Gilles Peskine
4295e8b9c5
Rework PSA curve to mbedlts group id conversion
...
Don't rely on the bit size encoded in the PSA curve identifier, in
preparation for removing that.
For some inputs, the error code on EC key creation changes from
PSA_ERROR_INVALID_ARGUMENT to PSA_ERROR_NOT_SUPPORTED or vice versa.
There will be further such changes in subsequent commits.
2020-01-31 10:15:32 +01:00
Gilles Peskine
c7ef5b3f45
Rework mbedlts group id to PSA curve conversion
...
Don't rely on the PSA curve identifier determining the key size, in
preparation for removing that.
2020-01-31 10:15:32 +01:00
Gilles Peskine
2eea95cb5d
Extract the block size from the key type encoding
2020-01-31 10:15:32 +01:00
Gilles Peskine
7bfcfac164
Change key type encodings to avoid bit 16
...
Key types are now encoded through a category in the upper 4 bits (bits
28-31) and a type-within-category in the next 11 bits (bits 17-27),
with bit 16 unused and bits 0-15 only used for the EC curve or DH
group.
For symmetric keys, bits 20-22 encode the block size (0x0=stream,
0x3=8B, 0x4=16B).
2020-01-31 10:15:32 +01:00
Gilles Peskine
8fe6e0de3a
Symmetric key types only use the upper 16 bits of psa_key_type_t
...
Change the numerical encoding of values for symmetric key types to
have 0000 as the lower 16 bits. Now the lower 16 bits are only used
for key types that have a subtype (EC curve or DH group).
2020-01-31 10:15:32 +01:00
Manuel Pégourié-Gonnard
350d4c3630
Merge pull request #327 from gilles-peskine-arm/psa-hash_compute
...
Implement psa_hash_compute and psa_hash_compare
2020-01-31 09:31:41 +01:00
Gilles Peskine
13faa2d920
Don't declare a parameter as const
...
An earlier commit fixed this for psa_hash_compare. psa_mac_verify had
the same flaw.
2020-01-30 16:32:21 +01:00
Gilles Peskine
88e08464f5
Add dedicated test cases for psa_hash_compare
...
psa_hash_compare is tested for good cases and invalid-signature cases
in hash_compute_compare. Also test invalid-argument cases. Also run a
few autonomous test cases with valid arguments.
2020-01-30 12:27:14 +01:00
Gilles Peskine
29eb80d26c
Remove some spurious dependencies on MBEDTLS_SHA256_C
2020-01-30 12:27:14 +01:00
Gilles Peskine
fa710f5c6a
Don't declare a parameter as const
...
Whether a parameter should be const is an implementation detail of the
function, so don't declare a parameter of psa_hash_compare as
const. (This only applies to parameters themselves, not to objects
that pointer parameters points to.)
2020-01-30 12:27:14 +01:00
Gilles Peskine
1fb7aea9b3
Add command line option to hide warnings
2020-01-30 12:27:14 +01:00
Gilles Peskine
84b8fc8213
Use psa_hash_compute in psa_hmac_setup_internal
2020-01-30 12:27:14 +01:00
Gilles Peskine
7b8efaffaa
Add missing dependencies on MBEDTLS_MD_C
...
The PSA implementations of deterministic ECDSA, of all RSA signatures
and of RSA OAEP use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine
aead02cce9
Remove obsolete dependencies on MBEDTLS_MD_C
...
The PSA implementation of hash algorithms, HMAC algorithms and KDF
algorithms using HMAC no longer use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine
0a749c8fa3
Implement and test psa_hash_compute, psa_hash_compare
2020-01-30 12:27:12 +01:00
Manuel Pégourié-Gonnard
f712e163b0
Merge pull request #179 from mpg/sha512-no-sha384
...
Add option to build SHA-512 without SHA-384
2020-01-30 10:32:20 +01:00
Janos Follath
8b38978b85
Merge pull request #349 from gilles-peskine-arm/coverity-20200115-crypto
...
Fix minor defects found by Coverity
2020-01-29 15:05:11 +00:00
Manuel Pégourié-Gonnard
74ca84a7a9
Fix some whitespace issues
2020-01-29 09:46:49 +01:00
Manuel Pégourié-Gonnard
358462df85
Merge pull request #354 from mpg/fix-ecdsa-pointer-inc
...
Fix incrementing pointer instead of value
2020-01-28 09:26:28 +01:00
Janos Follath
1146b4e060
Merge pull request #348 from yanesca/bump-version-to-mbed-tls-2.20.0
...
Bump version to Mbed TLS 2.20.0 and crypto SO version to 4
2020-01-27 15:56:45 +00:00
Manuel Pégourié-Gonnard
ee4ba54d8d
Fix incrementing pointer instead of value
...
This was introduced by a hasty search-and-replace that didn't account for C's
operator precedence when changing those variables to pointer types.
2020-01-24 12:11:56 +01:00
Manuel Pégourié-Gonnard
2b9b780ac0
Rename internal macro for consistency
...
Other modules have similar internal macros using _LENGTH in the name.
2020-01-24 11:01:02 +01:00
Manuel Pégourié-Gonnard
b7f7092f57
Remove preprocessor directive for consistency
...
Other cases in this switch statement aren't guarded either.
