Commit graph

16492 commits

Author SHA1 Message Date
Hanno Becker
bc00044279 Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
93636cce4a Add MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
2fe5f61e1a Add generic codes for syntactic and semantic message parsing errors
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Janos Follath
8a88f6274c
Merge pull request #4726 from athoelke/at-pbkdf2-doc-fixes
Fixes for PBKDF2 documentation
2021-06-28 09:47:57 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config
Add CMake package config file
2021-06-25 20:32:13 +01:00
Dave Rodgman
63ad854de8
Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error
Psa cipher and mac abort on error
2021-06-25 15:39:59 +01:00
Gilles Peskine
918708b824
Merge pull request #4729 from paul-elliott-arm/fix_test_illegal_access
Fix potential free of uninitialised pointer
2021-06-25 13:43:56 +02:00
Paul Elliott
e57dd2d450 Fix potential free of uninitialised pointer
A test was added in that could cause a jump to exit prior to
initialisation of a pointer that would get freed if that test failed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-25 11:17:12 +01:00
Andrew Thoelke
52d18cd9a4
Remove trailing space
Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
2021-06-25 11:03:57 +01:00
Dave Rodgman
90d1cb83a0 Use more standard label name
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-25 09:09:02 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
2021-06-25 09:01:08 +02:00
Gilles Peskine
1fed4b8324
Merge pull request #4720 from gilles-peskine-arm/gcm-finish-outlen
Add output_length parameter to mbedtls_gcm_finish
2021-06-24 20:02:40 +02:00
Dave Rodgman
6f7105818c Improve psa_hash_update negative test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 18:15:23 +01:00
Andrew Thoelke
a0f4b595c5
Fixes for PBKDF2 documentation
Fix typos in the PBKDF2 documentation

Correct the constraints on PSA_KEY_USAGE_DERIVE and PSA_KEY_USAGE_VERIFY_DERIVATION, aligning them with the note against psa_key_derivation_input_key(). All key inputs must have the required usage flag to permit output or verification.

Correct the constraints on PSA_KEY_DERIVATION_INPUT_SECRET and PSA_KEY_DERIVATION_INPUT_PASSWORD, aligning them with 4feb611. psa_key_derivation_verify_key() does not require the secret/password input to be a key.

Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
2021-06-24 16:47:14 +01:00
Dave Rodgman
8036bddb01 Tidy up logic in psa_mac_sign_finish
Simplify the logic in psa_mac_sign_finish.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:19:08 +01:00
Dave Rodgman
b5dd7c794d Correct coding style issues
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:17:43 +01:00
Dave Rodgman
54648243cd Call abort on error in psa_mac/cipher setup
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:49:45 +01:00
Dave Rodgman
685b6a742b Update multipart hash operations to abort on error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:49:14 +01:00
Dave Rodgman
5ae6f7547c Add negative tests for psa_abort in hash functions
Various functions for PSA hash operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:41:05 +01:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
5a7be10419 Add output_length parameter to mbedtls_gcm_finish
Without this parameter, it would be hard for callers to know how many bytes
of output the function wrote into the output buffer. It would be possible,
since the cumulated output must have the same length as the cumulated input,
but it would be cumbersome for the caller to keep track.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 21:51:32 +02:00
Dave Rodgman
38e62aebc3 Update cipher and mac functions to abort on error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 18:59:17 +01:00
Dave Rodgman
647791da5b Add negative tests for psa_abort in cipher and mac functions
Various functions for PSA cipher and mac operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 18:59:17 +01:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad
Enable multiple calls to mbedtls_gcm_update_ad
2021-06-23 19:36:23 +02:00
Dave Rodgman
cb17fc34cf
Merge pull request #4671 from mpg/x509-crt-profile-public
Make the fields of mbedtls_x509_crt_profile public
2021-06-23 16:06:12 +01:00
Ronald Cron
4f7cc1bb63
Merge pull request #4713 from gilles-peskine-arm/psa-storage-format-test-lifetimes-3.0
PSA storage format: test lifetimes
Almost straightforward of #4392 thus merging with only one approval.
2021-06-23 15:22:03 +02:00
Janos Follath
aa5938edb3
Merge pull request #4703 from gilles-peskine-arm/mpi_montmul-null-3.0
Fix several bugs with the value 0 in bignum
2021-06-23 13:40:14 +01:00
Mateusz Starzyk
939a54cda3 Fix typos and style issues.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
469c9f35f6 Add GCM tests for empty ciphertext/plaintext and empty AD.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
58d3a7ef97 Add GCM tests with vectors lengths non-dividable by 16.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
032a1ceaf3 Remove init_result check from custom gcm test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
f8a0d4d3bf Fix nested loops set_step in gcm test suite.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
fc60622710 Add customized test functions for GCM update and update_ad.
New functions are used to cover corner cases:
* authentication data is fed to gcm with 0, 1 or 2 calls to gcm_update
* ciphertext is fed to gcm with 0, 1 or 2 calls to gcm_update_ad

AES-GCM NIST test vectors downloaded at 16.06.2021 from:
csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:03 +02:00
Ronald Cron
44a0ae920c
Merge pull request #4710 from mstarzyk-mobica/ccm_taglen
Add missing tag_len in ccm api.
PR-4710-merge TLS Testing  run successfully and the failure in PR-4710-head TLS Testing are CI problems thus merging.
2021-06-23 14:20:26 +02:00
Gilles Peskine
f9a046ecb5 Remove duplicate wipe call in psa_destroy_key
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:53:56 +02:00
Gilles Peskine
91466c8d3f Hopefully clarify the example
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:53:56 +02:00
Gilles Peskine
52bb83e6ad Fix mbedtls_svc_key_id_is_null when KEY_ID_ENCODES_OWNER
A null key id is a null key id even when it has an owner attached to it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:53:56 +02:00
Dave Rodgman
095dadc5bc Fix error in psa_crypto test suite
The cipher_bad_order test happened to pass, but was not testing the
failure case it intended to test.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 12:52:11 +01:00
Gilles Peskine
56949f6b63 Make immediate constants unsigned
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION shifts the location
value (location << 8). This can go outside the range of a 32-bit int
if the location value is above 2^23 as is the case here. Asan
rightfully complained about it. Make the value unsigned to avoid the
integer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
6687cd07f3 Refuse to destroy read-only keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
576464873a Check that attempting to destroy a read-only key fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
eb7bdaa177 Add storage tests for lifetimes
Test keys with various persistence levels, enumerated from the
metadata tests.

For read-only keys, do not attempt to create or destroy the key
through the API, only to read a key that has been injected into
storage directly through filesystem access.

Do not test keys with a non-default location, since they require a
driver and we do not yet have a dependency mechanism to require the
presence of a driver for a specific location value.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
45a4391897 Collect lifetime constructors
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
fbb914f6e6 Add negative tests for psa_destroy_key
Test a non-existent key identifier in a valid range. Test identifiers
outside the valid range.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
87bc91c13b Forbid creating a read-only key
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
ad2ddfe874 Add negative tests for key creation with an invalid lifetime
Attempting to create a key with an invalid location or with read-only
persistence must be rejected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
1e1eca3233 Add persistent key tests with a non-default persistence
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
f5f07c847a Fix mbedtls_psa_get_stats for keys with fancy lifetimes
mbedtls_psa_get_stats() was written back before lifetimes were
structured as persistence and location. Fix its classification of
volatile external keys and internal keys with a non-default
persistence.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
d133bb2909 New macro PSA_KEY_LIFETIME_IS_READ_ONLY
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
90dfc35643 More informative message on invalid classification flags
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00