Commit graph

7991 commits

Author SHA1 Message Date
Gilles Peskine 35da9a2f2e In psa_asymmetric_encrypt, allow public keys
The code was accepting key pairs only, even though encryption doesn't
require the private key.
2018-09-12 16:41:11 +03:00
Gilles Peskine 6b530867e4 Test importing a key pair as a public key and vice versa 2018-09-12 16:41:11 +03:00
Gilles Peskine 630a18a51e Don't break the rsa context abstraction
This would fail on alternative implementation.
2018-09-12 16:41:11 +03:00
Gilles Peskine 3ff2162d14 Remove salt from asymmetric_{sign,verify}
No common signature algorithm uses a salt (RSA-PKCS#1v1.5, RSA-PSS,
DSA, ECDSA, EdDSA). We don't even take an IV for MAC whereas MAC
algorithms with IV are uncommon but heard of. So remove the salt
parameter from psa_asymmetric_sign and psa_asymmetric_verify.
2018-09-12 16:41:11 +03:00
Gilles Peskine 9911b02f32 Add sign_verify test and use it to smoke-test PSS 2018-09-12 16:41:11 +03:00
Gilles Peskine ebe10de167 Merge remote-tracking branch 'psa/pr/103' into feature-psa 2018-09-12 16:41:11 +03:00
Gilles Peskine 6489bc7a97 Merge pull request #106 from ARMmbed/psa-test_dependencies-201807
Fix some test dependencies
2018-09-12 16:41:11 +03:00
Gilles Peskine b82ab6f402 Improve documentation of abort functions
Explicitly state that calling abort is safe after initializing to
zero.

Explicitly state that calling abort on an inactive operation is safe,
and replace "active" by "initialized" in the description of the
parameter.

Get rid of the recommendation for implementers to try to handle
uninitialized structures safely. It's good advice in principle but
cannot be achieved in a robust way and the wording was confusing.
2018-09-12 16:41:11 +03:00
Jaeden Amero 0794936411 Merge pull request #102 from ARMmbed/dev/Patater/fix-allsh
Fix various issues caught by all.sh
2018-09-12 16:41:11 +03:00
Gilles Peskine 1c211b3e01 Fix some test dependencies
* No test depends on MBEDTLS_PK_C except via MBEDTLS_PK_PARSE_C, so
  remove MBEDTLS_PK_C and keep only MBEDTLS_PK_PARSE_C.
* Add MBEDTLS_PK_WRITE_C for pk export tests.
* Add MBEDTLS_GENPRIME for RSA key generation tests.
* Add dependencies to AEAD tests.
* Add missing dependencies to many RSA tests.
2018-09-12 16:41:11 +03:00
Gilles Peskine be42f312a8 Doxygen: use \c foo in preference to foo for consistency 2018-09-12 16:41:11 +03:00
Jaeden Amero ed35da2b6f Merge pull request #97 from ARMmbed/psa-renamings_for_alpha1
Function renamings for alpha1
2018-09-12 16:41:11 +03:00
Jaeden Amero 67a9351bc5 psa: config: Add MBEDTLS_PSA_CRYPTO_SPM
We failed check-names.sh due to using a define which wasn't described or
defined anywhere. Even though we won't realistically enable
MBEDTLS_PSA_CRYPTO_SPM via the configuration system (and will do it from
PSA Crypto SPM tooling instead), add a description of the configuration to
config.h as good practice. Exclude MBEDTLS_PSA_CRYPTO_SPM from the "full"
configuration as well.
2018-09-12 16:41:11 +03:00
Gilles Peskine 9ac9426731 Doc: clarify the preconditions for psa_cipher_update 2018-09-12 16:41:11 +03:00
Gilles Peskine 2a91d612f5 Merge remote-tracking branch 'psa/pr/94' into feature-psa 2018-09-12 16:41:11 +03:00
Gilles Peskine 61a60376b7 Fix misplaced Doxygen comment 2018-09-12 16:41:11 +03:00
Jaeden Amero b4fa8c9c6d psa: Fix Doxygen comment on psa_get_key_from_slot
We failed all.sh on the "test: doxygen markup outside doxygen blocks" due
to doxygen markup being outside a Doxygen block. Add an extra `*` to the
psa_get_key_from_slot comment to denote the comment as a Doxygen comment.
2018-09-12 16:41:11 +03:00
Gilles Peskine 6ac73a912b Doc: add some missing documentation of function and macro parameters 2018-09-12 16:41:11 +03:00
Gilles Peskine e430b42c4a Merge remote-tracking branch 'psa/pr/90' into feature-psa 2018-09-12 16:41:11 +03:00
Janos Follath 279ab8e69b Prevent leaking plaintext in psa_cipher_finish() 2018-09-12 16:41:11 +03:00
Gilles Peskine fe11951c16 Rename psa cipher functions to psa_cipher_xxx
Make function names for multipart operations more consistent (cipher
edition).

