Commit graph

5279 commits

Author SHA1 Message Date
Jaeden Amero 18c7b9fdaa
Merge pull request #210 from tempesta-tech/extra-mbedtls_ecp_group_free
Remove extra mbedtls_ecp_group_free()
2019-09-10 18:51:43 +01:00
Jaeden Amero 9298dca14d
Merge pull request #185 from gilles-peskine-arm/harvard-md
Remove method dispatch from md
2019-09-10 18:38:39 +01:00
Alexander K 56a74cdcc9 Replace 0 by MBEDTLS_ECP_DP_NONE to avoid IAR compiler complains 2019-09-10 17:58:20 +03:00
Jaeden Amero 92348d1c49 Merge remote-tracking branch 'crypto/development' into development-restricted
* crypto/development: (77 commits)
  all.sh: disable MEMORY_BUFFER_ALLOC in cmake asan build
  Unify gcc and clang cmake flags to test with UBsan
  Add an input check in psa_its_set
  Remove storage errors from psa_generate_random
  Update getting_started.md
  Update based on Jaeden's comments.
  Update getting_started.md
  Fix return code warnings
  Update getting_started.md
  Fix warnings
  Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv
  Remove errorneous insert
  Add STORAGE_FAILURE everywhere + add missing codes
  Add storage failure to psa_mac_verify_finish
  Add storage failure to psa_mac_sign_finish
  Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions
  Added PSA_ERROR_BAD_STATE to functions with operations
  Added extra bad state case to psa_hash_setup
  Add missing return codes to psa_generate_key
  Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute
  ...
2019-09-06 08:56:21 +01:00
Alexander K 77233ec411 Fix misprint 2019-09-05 21:37:39 +03:00
Jaeden Amero 595643c514
Merge pull request #222 from jainvikas8/zeroize-check
Check for zero length and NULL buffer pointer.
2019-09-05 17:35:40 +01:00
Jaeden Amero c12cb5236b
Merge pull request #239 from AndrzejKurek/psa-its-file-fixes
Remove a potential call to fwrite with null buffer. Add UBsan testing
2019-09-05 16:40:08 +01:00
Jaeden Amero 826907736f Merge remote-tracking branch 'origin/pr/2623' into development
* origin/pr/2623:
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 14:43:46 +01:00
Andrzej Kurek dc22d8d022 Add an input check in psa_its_set 2019-09-05 09:34:34 -04:00
Darryl Green 5e843fa133 Use safer deterministic function in psa_ecdsa_sign 2019-09-05 14:06:34 +01:00
Janos Follath 896a294211 Correct deterministic ECDSA behavior
We were still reusing the internal HMAC-DRBG of the deterministic ECDSA
for blinding. This meant that with cryptographically low likelyhood the
result was not the same signature as the one the deterministic ECDSA
algorithm has to produce (however it is still a valid ECDSA signature).

To correct this we seed a second HMAC-DRBG with the same seed to restore
correct behavior. We also apply a label to avoid reusing the bits of the
ephemeral key for a different purpose and reduce the chance that they
leak.

This workaround can't be implemented in the restartable case without
penalising the case where external RNG is available or completely
defeating the purpose of the restartable feature, therefore in this case
the small chance of incorrect behavior remains.
2019-09-05 11:18:58 +01:00
Janos Follath e65e0597a8 Deprecate the old deterministic ECDSA function
The current interface does not allow passing an RNG, which is needed for
blinding. Using the scheme's internal HMAC-DRBG results the same
blinding values for the same key and message, diminishing the
effectiveness of the countermeasure. A new function
`mbedtls_ecdsa_det_ext` is available to address this problem.
2019-09-05 11:18:58 +01:00
Janos Follath dca667ac80 Add a safer deterministic ECDSA function
`mbedtls_ecdsa_sign_det` reuses the internal HMAC-DRBG instance to
implement blinding. The advantage of this is that the algorithm is
deterministic too, not just the resulting signature. The drawback is
that the blinding is always the same for the same key and message.
This diminishes the efficiency of blinding and leaks information about
the private key.

A function that takes external randomness fixes this weakness.
2019-09-05 11:18:58 +01:00
Jaeden Amero c04305f036 Merge remote-tracking branch 'crypto/development' into development-restricted
* crypto/development: (863 commits)
  crypto_platform: Fix typo
  des: Reduce number of self-test iterations
  Fix -O0 build for Aarch64 bignum multiplication.
  Make GNUC-compatible compilers use the right mbedtls_t_udbl again on Aarch64 builds.
  Add optimized bignum multiplication for Aarch64.
  Enable 64-bit limbs for all Aarch64 builds.
  HMAC DRBG: Split entropy-gathering requests to reduce request sizes
  psa: Use application key ID where necessary
  psa: Adapt set_key_id() for when owner is included
  psa: Add PSA_KEY_ID_INIT
  psa: Don't duplicate policy initializer
  crypto_extra: Use const seed for entropy injection
  getting_started: Update for PSA Crypto API 1.0b3
  Editorial fixes.
  Cross reference 'key handles' from INVALID_HANDLE
  Update documentation for psa_destroy_key
  Update documentation for psa_close_key
  Update psa_open_key documentation
  Remove duplicated information in psa_open_key
  Initialize key bits to max size + 1 in psa_import_key
  ...
2019-09-05 11:11:38 +01:00
Jaeden Amero 8096969905
Merge pull request #139 from Patater/des-faster-and-typo-fix
Make DES self-test faster, and fix a typo
2019-09-04 12:18:39 +01:00
Vikas Katariya 52fa174a5a Check for zero length and NULL buffer pointer.
In reference to issue https://github.com/ARMmbed/mbed-crypto/issues/49
2019-09-04 11:31:35 +01:00
Jaeden Amero f66e7ea7f3
Merge pull request #178 from mpg/sha512-smaller
New config.h option to make SHA-512 smaller
2019-09-04 10:19:28 +01:00
Jaeden Amero 355b4b0c25 des: Reduce number of self-test iterations
Tiny slow processors take a long time to go through 10,000 iterations.
Try with 100 iterations instead.

