Commit graph

906 commits

Author SHA1 Message Date
Gilles Peskine 71bb7b77f0 Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
mohammad1603 fc614b1e0e fix parentheses 2018-09-05 12:41:52 +03:00
mohammad1603 e109f21638 remove unnecessary check for block size 2018-09-05 12:41:52 +03:00
mohammad1603 a1d9801683 add slot validation 2018-09-05 12:41:52 +03:00
mohammad1603 e3cb8a8d8b return PSA_ERROR_BUFFER_TOO_SMALL intead of PSA_ERROR_INVALID_ARGUMENT 2018-09-05 12:41:52 +03:00
mohammad1603 6b4d98cf78 remove trailing spaces 2018-09-05 12:41:52 +03:00
mohammad1603 5ed0621dd4 aligned with coding standards - line length 2018-09-05 12:41:52 +03:00
mohammad1603 f14394b25f add policy checks 2018-09-05 12:41:52 +03:00
mohammad1603 96910d807e fix block size depending on algorithm 2018-09-05 12:41:51 +03:00
mohammad1603 60a64d079a remove unnecessary argument to the psa_aead_unpadded_locate_tag function 2018-09-05 12:41:51 +03:00
mohammad1603 15223a8b89 write the tag directly on the ciphertext buffer. 2018-09-05 12:41:51 +03:00
mohammad1603 4fc744f8af change the check of block size for all supported algorithms 2018-09-05 12:41:51 +03:00
mohammad1603 0f21465175 use mbedtls_cipher_info_from_psa to get cipher ID 2018-09-05 12:41:51 +03:00
mohammad1603 f58aa6ade6 use memset instead of mbedtils_zeroize 2018-09-05 12:41:51 +03:00
mohammad1603 554faad260 return NOT_SUPPORTED instead of INVLID_ARGUMENT 2018-09-05 12:41:51 +03:00
mohammad1603 95893f834d remove usless cast 2018-09-05 12:41:51 +03:00
mohammad1603 f08a550e68 set output length to zero to cover output length in error case 2018-09-05 12:41:51 +03:00
mohammad1603 f4f0d612ba change mbedtls_cipher_info_from_psa to provide cipher_id also 2018-09-05 12:41:51 +03:00
mohammad1603 9375f8403a fix code offsets after rebase 2018-09-05 12:41:51 +03:00
Gilles Peskine ee652a344c Fix psa_aead_decrypt to read the tag at the end of the ciphertext 2018-09-05 12:41:51 +03:00
Gilles Peskine a40d77477d Whitespace fixes
Changed indentation to match Mbed TLS style. Wrapped some lines to 80 columns.
2018-09-05 12:41:51 +03:00
mohammad1603 39574652ae add else for not supported algorithm 2018-09-05 12:38:18 +03:00
mohammad1603 5c8845f563 return invalid argument for unsupported algorithms 2018-09-05 12:38:18 +03:00
mohammad1603 e58e68458e fix condition over key type 2018-09-05 12:38:18 +03:00
mohammad1603 17638efc46 remove unused variable 2018-09-05 12:38:18 +03:00
mohammad1603 dad36fa855 add Key and Algorithm validation 2018-09-05 12:38:18 +03:00
mohammad1603 a7e6df76ea Validation fixes for key_type 2018-09-05 12:38:18 +03:00
mohammad1603 4f5eb7cb54 Fill the the output buffer with zero data in case of failure 2018-09-05 12:38:18 +03:00
mohammad1603 6bbd8c75dc Remove unnecessary cast
Remove unnecessary cast
2018-09-05 12:38:18 +03:00
mohammad1603 db6247315f Parameters validation fixes
Fix key_type validation test and no need to ask for place for tag in decryption
2018-09-05 12:38:18 +03:00
mohammad1603 ce5cba9a6a unify the concatenation of the tag and update output length 2018-09-05 12:38:18 +03:00
mohammad1603 9e5a515aa8 Fix parameter validation 2018-09-05 12:38:18 +03:00
mohammad1603 47ddf3d544 Concatenate the tag to the output buffer
Concatenate the tag to the output buffer.
2018-09-05 12:38:18 +03:00
mohammad1603 5955c98779 Initial implementation of the AEAD decrypt/encrypt APIs
Initial implementation for the AEAD APIs, missing the following:
* Concatenation of the tag to the output buffer.
* Updated documentation of the new functions.
* argument validations
* tests
2018-09-05 12:38:18 +03:00
Gilles Peskine 3aa8efb230 Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa 2018-09-05 12:38:17 +03:00
Gilles Peskine 2c5219a06d Whitespace normalization
No semantic change.
2018-09-05 12:14:29 +03:00
Gilles Peskine 5351420b3e Use block local variable for padding_mode for readability
No intended behavior change.
2018-09-05 12:14:29 +03:00
Moran Peker 7cb22b8327 abort operation before return + fix error checks 2018-09-05 12:14:29 +03:00
Gilles Peskine 89d789c9bc Refactor some argument checks for readability
No intended behavior change.
2018-09-05 12:14:29 +03:00
Gilles Peskine 7e9288520f Wrap lines to 80 columns 2018-09-05 12:14:29 +03:00
Gilles Peskine e553c65cc3 Fix indentation and horizontal whitespace
Only whitespace changes in this commit.
2018-09-05 12:14:29 +03:00
Moran Peker 3520c2c4f7 unset iv_required to 0 (psa_encrypt_set_iv)and block_size (psa_cipher_setup) 2018-09-05 12:14:29 +03:00
Moran Peker 395db875e6 adjust indentation per Mbed TLS standards 2018-09-05 12:14:29 +03:00
Moran Peker ae382791fb add missing psa_cipher_abort( operation ) 2018-09-05 12:14:28 +03:00
Moran Peker 70531163a9 fix compilation error - missing if 2018-09-05 12:14:28 +03:00
Moran Peker a28258c594 adjust indentation per Mbed TLS standards 2018-09-05 12:14:28 +03:00
Moran Peker 2cab25aacf fix conditions in psa_cipher_finish function 2018-09-05 12:14:28 +03:00
Moran Peker dc38ebc068 delete decrypt checks + fix memcpy& return value 2018-09-05 12:14:28 +03:00
Moran Peker ad9d82cc0e add iv_required field to psa_cipher_operation_s and fix relevant functions 2018-09-05 12:14:28 +03:00
Moran Peker 71f19ae6f8 add missing call to psa_cipher_abort in cipher_setup func + iv_length check in cipher_set_iv func 2018-09-05 12:14:28 +03:00
Moran Peker 406008ab4c add missing check on output_size in psa_cipher_update func 2018-09-05 12:14:28 +03:00
Moran Peker bed71a2b17 fix missing check on output_size in psa_cipher_finish func 2018-09-05 12:14:28 +03:00
Moran Peker 0071b873a3 add missing parameter output_size on psa_cipher_finish 2018-09-05 12:14:28 +03:00
Moran Peker 4c80d8331a adjust indentation per Mbed TLS standards 2018-09-05 12:14:28 +03:00
mohammad1603 b152d4d8b6 add test scenarios to decrypt and encrypt input and compare with given output 2018-09-05 12:14:28 +03:00
mohammad1603 89e0f468bf style 2018-09-05 12:14:28 +03:00
Moran Peker 41deec4494 partly pr fix 2018-09-05 12:14:28 +03:00
Moran Peker e1210dcac3 remove unused parameter in psa_cipher_finish. 2018-09-05 12:14:28 +03:00
Moran Peker 3205a6592b tests fix 2018-09-05 12:14:28 +03:00
mohammad1603 16864af80b fix static function name 2018-09-05 12:14:28 +03:00
mohammad1603 8481e74ecc CR fixes
more fixes

