Commit Graph

6925 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
1f1bc2df7c
Merge pull request #5117 from gilles-peskine-arm/psa-rsa-pss_any_salt-2.x
Backport 2.x: PSA: fix salt length for PSS verification
2021-10-29 16:36:46 +02:00
Manuel Pégourié-Gonnard
6295dcb600
Merge pull request #5051 from gilles-peskine-arm/psa-add-aria-2.x
Backport 2.x: Add ARIA to the PSA API
2021-10-29 09:38:13 +02:00
Gilles Peskine
f8362ca847 Readability improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:37 +02:00
Gilles Peskine
44fa40cd56 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:27 +02:00
Gilles Peskine
773f5b7f42 Fix copypasta in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
a138802230 Move declarations of testing-only base64 functions to their own header
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
2c78f98071 Expose internal base64 functions for testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
a2dc0cc9ea mask_of_range: simplify high comparison
To test c <= high, instead of testing the sign of (high + 1) - c, negate the
sign of high - c (as we're doing for c - low). This is a little easier to
read and shaves 2 instructions off the arm thumb build with
arm-none-eabi-gcc 7.3.1.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
831fd766f3 Base64 decode: simplify local variables (n)
n was used for two different purposes. Give it a different name the second
time. This does not seem to change the generated code when compiling with
optimization for size or performance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
d6e3f46daa Base64 encoding: use ranges instead of tables
Instead of doing constant-flow table lookup, which requires 64 memory loads
for each lookup into a 64-entry table, do a range-based calculation, which
requires more CPU instructions per range but there are only 5 ranges.

I expect a significant performance gain (although smaller than for decoding
since the encoding table is half the size), but I haven't measured. Code
size is slightly smaller.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:22:43 +02:00
Gilles Peskine
a97e911e5d Base64 decode: simplify local variables
Document what each local variable does when it isn't obvious from the name.
Don't reuse a variable for different purposes.

This commit has very little impact on the generated code (same code size on
a sample Thumb build), although it does fix a theoretical bug that 2^32
spaces inside a line would be ignored instead of treated as an error.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:22:43 +02:00
Gilles Peskine
c48ab11400 Base64 decoding: use ranges instead of tables
Instead of doing constant-flow table lookup, which requires 128 memory loads
for each lookup into a 128-entry table, do a range-based calculation, which
requires more CPU instructions per range but there are only 5 ranges.

Experimentally, this is ~12x faster on my PC (based on
programs/x509/load_roots). The code is slightly smaller, too.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:17:08 +02:00
Gilles Peskine
6b541a026b Base64 decoding: don't use the table for '='
Base64 decoding uses equality comparison tests for characters that don't
leak information about the content of the data other than its length, such
as whitespace. Do this with '=' as well, since it only reveals information
about the length. This way the table lookup can focus on character validity
and decoding value.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:17:08 +02:00
Gilles Peskine
e4739ab5ef
Merge pull request #5038 from mprse/issue_4551_2x
Backport 2.x: Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key #5037
2021-10-18 10:39:26 +02:00
Gilles Peskine
95f2324c5e
Merge pull request #4845 from mstarzyk-mobica/ecb-alt-ret-2.2x
Backport 2.2x: Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:04 +02:00
Gilles Peskine
8890f64338 Add ARIA to the PSA API
Use the encoding from an upcoming version of the specification.

