Jaeden Amero
0e9ff8546b
Merge pull request #224 from ARMmbed/feature-psa-tls-integration-proposed
...
Update with "Mbed TLS using PSA" mini-release
2018-11-23 21:30:23 +00:00
Hanno Becker
9edcc3e8fb
Merge branch 'iotssl-2597-psa-hashing-x509_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 16:00:34 +00:00
Hanno Becker
8295695aca
Merge branch 'iotssl-2578-psa-sig-verification_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 16:00:32 +00:00
Hanno Becker
02f20216bd
Merge branch 'psa_cipher_integration_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:59:26 +00:00
Hanno Becker
6b01a9fa7c
Merge branch 'psa_cipher_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:53:27 +00:00
Hanno Becker
e322d3edd5
Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:53:24 +00:00
Hanno Becker
a96cc8a9fd
Merge branch 'iotssl-2596-opaque-csr-creation_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:47:22 +00:00
Hanno Becker
826987f26c
Merge branch 'iotssl-2574-pk-opaque-tls_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:47:21 +00:00
Hanno Becker
7fde035ddc
Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:47:20 +00:00
Jaeden Amero
dc5f950e25
Merge pull request #223 from ARMmbed/dev/Patater/fix-unused-mac_setup
...
psa: Unused key_bits is OK
2018-11-23 15:35:43 +00:00
Jaeden Amero
82df32e3fd
psa: Unused key_bits is OK
...
When MD or CMAC are disabled, let the compiler know that it is OK that
`key_bits` is set but not used by casting `key_bits` to `(void)`.
2018-11-23 15:20:56 +00:00
Jaeden Amero
565e0bf49d
Merge pull request #212 from ARMmbed/psa-integration-utilities_CRYPTO
...
Mbed TLS integration: Shared code between module-specific integration work
2018-11-23 09:00:22 +00:00
Andrzej Kurek
266d907c87
pk_wrap.c: fix length mismatch check placement
2018-11-22 13:37:14 -05:00
Andrzej Kurek
96cc1b3def
pk_wrap.c: tidy up signature extraction
...
Add a sanity check for signature length, remove superfluous bounds check.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
e30ad542a1
Cosmetic changes
...
Move memset to a more relevant spot, fix one whitespace error
2018-11-22 13:37:14 -05:00
Andrzej Kurek
73bf6b9e00
pk_wrap: rework and tidy up signature extraction
...
Improve comments, use a normal buffer instead of mbedtls_asn1_buf,
remove unneeded variables and use shared utilities where possible.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
688ea8d10d
pk_wrap: reuse a static buffer for signature extraction
...
Use a buffer left over after importing a key to hold an extracted signature.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
3016de3eeb
pk_wrap: rework signature extraction to work with small r and s values
...
There is a probability that r will be encoded as 31 or less bytes in DER,
so additional padding is added in such case.
Added a signature-part extraction function to tidy up the code further.
2018-11-22 13:37:14 -05:00
Manuel Pégourié-Gonnard
7b7808cc76
Add tests for ECDSA verify with short r, s values
...
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte
The signatures were generated using:
programs/pkey/pk_sign tests/data_files/server5.key foo
where foo is an empty file, and with a variant of one of the following patches
applied:
diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
+ printf("\ngenerating r...\n");
+gen:
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
f_rng, p_rng, ECDSA_RS_ECP ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+ size_t bits = mbedtls_mpi_bitlen( pr );
+ printf("%zu ", bits);
+ if( bits != 255 )
+ goto gen;
}
while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
or:
diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
+ printf("\ngenerating r...\n");
+gen:
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+ size_t bits = mbedtls_mpi_bitlen( s );
+ printf("%zu ", bits);
+ if( bits != 247 )
+ goto gen;
}
while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
with the value edited manually between each run to get the desired bit length.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
45fc464156
pk_wrap: improve error codes returned from ecdsa_verify_wrap
...
Use the shared PSA utilities to translate errors.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
ca6330992e
pk_wrap: switch to helper functions defined in psa_util.h
...
Remove duplicated helper functions.
Remove an unnecessary call to psa_crypto_init().
2018-11-22 13:37:14 -05:00
Andrzej Kurek
510ee70501
pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap
...
Adjust tests to pass a valid algorithm
2018-11-22 13:37:14 -05:00
Andrzej Kurek
2f69b1a059
pk_wrap: destroy key slot on errors with policy or key importing
2018-11-22 13:37:14 -05:00
Andrzej Kurek
c097b0fded
pk_wrap: add a check for equal signature parts
2018-11-22 13:37:14 -05:00
Andrzej Kurek
f8c94a811a
pk_wrap: check if curve conversion is successful
2018-11-22 13:37:14 -05:00
Andrzej Kurek
6d49ae9223
pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig
...
Fix a double free error in ecdsa_verify_wrap
2018-11-22 13:37:14 -05:00
Andrzej Kurek
1e3b6865d7
pk_wrap: cosmetic changes
...
Adjust whitespaces and variable names
2018-11-22 13:37:14 -05:00
Andrzej Kurek
39d1f4b29f
pk_wrap.c: add support for ecdsa signature verification using PSA
...
Use PSA internally to verify signatures.
Add a conversion to a raw signature format.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
60ea0fc185
Remove trailing whitespace
2018-11-22 13:02:29 -05:00
Andrzej Kurek
593fccdf97
x509: remove unnecessary calls to psa_hash_abort
...
According to the documentation, it does not need to be called after a failed
psa_hash call.
2018-11-22 12:53:32 -05:00
Andrzej Kurek
78276b1c73
x509: use the PSA API to perform hashing operations
...
So far limited only to certificate verification withour CRL and CSR generation.
2018-11-22 12:53:32 -05:00
Andrzej Kurek
3bd69dda1a
pkwrite: add an explicit cast to size_t
2018-11-22 12:43:53 -05:00
Andrzej Kurek
d6d07909f2
Remove trailing whitespace
2018-11-22 12:43:53 -05:00
Andrzej Kurek
16d6000577
pkwrite: add a safety check before calculating the buffer size
2018-11-22 12:43:53 -05:00
Andrzej Kurek
2f31122585
Cosmetic changes
...
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:43:53 -05:00
Andrzej Kurek
c3de438b8e
Add CSR write testing using opaque keys
...
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:43:53 -05:00
Andrzej Kurek
6f249de706
pkwrite: add opaque key handling for public key exporting
...
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
2018-11-22 12:43:53 -05:00
Gilles Peskine
30b4641011
Merge pull request #219 from ARMmbed/enable_entropy_injection
...
always compile mbedtls_psa_inject_entropy (#219 )
2018-11-22 17:50:54 +01:00
Netanel Gonen
596e65e1a5
Fix indentation
2018-11-22 18:41:43 +02:00
Manuel Pégourié-Gonnard
f83d31260d
Implement key_opaque option to ssl_client2
2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard
ca906fb8b9
Add option key_opaque to ssl_client2 (skeleton)
...
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard
e31411a814
Fix test that wasn't actually effective
...
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
72d94be0de
Improve description of a test
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
2614562212
Add test utility function: wrap_as_opaque()
...
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
29a1325b0d
Guard against PSA generating invalid signature
...
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f4427678ae
Use shared function for error translation
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1e48ebd306
Fix a compliance issue in signature encoding
...
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
615530728f
Improve documentation of an internal function
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f127e6080e
Get rid of large stack buffers in PSA sign wrapper
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
fe8607350c
Add new macro to detemine ECDSA signature length
...
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71
This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 16:39:39 +00:00