yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-26 20:15:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
8930 commits 88 branches 205 tags 69 MiB
Commit graph

8930 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine 76965bb678 Remove MBEDTLS_USE_PSA_CRYPTO tests from all.sh 
This branch isn't expected to keep USE_PSA_CRYPTO working.
 2018-12-12 10:48:06 +01:00
Jaeden Amero 750a049a15
Merge pull request #229 from ARMmbed/dev/Patater/fix-its-typo 
storage: Correct typo of PSA_PS_ERROR_OFFSET
 2018-12-05 13:19:31 +00:00
Gilles Peskine de14d4d86d
Merge pull request #233 from ARMmbed/psa-fix_all.sh-20181204 
Fix all.sh
 2018-12-05 09:36:52 +01:00
Gilles Peskine 5a3c50e890 Don't use an enum in a bit-field 
This isn't standard C. GCC and Clang accept it but not every
compiler (e.g. Armcc 5).
 2018-12-04 12:27:09 +01:00
Gilles Peskine 79e213cfc8 Don't include mbedtls/platform.h unconditionally 
Programs must not include mbedtls/platform.h if MBEDTLS_PLATFORM_C is
not defined. Test suites don't need to include mbedtls/platform.h
because helpers.function takes care of it.

This commit also removes a stray `;` which is technically not standard C.
 2018-12-04 12:25:40 +01:00
Gilles Peskine ac41c191b9 Add psa_crypto_invasive.h 2018-12-04 10:57:13 +01:00
Gilles Peskine 9edc146237
Merge pull request #209 from ARMmbed/psa-init_tests 
Test psa_crypto_init and make it more robust
 2018-11-30 13:28:47 +01:00
Jaeden Amero 58600557bb storage: Correct typo of PSA_PS_ERROR_OFFSET 
Correct typo of PSA_PS_ERROR_OFFSET to PSA_ITS_ERROR_OFFSET.
 2018-11-30 12:10:29 +00:00
Jaeden Amero 886ffc278f
Merge pull request #228 from ARMmbed/github-template-for-issue-tracking 
Add github issue template
 2018-11-30 11:35:56 +00:00
Jaeden Amero 368aa771a8
Merge pull request #225 from ARMmbed/dev/Patater/add-psa-crypto-docs 
Add generated documentation for mbedcrypto-0.1.0b
 2018-11-30 11:13:23 +00:00
itayzafrir ce6ec7d5e7 Add github issue template 
Required for internal issue tracking.
 2018-11-29 15:53:00 +02:00
Gilles Peskine 59fd5aee42
Merge pull request #227 from ARMmbed/psa-aead-guards-fix 
Add missing compilation guards for GCM and CCM
 2018-11-28 18:28:11 +01:00
Gilles Peskine b0b189f31f Add missing compilation guards for GCM and CCM 
Add missing compilation guards that broke the build if either GCM or
CCM was not defined.

Add missing guards on test cases that require GCM or CBC.

The build and tests now pass for any subset of {MBEDTLS_CCM_C,
MBEDTLS_GCM_C}. There are still unused variables warnings if neither
is defined.
 2018-11-28 17:30:58 +01:00
Jaeden Amero 8fe3372de1 Add generated documentation for mbedcrypto-0.1.0b 2018-11-26 17:21:23 +00:00
Gilles Peskine 9e1be6a246 Create the NV seed file for the tests if needed 
Write an all-bits-zero NV seed file for the tests. Without this, if
the seed file is not present when this test suite is executed, the
PSA module initialization will fail, causing most test cases to fail.

Also write an all-bits-zero NV seed file at the end. The test cases in
this test suite mess with the file, but subsequent test suites may
need it.
 2018-11-23 22:58:40 +01:00
Gilles Peskine 0fce4c5830 Add init tests with entropy from NV seed 2018-11-23 22:58:40 +01:00
Gilles Peskine 0b3b5733fc Support NV seed enabled at compile time but not at runtime 
When testing with custom entropy sources, if MBEDTLS_ENTROPY_NV_SEED
is enabled at compile time but the NV seed source is not used at
runtime, mbedtls_entropy_func makes a second pass anyway. Cope with
this in the test code by telling the entropy module not to make this
second pass.
 2018-11-23 22:58:40 +01:00
Gilles Peskine ebe770c693 Add tests with a fake entropy source 
Add tests with a fake entropy source to check that the required amount
of entropy is one block, fed in one or more steps.
 2018-11-23 22:58:40 +01:00
Gilles Peskine 5e76952235 Add a facility to configure entropy sources 
Add a function to configure entropy sources. For testing only.

