Nir Sonnenschein
9e2ffe83ac
change type of hash block to uint8_t
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601
change hmac context to use statically allocated memory
...
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f
Commit changes to hmac to not use MD abstraction
...
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
Gilles Peskine
8605428dcf
Merge remote-tracking branch 'psa/pr/27' into feature-psa
2018-09-05 12:46:19 +03:00
Gilles Peskine
625b01c9c3
Add OAEP placeholders in asymmetric encrypt/decrypt
...
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.
Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine
723feffe15
Fix some errors in PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
...
A call to PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE wouldn't even have
compiled. Fix some obvious errors. This is still untested.
2018-09-05 12:44:17 +03:00
Gilles Peskine
d6125ca63b
Merge remote-tracking branch 'psa/pr/24' into feature-psa
2018-09-05 12:41:53 +03:00
Gilles Peskine
3585596aec
Document a few more macros
2018-09-05 12:41:52 +03:00
Gilles Peskine
84861a95ca
Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa
2018-09-05 12:41:52 +03:00
Gilles Peskine
154bd95131
psa_destroy_key: return SUCCESS on an empty slot
...
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine
5e39dc96e0
New macro PSA_AEAD_TAG_SIZE, use it for PSA_AEAD_xxx_OUTPUT_SIZE
2018-09-05 12:41:52 +03:00
Gilles Peskine
71bb7b77f0
Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
...
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
Gilles Peskine
212e4d8f7c
Improve documentation of PSA_AEAD_xxx_OUTPUT_SIZE
2018-09-05 12:41:52 +03:00
Gilles Peskine
65eb8588fe
Expand the description of error codes
2018-09-05 12:41:52 +03:00
mohammad1603
1347a73fbe
fix macros documentation style.
2018-09-05 12:41:52 +03:00
mohammad1603
fb5b9cbb8d
add missing documentations
2018-09-05 12:41:52 +03:00
mohammad1603
22898ba0bd
remove duplicated definition
2018-09-05 12:41:51 +03:00
Gilles Peskine
36a74b71a0
Fix Doxygen comments to pass clang -Wdocumentation
2018-09-05 12:41:51 +03:00
Gilles Peskine
1e7d8f1b09
Document AEAD functions
...
Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define
macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE
(untested).
2018-09-05 12:41:51 +03:00
mohammad1603
dad36fa855
add Key and Algorithm validation
2018-09-05 12:38:18 +03:00
mohammad1603
579d359007
remove psa_aead_encrypt_setup from header file
...
remove psa_aead_encrypt_setup from header file
2018-09-05 12:38:18 +03:00
Gilles Peskine
3aa8efb230
Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa
2018-09-05 12:38:17 +03:00
mohammad1603
39ee871d3f
Change AEAD APIs to integrated AEAD APIs.
...
Change AEAD APIs to integrated AEAD APIs, this will allow t support CCM and
GCM algorithms.
2018-09-05 12:38:17 +03:00
Moran Peker
ad9d82cc0e
add iv_required field to psa_cipher_operation_s and fix relevant functions
2018-09-05 12:14:28 +03:00
Moran Peker
bed71a2b17
fix missing check on output_size in psa_cipher_finish func
2018-09-05 12:14:28 +03:00
Moran Peker
0071b873a3
add missing parameter output_size on psa_cipher_finish
2018-09-05 12:14:28 +03:00
Moran Peker
e1210dcac3
remove unused parameter in psa_cipher_finish.
2018-09-05 12:14:28 +03:00
mohammad1603
8481e74ecc
CR fixes
...
more fixes
Compilation fixes
Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603
efb0107fbe
CR fix, remove exposing ECB
2018-09-05 12:14:27 +03:00
mohammad1603
990a18c2f0
add ecb to cipher algorithms
2018-09-05 12:14:27 +03:00
Gilles Peskine
d1e8e41737
Adapt older import_export test data to the new function signature
2018-09-05 12:13:23 +03:00
Gilles Peskine
5100318a92
Merge pull request #18 from ARMmbed/psa-wrapper-apis-export-publickey
...
Export public key implementation (#18 )
2018-09-05 12:13:23 +03:00
mohammad1603
8275961178
warnings fixes
2018-09-05 12:13:23 +03:00
mohammad1603
503973bdf3
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-09-05 12:13:23 +03:00
Moran Peker
b4d0ddd2d3
psa_export_public_key
2018-09-05 12:13:20 +03:00
Moran Peker
dd4ea38d58
export public key
2018-09-05 12:10:47 +03:00
itayzafrir
5c7533923a
ECDSA sign and verify implementation and tests
...
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine
a0655c3501
Merge remote-tracking branch 'psa/pr/13' into feature-psa
...
