mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-28 09:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
23,406 Commits 172 Branches 263 Tags
Commit Graph

1141 Commits

Author SHA1 Message Date
Paul Elliott
6ee2408d26 Remove deterministic alg restriction on sign hash 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
068fe07740 Improve indentation of hash start functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
7cc4e816c1 Ensure max ops gets set regardless of having built-in implementation 
Set the psa level global anyway, regardless of having a built in
implementation, to match the set function. Also, ensure that value returned
is the same as value passed in, irregardless of internal implementation
requirements.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
59ad9457b6 Add {sign/verify}_hash_abort_internal 
Ensure that num_ops is cleared when manual abort is called, but obviously not
when an operation just completes, and test this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
296ede99c9 Fix issues with get_{sign/verify}_num_ops 
Move to accumulate ops in context rather than attempting to read straight out
of structures due to structure ops getting reset per operation, and also
issues with _abort clearing internal data. Fix usage of size_t in structures

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
588f8ed498 Add internal implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
9fe12f666b PSA level initial implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 12:13:17 +00:00
Gilles Peskine
bb3814c7a8 Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS 
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.

This is tested by test_suite_psa_crypto_op_fail.generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:23 +01:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Tom Cosgrove
1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement 
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
 2022-12-01 11:40:52 +00:00
Aditya Deshpande
1ac41dec09 Add test function for opaque driver (simply returns PSA_ERROR_NOT_SUPPORTED), and address other review comments. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-28 14:46:30 +00:00
Gilles Peskine
42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption 
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 14:16:52 +01:00
Aditya Deshpande
5e3c70e3be Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:58:52 +00:00
Aditya Deshpande
2f7fd76d91 Replace PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE with PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE in psa_key_agreement_internal(). 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-22 11:10:34 +00:00
Przemek Stekiel
e2d6b5f45b psa_key_slot_get_slot_number: Move documentation to header file 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:03:52 +01:00
Przemek Stekiel
348410f709 Make a copy of the key in operation while setting pake password 
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-15 22:22:07 +01:00
Aditya Deshpande
3f1606a1f6 Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA. 
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-07 09:22:52 +00:00
Aditya Deshpande
40c05cc8e4 Newlines at end of file + trim trailing whitespace 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-14 16:46:51 +01:00
Aditya Deshpande
17845b8f71 Add driver wrapper function for raw key agreement, along with test call for transparent drivers. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-14 16:46:00 +01:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test 
Enable testing of AEAD drivers with libtestdriver1
 2022-10-14 11:11:01 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 
Include platform.h unconditionally
 2022-10-13 10:19:22 +02:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types 
Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:50 +02:00
Przemek Stekiel
6ab50762e0 psa_aead_setup: validate tag length before calling driver setup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-08 17:54:30 +02:00
Przemek Stekiel
86679c7bd8 psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-07 08:24:19 +02:00
Przemek Stekiel
8a05a646f4 Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 17:01:58 +02:00
Przemek Stekiel
ff1efc9a84 psa_aead_check_nonce_length: Fix unused variable warining 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 16:53:47 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 
Ad-hoc KDF for EC J-PAKE in TLS 1.2
 2022-09-28 09:47:32 +02:00
Przemek Stekiel
4c49927bad Fix unused variables warnings in default + stream cipher only build 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-27 15:04:14 +02:00
Andrzej Kurek
b510cd2c50 Fix a copy-paste error - wrong macro used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-26 10:50:22 -04:00
Andrzej Kurek
5603efd525 Improve readability and formatting 
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-26 10:49:16 -04:00
Andrzej Kurek
7763829c5c Add missing ifdef when calculating operation capacity 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 12:24:52 -04:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 07:24:14 -04:00
Andrzej Kurek
b093650033 Add proper capacity calculation for EC J-PAKE to PMS KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 07:13:00 -04:00
Andrzej Kurek
702776f7cc Restrict the EC J-PAKE to PMS input type to secret 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 06:22:44 -04:00
Gilles Peskine
e9b55929dc Remove useless platform macro redefinitions: automatic part 
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:34:15 +02:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:26 -04:00
Neil Armstrong
4b5710f8a0 Allow KEY_TYPE_PASSWORD/KEY_TYPE_PASSWORD_HASH to be imported 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1 
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
 2022-06-20 15:27:46 +02:00
Przemek Stekiel
69c4679b22 Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-14 11:13:32 +02:00
Przemek Stekiel
75fe3fb1d7 psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-09 14:44:55 +02:00
Przemek Stekiel
b57a44bf9b is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:43 +02:00
Przemek Stekiel
cde3f783f5 Make info valid only after secret for HKDF-EXPAND + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea Make salt mandatory for HKDF-EXTRACT + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:25:43 +02:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
a29b488296 Optimize code by adding PSA_ALG_IS_ANY_HKDF macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:09 +02:00
Przemek Stekiel
459ee35062 Fix typo and style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-02 11:16:52 +02:00
Przemek Stekiel
03d948c47f Refacor code for HKDF-Extract algorithm 
Solution provided by @mpg.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 11:45:20 +02:00
Przemek Stekiel
2fb0dcd403 psa_hkdf_input: use more suitable condition and add comments 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 10:34:37 +02:00
Przemek Stekiel
b398d8693f Update descryption of HKDF-Extract/Expand algs and fix comment 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-18 15:43:54 +02:00