Commit graph

11333 commits

Author SHA1 Message Date
Jaeden Amero 8d4d4f55f0 Makefile: Use full paths to refer to parent files
When running lcov, files can't be found relative to the parent project
(Mbed TLS) root. Use full, non-relative paths to refer to files used in
building Mbed Crypto from Mbed TLS in order to enable lcov to locate the
files properly.
2019-05-22 13:54:52 +01:00
Jaeden Amero 0cad4bac30
Merge pull request #123 from gilles-peskine-arm/api-link-index
Update link to PSA Crypto API HTML
2019-05-22 12:40:03 +01:00
Jaeden Amero 496c176d90
Merge pull request #266 from ARMmbed/psa-policy_alg2-poc
Keys may allow a second algorithm
2019-05-22 11:55:01 +01:00
Gilles Peskine 549ea8676a Minor documentation improvements 2019-05-22 11:45:59 +02:00
Gilles Peskine 7a91ece3be Update link to PSA Crypto API HTML
Now that we aren't using Doxygen directly any longer, there is no
longer a modules.html. Link to index.html instead.
2019-05-21 20:05:34 +02:00
Jaeden Amero 4719db39b7
Merge pull request #121 from gilles-peskine-arm/psa-api-1.0-beta-beta3_fix_unlinked_macros
Fix unlinked macros in API spec
2019-05-21 18:41:03 +01:00
Gilles Peskine a9b9cf7d1e Document macros that are referenced
Without documentation, Doxygen does not generate hyperlinks when the
macro is referenced and prints out #PSA_xxx instead.
2019-05-21 19:18:33 +02:00
Gilles Peskine 6a21123619 Remove obsolete mentions of PSA_ERROR_EMPTY_SLOT
There are no more "empty slots", so finish removing the corresponding
error.
2019-05-21 19:11:07 +02:00
Jaeden Amero 5b93990fc1
Merge pull request #119 from gilles-peskine-arm/psa-api-1.0-beta-beta3_minor_fixes
PSA 1.0 beta3 minor fixes
2019-05-21 17:52:57 +01:00
Gilles Peskine a741d39893 State that all error codes are negative 2019-05-21 18:43:27 +02:00
Gilles Peskine 737c6bef6a Fix grammar 2019-05-21 18:43:24 +02:00
Gilles Peskine 56e2dc8010 Use "sufficient buffer size" in buffer size macros
Don't use "safe buffer size", because this it's somewhat misleading to
make it about safety: a buffer size that's too small will lead to a
runtime error, not to undefined behavior.
2019-05-21 18:43:19 +02:00
Gilles Peskine 2cb9e39b50 Convert TLS1.2 KDF descriptions to multistep key derivation
Convert the description of PSA_ALG_TLS12_PRF and
PSA_ALG_TLS12_PSK_TO_MS to the key derivation API that takes one input
at a time rather than the old {secret,salt,label} interface.

Define a new input category "seed".
2019-05-21 18:43:19 +02:00
Gilles Peskine 6c6195d7ba Remove implementation comment from API specification 2019-05-21 18:43:19 +02:00
Gilles Peskine 4754cdeef8 Improve description of psa_open_key()
Remove obsolete reference to psa_make_key_persistent().
2019-05-21 18:43:18 +02:00
Gilles Peskine 52315e4c16 Enrollment algorithm in policy: add tests of psa_copy_key 2019-05-21 18:31:59 +02:00
Gilles Peskine 705cbfd802 Enrollment algorithm in policy: add support in psa_copy_key tests
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2).

This commit only tests with alg2=0, which is equivalent to not setting
an enrollment algorithm.
2019-05-21 18:31:59 +02:00
Gilles Peskine 131aa31c82 New key file format for 1.0.1
Add alg2 field and note that some encodings have changed.
2019-05-21 18:31:59 +02:00
Gilles Peskine 640273a35e Update key file format information for 1.0.0
The storage specification described a version tentatively called
0.2.0. This was actually released as 1.0.0 with the format as
described here.
2019-05-21 18:31:59 +02:00
Gilles Peskine 468c96cccc Enrollment algorithm in policy: update persistent key tests
The storage format has changed, so update the test data accordingly.
2019-05-21 17:06:35 +02:00
Gilles Peskine 81efb391eb Enrollment algorithm in policy: implement persistent keys 2019-05-21 17:06:35 +02:00
Gilles Peskine 6fbfdb9e06 Enrollment algorithm in policy: test persistent keys 2019-05-21 17:06:35 +02:00
Gilles Peskine cbce4d8889 Persistent key reload: test more metadata
In the tests for opening a persistent key after closing it, also read
back and check the key data if permitted by policy, and the key
policy.
2019-05-21 17:06:35 +02:00
Gilles Peskine 2c86ebc2f8 EC key pair import: check the buffer size
When importing a private elliptic curve key, require the input to have
exactly the right size. RFC 5915 requires the right size (you aren't
allowed to omit leading zeros). A different buffer size likely means
that something is wrong, e.g. a mismatch between the declared key type
and the actual data.
2019-05-21 17:06:27 +02:00
Gilles Peskine 536e20571a New macro to get the bit size of an elliptic curve 2019-05-21 17:06:03 +02:00
Gilles Peskine ca5bed742f Align test functions to usage/alg parameter order 2019-05-21 17:06:03 +02:00
Gilles Peskine d6f371b1ba Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-21 17:06:03 +02:00
Gilles Peskine d7d43b9791 Convert code samples to the new attribute-based key creation API 2019-05-21 15:56:03 +02:00
Gilles Peskine a0c0655c91 Add missing declarations to the API document
PSA_KEY_ATTRIBUTES_INIT and psa_key_attributes_init weren't declared
in the API document, only defined in our implementation, but they are
referenced in the API document.
2019-05-21 15:54:54 +02:00
Jaeden Amero 3d07ffade2 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following operations:
    - Reject changes to files removed during the creation of Mbed Crypto
      from Mbed TLS.
    - Reject the addition of certificates that would not be used by any
      tests, including rejecting the addition of Makefile rules to
      generate these certificates.
    - Reject changes to error.c referencing modules that are not part of
      Mbed Crypto.

