Commit graph

9784 commits

Author SHA1 Message Date
Hanno Becker dfb949bb4e Fixup: Use TC ECC type instead of uint32_t during pubkey parsing
Using explicit enumerated types avoids type confusion.
2019-09-04 16:17:25 +01:00
Hanno Becker 28332a5642 TinyCrypt PK write: Impl. PK writing helpers for TC-based PK context 2019-09-04 16:17:25 +01:00
Hanno Becker 64a81b03aa TinyCrypt PK write: Make PK writing helpers accept PK context
This prepares the ground for TinyCrypt-based implementations of
these helpers.
2019-09-04 16:17:25 +01:00
Hanno Becker c64d5af9ab Fixup: Don't use legacy ECC error code from TinyCrypt
We want to be able to remove legacy ECC entirely when using TinyCrypt,
including their identifiers.
2019-09-04 16:17:25 +01:00
Hanno Becker c10c9bfc10 TinyCrypt Test: Add guards to ECDSA verify tests from PK test suite
- The underlying test vectors are for Secp192r1, while TinyCrypt uses Secp256r1.
- The test implementation is specific to the structure of legacy-ECC PK ctxs.

Addition of analogous tests for TinyCrypt-based ECC PK contexts are left
for a later commit.
2019-09-04 16:17:25 +01:00
Hanno Becker 251d7523fe TinyCrypt Test: Adapt 'PK utils: ECKEY' test in PK test suite 2019-09-04 16:17:25 +01:00
Hanno Becker da77971ec8 Fixup: Rename mbedtls_uecc_pk -> mbedtls_pk_uecc
This is in line with the naming of the analogous function mbedtls_pk_ec
used for legacy ECC PK contexts.
2019-09-04 16:17:25 +01:00
Hanno Becker 8cf2f5e466 TinyCrypt PK parse: Move TC-based EC public key parsing code-block
Keep code-paths handling legacy-ECC vs. TinyCrypt together
for better readability.
2019-09-04 16:17:25 +01:00
Hanno Becker 3bef643987 Fixup: Guard numerous legacy-ECC PK parse functions by !TinyCrypt 2019-09-04 16:17:25 +01:00
Hanno Becker d336f721c0 Fixup: Add missing TinyCrypt guard in ECC private key parsing
PEM-encoded keys with PEM header

  -----BEGIN EC PRIVATE KEY-----
  ...
  -----END EC PRIVATE KEY-----

were previously not parsed in configurations using TinyCrypt
instead of legacy ECC crypto.
2019-09-04 16:17:25 +01:00
Hanno Becker f2bf115057 TinyCrypt Test: Initialize TinyCrypt RNG in test suites if enabled 2019-09-04 16:17:25 +01:00
Hanno Becker 75f8d3276f TinyCrypt PK parse: Remove MBEDTLS_PK_ECDSA during pubkey parsing
The PK type MBEDTLS_PK_ECDSA is never returned from
`mbedtls_pk_info_from_type()`. Instead, EC keys either
are identified as MBEDTLS_PK_ECKEY_DH (in case they
must only be used for ECDHE) or MBEDTLS_PK_ECKEY (in
case they can be used for any algorithm).
2019-09-04 16:17:25 +01:00
Hanno Becker e65697c351 TinyCrypt PK parse: Handle each PK type precisely once 2019-09-04 16:17:25 +01:00
Hanno Becker d45f383b01 TinyCrypt PK parse: Impl. EC public key derivation in TC-based ECDSA 2019-09-04 16:17:25 +01:00
Hanno Becker 7e38c37302 TinyCrypt PK parse: Pass TC keypair structure to ECDSA pubkey parse 2019-09-04 16:17:25 +01:00
Hanno Becker 68d5478d8d TinyCrypt PK parse: Simplify TinyCrypt public key parsing 2019-09-04 16:17:25 +01:00
Hanno Becker aebffdd363 TinyCrypt PK parse: Add comments to #endif's indicating condition 2019-09-04 16:17:25 +01:00
Hanno Becker d7e0cd001c TinyCrypt PK wrap: Add short documentation for extract_ecdsa_sig_int 2019-09-04 16:17:25 +01:00
Hanno Becker 9653d80518 TinyCrypt PK wrap: Implement check_pair PK wrapper 2019-09-04 16:17:25 +01:00
Hanno Becker 4102972d31 TinyCrypt PK wrap: Implement alloc/free PK wrappers 2019-09-04 16:17:25 +01:00
Hanno Becker 11cb2637e7 TinyCrypt PK wrap: Simplify guards in pk_wrap.c
With TinyCrypt and legacy ECC mutually exclusive, we don't have
to use #if TINYCRYPT #else #if LEGACY #endif #endif anymore, but
can add the TC and legacy based ECC implementations independently.
2019-09-04 16:17:25 +01:00
Hanno Becker b1074979b8 all.sh: Remove default + TinyCrypt test from all.sh
TinyCrypt and legacy ECC are mutually exclusive by now, and this
commit removes the all.sh test which exercises both simultaenously.
2019-09-04 16:17:25 +01:00
Hanno Becker 52c52f3c2f check_config: Forbid simultaenous use of TinyCrypt and legacy ECC 2019-09-04 16:17:25 +01:00
Hanno Becker a417459ab1 Fixup: Remove trailing whitespace in oid.h 2019-09-04 16:17:25 +01:00
Hanno Becker 8ea35458e4 Fixup: TinyCrypt PK verify wrapper uecc_ecdsa_verify_wrap()
- TinyCrypt uses `0` for errors.
- The first argument to uECC_verify() should be the public key,
  but the previous code passed the beginning of the entire
  private-public key structure.
2019-09-04 16:17:25 +01:00
Hanno Becker 9c7a359cc4 Fixup: uecc_ecdsa_sign_wrap() in pk_wrap.c
The previous code passed `2 * NUM_ECC_BYTES` as the size limit for
the ECDSA signature, which fails to account for space required by
ASN.1 headers.
2019-09-04 16:17:25 +01:00
Hanno Becker 9a62f2dbfb Fixup: get_bitlen() PK API in TinyCrypt-based ECDSA
- Return number of bits and not number of bytes
- Return length of private key and not length of public key.
2019-09-04 16:17:25 +01:00
Hanno Becker 496b83ff1b Fixup: Correct include paths for TinyCrypt header files
TinyCrypt header files are expected in 'tinycrypt' folder
relative to the include path.
2019-09-04 16:17:25 +01:00
Hanno Becker ad353f289b Fixup: Minor style corrections around use of TinyCrypt 2019-09-04 16:17:25 +01:00
Hanno Becker e8f1448306 Fixup: Remove references to PSA from TinyCrypt wrapper code 2019-09-04 16:17:25 +01:00
Hanno Becker adf11e13a4 Fixup: Impl. MBEDTLS_PK_ECKEY, not MBEDTLS_PK_ECDSA, via TinyCrypt
The PK-type MBEDTLS_PK_ECDSA isn't really used by the library.
Especially, when parsing a generic EC key, a PK context of type
MBEDTLS_PK_ECKEY will be requested. Hence, to drop in TinyCrypt
for the legacy-ECC implementation, the PK type that TinyCrypt
implements must be MBEDTLS_PK_ECKEY.
2019-09-04 16:17:25 +01:00
Hanno Becker 483fd66d21 Fixup: Don't reference legacy ECP curve identifier in check_config.h 2019-09-04 16:17:25 +01:00
Hanno Becker 49ac40b81b Fixup: Don't reference legacy ECP curve identifier in config.h
TinyCrypt should be used as a replacement of legacy ECC. In particular,
there shouldn't be any use of identifiers from the legacy ECC module.

