mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-30 16:20:11 +00:00

Author	SHA1	Message	Date
Hanno Becker	7fde035ddc	Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed	2018-11-23 15:47:20 +00:00
Jaeden Amero	82df32e3fd	psa: Unused key_bits is OK When MD or CMAC are disabled, let the compiler know that it is OK that `key_bits` is set but not used by casting `key_bits` to `(void)`.	2018-11-23 15:20:56 +00:00
Simon Butcher	ebeb6cb446	Update library version to 2.15.0	2018-11-23 14:18:15 +00:00
Hanno Becker	3441d2e4a4	Merge branch 'iotssl-2597-psa-hashing-x509' into development-psa-proposed	2018-11-23 11:42:07 +00:00
Hanno Becker	4ae8b497c0	Merge branch 'iotssl-2578-psa-sig-verification' into development-psa-proposed	2018-11-23 11:37:00 +00:00
Hanno Becker	a0a96a0c56	Merge branch 'psa_cipher_integration' into development-psa-proposed	2018-11-23 11:26:57 +00:00
Hanno Becker	f8b5f27bce	Merge branch 'psa_cipher' into development-psa-proposed	2018-11-23 11:18:02 +00:00
Hanno Becker	485529952f	Merge branch 'opaque_psk_implementation' into development-psa-proposed	2018-11-23 11:12:38 +00:00
Andrzej Kurek	266d907c87	pk_wrap.c: fix length mismatch check placement	2018-11-22 13:37:14 -05:00
Andrzej Kurek	96cc1b3def	pk_wrap.c: tidy up signature extraction Add a sanity check for signature length, remove superfluous bounds check.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	e30ad542a1	Cosmetic changes Move memset to a more relevant spot, fix one whitespace error	2018-11-22 13:37:14 -05:00
Andrzej Kurek	73bf6b9e00	pk_wrap: rework and tidy up signature extraction Improve comments, use a normal buffer instead of mbedtls_asn1_buf, remove unneeded variables and use shared utilities where possible.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	688ea8d10d	pk_wrap: reuse a static buffer for signature extraction Use a buffer left over after importing a key to hold an extracted signature.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	3016de3eeb	pk_wrap: rework signature extraction to work with small r and s values There is a probability that r will be encoded as 31 or less bytes in DER, so additional padding is added in such case. Added a signature-part extraction function to tidy up the code further.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	45fc464156	pk_wrap: improve error codes returned from ecdsa_verify_wrap Use the shared PSA utilities to translate errors.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	ca6330992e	pk_wrap: switch to helper functions defined in psa_util.h Remove duplicated helper functions. Remove an unnecessary call to psa_crypto_init().	2018-11-22 13:37:14 -05:00
Andrzej Kurek	510ee70501	pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap Adjust tests to pass a valid algorithm	2018-11-22 13:37:14 -05:00
Andrzej Kurek	2f69b1a059	pk_wrap: destroy key slot on errors with policy or key importing	2018-11-22 13:37:14 -05:00
Andrzej Kurek	c097b0fded	pk_wrap: add a check for equal signature parts	2018-11-22 13:37:14 -05:00
Andrzej Kurek	f8c94a811a	pk_wrap: check if curve conversion is successful	2018-11-22 13:37:14 -05:00
Andrzej Kurek	6d49ae9223	pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig Fix a double free error in ecdsa_verify_wrap	2018-11-22 13:37:14 -05:00
Andrzej Kurek	1e3b6865d7	pk_wrap: cosmetic changes Adjust whitespaces and variable names	2018-11-22 13:37:14 -05:00
Andrzej Kurek	39d1f4b29f	pk_wrap.c: add support for ecdsa signature verification using PSA Use PSA internally to verify signatures. Add a conversion to a raw signature format.	2018-11-22 13:37:14 -05:00
Andrzej Kurek	60ea0fc185	Remove trailing whitespace	2018-11-22 13:02:29 -05:00
Andrzej Kurek	593fccdf97	x509: remove unnecessary calls to psa_hash_abort According to the documentation, it does not need to be called after a failed psa_hash call.	2018-11-22 12:53:32 -05:00
Andrzej Kurek	78276b1c73	x509: use the PSA API to perform hashing operations So far limited only to certificate verification withour CRL and CSR generation.	2018-11-22 12:53:32 -05:00