* origin/development: (80 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  ...
2019-05-21 08:57:44 +01:00
Jaeden Amero 31d1432233 Merge remote-tracking branch 'origin/pr/2530' into development
* origin/pr/2530: (27 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fail in case critical crt policy not supported
  Update SAN parsing documentation
  change the type of hardware_module_name member
  Change mbedtls_x509_subject_alternative_name
  Add length checking in certificate policy parsing
  Rephrase x509_crt extension member description
  Rephrase changeLog entries
  Remove redundant memset()
  Propogate error when parsing SubjectAltNames
  Tidy up style in x509_info_subject_alt_name
  Print unparseable SubjectAlternativeNames
  ...
2019-05-20 18:02:25 +01:00
Jaeden Amero 9ebcf9b00a Merge remote-tracking branch 'origin/pr/2538' into development
* origin/pr/2538:
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  Add eap-tls key derivation in the examples.
  Add ChangeLog entry
  Add an extra key export function
  Have the temporary buffer allocated dynamically
  Zeroize secret data in the exit point
  Add a single exit point in key derivation function
2019-05-20 10:58:36 +01:00
Jaeden Amero fc4596f3d5 Merge remote-tracking branch 'origin/pr/2624' into development
* origin/pr/2624:
  Test the return value in the OID->X.509 map functions
  Add a test of the OID->MD map functions
  Add support for RSA PKCSv1.5 signatures using RIPEMD-160
2019-05-20 10:40:37 +01:00
Jaeden Amero 6a042fee2d Merge remote-tracking branch 'origin/pr/2636' into development
* origin/pr/2636:
  Only use submodule if present
2019-05-20 10:40:37 +01:00
Jaeden Amero 642cc821e2 Merge remote-tracking branch 'origin/pr/2465' into development
* origin/pr/2465:
  Ignore more generated files: seedfile, apidoc
  Improve .gitignore grouping and documentation
  Generate tags for Vi, for Emacs and with Global
2019-05-20 10:40:37 +01:00
Ron Eldor 6aeae9e962 Style fix
Add whitespace before parenthesis.
2019-05-20 12:00:36 +03:00
Ron Eldor 76a9c4a81f Fix test data
Fix test data to test what it actually intends to test.
2019-05-20 11:58:59 +03:00
Ron Eldor 8a59d6b964 Update test data
Update the test data for the negative certificate policies
extension tests with correct lengths, to test the correct behaviour.
Add another test.
2019-05-19 14:11:20 +03:00
Jaeden Amero fba7539ad7
Merge pull request #269 from ARMmbed/psa-slots_to_handles
Update API documentation to refer to handles and key ids, not slots
2019-05-17 10:18:34 +01:00
Gilles Peskine eff4942202
Merge pull request #268 from ARMmbed/psa-error_tampering_detected
Rename PSA_ERROR_TAMPERING_DETECTED to PSA_ERROR_CORRUPTION_DETECTED
2019-05-17 11:06:09 +02:00
Jaeden Amero 1d8f3b5107
Merge pull request #114 from gilles-peskine-arm/psa-keypair-to-key_pair
Rename KEYPAIR to KEY_PAIR and psa_generate_random_key to psa_generate_key
2019-05-17 09:59:34 +01:00
Gilles Peskine 35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine c93b80c350 Rename *KEYPAIR* to *KEY_PAIR*
Be consistent with PUBLIC_KEY.

perl -i -pe 's/KEYPAIR/KEY_PAIR/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Jaeden Amero 683898c079
Merge pull request #112 from gilles-peskine-arm/psa-remove_domain_parameters
Remove domain parameters from API 1.0
2019-05-17 09:55:13 +01:00
Adrian L. Shaw 0a695bd13e Simplify description of psa_copy_key 2019-05-16 22:11:18 +02:00
Adrian L. Shaw 52d83dabd6 Mention psa_close_key in the description of psa_open_key 2019-05-16 22:11:17 +02:00
Adrian L. Shaw d56456cbe8 Improve descriptions that mention handles and fix incorrect mention of psa_create_key 2019-05-16 22:10:51 +02:00
Adrian L. Shaw 67e1c7ac80 Remove remaining mentions of slots 2019-05-16 22:10:49 +02:00
Gilles Peskine 4b3eb69271 Rename PSA_ERROR_TAMPERING_DETECTED to ..._CORRUPTION_DETECTED
“Tampering detected” was misleading because in the real world it can
also arise due to a software bug. “Corruption detected” is neutral and
more precisely reflects what can trigger the error.

perl -i -pe 's/PSA_ERROR_TAMPERING_DETECTED/PSA_ERROR_CORRUPTION_DETECTED/gi' $(git ls-files)
2019-05-16 21:35:18 +02:00
Gilles Peskine 27a983d93c Grammar fix 2019-05-16 19:51:11 +02:00