Commit graph

479 commits

Author SHA1 Message Date
Gilles Peskine
7ea72026cd New function mbedtls_ecp_keypair_calc_public
For when you calculate or import a private key, and then need to calculate
the public key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Gilles Peskine
28240323d3 New function mbedtls_ecp_set_public_key
Set the public key in a key pair. This complements mbedtls_ecp_read_key and
the functions can be used in either order.

Document the need to call check functions separately.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Gilles Peskine
ba5b5d67aa Support partial export from mbedtls_ecp_keypair
Sometimes you don't need to have all the parts of a key pair object. Relax
the behavior of mbedtls_ecp_keypair so that you can extract just the parts
that you need.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Gilles Peskine
e6886102ef New function mbedtls_ecp_keypair_get_group_id
Add a simple function to get the group id from a key object.

This information is available via mbedtls_ecp_export, but that function
consumes a lot of memory, which is a waste if all you need is to identify
the curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Dave Rodgman
815b240d72 Fix unused function/variable warnings from clang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-14 23:20:48 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Manuel Pégourié-Gonnard
745ec5d75e Fix static initializer warning
In a hypothetical build with no curves, or in the future when we add a
new curve type and possibly forget updating this function with a new
block for the new type, we write to `ret` at the beginning or the
function then immediately overwrite it with MPI_CHK(check_privkey),
which static analyzers understandably find questionable.

Use `ret` here and check the key only if it was actually set.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-17 10:13:45 +02:00
Dave Rodgman
6a9fb932fb Use MBEDTLS_GET_UINT16_BE in mbedtls_ecp_tls_read_group_id
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 17:50:36 +01:00
Chien Wong
153ae464db
Improve doc on special use of A in ecp group structure
Signed-off-by: Chien Wong <m@xv97.com>
2023-08-07 23:02:31 +08:00
Janos Follath
d8cb3d7fa4 De-duplicate ecp.c
We duplicated ecp.c in the anticipation of heavy refactoring there. This
work has been suspended and the duplication is not useful anymore but
imposes an overhead.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-02 12:33:01 +01:00
Janos Follath
c25567af23 Move variant test to ecp_curves
We would like to de-duplicate ecp.c, but ecp_curves.c remains duplicated
and we still want to test for the active variant.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-02 10:32:21 +01:00
Bence Szépkúti
9661f8ab0d
Merge pull request #7968 from gowthamsk-arm/use_earliest_latest_compilers
Use earliest latest compilers
2023-08-02 05:58:02 +00:00
Xiaokang Qian
b903f4ecb6 Free P and N of the group cause they are dynamic allocated
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-07-31 06:46:28 +00:00
Gowtham Suresh Kumar
186731b22a Fix warnings from clang-16
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-26 17:11:51 +01:00
Dave Rodgman
5f65acb02b
Merge pull request #7859 from gilles-peskine-arm/mbedtls_mpi-smaller
Reduce the size of mbedtls_mpi
2023-07-18 16:48:37 +01:00
Dave Rodgman
b8f18850c6 Align ECP_MPI_INIT parameter order with mbedtls_mpi struct order
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-18 13:53:07 +02:00
Tom Cosgrove
08b04b11ff
Merge pull request #7923 from gabor-mezei-arm/7598_fix_clone_of_ecp_module
[Bignum] Fixes for the ecp module cloning
2023-07-17 15:28:18 +01:00
Gabor Mezei
66bbecb7ff
Fix comment
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-14 14:43:27 +02:00
Paul Elliott
3c22366695
Merge pull request #7863 from valeriosetti/issue7790
PK: parse: fix disparity with private Montgomery keys
2023-07-11 18:02:12 +01:00
Dave Rodgman
84eaefa43e Use designated initializers for mbedtls_mpi
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-11 16:02:46 +01:00
Valerio Setti
41b0818bcb ecp: rearrange code in ecp_read_key()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
21d42417f9 pkparse: always check all private keys on import
This allows to remove explicit calls to mbedtls_ecp_check_privkey()
in pkparse.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Gabor Mezei
2a7bcaf8af
Use only MBEDTLS_ECP_WITH_MPI_UINT to switch between the ecp variants
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-06 10:37:51 +02:00
Gabor Mezei
c810707980
Add check for the ecp module variants
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-06-30 11:39:21 +02:00
Gabor Mezei
a306d20766
Clone the ecp.c file as ecp_new.c
Add macro guard for each file defaults to enable the ecp.c file content.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-06-30 11:38:55 +02:00
Tom Cosgrove
09d23786f6
Merge pull request #7429 from xkqian/bignumber_update_comments
Update links to references in bignum
2023-04-26 16:21:56 +01:00
Xiaokang Qian
50fe36317a Update links in ecp.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-12 06:08:45 +00:00
Valerio Setti
fd122f4e95 ecp: introduce new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Xiaokang Qian
669c7c35f0 Update SEC1 link in ecp.c
Old link doesn't work any more, update it to one
new link to refer version 2