Andrzej Kurek	3bd69dda1a	pkwrite: add an explicit cast to size_t	2018-11-22 12:43:53 -05:00
Andrzej Kurek	16d6000577	pkwrite: add a safety check before calculating the buffer size	2018-11-22 12:43:53 -05:00
Andrzej Kurek	2f31122585	Cosmetic changes Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.	2018-11-22 12:43:53 -05:00
Andrzej Kurek	6f249de706	pkwrite: add opaque key handling for public key exporting Return early from mbedtls_pk_write_pubkey_der - public opaque key exporting is expected to contain all of the needed data, therefore it shouldn't be written again.	2018-11-22 12:43:53 -05:00
Andrzej Kurek	b7f3ac6504	pkwrite: add an explicit cast to size_t	2018-11-22 12:05:08 -05:00
Andrzej Kurek	158c3d10d0	pkwrite: add a safety check before calculating the buffer size	2018-11-22 12:05:08 -05:00
Andrzej Kurek	4b11407258	Cosmetic changes Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.	2018-11-22 12:05:08 -05:00
Andrzej Kurek	5fec0860f9	pkwrite: add opaque key handling for public key exporting Return early from mbedtls_pk_write_pubkey_der - public opaque key exporting is expected to contain all of the needed data, therefore it shouldn't be written again.	2018-11-22 12:05:08 -05:00
Andrzej Kurek	8b38ff57ab	Remove trailing whitespace	2018-11-22 11:53:04 -05:00
Andrzej Kurek	a609337ca0	x509: remove unnecessary calls to psa_hash_abort According to the documentation, it does not need to be called after a failed psa_hash call.	2018-11-22 11:53:04 -05:00
Andrzej Kurek	d4a6553191	x509: use the PSA API to perform hashing operations So far limited only to certificate verification withour CRL and CSR generation.	2018-11-22 11:53:04 -05:00
Manuel Pégourié-Gonnard	2614562212	Add test utility function: wrap_as_opaque() The new function is not tested here, but will be in a subsequent PR.	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	29a1325b0d	Guard against PSA generating invalid signature The goal is not to double-check everything PSA does, but to ensure that it anything goes wrong, we fail cleanly rather than by overwriting a buffer.	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	f4427678ae	Use shared function for error translation	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	1e48ebd306	Fix a compliance issue in signature encoding The issue is not present in the normal path because asn1write_mpi() does it automatically, but we're not using that here...	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	615530728f	Improve documentation of an internal function	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	f127e6080e	Get rid of large stack buffers in PSA sign wrapper	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	276cb64e6c	Align names to use "opaque" only everywhere It's better for names in the API to describe the "what" (opaque keys) rather than the "how" (using PSA), at least since we don't intend to have multiple function doing the same "what" in different ways in the foreseeable future.	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	7d51255ca7	Implement pk_sign() for opaque ECDSA keys	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	07b103fe07	Implement can_do for opaque ECC keypairs Unfortunately the can_do wrapper does not receive the key context as an argument, so it cannot check psa_get_key_information(). Later we might want to change our internal structures to fix this, but for now we'll just restrict opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for now. It also simplifies testing a bit (no need to test each key type).	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	683632b78e	Add support for get_(bit)len on opaque keys	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	274f521b9a	Implement alloc/free wrappers for pk_opaque_psa	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	3bc2029a33	Clarify return value of pk_check_pair()	2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard	1ecf92c364	Skeleton for PK_OPAQUE_PSA	2018-11-22 16:39:39 +00:00

... 5 6 7 8 9 ...

4660 Commits