yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 07:21:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
8147 commits 88 branches 205 tags 69 MiB
Commit graph

8147 commits

This branch
This branch
All branches
Author SHA1 Message Date
Simon Butcher 5f62a5731c Merge remote-tracking branch 'public/pr/2226' into development-psa-proposed 2018-11-23 22:11:37 +00:00
Jaeden Amero 3aad836e36 Update crypto submodule to mbedcrypto-0.1.0b 2018-11-23 21:39:32 +00:00
Simon Butcher 60ee838a8a Merge remote-tracking branch 'public/pr/2224' into development-psa-proposed 2018-11-23 21:18:32 +00:00
Jaeden Amero bb225f7914 Merge remote-tracking branch 'upstream-public/pr/2225' into development-psa-proposed 2018-11-23 17:37:04 +00:00
Jaeden Amero 720d9a6056 psa: Update submodule to include CMake fix 
CMake with ASan would fail when building crypto as a submodule. The latest
version of the submodule has a fix for this error.
 2018-11-23 16:06:29 +00:00
Jaeden Amero b1c48d3d83 psa: Include PSA headers for tests and programs 
Programs and tests need to be able to use PSA header files when
USE_CRYPTO_SUBMODULE and MBEDTLS_USE_PSA_CRYPTO are set. Add the crypto
submodule include folder, which contains psa headers, after the main
include folder so that psa headers can be found and crypto submodule
headers don't take precedence over mbedtls headers.
 2018-11-23 15:22:44 +00:00
Hanno Becker ee81756a51 Fix wrong cmake invocation in all.sh testing MBEDTLS_USE_PSA_CRYPTO 
It should be `cmake -D VAR=1` instead of `cmake -D VAR`.
 2018-11-23 15:08:32 +00:00
Simon Butcher ebeb6cb446 Update library version to 2.15.0 2018-11-23 14:18:15 +00:00
Hanno Becker 46b79c14ad Merge remote-tracking branch 'remote_jaeden/dev/patater/avoid-check-files-todo-dev' into development-psa-proposed 2018-11-23 13:40:44 +00:00
Hanno Becker cdb31172e7 Temporarily update crypto-submodule target branch 
This is a temporary commit to allow us to test this
proposed branch against the sibling proposed branch
on mbedtls-psa.
 2018-11-23 13:38:38 +00:00
Jaeden Amero 80a23a5bc4 check-files: Don't check same-named files 
The check-files script contains the strings "TODO" and "todo" in order to
search for files that contain TODO items. So, any check-files script would
need to be excluded from the list of files that gets checked for "TODO".
Normally, the script excludes itself from checks, but with the addition of
the crypto submodule, there is another copy of the script present from the
project root. We must avoid checking check-files scripts for TODO items.
This also helps if you run check-files from another working tree in your
working tree.
 2018-11-23 13:14:38 +00:00
Hanno Becker 3441d2e4a4 Merge branch 'iotssl-2597-psa-hashing-x509' into development-psa-proposed 2018-11-23 11:42:07 +00:00
Hanno Becker 4ae8b497c0 Merge branch 'iotssl-2578-psa-sig-verification' into development-psa-proposed 2018-11-23 11:37:00 +00:00
Hanno Becker a0a96a0c56 Merge branch 'psa_cipher_integration' into development-psa-proposed 2018-11-23 11:26:57 +00:00
Hanno Becker f8b5f27bce Merge branch 'psa_cipher' into development-psa-proposed 2018-11-23 11:18:02 +00:00
Hanno Becker 485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Hanno Becker b345ae64f1 Merge branch 'iotssl-2596-opaque-csr-creation' into development-psa-proposed 2018-11-23 11:05:04 +00:00
Hanno Becker ee618f7241 Merge branch 'iotssl-2574-pk-opaque-tls' into development-psa-proposed 2018-11-23 10:31:00 +00:00
Hanno Becker 9aa921f336 Merge branch 'iotssl-2580-pk-opaque-psa' into development-psa-proposed 2018-11-23 10:17:36 +00:00
Andrzej Kurek b7f3ac6504 pkwrite: add an explicit cast to size_t 2018-11-22 12:05:08 -05:00
Andrzej Kurek 967cfd18fd Remove trailing whitespace 2018-11-22 12:05:08 -05:00
Andrzej Kurek 158c3d10d0 pkwrite: add a safety check before calculating the buffer size 2018-11-22 12:05:08 -05:00
Andrzej Kurek 4b11407258 Cosmetic changes 
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek 5f7bad34bb Add CSR write testing using opaque keys 
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek 5fec0860f9 pkwrite: add opaque key handling for public key exporting 
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek 8b38ff57ab Remove trailing whitespace 2018-11-22 11:53:04 -05:00
Andrzej Kurek a609337ca0 x509: remove unnecessary calls to psa_hash_abort 
According to the documentation, it does not need to be called after a failed
