Commit graph

9860 commits

Author SHA1 Message Date
Jaeden Amero
892cd6df70 psa: Use new generic error codes
Mbed TLS has deprecated a few module specific error codes in favor of
more general-purpose or cross-module error codes. Use these new error
codes instead of the deprecated error codes.
2019-02-14 16:01:14 +00:00
Jaeden Amero
1fe81d4985 psa_utils: Make fallthrough clear for compilers
Silence a compiler warning about implicit fallthrough by using a comment
format the compiler understand to mean that the fallthrough is
intentional.

  In file included from library/cipher.c:63:0:
  include/mbedtls/psa_util.h: In function ‘mbedtls_psa_translate_cipher_mode’:
  include/mbedtls/psa_util.h:91:15: error: this statement may fall through [-Werror=implicit-fallthrough=]
               if( taglen == 0 )
                 ^
  include/mbedtls/psa_util.h:94:9: note: here
           default:
           ^~~~~~~
  cc1: all warnings being treated as errors

  $ gcc --version
  gcc (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0
  Copyright (C) 2017 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
2019-02-14 16:01:14 +00:00
Jaeden Amero
06b161a39c psa: Add latest PSA Crypto config.h
Copy our include/mbedtls/config.h file, which is our default
configuration, to configs/config-psa-crypto.h, updating what was
previously there to the latest defaults.
2019-02-14 16:01:14 +00:00
Jaeden Amero
e8206622ad Update config-default.h to the latest from Mbed TLS
config-default.h should always be a verbatim copy of the default
configuration (include/mbedtls/config.h) from Mbed TLS.
2019-02-14 16:01:14 +00:00
Jaeden Amero
67ea2c5e6d Merge branch 'development-psa-proposed' into development
Resolve conflicts by performing the following.

- Take the upstream Mbed TLS ChangeLog verbatim.
- Reject changes to Makefiles and CMake that are related to using Mbed
  Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a
  submodule of itself.
- Reject README changes, as Mbed Crypto has its own, different README.
- Reject PSA-related changes to config.h. We don't want to disable the
  availability of the PSA Crypto API by default in the Mbed Crypto
  config.h.
- Don't inadvertently revert dead code removal in
  mbedtls_cipher_write_tag() which was added in f2a7529403 ("Fix
  double return statement in cipher.c")
- Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from
  past companion PRs) take the latest version from Mbed TLS which
  includes integration with MBEDTLS_CHECK_PARAMS.
- Update the version of the shared library files to match what's
  currently present in Mbed TLS.
- Reject removal of testing with PSA from config full tests.
- Resolve conflicts in test tests/suites/helpers.function, where both
  Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT.
  Combine text from both documentation efforts.
- Reject adding a submodule of ourselves.
- Reject addition of submodule tests in all.sh.
- Reject addition of submodule to library path in
  tests/scripts/run-test-suites.pl.
- Avoid using USE_CRYPTO_SUBMODULE=1 in
  component_test_use_psa_crypto_full_cmake_asan() in all.sh.
2019-02-14 15:58:43 +00:00
Andrzej Kurek
eb5087126f all.sh: add a seedfile generation step
When using PSA with MBEDTLS_ENTROPY_NV_SEED, some test suites
require the seed file for PSA initialization, which was normally generated
later, when entropy tests were run. This change creates an initial seedfile
in all.sh.
2019-02-14 07:18:59 -05:00
Andrzej Kurek
c058773798 Update submodule pointer to dea02cc8b 2019-02-14 05:28:21 -05:00
Jaeden Amero
3ea2687053 psa: Initialize crypto in tests that need to
Don't unconditionally enable PSA Crypto for all tests. Only enable it in
tests that require it. This allows crypto tests to check that
psa_crypto_init() fails when it is supposed to fail, since we want to
perform some action in a test, and then call psa_crypto_init() and check
the result without it having been called previously.
2019-02-13 07:34:54 -05:00
Jaeden Amero
1fb011f2a6
Merge pull request #152 from ARMmbed/psa-test-psa_constant_names
Test psa_constant_names
2019-02-12 13:39:25 +00:00
Jaeden Amero
a3abf540d0
Merge pull request #52 from Patater/verbosify-cmake-tests
all.sh: Enable verbose failure messages for CMake
2019-02-12 13:31:20 +00:00
Jaeden Amero
d48e9c713e all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.
2019-02-12 11:38:14 +00:00
Jaeden Amero
8a23dc6642
Merge pull request #48 from dgreen-arm/fix-zero-key-copy
Allow NULL buffers in psa_copy_key_material when the key size is zero
2019-02-11 17:27:19 +00:00
Darryl Green
8096cafa94 Only zeroize buffer if the buffer length is non-zero 2019-02-11 14:03:03 +00:00
Andrzej Kurek
08b807a161 Update crypto submodule version to commit f54597144874
Use mbed-crypto repository in gitmodules file
2019-02-11 08:45:41 -05:00
Darryl Green
8593bca7f8 Allow NULL buffers in psa_copy_key_material when the key size is zero 2019-02-11 13:26:36 +00:00
Jaeden Amero
6f7703df3a rsa: Enable use of zero-length null output
Enable handling of zero-length null output in PKCS1 v1.5 decryption.
Prevent undefined behavior by avoiding a memcpy() to zero-length null
output buffers.
2019-02-11 03:39:51 -05:00
Gilles Peskine
004f87b98d RSA encryption: accept input=NULL if ilen=0
In mbedtls_rsa_rsaes_oaep_encrypt and
mbedtls_rsa_rsaes_pkcs1_v15_encrypt, if the input length is 0 (which
is unusual and mostly useless, but permitted) then it is fine for the
input pointer to be NULL. Don't return an error in this case.