So far, there's the configuration option

  MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID

that's relevant if MBEDTLS_SSL_CONF_SINGLE_CURVE is set, and which in
this case must resolve to an identifier of type mbedtls_ecp_group_id
indicating which single curve to enable.

With the introduction of TinyCrypt, we must either change the type
of this option to mbedtls_uecc_group_id, or introduce a separate
compilation option.

In order to avoid type confusion, this commit follows tha latter
approach, introducing the configuration option

  MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID

that indicatesthe TinyCrypt group identifier of the single curve
to use (must be Secp256r1) if MBEDTLS_SSL_CONF_SINGLE_CURVE
and MBEDTLS_USE_TINYCRYPT are set.
2019-09-04 16:17:25 +01:00
Hanno Becker 8d49ba3b78 Fixup: Definition of TinyCrypt OID descriptor structure 2019-09-04 16:17:25 +01:00
Jarno Lamsa 7cb5c11067 Missing uECC ECDSA flagging 2019-09-04 16:17:25 +01:00
Jarno Lamsa ad78931fb3 Signature wrapper for uECC 2019-09-04 16:17:25 +01:00
Jarno Lamsa 9c9e77a8ad Actually use the parse functions 2019-09-04 16:17:25 +01:00
Jarno Lamsa b176092656 Parse private key in uecc format
Parse the private key from cert in uecc format.
Accept only P-256 curve.
2019-09-04 16:17:25 +01:00
Jarno Lamsa 42b83db1eb Verify sign wrapper functionality for uECC 2019-09-04 16:17:25 +01:00
Simon Butcher e1c5608370 Merge remote-tracking branch 'origin/pr/650' into baremetal 2019-09-04 12:53:09 +01:00
Simon Butcher 42e4e723e8 Merge remote-tracking branch 'origin/pr/648' into baremetal 2019-09-04 12:42:35 +01:00
Simon Butcher a5e29e31c8 Merge remote-tracking branch 'origin/pr/646' into baremetal 2019-09-04 12:41:05 +01:00
Simon Butcher 8afa0883af Merge remote-tracking branch 'origin/pr/641' into baremetal 2019-09-04 12:17:33 +01:00
Hanno Becker 2ccdab8ef3 Fixup alignment in ssl_server2 2019-09-03 09:01:49 +01:00
Hanno Becker 10da2a39be Fix unused variable warnings in ssl_client2/ssl_server2 2019-09-03 08:59:36 +01:00
Hanno Becker 801de73ad6 Remove CTR DRBG from baremetal test configuration 2019-09-03 08:59:36 +01:00
Hanno Becker c973fdee72 all.sh: Add test exercising configurations without CTR DRBG 2019-09-03 08:59:05 +01:00
Hanno Becker 7f1c805b23 Allow ssl_client2/ssl_server2 to use HMAC DRBG instead of CTR DRBG
So far, ssl_client2 and ssl_server2 were relying on MBEDTLS_CTR_DRBG_C
being set. This commit adapts them to use HMAC DRBG in case CTR DRBG
is disabled in the configuration.

Note that disabling CTR DRBG in favor of HMAC DRBG can be useful on
constrained systems because Mbed TLS' HMAC DRBG is slightly smaller,
and moreover needed anyway as part of deterministic ECDSA.
2019-09-03 08:59:05 +01:00
Hanno Becker df9633b21c Add missing dependency of RSA test on CTR DRBG 2019-09-03 08:59:05 +01:00
Manuel Pégourié-Gonnard d6fba18328
Merge pull request #643 from hanno-arm/secp256r1-baremetal
[Baremetal] Add Secp256r1 test certificates
2019-09-02 08:49:20 +02:00