Commit graph

14268 commits

Author SHA1 Message Date
Janos Follath a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00
Gilles Peskine 6d5c7bc69a
Merge pull request #3898 from paul-elliott-arm/fix_pem_write
Remove Extraneous bytes from buffer post pem write
2020-12-08 12:31:40 +01:00
Gilles Peskine 2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Bence Szépkúti 7e37bf97ee Update test_psa_constant_names.py for new values
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 07:33:08 +01:00
Bence Szépkúti 6879f42be4 Add changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:24:41 +01:00
Bence Szépkúti 99ffb2b275 Simplify description of PSA_ALG_STREAM_CIPHER
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:09:08 +01:00
Bence Szépkúti cbe395332c Substitute PSA_ALG_STREAM_CIPHER into all files
Deprecate PSA_ALG_ARC4 and PSA_ALG_CHACHA20.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:01:31 +01:00
Bence Szépkúti c6a26c940c Update PSA Crypto persistent key storage tests
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 23:03:59 +01:00
Bence Szépkúti a294551446 Update PSA Crypto macro values to version 1.0.0
This should be everything that's needed for the stable storage format.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Bence Szépkúti 1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Paul Elliott 557b8d663a Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 17:29:42 +00:00
Gilles Peskine 450dbd6d2d
Merge pull request #785 from gilles-peskine-arm/cipher-nist_kw-changelog
NIST_KW in cipher: credit the reporter
2020-12-07 14:47:48 +01:00
Ronald Cron 771090659e
Merge pull request #3393 from geecrypt/development
Support set *_drbg reseed interval before seed
2020-12-07 14:29:52 +01:00
Gilles Peskine 22a191199d NIST_KW in cipher: credit the reporter
This issue was found by Guido Vranken's Cryptofuzz running on the
OSS-Fuzz platform.

Fix #3665

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 14:26:07 +01:00
Janos Follath 3aae5d4ed7
Merge pull request #781 from mpg/cipher-auth-crypt-restricted
Fix buffer overflow with NIST-KW in cipher layer
2020-12-07 12:58:36 +00:00
Gilles Peskine 3a0535b465
Merge pull request #3916 from jdurkop/psa-crypto-config-hashes-3672
Add support to crypto config for hashes
2020-12-07 13:50:56 +01:00
Gilles Peskine d33aabf388
Merge pull request #3942 from gilles-peskine-arm/ecp-bignum-error-checks-development
Add missing some error checks in ECP and bignum
2020-12-07 13:06:47 +01:00
Manuel Pégourié-Gonnard 841b6fa97f Fix unused param warnings in auth_xxcrypt_ext()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-07 10:42:21 +01:00
Janos Follath 7973e2b358
Merge pull request #772 from chris-jones-arm/development-restricted
Fix Diffie-Hellman large key size DoS
2020-12-07 09:28:55 +00:00
Gilles Peskine 4e0a4d444d Clarifying comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:08:30 +01:00
Gilles Peskine a56d3d9e75 cipher_auth_xxcrypt_ext: Make NIST_KW case more robust
Don't invoke classic NIST_KW in case PSA gains support for NIST_KW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:08:10 +01:00
Gilles Peskine e09aeb4923 Remove redundant NIST_KW checks in cipher_auth_xxcrypt()
The internal functions mbedtls_cipher_aead_{encrypt,decrypt} reject
unsupported algorithms, so there's no need for an additional check in
the legacy wrappers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:07:26 +01:00
Gilles Peskine 8a3d234859 Fail the test case immediately if cipher_reset_key fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:02:13 +01:00
Gilles Peskine a2971ea62c Simplify some buffer comparisons in tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 09:58:47 +01:00
Gilles Peskine 70edd689a8 cipher_auth_xxcrypt(): fix some null pointer handling
Make sure that if a buffer is allowed to be empty, a null pointer is
accepted if the buffer length is 0. This was already the case for most
but not all arguments to mbedtls_cipher_auth_{en,de}crypt{,_ext}.

