Nir Sonnenschein
caec7f0c49
Fix rename issue missed by re-base
2018-09-12 16:13:49 +03:00
Gilles Peskine
d223b52a9a
psa_hmac_start: reduce stack usage
...
Store the temporary key in the long-key case (where the key is first
hashed) directly into ipad. This reduces the stack usage a little, at
a slight cost in complexity.
2018-09-12 16:13:49 +03:00
Gilles Peskine
6a0a44e167
HMAC: clean up local variables containing key material
...
In psa_mac_start, the hash of the key and ipad contain material that
can be used to make HMAC calculations with the key, therefore they
must be wiped.
In psa_mac_finish_internal, tmp contains an intermediate value which
could reveal the HMAC. This is definitely sensitive in the verify case,
and marginally sensitive in the finish case (it isn't if the hash
function is ideal, but it could make things worse if the hash function
is partially broken).
2018-09-12 16:13:49 +03:00
Gilles Peskine
c102e3ce4b
psa_hmac_start: simplify key_length logic in hash-the-key case
2018-09-12 16:13:49 +03:00
Gilles Peskine
e1bc6800cc
psa_hmac_start: remove useless casts
2018-09-12 16:13:49 +03:00
Gilles Peskine
7e454bc19f
Split out CMAC and HMAC code into auxiliary functions
...
Split algorithm-specific code out of psa_mac_start. This makes the
function easier to read.
The behavior is mostly unchanged. In a few cases, errors before
setting a key trigger a context wipe where they didn't. This is a
marginal performance loss but only cases that are an error in caller
code.
2018-09-12 16:13:49 +03:00
Gilles Peskine
99bc649760
Normalize whitespace to Mbed TLS standards
...
Only whitespace changes in this commit.
2018-09-12 16:13:49 +03:00
Gilles Peskine
ef057ac8ed
Remove dead code
...
Remove an unused function and an unused variable. Now the code builds
with gcc -Wall -Wextra -Werror.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
084832d65f
replace get_block_size_from_hash_algorithm with PSA_HASH_BLOCK_SIZE macro
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601
change hmac context to use statically allocated memory
...
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
0c9ec53a10
remove reliance on md_info context for hash information
...
1. remove reliance on md_info context for hash information by decoding locally
2. remove block_size field in context as this is dynamically computed
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
eeace0bf7f
Code style fix : changed keylen to key_length
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
7810be273a
Code correction: remove unneeded sizeof
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f
Commit changes to hmac to not use MD abstraction
...
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
Gilles Peskine
8605428dcf
Merge remote-tracking branch 'psa/pr/27' into feature-psa
2018-09-05 12:46:19 +03:00
Gilles Peskine
c4def2f228
Add input length check in psa_asymmetric_decrypt
...
Remove output size check which is not needed here and was copypasta.
Add non-regression tests.
2018-09-05 12:44:18 +03:00
Gilles Peskine
b75e4f1314
Remove ECC boilerplate in asymmetric encrypt/decrypt
...
We don't have any encryption algorithm using ECC keys at the moment.
2018-09-05 12:44:17 +03:00
Gilles Peskine
beb4948d10
Add RSA PSS verification (untested)
2018-09-05 12:44:17 +03:00
Gilles Peskine
625b01c9c3
Add OAEP placeholders in asymmetric encrypt/decrypt
...
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.
Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine
8b18a4fef3
Rename verify_RSA_hash_input_and_get_md_type
...
Give it a shorter name that's more in line with our naming conventions.
2018-09-05 12:44:17 +03:00
Gilles Peskine
61b91d4476
Normalize whitespace to Mbed TLS standards
...
Only whitespace changes in this commit.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
1c2a7ea4e2
Allow psa_asymmetric_verify and psa_asymmetric_encrypt to use public key only.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d708260de4
add key policy enforcement implementation
...
add checks that keys have been set for the correct usage for asymmetric
functions.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
ca466c89b0
Set output length to safe value
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
c460291714
Re-Add ECC verification code which was not properly merged in re-base.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
4db79eb36b
Extract common code
...