Conflicts:
library/psa_crypto.c
tests/suites/test_suite_psa_crypto.data
tests/suites/test_suite_psa_crypto.function
All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
Gilles Peskine
f0c9dd37d2
Added possible error codes for lifetime functions
2018-09-05 12:01:38 +03:00
Gilles Peskine
9bb53d7aff
Fix copypasta in lifetime function descriptions
2018-09-05 12:01:38 +03:00
Gilles Peskine
8ca560293b
Whitespace fixes
2018-09-05 12:01:37 +03:00
mohammad1603
a7d245a4a2
Fix return error values description
...
Fix return PSA_ERROR_INVALID_ARGUMENT description for psa_set_key_lifetime()
and psa_get_key_lifetime()
2018-09-05 12:01:37 +03:00
mohammad1603
ea0500936e
Change behavior of psa_get_key_lifetime()
...
psa_get_key_lifetime() behavior changed regarding empty slots, now
it return the lifetime of and empty slots. Documentation in header
file updated accordingly.
2018-09-05 12:01:37 +03:00
mohammad1603
1c34545cfe
Remove usage of PSA_KEY_LIFETIME_NONE
...
Remove usage of PSA_KEY_LIFETIME_NONE, initiate all key slot to
PSA_KEY_LIFETIME_VOLATILE ini psa_crypto_init()
2018-09-05 12:01:37 +03:00
mohammad1603
ba178511f4
Remove unused and duplicated erros, fix documentation and tests
...
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603
804cd71bf8
initial key lifetime implementation and tests
2018-09-05 12:01:37 +03:00
Gilles Peskine
c63b6ba754
Merge remote-tracking branch 'psa/pr/14' into feature-psa
...
Conflict resolution:
* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14 ,
rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
Gilles Peskine
f48af7fe76
psa_generate_key: specify what the extra parameters mean
2018-09-05 11:53:26 +03:00
Gilles Peskine
9e7dc717b0
New function: generate key/random
2018-09-05 11:53:26 +03:00
Gilles Peskine
06297936f2
More precise bounds for PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
2018-09-05 11:53:26 +03:00
mohammad1603
5feda72d7a
Remove usage of PSA_ERROR_INVALID_KEY_POLICY
...
use PSA_ERROR_INVALID_ARGUMENT instead of INVALID_KEY_POLICY error
2018-09-05 11:53:26 +03:00
Gilles Peskine
6944f9a831
New functions: asymmetric encrypt/decrypt
2018-09-05 11:53:26 +03:00
Gilles Peskine
9673cc8255
Define PSA_ALG_RSA_OAEP_MGF1(hash)
2018-09-05 11:53:26 +03:00
Gilles Peskine
8484565f85
Minor errors in documentation around asymmetric signature
2018-09-05 11:53:26 +03:00
mohammad1603
6df908f234
Add static internal MAC finish function
...
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
Gilles Peskine
a59262338a
Rename PKCS1V15 to PKCS1V15_SIGN
...
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
Gilles Peskine
058e0b9963
Avoid empty unions
...
When no algorithms are present in a category (e.g. no AEAD algorithm),
the union in the corresponding operation structure was empty, which is
not valid C. Add a dummy field to avoid this.
2018-09-05 11:53:26 +03:00
Gilles Peskine
9a1ba0dd3f
Typo in the documentation of psa_get_key_information
2018-09-05 11:53:26 +03:00
mohammad1603
8cc1ceec3e
Key Policy APIs implementation
2018-09-05 11:53:26 +03:00
Gilles Peskine
1906798d4c
Fix some typos and copypasta
2018-09-05 11:53:25 +03:00
Gilles Peskine
ed522974bd
Clarify how multipart operations get terminated
2018-09-05 11:53:25 +03:00
Gilles Peskine
971f7064e9
More precise reference for the RSA public key format
2018-09-05 11:53:25 +03:00
Gilles Peskine
7e19853722
More documentation
2018-09-05 11:53:25 +03:00
Gilles Peskine
d393e18f90
Add psa_set_key_lifetime
...
It is likely that most implementations won't support this function.
But in case an implementation wants to provide it, standardize its
interface.
2018-09-05 11:53:25 +03:00
Gilles Peskine
e3f694f49a
Remove non-standard hash algorithms
2018-09-05 11:53:25 +03:00
Gilles Peskine
06dc26350e
Fix macro definitions for ECC keys
...
Public keys and key pairs have different types.
2018-09-05 11:53:25 +03:00
Gilles Peskine
03182e99b6
Fix parameter name in PSA_BLOCK_CIPHER_BLOCK_SIZE
2018-09-05 11:53:25 +03:00
Gilles Peskine
f5b9fa13e0
Documentation clarifications
...
Clarify or add the documentation of some functions and constants.
Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-09-05 11:53:25 +03:00
Gilles Peskine
2905a7adcc
Fix namespace violation
2018-09-05 11:53:25 +03:00
Gilles Peskine
609b6a5b67
Get the lifetime of a key slot
2018-09-05 11:53:25 +03:00
Gilles Peskine
7698bcf338
Basic interface for key policies
...
Get/set the policy of a key slot.