2020-01-24 10:59:08 +01:00
Manuel Pégourié-Gonnard
3a3b5c7827
Improve doxygen formatting
2020-01-24 10:57:25 +01:00
Gilles Peskine
84984ae220
Add missing return code check on calls to mbedtls_md()
2020-01-21 16:52:08 +01:00
Gilles Peskine
9018b11302
Check that mbedtls_mpi_grow succeeds
2020-01-21 16:30:53 +01:00
Gilles Peskine
292672eb12
If ASSERT_ALLOC_WEAK fails, mark the test as skipped, not passed
...
This was the intended behavior of ASSERT_ALLOC_WEAK all along, but
skipping was not implemented yet when ASSERT_ALLOC_WEAK was
introduced.
2020-01-21 16:20:04 +01:00
Gilles Peskine
42a1acfd0e
get_len_step: Fix end-of-buffer calculation when buffer_size==0
...
Fix get_len_step when buffer_size==0. The intent of this test is to
ensure (via static or runtime buffer overflow analysis) that
mbedtls_asn1_get_len does not attempt to access beyond the end of the
buffer. When buffer_size is 0 (reached from get_len when parsing a
1-byte buffer), the buffer is buf[1..1] because allocating a 0-byte
buffer might yield a null pointer rather than a valid pointer. In this
case the end of the buffer is p==buf+1, not buf+buffer_size which is
buf+0.
The test passed because calling mbedtls_asn1_get_len(&p,end,...) with
end < p happens to work, but this is not guaranteed.
2020-01-21 16:12:07 +01:00
Janos Follath
2e9f108fbd
Bump version to Mbed TLS 2.20.0
2020-01-21 14:08:26 +00:00
Gilles Peskine
a2bdcb9e3a
Remove redundant block_size validity check
...
Check the value only once, as soon as we've obtained it.
2020-01-21 15:02:14 +01:00
Janos Follath
d27a88438f
Merge branch 'development' into development-restricted
2020-01-15 15:55:11 +00:00
Jaeden Amero
a337167543
Merge pull request #342 from Patater/reseed-counter-value-comment
...
ctr_drbg: Clarify reseed_counter values before seeding
2020-01-10 13:49:33 +00:00
Jaeden Amero
a15c71374b
ctr_drbg: Clarify reseed_counter values before seeding
...
Before the initial seeding, reseed_counter used to always be 0. Now, the
value depends on whether or not the user has explicitly set the amount
of data to get from the nonce (via e.g.
mbedtls_ctr_drbg_set_nonce_len()). Add comments to clarify the possible
values reseed_counter can have before the initial seeding.
2020-01-09 13:48:52 +00:00
Manuel Pégourié-Gonnard
1e6fb01448
Make SHA512_NO_SHA384 depend on SHA512_C
2020-01-07 11:00:34 +01:00
Manuel Pégourié-Gonnard
86a39bdbc5
Improve readability of test dependencies
...
- Always put MBEDTLS_SHA512_NO_SHA384 immediately after MBEDTLS_SHA512_C
- Remove duplicate occurrences of MBEDTLS_SHA512_NO_SHA384 on the same line
2020-01-07 10:24:17 +01:00
Manuel Pégourié-Gonnard
2d88549c6b
Improve readability of macro in selftest
2020-01-07 10:17:35 +01:00
Manuel Pégourié-Gonnard
0b9db441c8
Make optional parameter validation more precise
2020-01-07 10:14:54 +01:00
Manuel Pégourié-Gonnard
792b16d83b
Make more code paths conditional in psa_crypto.c
2020-01-07 10:13:18 +01:00
Manuel Pégourié-Gonnard
663ee2019a
Clarify documentation on is384.
2020-01-07 10:11:22 +01:00
Manuel Pégourié-Gonnard
20f236de37
Adjust depends-hashes.pl to test NO_SHA384 as well
2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard
d602084cde
Implement NO_SHA384 in MD layer and PSA
2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard
6ba5a3fc57
Declare test dependencies on !SHA512_NO_SHA384
2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard
39ea19a35c
Adapt sha512 selftest to NO_SHA384 option
2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard
3df4e60561
Implement SHA512_NO_SHA384 in sha512 module
...
Saves 140 bytes on sha512.o, measured with:
arm-none-eabi-gcc -Wall -Wextra -Iinclude -Os -mcpu=cortex-m0plus -mthumb -c library/sha512.c && arm-none-eabi-size sha512.o
arm-none-eabi-gcc (GNU Tools for Arm Embedded Processors 7-2018-q2-update) 7.3.1 20180622 (release) [ARM/embedded-7-branch revision 261907]
Todo:
- fix selftest
- fix dependencies in test suites
- implement in MD layer
2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard
ad6cb11461
Declare new config.h option MBEDTLS_SHA512_NO_SHA384
2020-01-06 11:40:23 +01:00
Jaeden Amero
448d1cc854
Merge pull request #334 from dgreen-arm/fix-pylint-warnings
...
Fix some pylint warnings
2019-12-20 16:06:53 +00:00
Darryl Green
1822061093
Fix some pylint warnings
...
Add docstrings where they were missing and fix a too-long line
2019-12-20 15:13:45 +00:00
Gilles Peskine
180850a229
Merge pull request #291 from gilles-peskine-arm/ctr_drbg-test_aes_128
...
Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-12-20 10:43:44 +01:00
Jaeden Amero
795c6bab62
Merge pull request #323 from yanesca/iotcrypt-942-initialise-return-values
...
Initialise return values to an error
2019-12-19 10:24:22 +00:00
Jaeden Amero
16027956cd
Merge pull request #333 from gilles-peskine-arm/psa-streamline_encodings-prepare_for_types
...
Streamline PSA key type encodings: prepare
2019-12-13 09:39:03 +00:00