Gilles Peskine
dec7261df1
Remove redundant initialization of policies to {0}
...
Some compilers don't like initializing a structure to {0} (incomplete
initializer). It's redundant anyway since we always call
psa_key_policy_init.
2018-09-12 16:19:04 +03:00
Gilles Peskine
c0ec97222b
mac_verify: remove unused IV argument
...
We aren't going to have MAC with IV in the API any time soon, if at
all, so remove the embryonic support for it in the tests.
2018-09-12 16:19:03 +03:00
Gilles Peskine
01b929c85b
Fix key_lifetime_set_fail not cleaning up the right key slot
2018-09-12 16:18:04 +03:00
Gilles Peskine
4abf741e6a
Hygiene improvements in PSA crypto test code
...
Get rid of many redundant casts. In particular, it is not useful to
cast uint32_t values to size_t before performing arithmetic or
comparisons on them.
Rewrap a number of function calls, many of which now have narrower
arguments thanks to the removed casts. When a function call doesn't
fit on a single line, avoid grouping unrelated parameters together,
but do try to group a buffer pointer and the associated size.
Define more auxiliary variables xxx of a particular integer
type (psa_algorithm_t, psa_key_usage_t, etc.) corresponding to a test
function xxx_arg which has the type int. This avoids the need to cast
xxx_arg to an unsigned type sometimes in the code.
2018-09-12 16:18:04 +03:00
Gilles Peskine
7bcfc0a9ae
Be more consistent about blank lines
2018-09-12 16:18:04 +03:00
Gilles Peskine
803ce7402a
Change sizeof(type) to sizeof(variable)
2018-09-12 16:18:04 +03:00
Gilles Peskine
c1bb6c8dcc
Formatting improvements
...
Avoid lines longer than 80 columns.
Remove some redundant parentheses, e.g. change
if( ( a == b ) && ( c == d ) )
to
if( a == b && c == d )
which makes lines less long and makes the remaining parentheses more
relevant.
Add missing parentheses around return statements.
There should be no semantic change in this commit.
2018-09-12 16:18:02 +03:00
Gilles Peskine
2d2778650b
Normalize whitespace
...
Normalize whitespace to Mbed TLS standards. There are only whitespace
changes in this commit.
2018-09-12 16:15:52 +03:00
Gilles Peskine
6de7a179c8
Fix file permissions
...
Some files were marked as executable but shouldn't have been.
2018-09-12 16:13:49 +03:00
Gilles Peskine
781afb4b07
Merge remote-tracking branch 'psa/pr/45' into feature-psa
2018-09-12 16:13:49 +03:00
itayzafrir
27fbaf7781
Fixed test sign_deterministic, macro PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE
...
Arguments in the wrong order
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
aa5aea0bac
fix spaces and add braces
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
e9664c30f0
space and style fixes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9627241beb
change macro PSA_HASH_BLOCK_SIZE to function psa_get_hash_block_size
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
5ca6547b77
Renamed hmac_ctx to opad and removed null check.
...
this array is now part of the struct and not dynamically allocated
so it can't be null.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
caec7f0c49
Fix rename issue missed by re-base
2018-09-12 16:13:49 +03:00
Gilles Peskine
d223b52a9a
psa_hmac_start: reduce stack usage
...
Store the temporary key in the long-key case (where the key is first
hashed) directly into ipad. This reduces the stack usage a little, at
a slight cost in complexity.
2018-09-12 16:13:49 +03:00
Gilles Peskine
6a0a44e167
HMAC: clean up local variables containing key material
...
In psa_mac_start, the hash of the key and ipad contain material that
can be used to make HMAC calculations with the key, therefore they
must be wiped.
In psa_mac_finish_internal, tmp contains an intermediate value which
could reveal the HMAC. This is definitely sensitive in the verify case,
and marginally sensitive in the finish case (it isn't if the hash
function is ideal, but it could make things worse if the hash function
is partially broken).
2018-09-12 16:13:49 +03:00
Gilles Peskine
c102e3ce4b
psa_hmac_start: simplify key_length logic in hash-the-key case
2018-09-12 16:13:49 +03:00
Gilles Peskine
e1bc6800cc
psa_hmac_start: remove useless casts
2018-09-12 16:13:49 +03:00
Gilles Peskine
7e454bc19f
Split out CMAC and HMAC code into auxiliary functions
...