Use it to test that the library initialization fails properly if there is no
entropy source.
 2018-11-23 22:58:38 +01:00
Jaeden Amero 0e9ff8546b
Merge pull request #224 from ARMmbed/feature-psa-tls-integration-proposed 
Update with "Mbed TLS using PSA" mini-release
 2018-11-23 21:30:23 +00:00
Hanno Becker 9edcc3e8fb Merge branch 'iotssl-2597-psa-hashing-x509_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 16:00:34 +00:00
Hanno Becker 8295695aca Merge branch 'iotssl-2578-psa-sig-verification_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 16:00:32 +00:00
Hanno Becker 02f20216bd Merge branch 'psa_cipher_integration_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:59:26 +00:00
Hanno Becker 6b01a9fa7c Merge branch 'psa_cipher_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:27 +00:00
Hanno Becker e322d3edd5 Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:24 +00:00
Hanno Becker a96cc8a9fd Merge branch 'iotssl-2596-opaque-csr-creation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:22 +00:00
Hanno Becker 826987f26c Merge branch 'iotssl-2574-pk-opaque-tls_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:21 +00:00
Hanno Becker 7fde035ddc Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:20 +00:00
Jaeden Amero dc5f950e25
Merge pull request #223 from ARMmbed/dev/Patater/fix-unused-mac_setup 
psa: Unused key_bits is OK
 2018-11-23 15:35:43 +00:00
Jaeden Amero 82df32e3fd psa: Unused key_bits is OK 
When MD or CMAC are disabled, let the compiler know that it is OK that
`key_bits` is set but not used by casting `key_bits` to `(void)`.
 2018-11-23 15:20:56 +00:00
Jaeden Amero 565e0bf49d
Merge pull request #212 from ARMmbed/psa-integration-utilities_CRYPTO 
Mbed TLS integration: Shared code between module-specific integration work
 2018-11-23 09:00:22 +00:00
Andrzej Kurek 266d907c87 pk_wrap.c: fix length mismatch check placement 2018-11-22 13:37:14 -05:00
Andrzej Kurek 96cc1b3def pk_wrap.c: tidy up signature extraction 
Add a sanity check for signature length, remove superfluous bounds check.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek e30ad542a1 Cosmetic changes 
Move memset to a more relevant spot, fix one whitespace error
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 73bf6b9e00 pk_wrap: rework and tidy up signature extraction 
Improve comments, use a normal buffer instead of mbedtls_asn1_buf,
remove unneeded variables and use shared utilities where possible.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 688ea8d10d pk_wrap: reuse a static buffer for signature extraction 
Use a buffer left over after importing a key to hold an extracted signature.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 3016de3eeb pk_wrap: rework signature extraction to work with small r and s values 
There is a probability that r will be encoded as 31 or less bytes in DER,
so additional padding is added in such case.
Added a signature-part extraction function to tidy up the code further.
 2018-11-22 13:37:14 -05:00
Manuel Pégourié-Gonnard 7b7808cc76 Add tests for ECDSA verify with short r, s values 
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 45fc464156 pk_wrap: improve error codes returned from ecdsa_verify_wrap 
Use the shared PSA utilities to translate errors.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek ca6330992e pk_wrap: switch to helper functions defined in psa_util.h 
Remove duplicated helper functions.
Remove an unnecessary call to psa_crypto_init().
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 510ee70501 pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap 
Adjust tests to pass a valid algorithm
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 2f69b1a059 pk_wrap: destroy key slot on errors with policy or key importing 2018-11-22 13:37:14 -05:00
Andrzej Kurek c097b0fded pk_wrap: add a check for equal signature parts 2018-11-22 13:37:14 -05:00
Andrzej Kurek f8c94a811a pk_wrap: check if curve conversion is successful 2018-11-22 13:37:14 -05:00
Andrzej Kurek 6d49ae9223 pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig 
Fix a double free error in ecdsa_verify_wrap
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 1e3b6865d7 pk_wrap: cosmetic changes 
Adjust whitespaces and variable names
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 39d1f4b29f pk_wrap.c: add support for ecdsa signature verification using PSA 
Use PSA internally to verify signatures.
Add a conversion to a raw signature format.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 60ea0fc185 Remove trailing whitespace 2018-11-22 13:02:29 -05:00
Andrzej Kurek 593fccdf97 x509: remove unnecessary calls to psa_hash_abort 
According to the documentation, it does not need to be called after a failed
psa_hash call.
 2018-11-22 12:53:32 -05:00
Andrzej Kurek 78276b1c73 x509: use the PSA API to perform hashing operations 
So far limited only to certificate verification withour CRL and CSR generation.
 2018-11-22 12:53:32 -05:00