Compilation fixes

Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603 efb0107fbe CR fix, remove exposing ECB 2018-09-05 12:14:27 +03:00
mohammad1603 990a18c2f0 add ecb to cipher algorithms 2018-09-05 12:14:27 +03:00
Gilles Peskine 5100318a92 Merge pull request #18 from ARMmbed/psa-wrapper-apis-export-publickey
Export public key implementation (#18)
2018-09-05 12:13:23 +03:00
mohammad1603 8275961178 warnings fixes 2018-09-05 12:13:23 +03:00
mohammad1603 503973bdf3 initial implementation for PSA symmetric APIs - missing tests and documentations 2018-09-05 12:13:23 +03:00
Moran Peker 8756763cf1 change error check on psa_internal_export_key func 2018-09-05 12:13:23 +03:00
Gilles Peskine 785fd55a39 Whitespace fixes; removed redundant parentheses
No semantic change.
2018-09-05 12:13:23 +03:00
Moran Peker cceea98bfe adjust indentation per Mbed TLS standards 2018-09-05 12:13:23 +03:00
Moran Peker d732659867 adjust indentation per Mbed TLS standards 2018-09-05 12:13:23 +03:00
Moran Peker 17e36e1bd9 fix conditions 2018-09-05 12:13:23 +03:00
Moran Peker 6036432617 adjust indentation per Mbed TLS standards 2018-09-05 12:13:23 +03:00
Moran Peker a998bc6ac9 psa_internal_export_key function for common code.
create psa_internal_export_key function for common code in psa_export_key and psa_export_public_key.
2018-09-05 12:13:22 +03:00
Moran Peker 5010828fb6 adjust indentation per Mbed TLS standards 2018-09-05 12:13:22 +03:00
Moran Peker b4d0ddd2d3 psa_export_public_key 2018-09-05 12:13:20 +03:00
Moran Peker dd4ea38d58 export public key 2018-09-05 12:10:47 +03:00
itayzafrir 7b30f8b0c9 Added handling for MBEDTLS_ERR_ECP_XXX error codes
Added handling for MBEDTLS_ERR_ECP_XXX error codes
2018-09-05 12:10:47 +03:00
itayzafrir 5c7533923a ECDSA sign and verify implementation and tests
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine a0655c3501 Merge remote-tracking branch 'psa/pr/13' into feature-psa
Conflicts:
	library/psa_crypto.c
	tests/suites/test_suite_psa_crypto.data
	tests/suites/test_suite_psa_crypto.function