When `input` is NULL, `memcpy( p, input, ilen )` has undefined behavior
even if `ilen` is zero. So skip the `memcpy` call in this case.
Likewise, in `mbedtls_rsa_rsaes_oaep_decrypt`, skip the `memcpy` call if
`*olen` is zero.
2019-02-11 03:39:21 -05:00
Jaeden Amero
fb236739da Revert "Forbid passing NULL input buffers to RSA encryption routines"
Resolve incompatibilties in the RSA module where changes made for
parameter validation prevent Mbed Crypto from working. Mbed Crypto
depends on being able to pass zero-length buffers that are NULL to RSA
encryption functions.

This reverts commit 2f660d047d.
2019-02-08 08:43:31 -05:00
Andrzej Kurek
02f39ace58 Adjust documentation of mbedtls_cipher_update_ad 2019-02-08 06:50:55 -05:00
Andrzej Kurek
57f04e56c1 Adjust documentation of mbedtls_cipher_update_ad
Fix indentation and capitalization
2019-02-08 06:44:43 -05:00
Jaeden Amero
2a0f48ae1f
Merge pull request #43 from Patater/update-2.16-dev
Update to a development version of Mbed TLS 2.16.0
2019-02-08 08:13:41 +00:00
Andrzej Kurek
3c2b15d31e Update version_features file 2019-02-08 02:38:45 -05:00
Jaeden Amero
6fd4ee2af1
Merge pull request #20 from gilles-peskine-arm/psa-copy_key
New function psa_copy_key
2019-02-07 15:40:42 +00:00
Andrzej Kurek
85ac0aeb58 Update submodule version to include parameter validation for rsa.c 2019-02-07 09:09:13 -05:00
Andrzej Kurek
172457460b Add MBEDTLS_PSA_HAS_ITS_IO to config.pl exclude list 2019-02-07 08:49:53 -05:00
Darryl Green
21b33b07df Run generate_psa_constants.py before building psa_constant_names with cmake 2019-02-07 13:08:34 +00:00
Andrzej Kurek
d3643ef29b Add PSA defines to config.pl exclude list 2019-02-07 07:41:27 -05:00
Andrzej Kurek
70d8a5b5d9 Update crypto submodule version to 94a3abcd 2019-02-07 07:40:33 -05:00
Jaeden Amero
7f04214cf4 psa: Rename PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
The macro PSA_HASH_FINAL_SIZE no longer exists and all instances of it
should be replaced by PSA_HASH_SIZE. Replace all remaining instances of
PSA_HASH_FINAL_SIZE with PSA_HASH_SIZE.
2019-02-07 12:19:59 +00:00
Jaeden Amero
c979f6ab38 psa: Test empty PKCS#1 v1.5 decryption
The tests use a ciphertext for PKCS#1 v1.5 encryption of a zero-length
buffer that was created with a call to psa_asymmetric_encrypt().
2019-02-07 12:19:59 +00:00
Jaeden Amero
f8daab78ff psa: Enable testing RSA decryption with output sizes
For must-fail asymmetric decryption tests, add an output size parameter
so that tests can directly control what output buffer size they allocate
and use independently from the key size used. This enables better
testing of behavior with various output buffer sizes.
2019-02-07 12:19:59 +00:00
Jaeden Amero
412654a605 psa: Expect output-buffer-sized RSA-decryption
When RSA decrypting, unlike with RSA encrypting, we sometimes expect the
output length will be less than the key size. For instance, in the case
where the plaintext is zero-length we expect the output length of the
decryption to be zero-length as well, not key size in length.

