mbedtls

Author	SHA1	Message	Date
Andrzej Kurek	e30ad542a1	Cosmetic changes Move memset to a more relevant spot, fix one whitespace error	2018-11-22 13:37:14 -05:00
Andrzej Kurek	73bf6b9e00	pk_wrap: rework and tidy up signature extraction Improve comments, use a normal buffer instead of mbedtls_asn1_buf, remove unneeded variables and use shared utilities where possible.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	688ea8d10d	pk_wrap: reuse a static buffer for signature extraction Use a buffer left over after importing a key to hold an extracted signature.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	3016de3eeb	pk_wrap: rework signature extraction to work with small r and s values There is a probability that r will be encoded as 31 or less bytes in DER, so additional padding is added in such case. Added a signature-part extraction function to tidy up the code further.	2018-11-22 13:37:14 -05:00
Manuel Pégourié-Gonnard	7b7808cc76	Add tests for ECDSA verify with short r, s values This is intended to test transcoding the signature to the format expected by PSA (fixed-length encoding of r, s) when r and s have respectively: - full length with initial null byte - full length without initial null byte - non-full length with initial null byte - non-full length without initial null byte The signatures were generated using: programs/pkey/pk_sign tests/data_files/server5.key foo where foo is an empty file, and with a variant of one of the following patches applied: diff --git a/library/ecdsa.c b/library/ecdsa.c index abac015cebc6..e4a27b044516 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group grp, ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } + printf("\ngenerating r...\n"); +gen: MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -317,6 +319,11 @@ mul: MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G, f_rng, p_rng, ECDSA_RS_ECP ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) ); + + size_t bits = mbedtls_mpi_bitlen( pr ); + printf("%zu ", bits); + if( bits != 255 ) + goto gen; } while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 ); or: diff --git a/library/ecdsa.c b/library/ecdsa.c index abac015cebc6..d704376e0c42 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group grp, ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } + printf("\ngenerating r...\n"); +gen: MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) @@ -353,6 +355,11 @@ modn: MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) ); + + size_t bits = mbedtls_mpi_bitlen( s ); + printf("%zu ", bits); + if( bits != 247 ) + goto gen; } while( mbedtls_mpi_cmp_int( s, 0 ) == 0 ); with the value edited manually between each run to get the desired bit length.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	45fc464156	pk_wrap: improve error codes returned from ecdsa_verify_wrap Use the shared PSA utilities to translate errors.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	ca6330992e	pk_wrap: switch to helper functions defined in psa_util.h Remove duplicated helper functions. Remove an unnecessary call to psa_crypto_init().	2018-11-22 13:37:14 -05:00
Andrzej Kurek	510ee70501	pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap Adjust tests to pass a valid algorithm	2018-11-22 13:37:14 -05:00
Andrzej Kurek	2f69b1a059	pk_wrap: destroy key slot on errors with policy or key importing	2018-11-22 13:37:14 -05:00
Andrzej Kurek	c097b0fded	pk_wrap: add a check for equal signature parts	2018-11-22 13:37:14 -05:00
Andrzej Kurek	f8c94a811a	pk_wrap: check if curve conversion is successful	2018-11-22 13:37:14 -05:00
Andrzej Kurek	6d49ae9223	pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig Fix a double free error in ecdsa_verify_wrap	2018-11-22 13:37:14 -05:00
Andrzej Kurek	1e3b6865d7	pk_wrap: cosmetic changes Adjust whitespaces and variable names	2018-11-22 13:37:14 -05:00
Andrzej Kurek	39d1f4b29f	pk_wrap.c: add support for ecdsa signature verification using PSA Use PSA internally to verify signatures. Add a conversion to a raw signature format.	2018-11-22 13:37:14 -05:00
Hanno Becker	12bd57b8c8	Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh	2018-11-22 16:27:57 +00:00
Hanno Becker	fc359fd837	Remove double white space	2018-11-22 16:27:57 +00:00
Hanno Becker	47a6291445	Use MBEDTLS_PSA_UTIL_H instead of MBEDTLS_PSA_COMPAT_H in psa_util.h This is still an artifact from when psa_util.h was called psa_compat.h.	2018-11-22 16:27:57 +00:00
Hanno Becker	56a78dd4ad	State explicitly that any API depending on PSA is unstable	2018-11-22 16:27:57 +00:00
Hanno Becker	77030426a0	Update VisualC files	2018-11-22 16:27:57 +00:00
Hanno Becker	4d9e1e0ac4	Improve documentation of mbedtls_psa_err_translate_pk()	2018-11-22 16:27:57 +00:00