Make sure to pass NULL for an empty buffer in the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 09:58:26 +01:00
Manuel Pégourié-Gonnard b23e31d86a Minor documentation/comment fixes
typos, overlong lines

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-07 09:57:35 +01:00
Gilles Peskine e410bf7320 Add changelog entry for the memory management fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
Gilles Peskine e54be3a9c3 Fix uncaught error if fix_negative fails
fix_negative allocates memory for its result. The calling site didn't
check the return value, so an out-of-memory error could lead to an
incorrect calculation. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
Gilles Peskine 89b4130098 Fix memory leak in mbedtls_mpi_sub_abs
Fix a memory leak in mbedtls_mpi_sub_abs when the output parameter is
aliased to the second operand (X = A - X) and the result is negative.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
Gilles Peskine 56f943a184 Always test in-place addition and subtraction
Run all the addition and subtraction tests with the result aliased to
the first operand and with the result aliased to the second operand.
Before, only some of the aliasing possibilities were tested, for only
some of the functions, with only some inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
gacquroff 1bfeb8a837 Add changelog entry file for bugfix 2927
Signed-off-by: gacquroff <gavina352@gmail.com>
2020-12-03 12:28:25 -08:00
Chris Jones e64a46f466 Fix exponentiation tests with MBEDTLS_MPI_MAX_BITS larger than 256
Fixes an issue where configs that had `MBEDTLS_MPI_MAX_BITS` greater than 256
but smaller than the test that was running (792 bits) the test would fail
incorrectly.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:48:27 +00:00
Chris Jones add9948784 Fix whitespace in changelog entry
Extra whitespace and a missing newline at end of file was causing an error with
`check_files.py`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 15:45:29 +00:00
Chris Jones 7c430305e3 Move dependancy to specific test cases
Move dependancy on `MBEDTLS_MPI_MAX_BITS` to apply to the specific test cases
which will break when `MBEDTLS_MPI_MAX_BITS` is too small. This re-enables
previous tests that were turned off accidentally.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 15:22:25 +00:00
Chris Jones 4592bd8982 Fix broken testing on numbers that may be greater than MPI_MAX_SIZE
Previously `mbedtls_mpi_exp_mod` was tested with values that were over
`MBEDTLS_MPI_MAX_SIZE` in size. This is useful to do as some paths are only
taken when the exponent is large enough however, on builds where
`MBEDTLS_MPI_MAX_SIZE` is under the size of these test values.

This fix turns off these tests when `MBEDTLS_MPI_MAX_SIZE` is too small to
safely test (notably this is the case in config-thread.h).

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 14:24:33 +00:00
John Durkop 6ca2327150 Update guards for ALG_SHA_224 and ALG_SHA_384 in crypto library
The previous revision of guards around SHA_224 and SHA_384 were not
correct. This set of changes ensures the proper code is available
when SHA_224 and SHA_384 are enabled for use.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-12-03 06:07:04 -08:00
Manuel Pégourié-Gonnard 6df90523e1 Add ChangeLog entries for auth_crypt changes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 13:00:58 +01:00
Chris Jones e146bdcff9 Fix cases where exponentiation was not fully tested
In two test cases, the exponentiation computation was not being fully tested
as when A_bytes (the base) == N_bytes (the modulus) -> A = N. When this is the
case A is reduced to 0 and therefore the result of the computation will always
be 0.

This fixes that issue and therefore increases the test coverage to ensure
different computations are actually being run.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 11:52:40 +00:00
Gilles Peskine 227366b4b0 Merge branch 'development' into development-restricted 2020-12-03 12:39:44 +01:00
Chris Jones aa850cdfdc Reword test cases
Reword test cases to be easier to read and understand.
Adds comments to better explain what the test is doing.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 11:35:41 +00:00
Manuel Pégourié-Gonnard f215ef82af Test that auth_decrypt{,_ext}() zeroize on failure
The documentation says it does, so it should be tested.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:33:31 +01:00
Gilles Peskine 54a6f23393
Merge pull request #3930 from ccvca/fix_missing_argument
Fix: Add missing arguments to debug message.
2020-12-03 12:29:03 +01:00
Manuel Pégourié-Gonnard 86796bc8a5 Add check_param test for cipher_auth_xxcrypt_ext()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:10 +01:00
Manuel Pégourié-Gonnard 9b2a78966f Use exact-size buffers for testing auth_xxcrypt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:10 +01:00
Manuel Pégourié-Gonnard f5cf71e14a Stop using deprecated functions in the library
all.sh -k '*deprecated*' now passes again

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:10 +01:00
Manuel Pégourié-Gonnard 513c243317 Deprecate mbedtls_cipher_auth_xxcrypt()
This temporarily breaks all.sh '*deprecated*' (deprecated functions still used
in the library), which will be fix in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard f2ffbc4387 Stop supporting NIST_KW in cipher_auth_xxcrypt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard 53f10e70fd Test cipher_auth_{en,de}crypt_ext()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard 89a8fe50fe Extract helper function for repeated test code
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard 4c1a1006df Improve comments/structure of auth_crypt test
We want to test both sets of functions (ext and non-ext) in turn, so goto exit
is not really and option.

Also, separate setting up the context (which is going to be the same for both
ext and non-ext functions) from setting up the buffers (which will vary).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:08 +01:00