mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-28 19:13:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,049 Commits 172 Branches 263 Tags
Commit Graph

8049 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hanno Becker
b345ae64f1 Merge branch 'iotssl-2596-opaque-csr-creation' into development-psa-proposed 2018-11-23 11:05:04 +00:00
Hanno Becker
ee618f7241 Merge branch 'iotssl-2574-pk-opaque-tls' into development-psa-proposed 2018-11-23 10:31:00 +00:00
Hanno Becker
9aa921f336 Merge branch 'iotssl-2580-pk-opaque-psa' into development-psa-proposed 2018-11-23 10:17:36 +00:00
Andrzej Kurek
b7f3ac6504 pkwrite: add an explicit cast to size_t 2018-11-22 12:05:08 -05:00
Andrzej Kurek
967cfd18fd Remove trailing whitespace 2018-11-22 12:05:08 -05:00
Andrzej Kurek
158c3d10d0 pkwrite: add a safety check before calculating the buffer size 2018-11-22 12:05:08 -05:00
Andrzej Kurek
4b11407258 Cosmetic changes 
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek
5f7bad34bb Add CSR write testing using opaque keys 
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
 2018-11-22 12:05:08 -05:00
Andrzej Kurek
5fec0860f9 pkwrite: add opaque key handling for public key exporting 
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
 2018-11-22 12:05:08 -05:00
Manuel Pégourié-Gonnard
cfdf8f4d8f Implement key_opaque option to ssl_client2 2018-11-22 14:35:11 +00:00
Manuel Pégourié-Gonnard
ef68be4553 Add option key_opaque to ssl_client2 (skeleton) 
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
 2018-11-22 14:35:11 +00:00
Manuel Pégourié-Gonnard
23a1ccd23f Fix test that wasn't actually effective 
psa_destroy_key() returns success even if the slot is empty.
 2018-11-22 12:21:20 +01:00
Hanno Becker
e10f191543 Remove MBEDTLS_PSA_CRYPTO_SPM from config.pl 
This configuration option has been removed by now.
 2018-11-22 09:43:35 +00:00
Manuel Pégourié-Gonnard
fa9a1ca967 Improve description of a test 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
347a00e07e Add test utility function: wrap_as_opaque() 
The new function is not tested here, but will be in a subsequent PR.
 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
59eecb0e9e Guard against PSA generating invalid signature 
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
9a5a77ba7c Use shared function for error translation 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
45013a1d54 Fix a compliance issue in signature encoding 
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
509aff111f Improve documentation of an internal function 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
d8454bc515 Get rid of large stack buffers in PSA sign wrapper 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
2f2b396b7a Add new macro to detemine ECDSA signature length 
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71

This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
392dc045c9 Improve documentation of mbedtls_pk_setup_opaque() 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
69baf70984 Align names to use "opaque" only everywhere 
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
3686771dfa Implement pk_sign() for opaque ECDSA keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
d97390e97d Add tests for unsupported operations/functions 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
920c063bad Implement can_do for opaque ECC keypairs 
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
0184b3c69b Add support for get_(bit)len on opaque keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
01a12c49aa Add key generation to opaque test function 
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
7b5fe041f1 Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
eaeb7b23ff Clarify return value of pk_check_pair() 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
20678b2ae2 Skeleton for PK_OPAQUE_PSA 2018-11-22 09:59:34 +01:00
Hanno Becker
6e02197e24 Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh 2018-11-21 21:08:43 +00:00
Hanno Becker
4d30776826 Remove double white space 2018-11-21 21:08:43 +00:00
Hanno Becker
186b65ac61 Use MBEDTLS_PSA_UTIL_H instead of MBEDTLS_PSA_COMPAT_H in psa_util.h 
This is still an artifact from when psa_util.h was called psa_compat.h.
 2018-11-21 21:08:43 +00:00
Hanno Becker
51560b62ed State explicitly that any API depending on PSA is unstable 2018-11-21 21:08:43 +00:00
Hanno Becker
f0cd6191ef Update VisualC files 2018-11-21 21:08:43 +00:00
Hanno Becker
f5f9ea26bb Improve documentation of mbedtls_psa_err_translate_pk() 2018-11-21 21:08:43 +00:00
Hanno Becker
010cf7eced Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode() 
In case of AEAD ciphers, the cipher mode (and not even the entire content
of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t
because it doesn't specify the AEAD tag length, which however is included
in psa_algorithm_t identifiers.

This commit adds a tag length value to mbedtls_psa_translate_cipher_mode()
to account for that ambiguity.
 2018-11-21 21:08:43 +00:00
Hanno Becker
000334f398 Add function to translate PSA errors to PK module errors 2018-11-21 21:08:43 +00:00
Hanno Becker
afebf5a153 Fix Doxygen annotation in psa_util.h 2018-11-21 21:08:43 +00:00
Hanno Becker
5a9942e7d2 Initialize PSA Crypto implementation in ssl_server2 2018-11-21 21:08:43 +00:00
Hanno Becker
b2b468ba45 Initialize PSA Crypto implementation in ssl_client2.c 2018-11-21 21:08:43 +00:00
Hanno Becker
1cfc5ddb11 Initialize PSA Crypto implementation at the start of each test suite 2018-11-21 21:08:43 +00:00
Hanno Becker
b26c1938d2 Make PSA utility functions static inline 
Compilers warn about unused static functions.
 2018-11-21 21:08:43 +00:00
Hanno Becker
5525126ed8 Add PSA-to-Mbed TLS translations for cipher module 2018-11-21 21:08:43 +00:00
Hanno Becker
87837b2ec6 Add internal header for PSA utility functions 
This commit adds the header file mbedtls/psa_util.h which contains
static utility functions `mbedtls_psa_xxx()` used in the integration
of PSA Crypto into Mbed TLS.

Warning: These functions are internal only and may change at any time.
 2018-11-21 21:08:42 +00:00
Manuel Pégourié-Gonnard
655c0a8d76 Add build using PSA to all.sh 2018-11-21 21:08:40 +00:00
Manuel Pégourié-Gonnard
aeefa49edd Add config option for X.509/TLS to use PSA 2018-11-21 21:03:14 +00:00
Simon Butcher
55517ae95f Merge remote-tracking branch 'public/pr/2146' into development-proposed 2018-11-21 16:27:47 +00:00
Gilles Peskine
bc554f66ef Document Mbed Crypto and the PSA API 
Briefly explain that this is experimental, and document how to try it out.
 2018-11-21 12:54:57 +00:00