Rename symmetric cipher multipart operation functions so that they all
start with psa_cipher_:

* psa_encrypt_setup -> psa_cipher_encrypt_setup
* psa_decrypt_setup -> psa_cipher_decrypt_setup
* psa_encrypt_set_iv -> psa_cipher_set_iv
* psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-09-12 16:41:11 +03:00
Gilles Peskine dda3bd344d Doc: Minor formatting and copy fixes 2018-09-12 16:41:11 +03:00
Gilles Peskine 3286d46dcc Merge remote-tracking branch 'psa/pr/69' into feature-psa 2018-09-12 16:41:11 +03:00
Gilles Peskine ab4152b3d4 Diversify export tests without the export usage flag
Test both with a symmetric key and with a key pair.
2018-09-12 16:41:11 +03:00
Janos Follath 315b51c22d Fix memory leak in psa_cipher_finish() 2018-09-12 16:41:11 +03:00
Gilles Peskine fbfac6867b Simplify algorithm checking logic in MAC functions
Use if-else-if chains rather than switch because many blocks apply to
a class of algoritmhs rather than a single algorithm or a fixed set
of algorithms.

Call abort on more error paths that were missed earlier.
2018-09-12 16:41:11 +03:00
Gilles Peskine fa4070c50b Doc: Fix some \c name that should have been \p name 2018-09-12 16:41:11 +03:00
Gilles Peskine aefb9d0cdd Merge remote-tracking branch 'psa/pr/85' into feature-psa 2018-09-12 16:41:11 +03:00
Mohammad Abo Mokh a5c7b7d0dd Style fixes 2018-09-12 16:41:11 +03:00
Gilles Peskine 76f5c7b6a8 Tests: cover policy checks for all operations
Add tests of key policy checks for MAC, cipher, AEAD, asymmetric
encryption and asymmetric signature. For each category, test
with/without the requisite usage flag in each direction, and test
algorithm mismatch.
2018-09-12 16:41:11 +03:00
Janos Follath 25c4fa8fb0 Fix copy paste error PSA test suite
At this point it fixes memory leaks as well. These memory leaks are the
fault of the 'psa_cipher_finish()' function and the calls fixed in this
commit (among with many others in the test suite) will become obsolete
after fixing 'psa_cipher_finish()'.
2018-09-12 16:41:11 +03:00
Gilles Peskine 5d0b864944 Streamline cleanup logic in MAC finish
Reorganize error handling code in psa_mac_finish_internal,
psa_mac_sign_finish and psa_mac_verify finish to ensure that:

* psa_mac_abort() is always called, on all success and error paths.
* psa_mac_finish places a safe value in the output parameters on
  all error paths, even if abort fails.
2018-09-12 16:41:11 +03:00
Gilles Peskine 3fa675cd97 Doc: generate_key: improve documentation of \p extra 2018-09-12 16:41:11 +03:00
Gilles Peskine 0c938be967 Merge remote-tracking branch 'psa/pr/67' into feature-psa 2018-09-12 16:41:11 +03:00
Gilles Peskine 1d96fff61a In psa_mac_finish, write a safe output even in the BAD_STATE case 2018-09-12 16:41:11 +03:00
mohammad1603 2701005b46 Modifications for psa-crypto in order to integrate with SPM
Add required includes in tests and psa_crypto.c file in order to be able to compilef for the SPM solution.
Some functions needed to be deprecated from psa_crypto.c since they already implemented in the SPM.
2018-09-12 16:41:11 +03:00
Gilles Peskine 69e033aea0 RSA encryption: accept input=NULL if ilen=0
In mbedtls_rsa_rsaes_oaep_encrypt and
mbedtls_rsa_rsaes_pkcs1_v15_encrypt, if the input length is 0 (which
is unusual and mostly useless, but permitted) then it is fine for the
input pointer to be NULL. Don't return an error in this case.