Split algorithm-specific code out of psa_mac_start. This makes the
function easier to read.
The behavior is mostly unchanged. In a few cases, errors before
setting a key trigger a context wipe where they didn't. This is a
marginal performance loss but only cases that are an error in caller
code.
2018-09-12 16:13:49 +03:00
Gilles Peskine
99bc649760
Normalize whitespace to Mbed TLS standards
...
Only whitespace changes in this commit.
2018-09-12 16:13:49 +03:00
Gilles Peskine
ef057ac8ed
Remove dead code
...
Remove an unused function and an unused variable. Now the code builds
with gcc -Wall -Wextra -Werror.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
084832d65f
replace get_block_size_from_hash_algorithm with PSA_HASH_BLOCK_SIZE macro
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9e2ffe83ac
change type of hash block to uint8_t
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
1e2b046026
adding more test cases for hmac
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601
change hmac context to use statically allocated memory
...
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
0c9ec53a10
remove reliance on md_info context for hash information
...
1. remove reliance on md_info context for hash information by decoding locally
2. remove block_size field in context as this is dynamically computed
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
eeace0bf7f
Code style fix : changed keylen to key_length
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
7810be273a
Code correction: remove unneeded sizeof
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f
Commit changes to hmac to not use MD abstraction
...
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
itayzafrir
3e02b3b280
On target testing tests adaptation
...
Updated all psa crypto tests to use the new test format
2018-09-12 16:13:39 +03:00
itayzafrir
423f219bb2
Fixed missing dependencies in psa crypto tests
...
PSA verify RSA PKCS#1 v1.5 SHA-256, wrong hash
PSA Symmetric decryption: AES-CTR, 16 bytes, good
PSA Symmetric encryption: AES-CTR, 15 bytes, good
PSA Symmetric encryption: AES-CTR, 16 bytes, good
2018-09-05 12:46:20 +03:00
Gilles Peskine
8605428dcf
Merge remote-tracking branch 'psa/pr/27' into feature-psa
2018-09-05 12:46:19 +03:00
Gilles Peskine
eebd7381bb
Rename asymmetric_encrypt to clarify what it does
...
Renamed to asymmetric_encrypt_decrypt
2018-09-05 12:44:18 +03:00
Gilles Peskine
c4def2f228
Add input length check in psa_asymmetric_decrypt
...
Remove output size check which is not needed here and was copypasta.
Add non-regression tests.
2018-09-05 12:44:18 +03:00
Gilles Peskine
b75e4f1314
Remove ECC boilerplate in asymmetric encrypt/decrypt
...
We don't have any encryption algorithm using ECC keys at the moment.
2018-09-05 12:44:17 +03:00
Gilles Peskine
beb4948d10
Add RSA PSS verification (untested)
2018-09-05 12:44:17 +03:00
Gilles Peskine
625b01c9c3
Add OAEP placeholders in asymmetric encrypt/decrypt
...
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.
Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine
8b18a4fef3
Rename verify_RSA_hash_input_and_get_md_type
...
Give it a shorter name that's more in line with our naming conventions.
2018-09-05 12:44:17 +03:00
Gilles Peskine
61b91d4476
Normalize whitespace to Mbed TLS standards
...
Only whitespace changes in this commit.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
1c2a7ea4e2
Allow psa_asymmetric_verify and psa_asymmetric_encrypt to use public key only.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d708260de4
add key policy enforcement implementation
...
add checks that keys have been set for the correct usage for asymmetric
functions.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
ca466c89b0
Set output length to safe value
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
c460291714
Re-Add ECC verification code which was not properly merged in re-base.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
4db79eb36b
Extract common code
...
Make code easier to maintain.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
717a040df5
Remove duplicate / unneeded code
...
1. remove duplicate function introduced by re-base
2. remove unneeded code
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d70bc48630
Fix test output size
...
1. set output size to safe value
2. set output size correctly
3. check correct length of actual output
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
553b8f39e9
Fix test data
...
test data used incorrect clear-text length.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
72eca16afe
Fix scenario test names
...
1. make all names unique
2. fix spacing issue in names
2018-09-05 12:44:17 +03:00