Commit graph

2144 commits

Author SHA1 Message Date
Moran Peker e1210dcac3 remove unused parameter in psa_cipher_finish. 2018-09-05 12:14:28 +03:00
Moran Peker 3205a6592b tests fix 2018-09-05 12:14:28 +03:00
mohammad1603 8481e74ecc CR fixes
more fixes

Compilation fixes

Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603 cdd3be9cfb Add psa_crypto test suite to Cmake
Add psa_crypto test suite to Cmake
2018-09-05 12:14:26 +03:00
mohammad1603 e6b67a1e78 Fix parameters in test suite
Fix test function signature in test suite
2018-09-05 12:13:23 +03:00
mohammad1603 d7d7ba5749 add positive test scenarios 2018-09-05 12:13:23 +03:00
Gilles Peskine a0655c3501 Merge remote-tracking branch 'psa/pr/13' into feature-psa
Conflicts:
	library/psa_crypto.c
	tests/suites/test_suite_psa_crypto.data
	tests/suites/test_suite_psa_crypto.function

All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
mohammad1603 5d7ec2033d fix key lifetime set implementation , tests accordingly 2018-09-05 12:01:37 +03:00
mohammad1603 ba178511f4 Remove unused and duplicated erros, fix documentation and tests
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603 060ad8ac34 Compilation and tests fixes 2018-09-05 12:01:37 +03:00
mohammad1603 804cd71bf8 initial key lifetime implementation and tests 2018-09-05 12:01:37 +03:00
Gilles Peskine c63b6ba754 Merge remote-tracking branch 'psa/pr/14' into feature-psa
Conflict resolution:

* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14,
  rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
  was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
mohammad1603 d926b88085 Fix Policy enforcement sign test
Fix Policy sign scenario for enforcement test
2018-09-05 11:53:26 +03:00
mohammad1603 6df908f234 Add static internal MAC finish function
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
mohammad1603 4eed757901 add new test scenarios 2018-09-05 11:53:26 +03:00
mohammad1603 a97cb8c303 Add calls for set policy in export/sign tests
Add calls for set policy in export/sign tests
2018-09-05 11:53:26 +03:00
Gilles Peskine a59262338a Rename PKCS1V15 to PKCS1V15_SIGN
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
mohammad1603 8cc1ceec3e Key Policy APIs implementation 2018-09-05 11:53:26 +03:00
Gilles Peskine 40f68b9863 Use unhexify_alloc where applicable 2018-09-05 11:53:25 +03:00
Gilles Peskine 8c9def3e7f PSA: Implement MAC functions
Implement psa_mac_start, psa_mac_update and psa_mac_final.

Implement HMAC anc CMAC.

Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine 9ef733faa0 Implement hash functions
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.

Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine 93aa0334d9 PSA asymmetric signature: set *signature_length = 0 on failure 2018-09-05 11:53:24 +03:00
Gilles Peskine 0189e7512d PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine 20035e3579 PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
Define hash algorithms and RSA signature algorithms.

New function psa_asymmetric_sign.

Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine c66ea6a921 PSA key import: support RSA public keys
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine 969ac726d9 PSA RSA key import: don't rely on pk so much
Don't use the pk module except as required for pkparse/pkwrite. The
PSA crypto layer is meant to work alongside pk, not on top of it.

Fix the compile-time dependencies on RSA/ECP handling in
psa_export_key, psa_destroy_key and psa_get_key_information.
2018-09-05 11:53:24 +03:00
Gilles Peskine 2f9c4dc5ad Add key management functions
Define psa_key_type_t and a first stab at a few values.

New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.

Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine 1d26709dbd New function mbedtls_rsa_get_bitlen
Add a new function mbedtls_rsa_get_bitlen which returns the RSA key
size, i.e. the bit size of the modulus. In the pk module, call
mbedtls_rsa_get_bitlen instead of mbedtls_rsa_get_len, which gave the
wrong result for key sizes that are not a multiple of 8.