Make code easier to maintain.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
717a040df5
Remove duplicate / unneeded code
...
1. remove duplicate function introduced by re-base
2. remove unneeded code
2018-09-05 12:44:17 +03:00
Gilles Peskine
5b051bc608
Remove trailing whitespace
...
Only horizontal whitespace changes in this commit.
2018-09-05 12:44:12 +03:00
Gilles Peskine
6afe789d4c
Finish renaming around PSA_ALG_IS_RSA_PKCS1V15
...
Now the code compiles. Some OAEP and PSS macros may still need to be fixed.
2018-09-05 12:41:53 +03:00
Gilles Peskine
d6125ca63b
Merge remote-tracking branch 'psa/pr/24' into feature-psa
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
4f594eca40
remove check for key pair (public key should be enough for verification)
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
7f5a31915b
code fixes for internal code review:
...
1. change to correct error code
2. removed unneeded comment
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
39e59144f6
added support for PKCSv1.5 signature verification and encryption/decryption and very basic tests.
2018-09-05 12:41:53 +03:00
Gilles Peskine
bb1072f642
Fix use of mbedtls_cipher_info_from_psa
...
One branch added an extra argument, the other branch added a call of
this function. Pass the extra argument on the code from the other
branch.
2018-09-05 12:41:52 +03:00
Gilles Peskine
84861a95ca
Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa
2018-09-05 12:41:52 +03:00
Gilles Peskine
154bd95131
psa_destroy_key: return SUCCESS on an empty slot
...
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine
71bb7b77f0
Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
...
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
mohammad1603
fc614b1e0e
fix parentheses
2018-09-05 12:41:52 +03:00
mohammad1603
e109f21638
remove unnecessary check for block size
2018-09-05 12:41:52 +03:00
mohammad1603
a1d9801683
add slot validation
2018-09-05 12:41:52 +03:00
mohammad1603
e3cb8a8d8b
return PSA_ERROR_BUFFER_TOO_SMALL intead of PSA_ERROR_INVALID_ARGUMENT
2018-09-05 12:41:52 +03:00
mohammad1603
6b4d98cf78
remove trailing spaces
2018-09-05 12:41:52 +03:00
mohammad1603
5ed0621dd4
aligned with coding standards - line length
2018-09-05 12:41:52 +03:00
mohammad1603
f14394b25f
add policy checks
2018-09-05 12:41:52 +03:00
mohammad1603
96910d807e
fix block size depending on algorithm
2018-09-05 12:41:51 +03:00
mohammad1603
60a64d079a
remove unnecessary argument to the psa_aead_unpadded_locate_tag function
2018-09-05 12:41:51 +03:00
mohammad1603
15223a8b89
write the tag directly on the ciphertext buffer.
2018-09-05 12:41:51 +03:00
mohammad1603
4fc744f8af
change the check of block size for all supported algorithms
2018-09-05 12:41:51 +03:00
mohammad1603
0f21465175
use mbedtls_cipher_info_from_psa to get cipher ID
2018-09-05 12:41:51 +03:00
mohammad1603
f58aa6ade6
use memset instead of mbedtils_zeroize
2018-09-05 12:41:51 +03:00
mohammad1603
554faad260
return NOT_SUPPORTED instead of INVLID_ARGUMENT
2018-09-05 12:41:51 +03:00
mohammad1603
95893f834d
remove usless cast
2018-09-05 12:41:51 +03:00
mohammad1603
f08a550e68
set output length to zero to cover output length in error case
2018-09-05 12:41:51 +03:00
mohammad1603
f4f0d612ba
change mbedtls_cipher_info_from_psa to provide cipher_id also
2018-09-05 12:41:51 +03:00
mohammad1603
9375f8403a
fix code offsets after rebase
2018-09-05 12:41:51 +03:00
Gilles Peskine
ee652a344c
Fix psa_aead_decrypt to read the tag at the end of the ciphertext
2018-09-05 12:41:51 +03:00
Gilles Peskine
a40d77477d
Whitespace fixes
...
