Commit graph

3871 commits

Author SHA1 Message Date
Gilles Peskine 48c0ea14c6 Remove PSA_KEY_TYPE_IS_RAW_BYTES from crypto.h
It isn't used to define other macros and it doesn't seem that useful
for users. Remove it, we can reintroduce it if needed.

Define a similar function key_type_is_raw_bytes in the implementation
with a clear semantics: it's a key that's represented as a struct
raw_data.
2018-09-12 16:24:50 +03:00
Gilles Peskine 9ad29e2bee Add what little was missing to fully support DES
Also add what was missing in the test suite to support block ciphers
with a block size that isn't 16.

Fix some buggy test data that passed only due to problems with DES
support in the product.
2018-09-12 16:24:50 +03:00
Gilles Peskine 9a94480685 Convert ERR_ASN1 error codes to PSA
This fixes the error code when psa_export_key on an asymmetric key
reports that the output buffer is too small.
2018-09-12 16:24:50 +03:00
Gilles Peskine b54979a297 Refuse non-byte-sized raw data keys
Since the key size is stored in bytes, we can't have a key whose size
isn't a whole number of bytes.
2018-09-12 16:24:50 +03:00
Gilles Peskine c06e07128c Favor INVALID_ARGUMENT over NOT_SUPPORTED for bad algorithm types
In psa_hash_start, psa_mac_start and psa_cipher_setup, return
PSA_ERROR_INVALID_ARGUMENT rather than PSA_ERROR_NOT_SUPPORTED when
the algorithm parameter is not the right category.
2018-09-12 16:23:54 +03:00
Gilles Peskine 248051acb6 Add missing #ifdef guards around psa_hmac_start 2018-09-12 16:23:54 +03:00
Gilles Peskine 16c0f4f787 Fix potential memory corruption on MAC/cipher setup failure
When psa_mac_start(), psa_encrypt_setup() or psa_cipher_setup()
failed, depending on when the failure happened, it was possible that
psa_mac_abort() or psa_cipher_abort() would crash because it would try
to call a free() function uninitialized data in the operation
structure. Refactor the functions so that they initialize the
operation structure before doing anything else.

Add non-regression tests and a few more positive and negative unit
tests for psa_mac_start() and psa_cipher_setup() (the latter via
psa_encrypt_setip()).
2018-09-12 16:23:53 +03:00
Gilles Peskine 12313cd84c Implement psa_generate_key: AES, DES, RSA, ECP
In the test cases, try exporting the generated key and perform sanity
checks on it.
2018-09-12 16:22:51 +03:00
Gilles Peskine e66ca3bbf3 psa_export_key: zero out potential garbage in the output buffer
In psa_export_key, ensure that each byte of the output buffer either
contains its original value, is zero, or is part of the actual output.
Specifically, don't risk having partial output on error, and don't
leave extra data at the end of the buffer when exporting an asymmetric
key.

Test that exporting to a previously zeroed buffer leaves the buffer
zeroed outside the actual output if any.
2018-09-12 16:22:51 +03:00
Gilles Peskine 0e2315859f psa_export_key: fix asymmetric key in larger buffer
Exporting an asymmetric key only worked if the target buffer had
exactly the right size, because psa_export_key uses
mbedtls_pk_write_key_der or mbedtls_pk_write_pubkey_der and these
functions write to the end of the buffer, which psa_export_key did not
correct for. Fix this by moving the data to the beginning of the
buffer if necessary.

Add non-regression tests.
2018-09-12 16:22:51 +03:00
Gilles Peskine 05d69890ee Implement psa_generate_random 2018-09-12 16:22:51 +03:00
Gilles Peskine 0ff4b0f7f9 psa_import_key: validate symmetric key size
When importing a symmetric key, validate that the key size is valid
for the given key type.

