Commit graph

1270 commits

Author SHA1 Message Date
Jaeden Amero a78c958b17 Merge remote-tracking branch 'tls/pr/2028' into development 2019-02-27 15:21:44 +00:00
Jaeden Amero a9d6ba2510 Merge remote-tracking branch 'tls/development' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-27 15:15:53 +00:00
Jaeden Amero 415620c1f2 Merge remote-tracking branch 'origin/pr/2105' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-22 10:33:15 +00:00
Jaeden Amero b281f74284 psa: example: Initialize operation contexts
Add missing initializers to PSA Crypto example. Operation contexts must
be initialized before calling psa_*_setup().
2019-02-20 10:51:42 +00:00
Jaeden Amero 0574e6a7bd
Merge pull request #51 from Patater/update-dev-tls-dev-crypto-merge
Merge mbedtls/development-psa, mbedtls/development into development
2019-02-15 15:07:37 +00:00
Jaeden Amero db29ab528a psa: Fix builds without MBEDTLS_PLATFORM_C
When `MBEDTLS_PLATFORM_C` is not enabled, our PSA Crypto implementation
depends on the standard C library for functions like snprintf() and
exit(). However, our implementation was not including the proper header
files nor redefining all `mbedtls_*` symbols properly to ensure
successful builds without MBEDTLS_PLATFORM_C. Add the necessary header
files and macro definitions to our PSA Crypto implementation.
2019-02-14 16:01:14 +00:00
Jaeden Amero 44a59ab3f5 psa: Enable use of PSA examples with CHECK_PARAMS
When MBEDTLS_CHECK_PARAMS is enabled, it's required to have an
implementation of mbedtls_param_failed() present. Without it in the PSA
examples, building the PSA examples will result in linker errors like
the following.

  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_import':
  rsa.c:(.text+0x9fd): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_import_raw':
  rsa.c:(.text+0xb0b): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_complete':
  rsa.c:(.text+0xe63): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_export_raw':
  rsa.c:(.text+0xfee): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_export':
  rsa.c:(.text+0x116f): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o):rsa.c:(.text+0x1304): more undefined
  references to `mbedtls_param_failed' follow
  collect2: error: ld returned 1 exit status
  programs/psa/CMakeFiles/crypto_examples.dir/build.make:97: recipe for target
  'programs/psa/crypto_examples' failed
  make[2]: *** [programs/psa/crypto_examples] Error 1

Add an implementation of mbedtls_param_failed() to the PSA Crypto
examples to avoid getting this error on the PSA examples.
2019-02-14 16:01:14 +00:00
Jaeden Amero 67ea2c5e6d Merge branch 'development-psa-proposed' into development
Resolve conflicts by performing the following.

- Take the upstream Mbed TLS ChangeLog verbatim.
- Reject changes to Makefiles and CMake that are related to using Mbed
  Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a
  submodule of itself.
- Reject README changes, as Mbed Crypto has its own, different README.
- Reject PSA-related changes to config.h. We don't want to disable the
  availability of the PSA Crypto API by default in the Mbed Crypto
  config.h.
- Don't inadvertently revert dead code removal in
  mbedtls_cipher_write_tag() which was added in f2a7529403 ("Fix
  double return statement in cipher.c")
- Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from
  past companion PRs) take the latest version from Mbed TLS which
  includes integration with MBEDTLS_CHECK_PARAMS.
- Update the version of the shared library files to match what's
  currently present in Mbed TLS.
- Reject removal of testing with PSA from config full tests.
- Resolve conflicts in test tests/suites/helpers.function, where both
  Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT.
  Combine text from both documentation efforts.
- Reject adding a submodule of ourselves.
- Reject addition of submodule tests in all.sh.
- Reject addition of submodule to library path in
  tests/scripts/run-test-suites.pl.
- Avoid using USE_CRYPTO_SUBMODULE=1 in
  component_test_use_psa_crypto_full_cmake_asan() in all.sh.
2019-02-14 15:58:43 +00:00
Gilles Peskine 3f775264d3 psa_constant_names: adding support for signed types
psa_constant_names now works correctly with signed values, such as
psa_status_t may have.
2019-02-13 18:46:51 +01:00
Gilles Peskine 1b879843d1 psa_constant_names: factor unsigned support into its own function
This is in preparation for adding support for signed types (namely,
psa_status_t).
2019-02-13 18:46:51 +01:00
Jaeden Amero 1fb011f2a6
Merge pull request #152 from ARMmbed/psa-test-psa_constant_names
Test psa_constant_names
2019-02-12 13:39:25 +00:00
Andres Amaya Garcia 54efcb7ff0 Update query config with VSNPRINTF macro 2019-02-11 21:55:09 +00:00
Darryl Green 21b33b07df Run generate_psa_constants.py before building psa_constant_names with cmake 2019-02-07 13:08:34 +00:00
Jaeden Amero 68933640f5 Merge commit '01b34fb316a5' into development
Merge a development version of Mbed TLS 2.16.0 that doesn't have
parameter validation into development.

