mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 12:32:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
21,147 Commits 170 Branches 263 Tags
Commit Graph

1104 Commits

Author SHA1 Message Date
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 
Add output size parameter to signature functions
 2021-06-29 09:43:17 +02:00
Dave Rodgman
63ad854de8
Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error 
Psa cipher and mac abort on error
 2021-06-25 15:39:59 +01:00
Dave Rodgman
90d1cb83a0 Use more standard label name 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-25 09:09:02 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h 
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
 2021-06-25 09:01:08 +02:00
Gilles Peskine
f9f1bdfa7b Translate MBEDTLS_ERR_PK_BUFFER_TOO_SMALL for PSA 
The error is currently never returned to any function that PSA calls,
but keep mbedtls_to_psa_error up to date in case this changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-25 00:46:22 +02:00
Paul Elliott
ed68d7464d Move buffer size checks up to psa_crypto layer 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
c2b7144da0 Simplify logic and factor out initial checks 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
7f429b747b Remove code duplication and fix formatting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Dave Rodgman
8036bddb01 Tidy up logic in psa_mac_sign_finish 
Simplify the logic in psa_mac_sign_finish.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 16:19:08 +01:00
Dave Rodgman
b5dd7c794d Correct coding style issues 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 16:17:43 +01:00
Dave Rodgman
54648243cd Call abort on error in psa_mac/cipher setup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 11:49:45 +01:00
Dave Rodgman
685b6a742b Update multipart hash operations to abort on error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 11:49:14 +01:00
Dave Rodgman
38e62aebc3 Update cipher and mac functions to abort on error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-23 18:59:17 +01:00
Paul Elliott
95271f10c3 Call set_nonce direct rather than by wrapper 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 18:30:20 +01:00
Gilles Peskine
f9a046ecb5 Remove duplicate wipe call in psa_destroy_key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:53:56 +02:00
Gilles Peskine
6687cd07f3 Refuse to destroy read-only keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:44:35 +02:00
Paul Elliott
ad53dcc975 Move common final checks to function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 08:51:29 +01:00
Paul Elliott
534d0b4484 Finish / Verify state checks 
Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
f88a565f18 Better tag size default for m-aead finish 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
d89304ebb7 Fix formatting issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
e4030f2cd1 Replace function with macro that already exists 
I wrote a function to determine the base algorithm given a variant,
however this is already implemented by
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
7220cae93c Ensure generate nonce unavailable in decrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:47 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 16:31:09 +01:00
Gilles Peskine
36ff66c4b4
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC 
Implement one-shot MAC
 2021-06-22 12:18:25 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA 
Remove MD2, MD4, RC4, Blowfish and XTEA
 2021-06-22 09:27:41 +02:00
Ronald Cron
a587cbc3a4 psa: mac: Add driver delegation support for psa_mac_verify() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-21 09:19:22 +02:00
Ronald Cron
cd989b5598 psa: mac: Introduce psa_mac_compute_internal 
Introduce psa_mac_compute_internal with an
additional `is_sign` parameter compared to
the psa_mac_compute API. The intent is to
call psa_mac_compute_internal() from
psa_mac_verify() as well to compute the
message MAC.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-21 09:19:22 +02:00
Ronald Cron
c3dd75f71b psa: mac: Improve MAC finalization code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-21 09:19:22 +02:00
Ronald Cron
51131b53fe psa: mac: Add driver delegation support for psa_mac_compute() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-21 09:19:09 +02:00
Ronald Cron
79bdd82eaa psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-18 22:18:06 +02:00
Ronald Cron
2dff3b2a18 psa: mac: Split psa_mac_setup() 
Split out of psa_mac_setup() the final checks on
the requested algorithm and the key attributes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-18 22:09:28 +02:00
Ronald Cron
28ea050cf4 psa: mac: Re-organize psa_mac_setup() internal function 
Re-organize psa_mac_setup() to prepare the move
to a dedicated function of the additional checks
on the algorithm and the key attributes done by
this function. We want to move those checks in
a dedicated function to be able to do them
without duplicating them in psa_mac_compute().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-18 21:02:32 +02:00
Gilles Peskine
e96c5854d0 Move the inclusion of crypto_spe.h to psa/crypto_platform.h 
This makes it easier to ensure that crypto_spe.h is included everywhere it
needs to be, and that it's included early enough to do its job (it must be
included before any mention of psa_xxx() functions with external linkage,
because it defines macros to rename these functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-17 11:43:58 +02:00
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527 
PSA key derivation bad-workflow tests
 2021-06-17 09:55:39 +02:00
gabor-mezei-arm
4076d3e9f3 Implement one-shot MAC functions 
Implement one-shot MAC APIs, psa_mac_compute and psa_mac_verify, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-16 16:28:07 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-16 10:34:25 +02:00
Gilles Peskine
b1edaec18f Fix missing state check for tls12_prf output 
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-11 22:41:46 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature 
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:10 +02:00
TRodziewicz
58d6eb5024 Removing unneeded comment 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-02 14:43:11 +02:00
Paul Elliott
40ef3a9454 Fix state logic and return codes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-01 17:17:58 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead 
Conflicts:
* None
 2021-06-01 17:13:19 +01:00
TRodziewicz
062f353804 Changes after code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:34:14 +02:00
TRodziewicz
cc7074128a Remove MBEDTLS_CHECK_PARAMS option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:33:32 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix 
psa: Support RSA signature without MBEDTLS_GENPRIME
 2021-05-27 14:19:24 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 
Remove rsa mode params part 2
 2021-05-25 20:36:33 +02:00
Paul Elliott
f47b0957ab Set tag to 'impossible' value on failure to encrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6eb959854b Improve state logic 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6981fbcf10 Remove unneccessary guard for key unlock 
Also make sure failure is not hidden by key unlock failure

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
e715f88d9d Fix key slot being used uninitialised on error 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 21:55:39 +01:00
Paul Elliott
1a98acac1c Properly handle GCM's range of nonce sizes 
Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00