Opaque structure for key policies and field access functions.
2018-09-05 11:53:25 +03:00
Gilles Peskine
92b3073e36
Minor documentation fixes
2018-09-05 11:53:25 +03:00
Gilles Peskine
3b555710e2
Prototypes for AEAD functions
...
This is still tentative.
2018-09-05 11:53:25 +03:00
Gilles Peskine
428dc5aef1
Prototypes for symmetric cipher functions
2018-09-05 11:53:25 +03:00
Gilles Peskine
7e4acc5ef8
Document some MAC functions: psa_mac_start
...
Adapt the documentation of hash functions.
State that the key object does not need to remain valid throughout the
operation.
2018-09-05 11:53:25 +03:00
Gilles Peskine
8c9def3e7f
PSA: Implement MAC functions
...
Implement psa_mac_start, psa_mac_update and psa_mac_final.
Implement HMAC anc CMAC.
Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine
308b91d7db
Wrote documentation for several functions, macros and types
...
Document key import/export functions, hash functions, and asymmetric
sign/verify, as well as some related macros and types.
Nicer formatting for return values: use \retval.
2018-09-05 11:53:25 +03:00
Gilles Peskine
9ef733faa0
Implement hash functions
...
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.
Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine
a590529938
Greatly expanded mbedtls_to_psa_error
...
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine
98f0a24255
Improve key type and algorithm encodings
...
Refine the encoding of key types and algorithms so that ranges of bits
make more sense.
Define a few symmetric cipher algorithms.
2018-09-05 11:53:24 +03:00
Gilles Peskine
0189e7512d
PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
...
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine
20035e3579
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
...
Define hash algorithms and RSA signature algorithms.
New function psa_asymmetric_sign.
Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine
c66ea6a921
PSA key import: support RSA public keys
...
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
2f9c4dc5ad
Add key management functions
...
Define psa_key_type_t and a first stab at a few values.
New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.
Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
1d26709dbd
New function mbedtls_rsa_get_bitlen
...
Add a new function mbedtls_rsa_get_bitlen which returns the RSA key
size, i.e. the bit size of the modulus. In the pk module, call
mbedtls_rsa_get_bitlen instead of mbedtls_rsa_get_len, which gave the
wrong result for key sizes that are not a multiple of 8.
This commit adds one non-regression test in the pk suite. More tests
are needed for RSA key sizes that are a multiple of 8.
This commit does not address RSA alternative implementations, which
only provide an interface that return the modulus size in bytes.
2018-09-05 11:53:24 +03:00
Gilles Peskine
66920ceb19
Set the default configuration to PSA
...
This will simplify development in the PSA branch.
2018-09-05 11:49:51 +03:00
Gilles Peskine
62a7e7e65f
Add a Doxygen-only section
...
This is intended to document platform-specific definitions in PSA.
2018-09-05 10:59:02 +03:00
Gilles Peskine
e59236fc17
Add PSA crypto module
...
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.
Implement psa_crypto_init function which sets up a RNG.
Add a mbedtls_psa_crypto_free function which deinitializes the
library.
Define a first batch of error codes.
2018-09-05 10:59:00 +03:00
Simon Butcher
4d075cd7d0
Update library version number to 2.13.0
2018-08-31 15:59:10 +01:00
Simon Butcher
552754a6ee
Merge remote-tracking branch 'public/pr/1988' into development
2018-08-30 00:57:28 +01:00
Simon Butcher
68dbc94720
Merge remote-tracking branch 'public/pr/1951' into development
2018-08-30 00:56:56 +01:00
Simon Butcher
07de4c0035
Merge remote-tracking branch 'public/pr/1920' into development
2018-08-30 00:56:08 +01:00
Hanno Becker
97a1c134b2
Correct typo in documentation of MBEDTLS_SSL_DTLS_MAX_BUFFERING
2018-08-28 14:42:15 +01:00
Hanno Becker
eefe084f72
Style: Spell out PMTU in ssl.h
2018-08-28 10:29:17 +01:00
Hanno Becker
bc2498a9ff
Style: Add numerous comments indicating condition guarded by #endif
2018-08-28 10:13:29 +01:00
Hanno Becker
280075104e
DTLS Reordering: Improve doc of MBEDTLS_SSL_DTLS_MAX_BUFFERING
2018-08-28 09:46:44 +01:00
Hanno Becker
159a37f75d
config.h: Don't use arithmetical exp for SSL_DTLS_MAX_BUFFERING
...
The functions requires_config_value_at_least and requires_config_value_at_most
only work with numerical constants.
2018-08-24 15:07:29 +01:00
Hanno Becker
0e96585bdd
Merge branch 'datagram_packing' into message_reordering
2018-08-24 12:16:41 +01:00
Hanno Becker
eb57008d7d
Fix typo in documentation of mbedtls_ssl_set_datagram_packing()
2018-08-24 11:28:35 +01:00
Hanno Becker
1841b0a11c
Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
...
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00