yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-07-10 06:17:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
10818 commits 88 branches 205 tags 69 MiB
Commit graph

10818 commits

This branch
This branch
All branches
Author SHA1 Message Date
Hanno Becker 4ae8b497c0 Merge branch 'iotssl-2578-psa-sig-verification' into development-psa-proposed 2018-11-23 11:37:00 +00:00
Hanno Becker a0a96a0c56 Merge branch 'psa_cipher_integration' into development-psa-proposed 2018-11-23 11:26:57 +00:00
Hanno Becker f8b5f27bce Merge branch 'psa_cipher' into development-psa-proposed 2018-11-23 11:18:02 +00:00
Hanno Becker 485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Hanno Becker b345ae64f1 Merge branch 'iotssl-2596-opaque-csr-creation' into development-psa-proposed 2018-11-23 11:05:04 +00:00
Hanno Becker ee618f7241 Merge branch 'iotssl-2574-pk-opaque-tls' into development-psa-proposed 2018-11-23 10:31:00 +00:00
Hanno Becker 9aa921f336 Merge branch 'iotssl-2580-pk-opaque-psa' into development-psa-proposed 2018-11-23 10:17:36 +00:00
Jaeden Amero 565e0bf49d
Merge pull request #212 from ARMmbed/psa-integration-utilities_CRYPTO 
Mbed TLS integration: Shared code between module-specific integration work
 2018-11-23 09:00:22 +00:00
Andrzej Kurek 266d907c87 pk_wrap.c: fix length mismatch check placement 2018-11-22 13:37:14 -05:00
Andrzej Kurek 96cc1b3def pk_wrap.c: tidy up signature extraction 
Add a sanity check for signature length, remove superfluous bounds check.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek e30ad542a1 Cosmetic changes 
Move memset to a more relevant spot, fix one whitespace error
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 73bf6b9e00 pk_wrap: rework and tidy up signature extraction 
Improve comments, use a normal buffer instead of mbedtls_asn1_buf,
remove unneeded variables and use shared utilities where possible.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 688ea8d10d pk_wrap: reuse a static buffer for signature extraction 
Use a buffer left over after importing a key to hold an extracted signature.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 3016de3eeb pk_wrap: rework signature extraction to work with small r and s values 
There is a probability that r will be encoded as 31 or less bytes in DER,
so additional padding is added in such case.
Added a signature-part extraction function to tidy up the code further.
 2018-11-22 13:37:14 -05:00
Manuel Pégourié-Gonnard 7b7808cc76 Add tests for ECDSA verify with short r, s values 
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 45fc464156 pk_wrap: improve error codes returned from ecdsa_verify_wrap 
Use the shared PSA utilities to translate errors.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek ca6330992e pk_wrap: switch to helper functions defined in psa_util.h 
Remove duplicated helper functions.
Remove an unnecessary call to psa_crypto_init().
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 510ee70501 pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap 
Adjust tests to pass a valid algorithm
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 2f69b1a059 pk_wrap: destroy key slot on errors with policy or key importing 2018-11-22 13:37:14 -05:00
Andrzej Kurek c097b0fded pk_wrap: add a check for equal signature parts 2018-11-22 13:37:14 -05:00
Andrzej Kurek f8c94a811a pk_wrap: check if curve conversion is successful 2018-11-22 13:37:14 -05:00
Andrzej Kurek 6d49ae9223 pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig 
Fix a double free error in ecdsa_verify_wrap
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 1e3b6865d7 pk_wrap: cosmetic changes 
Adjust whitespaces and variable names
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 39d1f4b29f pk_wrap.c: add support for ecdsa signature verification using PSA 
Use PSA internally to verify signatures.
Add a conversion to a raw signature format.
 2018-11-22 13:37:14 -05:00
Andrzej Kurek 60ea0fc185 Remove trailing whitespace 2018-11-22 13:02:29 -05:00
Andrzej Kurek 593fccdf97 x509: remove unnecessary calls to psa_hash_abort 
According to the documentation, it does not need to be called after a failed
psa_hash call.
 2018-11-22 12:53:32 -05:00
Andrzej Kurek 78276b1c73 x509: use the PSA API to perform hashing operations 
So far limited only to certificate verification withour CRL and CSR generation.
 2018-11-22 12:53:32 -05:00
Andrzej Kurek 3bd69dda1a pkwrite: add an explicit cast to size_t 2018-11-22 12:43:53 -05:00
Andrzej Kurek d6d07909f2 Remove trailing whitespace 2018-11-22 12:43:53 -05:00
Andrzej Kurek 16d6000577 pkwrite: add a safety check before calculating the buffer size 2018-11-22 12:43:53 -05:00
Andrzej Kurek 2f31122585 Cosmetic changes 
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
 2018-11-22 12:43:53 -05:00
Andrzej Kurek c3de438b8e Add CSR write testing using opaque keys 
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
 2018-11-22 12:43:53 -05:00
Andrzej Kurek 6f249de706 pkwrite: add opaque key handling for public key exporting 
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
 2018-11-22 12:43:53 -05:00
Andrzej Kurek b7f3ac6504 pkwrite: add an explicit cast to size_t 2018-11-22 12:05:08 -05:00
Andrzej Kurek 967cfd18fd Remove trailing whitespace 2018-11-22 12:05:08 -05:00
Andrzej Kurek 158c3d10d0 pkwrite: add a safety check before calculating the buffer size 2018-11-22 12:05:08 -05:00
Andrzej Kurek 4b11407258 Cosmetic changes 
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek 5f7bad34bb Add CSR write testing using opaque keys 
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek 5fec0860f9 pkwrite: add opaque key handling for public key exporting 
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek 8b38ff57ab Remove trailing whitespace 2018-11-22 11:53:04 -05:00
Andrzej Kurek a609337ca0 x509: remove unnecessary calls to psa_hash_abort 
According to the documentation, it does not need to be called after a failed
psa_hash call.
 2018-11-22 11:53:04 -05:00
Andrzej Kurek d4a6553191 x509: use the PSA API to perform hashing operations 
So far limited only to certificate verification withour CRL and CSR generation.
 2018-11-22 11:53:04 -05:00
Gilles Peskine 30b4641011
Merge pull request #219 from ARMmbed/enable_entropy_injection 
always compile mbedtls_psa_inject_entropy (#219)
 2018-11-22 17:50:54 +01:00
Netanel Gonen 596e65e1a5 Fix indentation 2018-11-22 18:41:43 +02:00
Manuel Pégourié-Gonnard f83d31260d Implement key_opaque option to ssl_client2 2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard ca906fb8b9 Add option key_opaque to ssl_client2 (skeleton) 
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
 2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard e31411a814 Fix test that wasn't actually effective 
psa_destroy_key() returns success even if the slot is empty.
 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 72d94be0de Improve description of a test 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 2614562212 Add test utility function: wrap_as_opaque() 
The new function is not tested here, but will be in a subsequent PR.
 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 29a1325b0d Guard against PSA generating invalid signature 
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
 2018-11-22 16:39:39 +00:00