mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 06:33:06 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,933 Commits 170 Branches 263 Tags
Commit Graph

298 Commits

Author SHA1 Message Date
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
aeeefef64e pk_wrap: use correct PSA alg in rsa_encrypt_wrap() when USE_PSA 
This bugfix was due in PR #8826, but we didn't catch that.
This commit also add proper testing in test_suite_pk that was not implemented
in #8826.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Dave Rodgman
6a3da2d5ed Add missing casts 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-27 10:41:53 +00:00
Valerio Setti
93ecbef6a8 pk_wrap: set proper PSA algin rsa wrappers based on padding mode set in RSA context 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-15 15:52:05 +01:00
Gilles Peskine
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:24:08 +01:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1 
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
 2024-02-08 08:45:30 +00:00
Valerio Setti
bb76f80218 pk_wrap: use proper raw buffer length in ecdsa_sign_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-06 16:57:23 +01:00
Valerio Setti
315e4afc0a psa_util: change parameters order in ECDSA conversion functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-05 10:09:15 +01:00
Valerio Setti
135ebde273 rsa: rename parse/write functions in order to follow the standard format 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-01 17:00:29 +01:00
Valerio Setti
bd5b9c61fe pk_wrap: use PSA util functions for ECDSA conversion instead of PK ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-24 16:14:37 +01:00
Valerio Setti
18dd00052e pk_wrap: use RSA module functions to write priv/pub key in RSA wrappers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-24 12:36:37 +01:00
Valerio Setti
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 13:27:32 +01:00
Tomi Fontanilles
9f41770313 pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C 
For real this time.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 13:05:55 +02:00
Tomi Fontanilles
1941af087c pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C 
Deprecated functions are removed and #ifdefs are updated accordingly.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles
8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext() 
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Valerio Setti
4ac2c18834 pk_wrap: try both ECDSA signature schemes in ecdsa_sign_psa() 
Instead of extracting key's properties in order to check whether it
supports deterministic or non-deterministic ECDSA, we try both.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-05 07:59:01 +01:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Manuel Pégourié-Gonnard
564bc1bb96 Fix limitation in checking supported alg in pk_sign 
The recent changes in pkparse made it so ECDSA (deterministic or not) is
set as the secondary alg and ECDH the first one. This broke the wrapper
in pk_wrap as it was only checking the first alg when deciding whether
to use deterministic or not. The wrapper should not have unnecessary
requirements on how algs are set up, so make the check more flexible.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
116175c5d7 Use helper macro for (deterministic) ECDSA 
- centralizes decision making about which version to use when
- avoids nested #ifs in pk_ecc_set_key()

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Dave Rodgman
2eab462a8c Fix IAR warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 13:30:37 +01:00
Dave Rodgman
02a53d7bef Fix IAR pointless integer comparison 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-28 17:19:50 +01:00
Gilles Peskine
a4c01dd6e9
Merge pull request #7991 from sarveshb14/fix/psa_rsa_signature_using_large_stack 
rsa_signature: Use heap memory to allocate DER encoded RSA private key
 2023-08-16 09:23:29 +00:00
Dave Rodgman
1d4d944e19
Merge pull request #7933 from tom-cosgrove-arm/add-mbedtls_zeroize_and_free 
Provide and use internal function mbedtls_zeroize_and_free()
 2023-08-03 12:56:21 +00:00
Sarvesh Bodakhe
430a4f3968 rsa_signature: Use heap memory to allocate DER encoded RSA private key 
'mbedtls_pk_psa_rsa_sign_ext' function allocates a buffer of maximum
size 5679 bytes (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES) on the stack to store
DER encoded private key. This increased stack usage significantly for
RSA signature operations when MBEDTLS_PSA_CRYPTO_C is defined.

This issue was discovered when adding support for EAP-TLS 1.3 (rfc9190).

Signed-off-by: Sarvesh Bodakhe <sarvesh.bodakhe@espressif.com>
 2023-07-27 14:51:25 +05:30
Tom Cosgrove
ca8c61b815 Provide and use internal function mbedtls_zeroize_and_free() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-17 15:17:40 +01:00
Valerio Setti
f6d4dfb745 library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Manuel Pégourié-Gonnard
2be8c63af7 Create psa_util_internal.h 
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Valerio Setti
35d1dacd82 pk_wrap: fix: always clear buffer holding private key in eckey_check_pair_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 18:04:16 +02:00
Valerio Setti
38913c16b0 pk_wrap: do not support opaque EC keys when !PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 16:18:33 +02:00
Valerio Setti
88a3aeed9f pk_wrap: use PK_HAVE_ECC_KEYS as guard for ecdsa_opaque_check_pair_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 15:01:10 +02:00
Valerio Setti
d9d74c285b pk_wrap: guard all ECDSA function with MBEDTLS_PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 15:00:02 +02:00
Valerio Setti
4d1daf8f8d pk_wrap: minor fixes for guards 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
97976e3e4c pk_wrap: always fill all the fields of the pk_info structures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
76d0f9637c pk: uniform naming of functions and structures in pk/pk_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
884c1ec1f5 pk_wrap: share code for selecting the psa_alg in ECDSA sign 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
574a00b576 pk_wrap: minor reorganization for opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
5c26b30d9e pk_wrap: add missing labels to #else and #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
bb7603a28f pk_wrap: optimize eckey_check_pair() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
f69514a7d8 pk_wrap: name all the fields of the pk_info structs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
e77307738d pk_wrap: add support for ECDSA verify for opaque keys 
This commit also add tests to verify the functionality

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
ed7d6af670 pk_wrap: optimize code for ECDSA verify 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
4657f10bdb pk_wrap: optimize code for ECDSA sign 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
81d75127ba library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti
8bb5763a85 library: replace deprecated symbols with temporary _LEGACY ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:23:55 +02:00
Manuel Pégourié-Gonnard
02b10d8266 Add missing include 
Fix build failures with config full

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
6076f4124a Remove hash_info.[ch] 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
2d6d993662 Use MD<->PSA functions from MD light 
As usual, just a search-and-replace plus:

1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
valerio
eab9a85f4c pk_wrap: add support for key pair check for EC opaque keys 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-06-05 11:05:40 +02:00
Valerio Setti
9efa8c4d14 pk: fix eckey_check_pair_psa 
The problem was that the private key ID was destroyed even when
MBEDTLS_PK_USE_PSA_EC_DATA was enabled and of course this was
not correct.
At the same time the code has been slighlty reorganized to make
it more readable.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-23 15:12:07 +02:00