Changed indentation to match Mbed TLS style. Wrapped some lines to 80 columns.
2018-09-05 12:41:51 +03:00
mohammad1603
39574652ae
add else for not supported algorithm
2018-09-05 12:38:18 +03:00
mohammad1603
5c8845f563
return invalid argument for unsupported algorithms
2018-09-05 12:38:18 +03:00
mohammad1603
e58e68458e
fix condition over key type
2018-09-05 12:38:18 +03:00
mohammad1603
17638efc46
remove unused variable
2018-09-05 12:38:18 +03:00
mohammad1603
dad36fa855
add Key and Algorithm validation
2018-09-05 12:38:18 +03:00
mohammad1603
a7e6df76ea
Validation fixes for key_type
2018-09-05 12:38:18 +03:00
mohammad1603
4f5eb7cb54
Fill the the output buffer with zero data in case of failure
2018-09-05 12:38:18 +03:00
mohammad1603
6bbd8c75dc
Remove unnecessary cast
...
Remove unnecessary cast
2018-09-05 12:38:18 +03:00
mohammad1603
db6247315f
Parameters validation fixes
...
Fix key_type validation test and no need to ask for place for tag in decryption
2018-09-05 12:38:18 +03:00
mohammad1603
ce5cba9a6a
unify the concatenation of the tag and update output length
2018-09-05 12:38:18 +03:00
mohammad1603
9e5a515aa8
Fix parameter validation
2018-09-05 12:38:18 +03:00
mohammad1603
47ddf3d544
Concatenate the tag to the output buffer
...
Concatenate the tag to the output buffer.
2018-09-05 12:38:18 +03:00
mohammad1603
5955c98779
Initial implementation of the AEAD decrypt/encrypt APIs
...
Initial implementation for the AEAD APIs, missing the following:
* Concatenation of the tag to the output buffer.
* Updated documentation of the new functions.
* argument validations
* tests
2018-09-05 12:38:18 +03:00
Gilles Peskine
3aa8efb230
Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa
2018-09-05 12:38:17 +03:00
Gilles Peskine
2c5219a06d
Whitespace normalization
...
No semantic change.
2018-09-05 12:14:29 +03:00
Gilles Peskine
5351420b3e
Use block local variable for padding_mode for readability
...
No intended behavior change.
2018-09-05 12:14:29 +03:00
Moran Peker
7cb22b8327
abort operation before return + fix error checks
2018-09-05 12:14:29 +03:00
Gilles Peskine
89d789c9bc
Refactor some argument checks for readability
...
No intended behavior change.
2018-09-05 12:14:29 +03:00
Gilles Peskine
7e9288520f
Wrap lines to 80 columns
2018-09-05 12:14:29 +03:00
Gilles Peskine
e553c65cc3
Fix indentation and horizontal whitespace
...
Only whitespace changes in this commit.