When `input` is NULL, `memcpy( p, input, ilen )` has undefined
behavior even if `ilen` is zero. So skip the `memcpy` call in this
case. Likewise, in `mbedtls_rsa_rsaes_oaep_decrypt` and
`mbedtls_rsa_rsaes_pkcs1_v15_decrypt`, skip the `memcpy` call if
`*olen` is zero.
2018-09-12 16:41:11 +03:00
Gilles Peskine 89167cb597 Split psa_mac_setup -> psa_mac_{sign,verify}_setup
Make function names for multipart operations more consistent (MAC
setup edition).

Split psa_mac_setup into two functions psa_mac_sign_setup and
psa_mac_verify_setup. These functions behave identically except that
they require different usage flags on the key. The goal of the split
is to enforce the key policy during setup rather than at the end of
the operation (which was a bit of a hack).

In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is
of the wrong type, abort the operation before returning BAD_STATE.
2018-09-12 16:41:11 +03:00
Gilles Peskine 4c317f4b4c generate_key: define a structure type for RSA extra parameters 2018-09-12 16:41:11 +03:00
Jaeden Amero 4ac56baa3a Merge pull request #80 from ARMmbed/psa-crypto_sizes_header_creation
Create psa/crypto_size.h
2018-09-12 16:41:11 +03:00
Jaeden Amero bbf97e3cf1 psa: Pass hash_length with explicit types
The RSA module uses unsigned int for hash_length. The PSA Crypto API
uses size_t for hash_length. Cast hash_length to unsigned int when
passed to the hash module.
2018-09-12 16:41:11 +03:00
Gilles Peskine aee13338b3 Fix safe output length in hash and mac finish
In psa_hash_finish and psa_mac_finish_internal, set the fallback
output length (which is reported on error) to the output buffer size,
not to the _expected_ buffer size which could be larger.
2018-09-12 16:41:11 +03:00
mohammad1603 3d91abefac Use PSA_BLOCK_CIPHER_BLOCK_SIZE() macro to get the cipher block size
Use PSA_BLOCK_CIPHER_BLOCK_SIZE() macro to get the cipher block size instead of accessing the operation struct
additionally, for SPM case, the 'block_size' member is not a member in the operation struct
2018-09-12 16:41:11 +03:00
Gilles Peskine ab1d7ab89f Don't call psa_get_key_information internally
When you have a key slot pointer, read the key type directly, and call
psa_get_key_bits to get the bit size.
2018-09-12 16:41:11 +03:00
Gilles Peskine acd4be36fa Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish
Make function names for multipart operations more consistent (MAC
finish edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine 53d991e655 generate_key: rename \p parameters to \p extra
\p parameters is a confusing name for a function parameter. Rename it
to \p extra.
2018-09-12 16:41:11 +03:00
Gilles Peskine 0e60fd536e Merge remote-tracking branch 'psa/pr/68' into feature-psa 2018-09-12 16:41:11 +03:00
Gilles Peskine 07c91f5df3 Add notes about the purpose and usage of auxiliary header files 2018-09-12 16:41:11 +03:00
Jaeden Amero 23bbb757ad psa: Pass the number of bits with explicit types
The GCM, CCM, RSA, and cipher modules inconsistently use int or unsigned
int for a count of bits. The PSA Crypto API uses size_t for counting
things. This causes issues on LLP64 systems where a size_t can hold more
than an unsigned int. Add casts for where key_bits and bits are passed to
mbedtls_* APIs.
2018-09-12 16:41:11 +03:00
Gilles Peskine 02b750781f Factor duplicated code into exercise_key
Also fail the test if the test code lacks a way to exercise the key.
2018-09-12 16:41:11 +03:00