For must-fail tests, we don't expect output-buffer-sized RSA-decryption,
only that the output length is less than or equal to the output size, so
these tests remain unchanged.

Change the must-pass tests to expect that the actual output size is
equal to the expected length of the output buffer instead of always
being the key size.
2019-02-07 12:19:59 +00:00
Jaeden Amero
4728469f53 rsa: Re-enable use of zero-length null output
After merging the latest RSA implementation from Mbed TLS, we have a
regression in that we no longer properly handle zero-length null output
in PKCS1 v1.5 decryption. Prevent undefined behavior by avoiding a
memcpy() to zero-length null output buffers.
2019-02-07 12:19:59 +00:00
Jaeden Amero
68933640f5 Merge commit '01b34fb316a5' into development
Merge a development version of Mbed TLS 2.16.0 that doesn't have
parameter validation into development.

The following conflicts were resolved:

- Update ChangeLog to include release notes merged from development so
  far, with a version of "2.14.0+01b34fb316a5" and release date of
  "xxxx-xx-xx" to show this is not a released version, but instead a
  snapshot of the development branch equivalent to version of the 2.14.0
  with additional commits from the mbedtls/development branch up through
  01b34fb316 included. Entries added for unreleased versions of Mbed
  Crypto remain at the top of the file for Mbed TLS 2.xx.x.
- Replace the Mbed Crypto version of
  mbedtls_rsa_rsaes_pkcs1_v15_decrypt() with the version from Mbed TLS
  which fixes timing variations and memory access variations that could
  lead to a Bleichenbacher-style padding oracle attack. This will
  prevent using psa_asymmetric_decrypt() with zero-length output buffers
  until a follow up commit is made to restore this capability.
- In ssl_srv.c, include changes for both the new ECDH interface and
  opaque PSK as already added to development previously.
2019-02-07 12:19:59 +00:00
Darryl Green
da7c80e3f1 Add dependency to Makefile 2019-02-06 16:24:43 +00:00
Gilles Peskine
c9516fbf13 Document exercise_key and fix one incorrect usage
In one place, exercise_key was used in a such a way that if the test
failed inside exercise_key, the test suite would correctly report the
test as failed but would not report the exact location of the failure.
Fix this.

Add documentation for exercise_key that explains how to use it.
2019-02-06 16:42:34 +01:00
Gilles Peskine
e84d5d2f1c psa_copy_key: Add test cases to specifically check non-exportability
Test that copying a non-exportable key doesn't make it exportable.
This complements similar tests that exercise a different usage flag.
2019-02-06 16:42:05 +01:00
Darryl Green
df72306e07 Fix typo in generate_psa_constants.py 2019-02-06 15:36:00 +00:00
Jaeden Amero
ae2f5f1795
Merge pull request #44 from mpg/fix-double-return
Fix double return statement in cipher.c
2019-02-06 15:05:06 +00:00
Darryl Green
45010a333e Move test_psa_constant_names to a full config build 2019-02-06 13:45:03 +00:00
Darryl Green
d519583ae3 Run generate_psa_constants.py in cmake builds 2019-02-06 13:45:03 +00:00
Darryl Green
b8fe06820b Document that ECDH and FFDH are excluded only temporarily 2019-02-06 13:44:30 +00:00
Gilles Peskine
aec5a7fd49 psa_copy_key: minor documentation clarification 2019-02-05 20:26:09 +01:00
Jaeden Amero
3dab69d625
Merge pull request #39 from gilles-peskine-arm/psa-api-1.0-beta-docs
Point to psa-crypto-api branch for the PSA Crypto API specification
2019-02-05 17:30:27 +00:00
Manuel Pégourié-Gonnard
f2a7529403 Fix double return statement in cipher.c
This was introduced in ce1ddee13a
2019-02-05 13:13:21 +01:00
Andrzej Kurek
1767e40368 all.sh: fix submodule test names 2019-02-05 06:05:49 -05:00
Andrzej Kurek
8a2e97c2df Merge development-psa commit 80b5662 into development-psa-merged branch
Adjust crypto submodule version to use new, forked crypto version accordingly.
2019-02-05 06:02:51 -05:00
Andrzej Kurek
e9c3b8130a all.sh: move crypto submodule check to pre_check_git 2019-02-05 05:34:21 -05:00
Andrzej Kurek
c690523d2b Merge PSA config and check-config changes
Introduce MBEDTLS_PSA_HAS_ITS_IO, MBEDTLS_PSA_CRYPTO_SPM,
MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C,
MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C.
Disable crypto storage by default.
2019-02-05 05:26:00 -05:00
Andrzej Kurek
d142856846 cipher: remove unnecessary precondition
Already checked by parameter validation macros
2019-02-05 05:11:03 -05:00