2018-09-05 12:14:29 +03:00
Moran Peker
3520c2c4f7
unset iv_required to 0 (psa_encrypt_set_iv)and block_size (psa_cipher_setup)
2018-09-05 12:14:29 +03:00
Moran Peker
395db875e6
adjust indentation per Mbed TLS standards
2018-09-05 12:14:29 +03:00
Moran Peker
ae382791fb
add missing psa_cipher_abort( operation )
2018-09-05 12:14:28 +03:00
Moran Peker
70531163a9
fix compilation error - missing if
2018-09-05 12:14:28 +03:00
Moran Peker
a28258c594
adjust indentation per Mbed TLS standards
2018-09-05 12:14:28 +03:00
Moran Peker
2cab25aacf
fix conditions in psa_cipher_finish function
2018-09-05 12:14:28 +03:00
Moran Peker
dc38ebc068
delete decrypt checks + fix memcpy& return value
2018-09-05 12:14:28 +03:00
Moran Peker
ad9d82cc0e
add iv_required field to psa_cipher_operation_s and fix relevant functions
2018-09-05 12:14:28 +03:00
Moran Peker
71f19ae6f8
add missing call to psa_cipher_abort in cipher_setup func + iv_length check in cipher_set_iv func
2018-09-05 12:14:28 +03:00
Moran Peker
406008ab4c
add missing check on output_size in psa_cipher_update func
2018-09-05 12:14:28 +03:00
Moran Peker
bed71a2b17
fix missing check on output_size in psa_cipher_finish func
2018-09-05 12:14:28 +03:00
Moran Peker
0071b873a3
add missing parameter output_size on psa_cipher_finish
2018-09-05 12:14:28 +03:00
Moran Peker
4c80d8331a
adjust indentation per Mbed TLS standards
2018-09-05 12:14:28 +03:00
mohammad1603
b152d4d8b6
add test scenarios to decrypt and encrypt input and compare with given output
2018-09-05 12:14:28 +03:00
mohammad1603
89e0f468bf
style
2018-09-05 12:14:28 +03:00
Moran Peker
41deec4494
partly pr fix
2018-09-05 12:14:28 +03:00
Moran Peker
e1210dcac3
remove unused parameter in psa_cipher_finish.
2018-09-05 12:14:28 +03:00
Moran Peker
3205a6592b
tests fix
2018-09-05 12:14:28 +03:00
mohammad1603
16864af80b
fix static function name
2018-09-05 12:14:28 +03:00
mohammad1603
8481e74ecc
CR fixes
...
more fixes
Compilation fixes
Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603
efb0107fbe
CR fix, remove exposing ECB
2018-09-05 12:14:27 +03:00
mohammad1603
990a18c2f0
add ecb to cipher algorithms
2018-09-05 12:14:27 +03:00
Gilles Peskine
5100318a92
Merge pull request #18 from ARMmbed/psa-wrapper-apis-export-publickey
...
Export public key implementation (#18 )
2018-09-05 12:13:23 +03:00
mohammad1603
8275961178
warnings fixes
2018-09-05 12:13:23 +03:00
mohammad1603
503973bdf3
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-09-05 12:13:23 +03:00
Moran Peker
8756763cf1
change error check on psa_internal_export_key func
2018-09-05 12:13:23 +03:00
Gilles Peskine
785fd55a39
Whitespace fixes; removed redundant parentheses
...
No semantic change.
2018-09-05 12:13:23 +03:00
Moran Peker
cceea98bfe
adjust indentation per Mbed TLS standards
2018-09-05 12:13:23 +03:00
Moran Peker
d732659867
adjust indentation per Mbed TLS standards
2018-09-05 12:13:23 +03:00
Moran Peker
17e36e1bd9
fix conditions
2018-09-05 12:13:23 +03:00
Moran Peker
6036432617
adjust indentation per Mbed TLS standards
2018-09-05 12:13:23 +03:00
Moran Peker
a998bc6ac9
psa_internal_export_key function for common code.
...
create psa_internal_export_key function for common code in psa_export_key and psa_export_public_key.
2018-09-05 12:13:22 +03:00
Moran Peker
5010828fb6
adjust indentation per Mbed TLS standards
2018-09-05 12:13:22 +03:00
Moran Peker
b4d0ddd2d3
psa_export_public_key
2018-09-05 12:13:20 +03:00
Moran Peker
dd4ea38d58
export public key
2018-09-05 12:10:47 +03:00
itayzafrir
7b30f8b0c9
Added handling for MBEDTLS_ERR_ECP_XXX error codes
...
Added handling for MBEDTLS_ERR_ECP_XXX error codes
2018-09-05 12:10:47 +03:00
itayzafrir
5c7533923a
ECDSA sign and verify implementation and tests
...
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine
a0655c3501
Merge remote-tracking branch 'psa/pr/13' into feature-psa
...
Conflicts:
library/psa_crypto.c
tests/suites/test_suite_psa_crypto.data
tests/suites/test_suite_psa_crypto.function
All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
mohammad1603
ea0500936e
Change behavior of psa_get_key_lifetime()
...
psa_get_key_lifetime() behavior changed regarding empty slots, now
it return the lifetime of and empty slots. Documentation in header
file updated accordingly.