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 07:36:35 +00:00
Minos Galanakis
d61dbd4df7 ecp_curves: Update mbedtls_ecp_group_free().
This patch updates the method to not free the `grp->P`
and `grp->N` structure members.

The contents of `P` and `N` are stored in static memory at
`curve448_p/n` and `curve25519p/n` and no longer dynamically
allocated.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:55 +00:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Manuel Pégourié-Gonnard
2510dd41bf
Merge pull request #6282 from gstrauss/sw_derive_y
mbedtls_ecp_point_read_binary from compressed fmt
2022-12-22 10:20:31 +01:00
Glenn Strauss
efde9d58de remove duplicated consecutive preproc directives
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-20 04:20:12 -05:00
Manuel Pégourié-Gonnard
8b6d14be8b Extract common code for computing X^3 + AX + B
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-20 04:17:03 -05:00
Glenn Strauss
452416121d move mbedtls_ecp_sw_derive_y after MPI_ECP_ macros
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-19 21:25:27 -05:00
Glenn Strauss
fcabc28cfc use MPI_ECP_* macros in mbedtls_ecp_sw_derive_y()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-19 21:24:50 -05:00
Glenn Strauss
cbfd5e9db7 comment
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-16 11:03:41 -05:00
Glenn Strauss
369bfb94c5 comments and whitespace
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-12-16 10:49:04 -05:00
Gilles Peskine
5a34b36bbd Remove more now-redundant definitions of inline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 13:26:44 +01:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey
Improve ECDSA verify validation
2022-10-31 09:37:26 +00:00
Gilles Peskine
75c4eaf1f8
Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak
Fix a timing leak in ecp_mul_mxz()
2022-10-27 19:46:48 +02:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
Fix unusual macros
2022-10-25 19:55:29 +02:00
David Horstmann
6e11687ba5 Minor improvements to ecp.c changes
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:32:08 +01:00
David Horstmann
fc735dffd6 Refactor macro-spanning ifs in ecp.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
Glenn Strauss
2ff77119df mbedtls_ecp_point_read_binary from compressed fmt
mbedtls_ecp_point_read_binary from MBEDTLS_ECP_PF_COMPRESSED format

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-03 05:43:27 -04:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Dave Rodgman
c947751a5f Fix ECDSA signature verification edge-case
For R and S equal to 1, ensure the public key is checked
for validity.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-19 11:16:37 +01:00
Tuvshinzaya Erdenekhuu
86669de348 Broke 2 long lines
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-28 10:31:16 +01:00
Tuvshinzaya Erdenekhuu
22f3654324 Remove NULL pointer validation in ecp.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:21:48 +01:00
Aurelien Jarno
c79ce88152 Fix a timing leak in ecp_mul_mxz()
The bit length of m is leaked through through timing in ecp_mul_mxz().
Initially found by Manuel Pégourié-Gonnard on ecp_mul_edxyz(), which has
been inspired from ecp_mul_mxz(), during initial review of the EdDSA PR.
See: https://github.com/Mbed-TLS/mbedtls/pull/3245#discussion_r490827996

Fix that by using grp->nbits + 1 instead, which anyway is very close to
the length of m, which means there is no significant performance impact.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2022-05-16 23:15:07 +02:00