Non-supported key types may no longer be imported.
2018-09-12 16:22:51 +03:00
Gilles Peskine e3b07d81d6 Fix build without CMAC
Add missing guard for MBEDTLS_CMAC_C.
2018-09-12 16:22:51 +03:00
Gilles Peskine 828ed149d5 Rename MBEDTLS_xxx macros in psa_crypto.c to placate check-names.sh 2018-09-12 16:22:51 +03:00
Gilles Peskine 34ef7f5a55 Check the curve of an elliptic curve key on import
psa_import_key must check that the imported key data matches the
expected key type. Implement the missing check for EC keys that the
curve is the expected one.
2018-09-12 16:19:04 +03:00
Gilles Peskine b3e6e5deeb Rename hash max sizes for consistency
Use "hash" throughout the library, not "md" as in Mbed TLS.
2018-09-12 16:19:04 +03:00
Gilles Peskine 7bcfc0a9ae Be more consistent about blank lines 2018-09-12 16:18:04 +03:00
Gilles Peskine 803ce7402a Change sizeof(type) to sizeof(variable) 2018-09-12 16:18:04 +03:00
Gilles Peskine c1bb6c8dcc Formatting improvements
Avoid lines longer than 80 columns.

Remove some redundant parentheses, e.g. change
    if( ( a == b ) && ( c == d ) )
to
    if( a == b && c == d )
which makes lines less long and makes the remaining parentheses more
relevant.

Add missing parentheses around return statements.

There should be no semantic change in this commit.
2018-09-12 16:18:02 +03:00
Gilles Peskine 2d2778650b Normalize whitespace
Normalize whitespace to Mbed TLS standards. There are only whitespace
changes in this commit.
2018-09-12 16:15:52 +03:00
Gilles Peskine 6de7a179c8 Fix file permissions
Some files were marked as executable but shouldn't have been.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein aa5aea0bac fix spaces and add braces 2018-09-12 16:13:49 +03:00
Nir Sonnenschein e9664c30f0 space and style fixes 2018-09-12 16:13:49 +03:00
Nir Sonnenschein 9627241beb change macro PSA_HASH_BLOCK_SIZE to function psa_get_hash_block_size 2018-09-12 16:13:49 +03:00
Nir Sonnenschein 5ca6547b77 Renamed hmac_ctx to opad and removed null check.
this array is now part of the struct and not dynamically allocated
so it can't be null.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein caec7f0c49 Fix rename issue missed by re-base 2018-09-12 16:13:49 +03:00
Gilles Peskine d223b52a9a psa_hmac_start: reduce stack usage
Store the temporary key in the long-key case (where the key is first
hashed) directly into ipad. This reduces the stack usage a little, at
a slight cost in complexity.
2018-09-12 16:13:49 +03:00
Gilles Peskine 6a0a44e167 HMAC: clean up local variables containing key material
In psa_mac_start, the hash of the key and ipad contain material that
can be used to make HMAC calculations with the key, therefore they
must be wiped.

In psa_mac_finish_internal, tmp contains an intermediate value which
could reveal the HMAC. This is definitely sensitive in the verify case,
and marginally sensitive in the finish case (it isn't if the hash
function is ideal, but it could make things worse if the hash function
is partially broken).
2018-09-12 16:13:49 +03:00
Gilles Peskine c102e3ce4b psa_hmac_start: simplify key_length logic in hash-the-key case 2018-09-12 16:13:49 +03:00
Gilles Peskine e1bc6800cc psa_hmac_start: remove useless casts 2018-09-12 16:13:49 +03:00
Gilles Peskine 7e454bc19f Split out CMAC and HMAC code into auxiliary functions
Split algorithm-specific code out of psa_mac_start. This makes the
function easier to read.

The behavior is mostly unchanged. In a few cases, errors before
setting a key trigger a context wipe where they didn't. This is a
marginal performance loss but only cases that are an error in caller
code.
2018-09-12 16:13:49 +03:00
Gilles Peskine 99bc649760 Normalize whitespace to Mbed TLS standards
Only whitespace changes in this commit.
2018-09-12 16:13:49 +03:00
Gilles Peskine ef057ac8ed Remove dead code
Remove an unused function and an unused variable. Now the code builds
with gcc -Wall -Wextra -Werror.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein 084832d65f replace get_block_size_from_hash_algorithm with PSA_HASH_BLOCK_SIZE macro 2018-09-12 16:13:49 +03:00
Nir Sonnenschein 35dfbf4601 change hmac context to use statically allocated memory
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein 0c9ec53a10 remove reliance on md_info context for hash information
1. remove reliance on md_info context for hash information by decoding locally
2. remove block_size field in context as this is dynamically computed
2018-09-12 16:13:49 +03:00
Nir Sonnenschein eeace0bf7f Code style fix : changed keylen to key_length 2018-09-12 16:13:49 +03:00
Nir Sonnenschein 7810be273a Code correction: remove unneeded sizeof 2018-09-12 16:13:49 +03:00
Nir Sonnenschein dcd636a73f Commit changes to hmac to not use MD abstraction
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
Gilles Peskine 8605428dcf Merge remote-tracking branch 'psa/pr/27' into feature-psa 2018-09-05 12:46:19 +03:00
Gilles Peskine c4def2f228 Add input length check in psa_asymmetric_decrypt
Remove output size check which is not needed here and was copypasta.