Hanno Becker	dec64735e2	Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode() In case of AEAD ciphers, the cipher mode (and not even the entire content of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t because it doesn't specify the AEAD tag length, which however is included in psa_algorithm_t identifiers. This commit adds a tag length value to mbedtls_psa_translate_cipher_mode() to account for that ambiguity.	2018-11-22 16:27:57 +00:00
Hanno Becker	14f78b03bb	Add function to translate PSA errors to PK module errors	2018-11-22 16:27:57 +00:00
Hanno Becker	639a4320ca	Fix Doxygen annotation in psa_util.h	2018-11-22 16:27:57 +00:00
Hanno Becker	06b6f34e9f	Initialize PSA Crypto implementation in ssl_server2	2018-11-22 16:27:57 +00:00
Hanno Becker	50955d1c18	Initialize PSA Crypto implementation in ssl_client2.c	2018-11-22 16:27:56 +00:00
Hanno Becker	eba9993171	Initialize PSA Crypto implementation at the start of each test suite	2018-11-22 16:27:56 +00:00
Hanno Becker	5f48818712	Make PSA utility functions static inline Compilers warn about unused static functions.	2018-11-22 16:27:56 +00:00
Hanno Becker	28b9d35904	Add PSA-to-Mbed TLS translations for cipher module	2018-11-22 16:27:56 +00:00
Hanno Becker	560aeaf26b	Add internal header for PSA utility functions This commit adds the header file mbedtls/psa_util.h which contains static utility functions `mbedtls_psa_xxx()` used in the integration of PSA Crypto into Mbed TLS. Warning: These functions are internal only and may change at any time.	2018-11-22 16:27:56 +00:00
Manuel Pégourié-Gonnard	dde4442581	Add build using PSA to all.sh	2018-11-22 16:27:52 +00:00
Manuel Pégourié-Gonnard	26fd730876	Add config option for X.509/TLS to use PSA	2018-11-22 16:25:36 +00:00
Gilles Peskine	a678f233a7	Merge pull request #197 from netanelgonen/entropy-inject Add entropy inject API (#197)	2018-11-21 19:21:05 +01:00
avolinski	0d2c266c06	change MBEDTLS_RANDOM_SEED_ITS define to be PSA_CRYPTO_ITS_RANDOM_SEED_UID	2018-11-21 17:31:07 +02:00
avolinski	1c66205df6	Remove trailing space in psa_crypto.c	2018-11-21 16:54:09 +02:00
Gilles Peskine	83146e10bb	Merge pull request #211 from ARMmbed/bug_fix_210 Fix memory allocation check in psa_save_generated_persistent_key (#211)	2018-11-21 15:51:07 +01:00
avolinski	13beb100c2	Adjust psa entropy inject tests to take as minimum seed size the maximum of MBEDTLS_ENTROPY_MIN_PLATFORM and MBEDTLS_ENTROPY_BLOCK_SIZE	2018-11-21 16:24:53 +02:00
avolinski	7cc8229d80	Replace MBED_RANDOM_SEED_ITS_UID with MBEDTLS_RANDOM_SEED_ITS_UID Update mbedtls_psa_inject_entropy function documentation	2018-11-21 16:24:53 +02:00
avolinski	4d27c94aee	Adding testcase for PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_MIN_PLATFORM	2018-11-21 16:24:53 +02:00
Netanel Gonen	21f37cbbec	Add Tests for psa crypto entropy incjection Adjust code to handle and work with MBEDTLS_ENTROPY_BLOCK_SIZE definition option	2018-11-21 16:24:52 +02:00
Gilles Peskine	ee2ffd311b	Document the maximum seed size as well as the minimum	2018-11-21 16:23:42 +02:00
Gilles Peskine	0338ded2f4	Improve documentation of mbedtls_psa_inject_entropy Explain what the function does, why one would use it, how to use it, how to handle its input, and what the status codes mean.	2018-11-21 16:23:42 +02:00
Netanel Gonen	212a793217	add MBEDTLS_PSA_HAS_ITS_IO to config.h	2018-11-21 16:23:42 +02:00
Netanel Gonen	9468bb241c	Add Tests for psa crypto entropy incjection	2018-11-21 16:23:41 +02:00
Netanel Gonen	2bcd312cda	Add entropy injection function to psa cripto APIs	2018-11-21 16:15:14 +02:00
itayzafrir	910c76b3d1	Check that memory allocation was successful in psa_save_generated_persistent_key	2018-11-21 16:10:33 +02:00
Gilles Peskine	3d5d8372a5	Merge pull request #198 from ARMmbed/psa_crypto_its PSA Crypto Storage backend implementation over PSA ITS APIs (#198)	2018-11-21 15:04:03 +01:00
Jaeden Amero	dbb83ac5f7	Merge pull request #194 from ARMmbed/dev/Patater/enable-use-as-submodule-only Enable use as submodule only (no removal of non-crypto)	2018-11-21 12:53:12 +00:00
Jaeden Amero	3c7cc5eb18	Makefile: Install PSA headers When running `make install`, it can be desirable for the PSA Crypto header files to get installed as well, so that the PSA portions of the library are usable.	2018-11-21 12:17:31 +00:00
Jaeden Amero	852dac2df8	README: Update with the CMake build option Note that one can also use CMake and doesn't strictly require GNU Make. For instance, telling CMake to output Visual Studio project files and using those would preclude the need for GNU Make.	2018-11-21 12:17:31 +00:00
Jaeden Amero	a49ba5ea5f	README: Specify that C99 is required	2018-11-21 12:17:31 +00:00

1 2 3 4 5 ...

8797 commits