Andrzej Kurek
16d6000577
pkwrite: add a safety check before calculating the buffer size
2018-11-22 12:43:53 -05:00
Andrzej Kurek
2f31122585
Cosmetic changes
...
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:43:53 -05:00
Andrzej Kurek
c3de438b8e
Add CSR write testing using opaque keys
...
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:43:53 -05:00
Andrzej Kurek
6f249de706
pkwrite: add opaque key handling for public key exporting
...
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
2018-11-22 12:43:53 -05:00
Manuel Pégourié-Gonnard
e31411a814
Fix test that wasn't actually effective
...
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
72d94be0de
Improve description of a test
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
2614562212
Add test utility function: wrap_as_opaque()
...
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
29a1325b0d
Guard against PSA generating invalid signature
...
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f4427678ae
Use shared function for error translation
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1e48ebd306
Fix a compliance issue in signature encoding
...
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
615530728f
Improve documentation of an internal function
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f127e6080e
Get rid of large stack buffers in PSA sign wrapper
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
fe8607350c
Add new macro to detemine ECDSA signature length
...
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71
This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
35a7ff9366
Improve documentation of mbedtls_pk_setup_opaque()
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
276cb64e6c
Align names to use "opaque" only everywhere
...
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
7d51255ca7
Implement pk_sign() for opaque ECDSA keys
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
99af2f0dd1
Add tests for unsupported operations/functions
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
07b103fe07
Implement can_do for opaque ECC keypairs
...
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
683632b78e
Add support for get_(bit)len on opaque keys
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
06c631859c
Add key generation to opaque test function
...
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
274f521b9a
Implement alloc/free wrappers for pk_opaque_psa
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
3bc2029a33
Clarify return value of pk_check_pair()
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1ecf92c364
Skeleton for PK_OPAQUE_PSA
2018-11-22 16:39:39 +00:00
Hanno Becker
12bd57b8c8
Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh
2018-11-22 16:27:57 +00:00
Hanno Becker
fc359fd837
Remove double white space
2018-11-22 16:27:57 +00:00
Hanno Becker
47a6291445
Use MBEDTLS_PSA_UTIL_H instead of MBEDTLS_PSA_COMPAT_H in psa_util.h
...
This is still an artifact from when psa_util.h was called psa_compat.h.
2018-11-22 16:27:57 +00:00
Hanno Becker
56a78dd4ad
State explicitly that any API depending on PSA is unstable
2018-11-22 16:27:57 +00:00
Hanno Becker
77030426a0
Update VisualC files
2018-11-22 16:27:57 +00:00
Hanno Becker
4d9e1e0ac4
Improve documentation of mbedtls_psa_err_translate_pk()
2018-11-22 16:27:57 +00:00
Hanno Becker
dec64735e2
Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode()
...
In case of AEAD ciphers, the cipher mode (and not even the entire content
of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t
because it doesn't specify the AEAD tag length, which however is included
in psa_algorithm_t identifiers.
This commit adds a tag length value to mbedtls_psa_translate_cipher_mode()
to account for that ambiguity.
2018-11-22 16:27:57 +00:00
Hanno Becker
14f78b03bb
Add function to translate PSA errors to PK module errors
2018-11-22 16:27:57 +00:00
Hanno Becker
639a4320ca
Fix Doxygen annotation in psa_util.h
2018-11-22 16:27:57 +00:00
Hanno Becker
06b6f34e9f
Initialize PSA Crypto implementation in ssl_server2
2018-11-22 16:27:57 +00:00
Hanno Becker
50955d1c18
Initialize PSA Crypto implementation in ssl_client2.c
2018-11-22 16:27:56 +00:00
Hanno Becker
eba9993171
Initialize PSA Crypto implementation at the start of each test suite
2018-11-22 16:27:56 +00:00
Hanno Becker
5f48818712
Make PSA utility functions static inline
...
Compilers warn about unused static functions.
2018-11-22 16:27:56 +00:00
Hanno Becker
28b9d35904
Add PSA-to-Mbed TLS translations for cipher module
2018-11-22 16:27:56 +00:00
Hanno Becker
560aeaf26b
Add internal header for PSA utility functions
...
This commit adds the header file mbedtls/psa_util.h which contains
static utility functions `mbedtls_psa_xxx()` used in the integration
of PSA Crypto into Mbed TLS.
Warning: These functions are internal only and may change at any time.
2018-11-22 16:27:56 +00:00
Manuel Pégourié-Gonnard
dde4442581
Add build using PSA to all.sh
2018-11-22 16:27:52 +00:00
Manuel Pégourié-Gonnard
26fd730876
Add config option for X.509/TLS to use PSA
2018-11-22 16:25:36 +00:00
Gilles Peskine
a678f233a7
Merge pull request #197 from netanelgonen/entropy-inject
...
Add entropy inject API (#197 )
2018-11-21 19:21:05 +01:00
avolinski
0d2c266c06
change MBEDTLS_RANDOM_SEED_ITS define to be PSA_CRYPTO_ITS_RANDOM_SEED_UID
2018-11-21 17:31:07 +02:00
avolinski
1c66205df6
Remove trailing space in psa_crypto.c
2018-11-21 16:54:09 +02:00
Gilles Peskine
83146e10bb
Merge pull request #211 from ARMmbed/bug_fix_210
...
Fix memory allocation check in psa_save_generated_persistent_key (#211 )
2018-11-21 15:51:07 +01:00
avolinski
13beb100c2
Adjust psa entropy inject tests to take as minimum seed size
...
the maximum of MBEDTLS_ENTROPY_MIN_PLATFORM and MBEDTLS_ENTROPY_BLOCK_SIZE
2018-11-21 16:24:53 +02:00
avolinski
7cc8229d80
Replace MBED_RANDOM_SEED_ITS_UID with MBEDTLS_RANDOM_SEED_ITS_UID
...
Update mbedtls_psa_inject_entropy function documentation
2018-11-21 16:24:53 +02:00
avolinski
4d27c94aee
Adding testcase for PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_MIN_PLATFORM
2018-11-21 16:24:53 +02:00
Netanel Gonen
21f37cbbec
Add Tests for psa crypto entropy incjection
...
Adjust code to handle and work with MBEDTLS_ENTROPY_BLOCK_SIZE definition option
2018-11-21 16:24:52 +02:00
Gilles Peskine
ee2ffd311b
Document the maximum seed size as well as the minimum
2018-11-21 16:23:42 +02:00
Gilles Peskine
0338ded2f4
Improve documentation of mbedtls_psa_inject_entropy
...
Explain what the function does, why one would use it, how to use it,
how to handle its input, and what the status codes mean.
2018-11-21 16:23:42 +02:00