Fixes https://github.com/ARMmbed/mbedtls/issues/807
2019-09-04 10:11:45 +01:00
Jaeden Amero 3d7005f851 Merge remote-tracking branch 'tls/pr/2363' into development
* origin/pr/2363:
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 19:32:45 +01:00
Jaeden Amero 822b8f65bd
Merge pull request #238 from hanno-arm/hmac_drbg_entropy_incompatibility_fix-crypto
HMAC DRBG: Split entropy-gathering requests to reduce request sizes
2019-08-30 12:15:16 +01:00
Hanno Becker a823d4c7f0 HMAC DRBG: Split entropy-gathering requests to reduce request sizes
According to SP800-90A, the DRBG seeding process should use a nonce
of length `security_strength / 2` bits as part of the DRBG seed. It
further notes that this nonce may be drawn from the same source of
entropy that is used for the first `security_strength` bits of the
DRBG seed. The present HMAC DRBG implementation does that, requesting
`security_strength * 3 / 2` bits of entropy from the configured entropy
source in total to form the initial part of the DRBG seed.

However, some entropy sources may have thresholds in terms of how much
entropy they can provide in a single call to their entropy gathering
function which may be exceeded by the present HMAC DRBG implementation
even if the threshold is not smaller than `security_strength` bits.
Specifically, this is the case for our own entropy module implementation
which only allows requesting at most 32 Bytes of entropy at a time
in configurations disabling SHA-512, and this leads to runtime failure
of HMAC DRBG when used with Mbed Crypto' own entropy callbacks in such
configurations.

This commit fixes this by splitting the seed entropy acquisition into
two calls, one requesting `security_strength` bits first, and another
one requesting `security_strength / 2` bits for the nonce.

Fixes #237.
2019-08-30 11:16:24 +01:00
Jaeden Amero f0716542c4
Merge pull request #140 from yanesca/everest_integration
Everest integration
2019-08-29 16:02:49 +01:00
Jaeden Amero 98d5685b70
Merge pull request #232 from Patater/psa-crypto-api-1.0b3
Make fixes related to using Mbed Crypto as a service
2019-08-29 13:50:10 +01:00
Jaeden Amero 21db2a94a4
Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
2019-08-29 11:31:23 +01:00
Jaeden Amero 6fa62a5b8f psa: Use application key ID where necessary
Avoid compiler errors when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
is set by using the application ID type.

    [Error] psa_crypto_slot_management.c@175,9: used type 'psa_key_id_t' (aka 'psa_key_file_id_t') where arithmetic or pointer type is required
2019-08-28 17:24:27 +01:00
Jaeden Amero 932e496ef5
Merge pull request #224 from tempesta-tech/development
Remove unused TG variable in mbedtls_mpi_gcd()
2019-08-27 12:05:21 +01:00
Jaeden Amero 85c78b48a9
Merge pull request #225 from RonEld/iotssl_2739
Remove a redundant function call
2019-08-23 17:43:58 +01:00
Darryl Green 0892d0fbbf Initialize key bits to max size + 1 in psa_import_key
In psa_import_key, the key bits value was uninitialized before
calling the secure element driver import function. There is a
potential issue if the driver returns PSA_SUCCESS without setting
the key bits. This shouldn't happen, but shouldn't be discounted
either, so we initialize the key bits to an invalid issue.
2019-08-21 16:56:16 +01:00
Darryl Green 572a16e694 Merge branch 'psa-api-1.0-beta' into api-to-development 2019-08-21 10:31:12 +01:00
Christoph M. Wintersteiger c25df6848b Fix code style 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 2c69d10bac 3rdparty: Adjust use of Everest in ecp_supported_curves 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger bfc8eb2b78 Revert "ECDH: Fix memory leaks due to context re-initialization"
This reverts commit 2340f03c597b923c0f427c76b4c3d2cd11638410.
2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger d8c45d5550 Revert "ECDH: Fix context initialization"
This reverts commit 4a43d14146220e8550d6ad87cb798f74ce9ee209.
2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 30bc9cebda ECDH: Fix context initialization 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 2f563e3482 ECDH: Fix memory leaks due to context re-initialization 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 2be66d44a5 ECDH: Remove duplicate lines of code 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger cb31073e1c ECP: add Curve448 to ecp_supported_curves 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 4061f04acd ECDH: Remove unnecessary #include 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 2d4725f204 3rdparty: Rename THIRDPARTY_OBJECTS 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 3ff60bcf1a ECDH/ECDSA: Fix indentation 2019-08-19 13:37:46 +01:00
Gilles Peskine 20b3ef3cad Add mbedtls_ecdh_can_do
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 6ea2dea1c5 3rdparty: Add additional build facilities for 3rd-party code 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger ea24394c03 ECDH: Fix whitespace and permission problems 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger 0082f9df6f ECDSA: Add mbedtls_ecdsa_can_do 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger 62dddd08fd Add new 3rdparty build scripts 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger 2e724a18a1 ECDH: Fix Everest ECDH side type 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger 24fbceff50 ECDH: Everest: Remove unnecessary file 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger 34811a8db2 ECDH: Use LOCAL_CFLAGS instead of CFLAGS 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger c3cbddecb5 ECDH: Fix whitespace, permissions 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger 4936beb513 ECDH: Clean up the interface to Everest code 2019-08-19 13:36:44 +01:00