Commit graph

143 commits

Author SHA1 Message Date
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:26:29 +00:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:35:58 +01:00
Dave Rodgman
e4a6f5a7ec Use size_t cast for pointer subtractions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Ryan Everett
1a91309324 Restore array formatting
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-10-12 12:00:01 +01:00
Maciej Zwoliński
720c638717 Add AES encrypted keys support for PKCS5 PBES2
Signed-off-by: Maciej Zwoliński <mac.zwolinski@gmail.com>
2023-10-12 12:00:01 +01:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
f250ada3ab tls/oid: add PSA_WANT_ECC_xxx guards together with existing MBEDTLS_ECP_DP_xxx
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:40 +02:00
Dave Rodgman
f2e3eb8bd9 Add OID for HMAC-RIPEMD160
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 15:46:05 +01:00
Dave Rodgman
5cc67a3ee2 Add OIDs for HMAC-SHA3
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 14:44:35 +01:00
Dave Rodgman
a2cdc840de Fix pre-existing missing closing #endif comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 14:44:13 +01:00
Dave Rodgman
527f48f14d Add OID definitions for SHA3
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 18:57:30 +01:00
Valerio Setti
81d75127ba library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 19:24:05 +02:00
Gilles Peskine
d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string
Parse an OID from a string
2023-06-06 20:57:17 +02:00
David Horstmann
62e7fae109 Fix bug in calculation of maximum possible bytes
Each DER-encoded OID byte can only store 7 bits of actual data, so take
account of that.

Calculate the number of bytes required as:

number_of_bytes = ceil(subidentifier_size * 8 / 7)

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-02 15:51:28 +01:00
David Horstmann
02127ab022 Allow subidentifiers of size UINT_MAX
Make overflow check more accurate and add testcases

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-02 15:51:17 +01:00
David Horstmann
45d5e2dc1a Rename minimum_mem to resized_mem
This new name is clearer about its purpose.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:10:33 +01:00
David Horstmann
5d074168f3 Rearrange declarations for readability
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:09:27 +01:00
David Horstmann
017139751a Change behaviour away from NUL-terminated strings
Instead, require the length of the string to be passed. This is more
useful for our use-case, as it is likely we will parse OIDs from the
middle of strings.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:04:20 +01:00
David Horstmann
6883358c16 Hoist variable declarations to before goto
This should appease IAR, which does not like declarations in the middle
of goto sequences.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-05-31 17:27:28 +01:00
David Horstmann
25d65e8527 Refactor while loop for simplicity
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-05-31 14:53:07 +01:00
David Horstmann
ada7d72447 Improve line spacing after variable declarations
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-05-31 14:49:56 +01:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
David Horstmann
9643575d92 Limit OIDs to 128 components
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.

[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-26 11:50:14 +01:00
David Horstmann
861e5d2742 Change to using an alloc-realloc strategy
Allocate enough memory to guarantee we can store the OID, encode into
the buffer, then realloc and copy into a buffer of exactly the right
size.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-19 18:37:45 +01:00
Valerio Setti
d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Przemek Stekiel
db323aa241 Fix Subject Key Identifier, Authority Key Identifier entries in oid_x509_ext
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
toth92g
a41954d0cf Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId).
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
ebef58d301 OID + misc crypto: use MD_CAN and fix failures
After this, only PK, X.509 and TLS remain to be done.

Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.

Also, remove a special-purpose macro that's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Demi Marie Obenour
889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-03-16 01:06:41 -04:00
David Horstmann
ce16474d91 Correct INT_MAX overflow check to UINT_MAX
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-23 13:50:48 +00:00
David Horstmann
376e8df9d6 Clarify structure of parsing with comments:
1. Parse through to get the required buffer length.
2. Having allocated a buffer, parse into the buffer.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
89d67bd472 Remove superfluous sizeof(unsigned char)
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
7cdfda12da Fixup: Correct signedness of val local variable
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
0f4ee418d8 Use return for errors only in oid_parse_number()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
59400ffed5 Improve header docs and rename parameter
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
03329970de Correct error in processing of second component
Root nodes 0 and 1 may have up to 40 children (0 - 39), not 39 children
(0 - 38) as previously thought.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
18ec9d7da1 Change some error codes to be more accurate
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 18:27:59 +00:00
David Horstmann
92337c0e62 Add function to parse an OID from a string
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-22 16:34:26 +00:00
David Horstmann
5b5a0b618c Change error codes to more appropriate codes
The more precise error codes are borrowed from the ASN1 module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:24:12 +00:00
David Horstmann
f51851dc70 Change += to |= for clearer semantics
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 15:44:24 +00:00
David Horstmann
34b3f1b757 Make overflow checks more readable
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 13:46:53 +00:00
David Horstmann
9c1887c4c7 Disallow overlong encoding when parsing OIDs
OID subidentifiers are encoded as follow. For every byte:
* The top bit is 1 if there is another byte to come, 0 if this is the
last byte.
* The other 7 bits form 7 bits of the number. These groups of 7 are
concatenated together in big-endian order.

Overlong encodings are explicitly disallowed by the BER/DER/X690
specification. For example, the number 1 cannot be encoded as:

0x80 0x80 0x01

It must be encoded as:

0x01

Enforce this in Mbed TLS' OID DER-to-string parser.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 12:02:27 +00:00
David Horstmann
c7f700c795 Fix incorrect printing of OIDs
The first 2 components of an OID are combined together into the same
subidentifier via the formula:

subidentifier = (component1 * 40) + component2

The current code extracts component1 and component2 using division and
modulo as one would expect. However, there is a subtlety in the
specification[1]:

>This packing of the first two object identifier components recognizes
>that only three values are allocated from the root node, and at most
>39 subsequent values from nodes reached by X = 0 and X = 1.

If the root node (component1) is 2, the subsequent node (component2)
may be greater than 38. For example, the following are real OIDs:
* 2.40.0.25, UPU standard S25
* 2.49.0.0.826.0, Met Office
* 2.999, Allocated example OID

This has 2 implications that the current parsing code does not take
account of:
1. The second component may be > 39, so (subidentifier % 40) is not
correct in all circumstances.
2. The first subidentifier (containing the first 2 components) may be
more than one byte long. Currently we assume it is just 1 byte.

Improve parsing code to deal with these cases correctly.

[1] Rec. ITU-T X.690 (02/2021), 8.19.4

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-14 17:00:25 +00:00
Valerio Setti
178b5bdddf pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 11:15:06 +01:00
Valerio Setti
ce0caa3384 oid: fix comment in #endif
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
f972ce8d69 oid: replace ECDSA_C with new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00