All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
mohammad1603 ea0500936e Change behavior of psa_get_key_lifetime()
psa_get_key_lifetime() behavior changed regarding empty slots, now
it return the lifetime of and empty slots. Documentation in header
file updated accordingly.
2018-09-05 12:01:37 +03:00
mohammad1603 5d7ec2033d fix key lifetime set implementation , tests accordingly 2018-09-05 12:01:37 +03:00
mohammad1603 ba178511f4 Remove unused and duplicated erros, fix documentation and tests
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603 060ad8ac34 Compilation and tests fixes 2018-09-05 12:01:37 +03:00
mohammad1603 804cd71bf8 initial key lifetime implementation and tests 2018-09-05 12:01:37 +03:00
Gilles Peskine c63b6ba754 Merge remote-tracking branch 'psa/pr/14' into feature-psa
Conflict resolution:

* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14,
  rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
  was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
Gilles Peskine 47c1bc0458 Correct some return codes 2018-09-05 11:53:26 +03:00
mohammad1603 38a622b68b Function psa_get_key_policy() now return policy value for empty slots
Function psa_get_key_policy() now return policy value for empty slots
2018-09-05 11:53:26 +03:00
mohammad1603 5feda72d7a Remove usage of PSA_ERROR_INVALID_KEY_POLICY
use PSA_ERROR_INVALID_ARGUMENT instead of INVALID_KEY_POLICY error
2018-09-05 11:53:26 +03:00
mohammad1603 6df908f234 Add static internal MAC finish function
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
Gilles Peskine a59262338a Rename PKCS1V15 to PKCS1V15_SIGN
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
mohammad1603 4eed757901 add new test scenarios 2018-09-05 11:53:26 +03:00
mohammad1603 06e7920be5 integrate policy key usage in export and asymmetric sign functions 2018-09-05 11:53:26 +03:00
mohammad1603 8cc1ceec3e Key Policy APIs implementation 2018-09-05 11:53:26 +03:00
Gilles Peskine dc2fc8443f Rename xxx_of_psa functions to xxx_from_psa
Be consistent with how similar functions are named in Mbed TLS.
2018-09-05 11:53:25 +03:00
Gilles Peskine 3c6e970752 Fix memory leak in psa_destroy_key 2018-09-05 11:53:25 +03:00
Gilles Peskine 6d9121381a Add some comments to document some non-obvious coding choices 2018-09-05 11:53:25 +03:00
Gilles Peskine e4ebc12fcd psa_crypto_init: set the global initialized flag 2018-09-05 11:53:25 +03:00
Gilles Peskine 8c9def3e7f PSA: Implement MAC functions
Implement psa_mac_start, psa_mac_update and psa_mac_final.

Implement HMAC anc CMAC.

Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine 9ef733faa0 Implement hash functions
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.

Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine a590529938 Greatly expanded mbedtls_to_psa_error
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine 93aa0334d9 PSA asymmetric signature: set *signature_length = 0 on failure 2018-09-05 11:53:24 +03:00
Gilles Peskine 20035e3579 PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
Define hash algorithms and RSA signature algorithms.

New function psa_asymmetric_sign.

Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine c66ea6a921 PSA key import: support RSA public keys
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine 969ac726d9 PSA RSA key import: don't rely on pk so much
Don't use the pk module except as required for pkparse/pkwrite. The
PSA crypto layer is meant to work alongside pk, not on top of it.

Fix the compile-time dependencies on RSA/ECP handling in
psa_export_key, psa_destroy_key and psa_get_key_information.
2018-09-05 11:53:24 +03:00
Gilles Peskine 2f9c4dc5ad Add key management functions
Define psa_key_type_t and a first stab at a few values.

New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.

Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine e59236fc17 Add PSA crypto module
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.

Implement psa_crypto_init function which sets up a RNG.

Add a mbedtls_psa_crypto_free function which deinitializes the
library.

Define a first batch of error codes.
2018-09-05 10:59:00 +03:00