2018-09-05 12:01:37 +03:00
mohammad1603
5d7ec2033d
fix key lifetime set implementation , tests accordingly
2018-09-05 12:01:37 +03:00
mohammad1603
ba178511f4
Remove unused and duplicated erros, fix documentation and tests
...
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603
060ad8ac34
Compilation and tests fixes
2018-09-05 12:01:37 +03:00
mohammad1603
804cd71bf8
initial key lifetime implementation and tests
2018-09-05 12:01:37 +03:00
Gilles Peskine
c63b6ba754
Merge remote-tracking branch 'psa/pr/14' into feature-psa
...
Conflict resolution:
* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14 ,
rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
Gilles Peskine
47c1bc0458
Correct some return codes
2018-09-05 11:53:26 +03:00
mohammad1603
38a622b68b
Function psa_get_key_policy() now return policy value for empty slots
...
Function psa_get_key_policy() now return policy value for empty slots
2018-09-05 11:53:26 +03:00
mohammad1603
5feda72d7a
Remove usage of PSA_ERROR_INVALID_KEY_POLICY
...
use PSA_ERROR_INVALID_ARGUMENT instead of INVALID_KEY_POLICY error
2018-09-05 11:53:26 +03:00
mohammad1603
6df908f234
Add static internal MAC finish function
...
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
Gilles Peskine
a59262338a
Rename PKCS1V15 to PKCS1V15_SIGN
...
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
mohammad1603
4eed757901
add new test scenarios
2018-09-05 11:53:26 +03:00
mohammad1603
06e7920be5
integrate policy key usage in export and asymmetric sign functions
2018-09-05 11:53:26 +03:00
mohammad1603
8cc1ceec3e
Key Policy APIs implementation
2018-09-05 11:53:26 +03:00
Gilles Peskine
dc2fc8443f
Rename xxx_of_psa functions to xxx_from_psa
...
Be consistent with how similar functions are named in Mbed TLS.
2018-09-05 11:53:25 +03:00
Gilles Peskine
3c6e970752
Fix memory leak in psa_destroy_key
2018-09-05 11:53:25 +03:00
Gilles Peskine
6d9121381a
Add some comments to document some non-obvious coding choices
2018-09-05 11:53:25 +03:00
Gilles Peskine
e4ebc12fcd
psa_crypto_init: set the global initialized flag
2018-09-05 11:53:25 +03:00
Gilles Peskine
8c9def3e7f
PSA: Implement MAC functions
...
Implement psa_mac_start, psa_mac_update and psa_mac_final.
Implement HMAC anc CMAC.
Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine
9ef733faa0
Implement hash functions
...
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.
Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine
a590529938
Greatly expanded mbedtls_to_psa_error
...
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine
93aa0334d9
PSA asymmetric signature: set *signature_length = 0 on failure
2018-09-05 11:53:24 +03:00
Gilles Peskine
20035e3579
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
...
Define hash algorithms and RSA signature algorithms.
New function psa_asymmetric_sign.
Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine
c66ea6a921
PSA key import: support RSA public keys
...
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
969ac726d9
PSA RSA key import: don't rely on pk so much
...
Don't use the pk module except as required for pkparse/pkwrite. The
PSA crypto layer is meant to work alongside pk, not on top of it.
Fix the compile-time dependencies on RSA/ECP handling in
psa_export_key, psa_destroy_key and psa_get_key_information.
2018-09-05 11:53:24 +03:00
Gilles Peskine
2f9c4dc5ad
Add key management functions
...
Define psa_key_type_t and a first stab at a few values.
New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.
Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
e59236fc17
Add PSA crypto module
...
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.
Implement psa_crypto_init function which sets up a RNG.
Add a mbedtls_psa_crypto_free function which deinitializes the
library.
Define a first batch of error codes.
2018-09-05 10:59:00 +03:00