psa_hash call.
 2018-11-22 11:53:04 -05:00
Andrzej Kurek d4a6553191 x509: use the PSA API to perform hashing operations 
So far limited only to certificate verification withour CRL and CSR generation.
 2018-11-22 11:53:04 -05:00
Andrzej Kurek ad5d58124a pk_wrap.c: fix length mismatch check placement 2018-11-22 11:17:37 -05:00
Andrzej Kurek eeac03b354 pk_wrap.c: tidy up signature extraction 
Add a sanity check for signature length, remove superfluous bounds check.
 2018-11-22 11:17:37 -05:00
Andrzej Kurek 6cb63aa010 Cosmetic changes 
Move memset to a more relevant spot, fix one whitespace error
 2018-11-22 11:17:37 -05:00
Andrzej Kurek 9241d18773 pk_wrap: rework and tidy up signature extraction 
Improve comments, use a normal buffer instead of mbedtls_asn1_buf,
remove unneeded variables and use shared utilities where possible.
 2018-11-22 11:17:37 -05:00
Andrzej Kurek b6016c52c5 pk_wrap: reuse a static buffer for signature extraction 
Use a buffer left over after importing a key to hold an extracted signature.
 2018-11-22 11:17:37 -05:00
Andrzej Kurek b7b0478f76 pk_wrap: rework signature extraction to work with small r and s values 
There is a probability that r will be encoded as 31 or less bytes in DER,
so additional padding is added in such case.
Added a signature-part extraction function to tidy up the code further.
 2018-11-22 11:17:37 -05:00
Manuel Pégourié-Gonnard 2baae9ef71 Add tests for ECDSA verify with short r, s values 
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
 2018-11-22 11:17:37 -05:00
Andrzej Kurek 4f0253962e pk_wrap: improve error codes returned from ecdsa_verify_wrap 
Use the shared PSA utilities to translate errors.
 2018-11-22 11:17:37 -05:00
Andrzej Kurek 2122774d72 pk_wrap: switch to helper functions defined in psa_util.h 
Remove duplicated helper functions.
Remove an unnecessary call to psa_crypto_init().
 2018-11-22 11:17:37 -05:00
Andrzej Kurek c05ec9f39c pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap 
Adjust tests to pass a valid algorithm
 2018-11-22 11:17:37 -05:00
Andrzej Kurek cef91afab6 pk_wrap: destroy key slot on errors with policy or key importing 2018-11-22 11:17:37 -05:00
Andrzej Kurek 3f864c2457 pk_wrap: add a check for equal signature parts 2018-11-22 11:17:37 -05:00
Andrzej Kurek b3d1b12177 pk_wrap: check if curve conversion is successful 2018-11-22 11:17:37 -05:00
Andrzej Kurek ea84233e02 pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig 
Fix a double free error in ecdsa_verify_wrap
 2018-11-22 11:17:37 -05:00
Andrzej Kurek 6376d638b8 pk_wrap: cosmetic changes 
Adjust whitespaces and variable names
 2018-11-22 11:17:37 -05:00
Andrzej Kurek 8b036a6082 pk_wrap.c: add support for ecdsa signature verification using PSA 
Use PSA internally to verify signatures.
Add a conversion to a raw signature format.
 2018-11-22 11:17:37 -05:00
Manuel Pégourié-Gonnard cfdf8f4d8f Implement key_opaque option to ssl_client2 2018-11-22 14:35:11 +00:00
Manuel Pégourié-Gonnard ef68be4553 Add option key_opaque to ssl_client2 (skeleton) 
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
 2018-11-22 14:35:11 +00:00
Hanno Becker e9420c2aff Rename PSA test in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker a0dc9cf8ec Remove superfluous quotes in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker cb1cc80cf5 Use PSA-based ciphers for record protections in TLS-1.2 only 
Reasons:
- For the first release, we attempt to support TLS-1.2 only,
- At least TLS-1.0 is known to not work at the moment, as
  for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf()
  and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt()
  updates the structure field for the IV in the cipher context,
  which the PSA-based implementation currently doesn't.
 2018-11-22 14:05:54 +00:00
Hanno Becker 679d8ceb13 Use PSA-based ciphers for SSL ticket protection 
This commit modifies the default SSL ticket implementation
from `library/ssl_ticket.c` to use PSA-based cipher context
for ticket creation and parsing.

As in mbedtls_ssl_derive_keys() adapted in an earlier commit,
we allow fallback to the ordinary mbedtls_cipher_setup()
if the provided cipher is not known. We do this even though
we always call mbedtls_ssl_ticket_setup() with AES-GCM
in our own code since this function is public and might
be used with other ciphers by users.
 2018-11-22 14:05:54 +00:00