Add non-regression tests.
2018-09-05 12:44:18 +03:00
Gilles Peskine b75e4f1314 Remove ECC boilerplate in asymmetric encrypt/decrypt
We don't have any encryption algorithm using ECC keys at the moment.
2018-09-05 12:44:17 +03:00
Gilles Peskine beb4948d10 Add RSA PSS verification (untested) 2018-09-05 12:44:17 +03:00
Gilles Peskine 625b01c9c3 Add OAEP placeholders in asymmetric encrypt/decrypt
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.

Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine 8b18a4fef3 Rename verify_RSA_hash_input_and_get_md_type
Give it a shorter name that's more in line with our naming conventions.
2018-09-05 12:44:17 +03:00
Gilles Peskine 61b91d4476 Normalize whitespace to Mbed TLS standards
Only whitespace changes in this commit.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein 1c2a7ea4e2 Allow psa_asymmetric_verify and psa_asymmetric_encrypt to use public key only. 2018-09-05 12:44:17 +03:00
Nir Sonnenschein d708260de4 add key policy enforcement implementation
add checks that keys have been set for the correct usage for asymmetric
functions.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein ca466c89b0 Set output length to safe value 2018-09-05 12:44:17 +03:00
Nir Sonnenschein c460291714 Re-Add ECC verification code which was not properly merged in re-base. 2018-09-05 12:44:17 +03:00
Nir Sonnenschein 4db79eb36b Extract common code
Make code easier to maintain.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein 717a040df5 Remove duplicate / unneeded code
1. remove duplicate function introduced by re-base
2. remove unneeded code
2018-09-05 12:44:17 +03:00
Gilles Peskine 5b051bc608 Remove trailing whitespace
Only horizontal whitespace changes in this commit.
2018-09-05 12:44:12 +03:00
Gilles Peskine 6afe789d4c Finish renaming around PSA_ALG_IS_RSA_PKCS1V15
Now the code compiles. Some OAEP and PSS macros may still need to be fixed.
2018-09-05 12:41:53 +03:00
Gilles Peskine d6125ca63b Merge remote-tracking branch 'psa/pr/24' into feature-psa 2018-09-05 12:41:53 +03:00
Nir Sonnenschein 4f594eca40 remove check for key pair (public key should be enough for verification) 2018-09-05 12:41:53 +03:00
Nir Sonnenschein 7f5a31915b code fixes for internal code review:
1. change to correct error code
2. removed unneeded comment
2018-09-05 12:41:53 +03:00
Nir Sonnenschein 39e59144f6 added support for PKCSv1.5 signature verification and encryption/decryption and very basic tests. 2018-09-05 12:41:53 +03:00
Gilles Peskine bb1072f642 Fix use of mbedtls_cipher_info_from_psa
One branch added an extra argument, the other branch added a call of
this function. Pass the extra argument on the code from the other
branch.
2018-09-05 12:41:52 +03:00
Gilles Peskine 84861a95ca Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa 2018-09-05 12:41:52 +03:00
Gilles Peskine 154bd95131 psa_destroy_key: return SUCCESS on an empty slot
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine 71bb7b77f0 Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
mohammad1603 fc614b1e0e fix parentheses 2018-09-05 12:41:52 +03:00
mohammad1603 e109f21638 remove unnecessary check for block size 2018-09-05 12:41:52 +03:00
mohammad1603 a1d9801683 add slot validation 2018-09-05 12:41:52 +03:00
mohammad1603 e3cb8a8d8b return PSA_ERROR_BUFFER_TOO_SMALL intead of PSA_ERROR_INVALID_ARGUMENT 2018-09-05 12:41:52 +03:00
mohammad1603 6b4d98cf78 remove trailing spaces 2018-09-05 12:41:52 +03:00
mohammad1603 5ed0621dd4 aligned with coding standards - line length 2018-09-05 12:41:52 +03:00