The following conflicts were resolved:

- Update ChangeLog to include release notes merged from development so
  far, with a version of "2.14.0+01b34fb316a5" and release date of
  "xxxx-xx-xx" to show this is not a released version, but instead a
  snapshot of the development branch equivalent to version of the 2.14.0
  with additional commits from the mbedtls/development branch up through
  01b34fb316 included. Entries added for unreleased versions of Mbed
  Crypto remain at the top of the file for Mbed TLS 2.xx.x.
- Replace the Mbed Crypto version of
  mbedtls_rsa_rsaes_pkcs1_v15_decrypt() with the version from Mbed TLS
  which fixes timing variations and memory access variations that could
  lead to a Bleichenbacher-style padding oracle attack. This will
  prevent using psa_asymmetric_decrypt() with zero-length output buffers
  until a follow up commit is made to restore this capability.
- In ssl_srv.c, include changes for both the new ECDH interface and
  opaque PSK as already added to development previously.
2019-02-07 12:19:59 +00:00
Andres Amaya Garcia e7856bfc6d Suppress visual studio preprocessor warnings on query_config.c 2019-02-07 10:38:23 +00:00
Andres Amaya Garcia 8645f733cf Update query_config.c with new macros 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia ef672f0319 Exclude macros from query_config.c generation 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 27b3372c45 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 5bc6e92b70 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia cb9c015558 Improve cmake inclusion of query_config.c when building apps 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia c28da7ea43 Improve comments in query_config.fmt 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 5aca555391 Fix GCC 0-length printf format string error 2019-02-07 10:38:22 +00:00
Andres AG 08457ce76b Fix aligment in programs/test/query_compile_time_config.c 2019-02-07 10:38:22 +00:00
Andres AG 509ba69e16 Create programs/test/query_compile_time_config app 2019-02-07 10:38:22 +00:00
Andres AG 458148681d Ensure query_config.c includes stdio only when needed 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia bb923642c3 Update programs/ssl/CMakeLists.txt with query_config.c dep 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia 3b2f9d3ca8 query_config.c: remove duplicated inc of platform.h 2019-02-07 10:37:39 +00:00
Andres Amaya Garcia bc81884e3a Query config through ssl_server2 and ssl_client2 cmdline 2019-02-07 10:36:50 +00:00
Darryl Green da7c80e3f1 Add dependency to Makefile 2019-02-06 16:24:43 +00:00
Darryl Green d519583ae3 Run generate_psa_constants.py in cmake builds 2019-02-06 13:45:03 +00:00
Andrzej Kurek b274f2739e Documentation fixes 2019-02-05 05:06:35 -05:00
Andrzej Kurek c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Jaeden Amero 6f4a8ef1ee Merge remote-tracking branch 'origin/pr/2137' into development 2019-01-30 14:55:09 +00:00
Gilles Peskine 6a78573088 CMake: psa_constant_names and test_psa_constant_names
Build and install psa_constant_names.

Make sure that test_psa_constant_names passes in an out-of-tree build.
2019-01-29 16:08:46 +00:00
Gilles Peskine f31dbb7bf1 CMake: build and install key_ladder_demo 2019-01-29 16:08:46 +00:00
Gilles Peskine 738f017c12 Fix the build of key_ladder_demo under Clang
Clang -Wall -Wincompatible-pointer-types-discards-qualifiers said:
thou shalt not put a string literal in a non-const char*.
2019-01-29 16:08:46 +00:00
Gilles Peskine 265a171c52 Error out if a value is out of range
psa_status_t is currently a signed type where only non-negative values
are used, which makes things a bit awkward. For now, non-negative
values trigger an error. This code will need to be revised if we
switch to using negative values as error codes.
2019-01-29 16:08:46 +00:00
Gilles Peskine 567840e335 Support multiple values on the command line 2019-01-29 16:07:45 +00:00
Hanno Becker 330b9a4586 PSA: Adapt ssl_server2 to modified key allocation API 2019-01-25 14:36:28 +00:00
Hanno Becker f3adecf479 PSA: Adapt ssl_server2 to hew key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker 2261a0ff52 PSA: Adapt ssl_client2 to new key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker d74dfc2984 PSA: Adapt ssl_client2 to modified key slot allocation API 2019-01-25 14:36:28 +00:00
Hanno Becker 32809e8c70 PSA: Adapt ssl_server2 to modified key allocation API 2019-01-25 14:31:00 +00:00
Hanno Becker 9bd8842c77 PSA: Adapt ssl_server2 to hew key policy initialization API 2019-01-25 14:27:01 +00:00
Hanno Becker 1387124c89 PSA: Adapt ssl_client2 to new key policy initialization API 2019-01-25 14:26:26 +00:00
Hanno Becker 37519ea5f8 PSA: Adapt ssl_client2 to modified key slot allocation API 2019-01-25 14:26:01 +00:00
Jaeden Amero 0b6b871056
Merge pull request #22 from ARMmbed/iotssl-2697-psa-key-allocation-crypto
Adapting to the new PSA key slot allocation mechanism
2019-01-23 15:00:19 +00:00
Andrzej Kurek c750932f2c Adapt to the new key allocation mechanism 2019-01-23 06:22:32 -05:00
Gilles Peskine d40c1fbd50 Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.
2019-01-19 12:20:52 +01:00
Andres Amaya Garcia 5d26163db4 Add tests for (named) bitstring to suite_asn1write 2019-01-16 18:59:07 +00:00