890ee
Implement psa_generate_random
2018-09-12 16:22:51 +03:00
Gilles Peskine
0ff4b0f7f9
psa_import_key: validate symmetric key size
...
When importing a symmetric key, validate that the key size is valid
for the given key type.
Non-supported key types may no longer be imported.
2018-09-12 16:22:51 +03:00
Gilles Peskine
e3b07d81d6
Fix build without CMAC
...
Add missing guard for MBEDTLS_CMAC_C.
2018-09-12 16:22:51 +03:00
Gilles Peskine
828ed149d5
Rename MBEDTLS_xxx macros in psa_crypto.c to placate check-names.sh
2018-09-12 16:22:51 +03:00
Gilles Peskine
34ef7f5a55
Check the curve of an elliptic curve key on import
...
psa_import_key must check that the imported key data matches the
expected key type. Implement the missing check for EC keys that the
curve is the expected one.
2018-09-12 16:19:04 +03:00
Gilles Peskine
b3e6e5deeb
Rename hash max sizes for consistency
...
Use "hash" throughout the library, not "md" as in Mbed TLS.
2018-09-12 16:19:04 +03:00
Gilles Peskine
7bcfc0a9ae
Be more consistent about blank lines
2018-09-12 16:18:04 +03:00
Gilles Peskine
803ce7402a
Change sizeof(type) to sizeof(variable)
2018-09-12 16:18:04 +03:00
Gilles Peskine
c1bb6c8dcc
Formatting improvements
...
Avoid lines longer than 80 columns.
Remove some redundant parentheses, e.g. change
if( ( a == b ) && ( c == d ) )
to
if( a == b && c == d )
which makes lines less long and makes the remaining parentheses more
relevant.
Add missing parentheses around return statements.
There should be no semantic change in this commit.
2018-09-12 16:18:02 +03:00
Gilles Peskine
2d2778650b
Normalize whitespace
...
Normalize whitespace to Mbed TLS standards. There are only whitespace
changes in this commit.
2018-09-12 16:15:52 +03:00
Gilles Peskine
6de7a179c8
Fix file permissions
...
Some files were marked as executable but shouldn't have been.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
aa5aea0bac
fix spaces and add braces
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
e9664c30f0
space and style fixes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9627241beb
change macro PSA_HASH_BLOCK_SIZE to function psa_get_hash_block_size
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
5ca6547b77
Renamed hmac_ctx to opad and removed null check.
...
this array is now part of the struct and not dynamically allocated
so it can't be null.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
caec7f0c49
Fix rename issue missed by re-base
2018-09-12 16:13:49 +03:00
Gilles Peskine
d223b52a9a
psa_hmac_start: reduce stack usage
...
Store the temporary key in the long-key case (where the key is first
hashed) directly into ipad. This reduces the stack usage a little, at
a slight cost in complexity.
2018-09-12 16:13:49 +03:00
Gilles Peskine
6a0a44e167
HMAC: clean up local variables containing key material
...
In psa_mac_start, the hash of the key and ipad contain material that
can be used to make HMAC calculations with the key, therefore they
must be wiped.
In psa_mac_finish_internal, tmp contains an intermediate value which
could reveal the HMAC. This is definitely sensitive in the verify case,
and marginally sensitive in the finish case (it isn't if the hash
function is ideal, but it could make things worse if the hash function
is partially broken).
2018-09-12 16:13:49 +03:00
Gilles Peskine
c102e3ce4b
psa_hmac_start: simplify key_length logic in hash-the-key case
2018-09-12 16:13:49 +03:00
Gilles Peskine
e1bc6800cc
psa_hmac_start: remove useless casts
2018-09-12 16:13:49 +03:00
Gilles Peskine
7e454bc19f
Split out CMAC and HMAC code into auxiliary functions
...
Split algorithm-specific code out of psa_mac_start. This makes the
function easier to read.
The behavior is mostly unchanged. In a few cases, errors before
setting a key trigger a context wipe where they didn't. This is a
marginal performance loss but only cases that are an error in caller
code.
2018-09-12 16:13:49 +03:00
Gilles Peskine
99bc649760
Normalize whitespace to Mbed TLS standards
...
Only whitespace changes in this commit.
2018-09-12 16:13:49 +03:00
Gilles Peskine
ef057ac8ed
Remove dead code
...