mohammad1603 f14394b25f add policy checks 2018-09-05 12:41:52 +03:00
mohammad1603 96910d807e fix block size depending on algorithm 2018-09-05 12:41:51 +03:00
mohammad1603 60a64d079a remove unnecessary argument to the psa_aead_unpadded_locate_tag function 2018-09-05 12:41:51 +03:00
mohammad1603 15223a8b89 write the tag directly on the ciphertext buffer. 2018-09-05 12:41:51 +03:00
mohammad1603 4fc744f8af change the check of block size for all supported algorithms 2018-09-05 12:41:51 +03:00
mohammad1603 0f21465175 use mbedtls_cipher_info_from_psa to get cipher ID 2018-09-05 12:41:51 +03:00
mohammad1603 f58aa6ade6 use memset instead of mbedtils_zeroize 2018-09-05 12:41:51 +03:00
mohammad1603 554faad260 return NOT_SUPPORTED instead of INVLID_ARGUMENT 2018-09-05 12:41:51 +03:00
mohammad1603 95893f834d remove usless cast 2018-09-05 12:41:51 +03:00
mohammad1603 f08a550e68 set output length to zero to cover output length in error case 2018-09-05 12:41:51 +03:00
mohammad1603 f4f0d612ba change mbedtls_cipher_info_from_psa to provide cipher_id also 2018-09-05 12:41:51 +03:00
mohammad1603 9375f8403a fix code offsets after rebase 2018-09-05 12:41:51 +03:00
Gilles Peskine ee652a344c Fix psa_aead_decrypt to read the tag at the end of the ciphertext 2018-09-05 12:41:51 +03:00
Gilles Peskine a40d77477d Whitespace fixes
Changed indentation to match Mbed TLS style. Wrapped some lines to 80 columns.
2018-09-05 12:41:51 +03:00
mohammad1603 39574652ae add else for not supported algorithm 2018-09-05 12:38:18 +03:00
mohammad1603 5c8845f563 return invalid argument for unsupported algorithms 2018-09-05 12:38:18 +03:00
mohammad1603 e58e68458e fix condition over key type 2018-09-05 12:38:18 +03:00
mohammad1603 17638efc46 remove unused variable 2018-09-05 12:38:18 +03:00
mohammad1603 dad36fa855 add Key and Algorithm validation 2018-09-05 12:38:18 +03:00
mohammad1603 a7e6df76ea Validation fixes for key_type 2018-09-05 12:38:18 +03:00
mohammad1603 4f5eb7cb54 Fill the the output buffer with zero data in case of failure 2018-09-05 12:38:18 +03:00
mohammad1603 6bbd8c75dc Remove unnecessary cast
Remove unnecessary cast
2018-09-05 12:38:18 +03:00
mohammad1603 db6247315f Parameters validation fixes
Fix key_type validation test and no need to ask for place for tag in decryption
2018-09-05 12:38:18 +03:00
mohammad1603 ce5cba9a6a unify the concatenation of the tag and update output length 2018-09-05 12:38:18 +03:00
mohammad1603 9e5a515aa8 Fix parameter validation 2018-09-05 12:38:18 +03:00
mohammad1603 47ddf3d544 Concatenate the tag to the output buffer
Concatenate the tag to the output buffer.
2018-09-05 12:38:18 +03:00
mohammad1603 5955c98779 Initial implementation of the AEAD decrypt/encrypt APIs
Initial implementation for the AEAD APIs, missing the following:
* Concatenation of the tag to the output buffer.
* Updated documentation of the new functions.
* argument validations
* tests
2018-09-05 12:38:18 +03:00
Gilles Peskine 3aa8efb230 Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa 2018-09-05 12:38:17 +03:00
Gilles Peskine 2c5219a06d Whitespace normalization
No semantic change.
2018-09-05 12:14:29 +03:00
Gilles Peskine 5351420b3e Use block local variable for padding_mode for readability
No intended behavior change.
2018-09-05 12:14:29 +03:00
Moran Peker 7cb22b8327 abort operation before return + fix error checks 2018-09-05 12:14:29 +03:00
Gilles Peskine 89d789c9bc Refactor some argument checks for readability
No intended behavior change.
2018-09-05 12:14:29 +03:00