This commit adds one non-regression test in the pk suite. More tests
are needed for RSA key sizes that are a multiple of 8.

This commit does not address RSA alternative implementations, which
only provide an interface that return the modulus size in bytes.
2018-09-05 11:53:24 +03:00
Gilles Peskine e59236fc17 Add PSA crypto module
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.

Implement psa_crypto_init function which sets up a RNG.

Add a mbedtls_psa_crypto_free function which deinitializes the
library.

Define a first batch of error codes.
2018-09-05 10:59:00 +03:00
Simon Butcher 4d075cd7d0 Update library version number to 2.13.0 2018-08-31 15:59:10 +01:00
Simon Butcher 552754a6ee Merge remote-tracking branch 'public/pr/1988' into development 2018-08-30 00:57:28 +01:00
Simon Butcher 68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Simon Butcher e50128a692 Merge remote-tracking branch 'public/pr/1994' into development 2018-08-30 00:56:18 +01:00
Hanno Becker 108992e776 Add MTU auto-reduction test with valgrind 2018-08-29 17:19:09 +01:00
Hanno Becker 37029ebc63 Skip MTU auto-reduction test when running valgrind 2018-08-29 17:19:06 +01:00
Hanno Becker 39b8bc9aef Change wording of debug message 2018-08-28 17:52:49 +01:00
Hanno Becker 7c48dd11db ssl-opt.sh: Add function extracting val or default val from config.h 2018-08-28 16:09:22 +01:00
Hanno Becker dc1e950170 DTLS reordering: Add test for buffering a proper fragment
This commit adds a test to ssl-opt.sh which exercises the behavior
of the library in the situation where a single proper fragment
of a future handshake message is received prior to the next
expected handshake message (concretely, the client receives
the first fragment of the server's Certificate message prior
to the server's ServerHello).
2018-08-28 16:02:33 +01:00
Simon Butcher 14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher 1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Simon Butcher 9598845d11 Merge remote-tracking branch 'public/pr/1955' into development 2018-08-28 12:00:18 +01:00
Hanno Becker e604556feb ssl-opt.sh: Don't hardcode varname in requires_config_value_xxx() 2018-08-28 11:24:55 +01:00
Hanno Becker b841b4f107 ssl-opt.sh: Remove reference to Github issue 2018-08-28 10:25:51 +01:00
Hanno Becker 3b8b40c16d ssl-opt.sh: Add function to skip next test 2018-08-28 10:25:41 +01:00
Simon Butcher 6f032a60c9 Merge remote-tracking branch 'public/pr/1963' into development 2018-08-28 10:21:06 +01:00
Simon Butcher badeb07872 Merge remote-tracking branch 'public/pr/1967' into development 2018-08-28 10:20:23 +01:00
Hanno Becker b9a0086975 ssl-opt.sh: Explain use of --insecure in GnuTLS client tests 2018-08-28 10:20:22 +01:00
Hanno Becker 2f5aa4c64e all.sh: Add builds allowing to test dropping buffered messages
This commit adds two builds to all.sh which use a value of
MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the
reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 14:48:11 +01:00
Hanno Becker a1adcca1da ssl-opt.sh: Add tests exercising freeing of buffered messages
This commit adds tests to ssl-opt.sh which trigger code-paths
responsible for freeing future buffered messages when the buffering
limitations set by MBEDTLS_SSL_DTLS_MAX_BUFFERING don't allow the
next expected message to be reassembled.

These tests only work for very specific ranges of
MBEDTLS_SSL_DTLS_MAX_BUFFERING and will therefore be skipped
on a run of ssl-opt.sh in ordinary configurations.
2018-08-24 14:48:11 +01:00
Hanno Becker 5cd017f931 ssl-opt.sh: Allow numerical constraints for tests
This commit adds functions requires_config_value_at_most()
and requires_config_value_at_least() which can be used to
only run tests when a numerical value from config.h
(e.g. MBEDTLS_SSL_IN_CONTENT_LEN) is within a certain range.
2018-08-24 14:48:11 +01:00