Remove an unused function and an unused variable. Now the code builds
with gcc -Wall -Wextra -Werror.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
084832d65f
replace get_block_size_from_hash_algorithm with PSA_HASH_BLOCK_SIZE macro
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601
change hmac context to use statically allocated memory
...
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
0c9ec53a10
remove reliance on md_info context for hash information
...
1. remove reliance on md_info context for hash information by decoding locally
2. remove block_size field in context as this is dynamically computed
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
eeace0bf7f
Code style fix : changed keylen to key_length
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
7810be273a
Code correction: remove unneeded sizeof
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f
Commit changes to hmac to not use MD abstraction
...
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
Gilles Peskine
8605428dcf
Merge remote-tracking branch 'psa/pr/27' into feature-psa
2018-09-05 12:46:19 +03:00
Gilles Peskine
c4def2f228
Add input length check in psa_asymmetric_decrypt
...
Remove output size check which is not needed here and was copypasta.
Add non-regression tests.
2018-09-05 12:44:18 +03:00
Gilles Peskine
b75e4f1314
Remove ECC boilerplate in asymmetric encrypt/decrypt
...
We don't have any encryption algorithm using ECC keys at the moment.
2018-09-05 12:44:17 +03:00
Gilles Peskine
beb4948d10
Add RSA PSS verification (untested)
2018-09-05 12:44:17 +03:00
Gilles Peskine
625b01c9c3
Add OAEP placeholders in asymmetric encrypt/decrypt
...
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.
Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine
8b18a4fef3
Rename verify_RSA_hash_input_and_get_md_type
...
Give it a shorter name that's more in line with our naming conventions.
2018-09-05 12:44:17 +03:00
Gilles Peskine
61b91d4476
Normalize whitespace to Mbed TLS standards
...
Only whitespace changes in this commit.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
1c2a7ea4e2
Allow psa_asymmetric_verify and psa_asymmetric_encrypt to use public key only.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d708260de4
add key policy enforcement implementation
...
add checks that keys have been set for the correct usage for asymmetric
functions.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
ca466c89b0
Set output length to safe value
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
c460291714
Re-Add ECC verification code which was not properly merged in re-base.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
4db79eb36b
Extract common code
...
Make code easier to maintain.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
717a040df5
Remove duplicate / unneeded code
...
1. remove duplicate function introduced by re-base
2. remove unneeded code
2018-09-05 12:44:17 +03:00
Gilles Peskine
5b051bc608
Remove trailing whitespace
...
Only horizontal whitespace changes in this commit.
2018-09-05 12:44:12 +03:00
Gilles Peskine
6afe789d4c
Finish renaming around PSA_ALG_IS_RSA_PKCS1V15
...
Now the code compiles. Some OAEP and PSS macros may still need to be fixed.
2018-09-05 12:41:53 +03:00
Gilles Peskine
d6125ca63b
Merge remote-tracking branch 'psa/pr/24' into feature-psa
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
4f594eca40
remove check for key pair (public key should be enough for verification)
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
7f5a31915b
code fixes for internal code review:
...
1. change to correct error code
2. removed unneeded comment
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
39e59144f6
added support for PKCSv1.5 signature verification and encryption/decryption and very basic tests.
2018-09-05 12:41:53 +03:00
Gilles Peskine
bb1072f642
Fix use of mbedtls_cipher_info_from_psa
...
One branch added an extra argument, the other branch added a call of
this function. Pass the extra argument on the code from the other
branch.
2018-09-05 12:41:52 +03:00
Gilles Peskine
84861a95ca
Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa
2018-09-05 12:41:52 +03:00
Gilles Peskine
154bd95131
psa_destroy_key: return SUCCESS on an empty slot
...
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine
71bb7b77f0
Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
...
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
mohammad1603
fc614b1e0e
fix parentheses
2018-09-05 12:41:52 +03:00
mohammad1603
e109f21638
remove unnecessary check for block size
2018-09-05 12:41:52 +03:00
mohammad1603
a1d9801683
add slot validation
2018-09-05 12:41:52 +03:00
mohammad1603
e3cb8a8d8b
return PSA_ERROR_BUFFER_TOO_SMALL intead of PSA_ERROR_INVALID_ARGUMENT
2018-09-05 12:41:52 +03:00
mohammad1603
6b4d98cf78
remove trailing spaces
2018-09-05 12:41:52 +03:00
mohammad1603
5ed0621dd4
aligned with coding standards - line length
2018-09-05 12:41:52 +03:00
mohammad1603
f14394b25f
add policy checks
2018-09-05 12:41:52 +03:00
mohammad1603
96910d807e
fix block size depending on algorithm
2018-09-05 12:41:51 +03:00
mohammad1603
60a64d079a
remove unnecessary argument to the psa_aead_unpadded_locate_tag function
2018-09-05 12:41:51 +03:00
mohammad1603
15223a8b89
write the tag directly on the ciphertext buffer.
2018-09-05 12:41:51 +03:00
mohammad1603
4fc744f8af
change the check of block size for all supported algorithms
2018-09-05 12:41:51 +03:00
mohammad1603
0f21465175
use mbedtls_cipher_info_from_psa to get cipher ID
2018-09-05 12:41:51 +03:00
mohammad1603
f58aa6ade6
use memset instead of mbedtils_zeroize
2018-09-05 12:41:51 +03:00
mohammad1603
554faad260
return NOT_SUPPORTED instead of INVLID_ARGUMENT
2018-09-05 12:41:51 +03:00
mohammad1603
95893f834d
remove usless cast
2018-09-05 12:41:51 +03:00
mohammad1603
f08a550e68
set output length to zero to cover output length in error case
2018-09-05 12:41:51 +03:00
mohammad1603
f4f0d612ba
change mbedtls_cipher_info_from_psa to provide cipher_id also
2018-09-05 12:41:51 +03:00
mohammad1603
9375f8403a
fix code offsets after rebase
2018-09-05 12:41:51 +03:00
Gilles Peskine
ee652a344c
Fix psa_aead_decrypt to read the tag at the end of the ciphertext
2018-09-05 12:41:51 +03:00
Gilles Peskine
a40d77477d
Whitespace fixes
...
Changed indentation to match Mbed TLS style. Wrapped some lines to 80 columns.
2018-09-05 12:41:51 +03:00
mohammad1603
39574652ae
add else for not supported algorithm
2018-09-05 12:38:18 +03:00
mohammad1603
5c8845f563
return invalid argument for unsupported algorithms
2018-09-05 12:38:18 +03:00
mohammad1603
e58e68458e
fix condition over key type
2018-09-05 12:38:18 +03:00
mohammad1603
17638efc46
remove unused variable
2018-09-05 12:38:18 +03:00
mohammad1603
dad36fa855
add Key and Algorithm validation
2018-09-05 12:38:18 +03:00
mohammad1603
a7e6df76ea
Validation fixes for key_type
2018-09-05 12:38:18 +03:00
mohammad1603
4f5eb7cb54
Fill the the output buffer with zero data in case of failure
2018-09-05 12:38:18 +03:00
mohammad1603
6bbd8c75dc
Remove unnecessary cast
...
Remove unnecessary cast
2018-09-05 12:38:18 +03:00
mohammad1603
db6247315f
Parameters validation fixes
...
Fix key_type validation test and no need to ask for place for tag in decryption
2018-09-05 12:38:18 +03:00
mohammad1603
ce5cba9a6a
unify the concatenation of the tag and update output length
2018-09-05 12:38:18 +03:00
mohammad1603
9e5a515aa8
Fix parameter validation
2018-09-05 12:38:18 +03:00
mohammad1603
47ddf3d544
Concatenate the tag to the output buffer
...
Concatenate the tag to the output buffer.
2018-09-05 12:38:18 +03:00
mohammad1603
5955c98779
Initial implementation of the AEAD decrypt/encrypt APIs
...
Initial implementation for the AEAD APIs, missing the following:
* Concatenation of the tag to the output buffer.
* Updated documentation of the new functions.
* argument validations
* tests
2018-09-05 12:38:18 +03:00
Gilles Peskine
3aa8efb230
Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa
2018-09-05 12:38:17 +03:00
Gilles Peskine
2c5219a06d
Whitespace normalization
...
No semantic change.
2018-09-05 12:14:29 +03:00
Gilles Peskine
5351420b3e
Use block local variable for padding_mode for readability
...
No intended behavior change.
2018-09-05 12:14:29 +03:00
Moran Peker
7cb22b8327
abort operation before return + fix error checks
2018-09-05 12:14:29 +03:00
Gilles Peskine
89d789c9bc
Refactor some argument checks for readability
...
No intended behavior change.
2018-09-05 12:14:29 +03:00
Gilles Peskine
7e9288520f
Wrap lines to 80 columns
2018-09-05 12:14:29 +03:00