Add as much (or as little) testing as is currently present for Camellia.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 18:28:15 +02:00
Przemyslaw Stekiel
5b20a7e8b3 psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 12:40:55 +02:00
Gilles Peskine
a4e060b87b
Merge pull request #5000 from mprse/mbedtls_cipher_setup_psa_ECB_2x
Backport 2.x: Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:25 +02:00
Gilles Peskine
8ad54fa0b4 Update files generated from config.h
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 19:24:36 +02:00
Przemyslaw Stekiel
6c0ec0eb52 Adapt return status to 2.x
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 15:51:05 +02:00
Przemyslaw Stekiel
f0fa86eee5 Add PSA support for MBEDTLS_CIPHER_AES_128_ECB
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 12:29:22 +02:00
Mateusz Starzyk
15a7420d3c Silence warnings about unused return value
This macro is introduced here for use in deprecated functions. It may also
be useful in user code, so it is in a public header.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 20:57:33 +02:00
Gilles Peskine
377a310da4 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 20:40:31 +02:00
Mateusz Starzyk
dd55b25bd5 Require MESSAGE flag in PSA MAC setup.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-27 14:48:38 +02:00
Archana
6d342f3e1d
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-11 22:31:06 +05:30
Gilles Peskine
394b9f2d2c
Merge pull request #4898 from mstarzyk-mobica/disable_defaults_sha1
Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES in 2.28
2021-09-14 11:10:30 +02:00
Gilles Peskine
0390016096 Fix the size in bytes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:54:46 +02:00
Gilles Peskine
a63ba6cd93 psa_cipher_update_ecb: remove parameter output_size
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.

Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:54:46 +02:00
Gilles Peskine
7b1c916fe8 Document the internal function psa_cipher_update_ecb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:54:45 +02:00
Mateusz Starzyk
b3d344c225 Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES option.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:18:53 +02:00
Kenneth Soerensen
c4e950ea53 Backport 2.x: Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined
Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167  Warning[Pe550]: variable "ret" was set but never used

Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2021-09-01 11:18:30 +02:00
Joe Subbiani
11b7131c2e Fix macro use in ssl_msg.c
After implementing MBEDTLS_PUT_UINT16_BE, I did not remove the
assignment to a variable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 12:49:14 +01:00
Joe Subbiani
b1f6eef88b Remove commented out code
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 11:45:36 +01:00
Joe Subbiani
a651e6f762 Tidy up grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 11:35:25 +01:00
Joe Subbiani
24647c5cd2 Minor coding style improvement
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 15:56:22 +01:00
Joe Subbiani
efb8fae492 Compress byte reading macros in if statements
exchange MBEDTLS_BYTE_x in if statements with MBEDTLS_GET_UINT16_BE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 12:57:09 +01:00
Joe Subbiani
2f98d791c3 Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 11:44:44 +01:00
Joe Subbiani
23fec2538e Replace remaining byte shift with macro
Replace another instance of >> 8 with MBEDTLS_BYTE_1

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-18 16:23:47 +01:00
Joe Subbiani
d6ea063371 Move #include "common.h" where config.h used to be
After removing config.h, the inclusion of it in common.h would be too late
in the code. Therefore common.h has been moved to where config.h used to
be included.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-18 12:57:54 +01:00
Joe Subbiani
4446e82146 Remove redundant config.h includes definitions
common.h already includes config.h, so a a file uses common.h
it no longer requires the definition/inclusion of config.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-18 12:50:12 +01:00
Joe Subbiani
a724ef9d11 Add more instances of Byte Reading Macros
added more uses of byte reading macros where appropriate.
changed the positioning of some brackets for consitancy in
coding style

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-18 12:06:57 +01:00
Joe Subbiani
b763ba4198 Remove macro that does not belong in 2.x
MBEDTLS_ALLOW_PRIVATE_ACCESS existed in development and was copied
over whilst cherry-picking commits.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-18 11:59:16 +01:00
Joe Subbiani
ca8a7cf82d Implement byte reading macros to remaining files
The previous commits cherry picked from the changes made with relation
to the development branch. This commit makes the appropriate chnages to
the files not present in the development branch.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 16:42:42 +01:00
Joe Subbiani
f15da890fb Replace remaining MBEDTLS_CHAR with MBEDTLS_BYTE
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 16:10:38 +01:00
Joe Subbiani
8799e54a21 Remove trailing whitespace
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 14:09:27 +01:00
Joe Subbiani
d3a3f21ad5 Improve documentation and add more uses of MBEDTLS_PUT
minor changes, such as improving the documentation for the byte reading
macros, and using MBEDTLS_PUT_UINT16_xy in place of byte reading
macro combinations

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 14:09:21 +01:00
Joe Subbiani
896f4eeaf7 Improve consitency throughout library/common.h
Replace the contents of MBEDTLS_PUT_UINTx_yz contained inconsitent
but similar/duplicate code to the MBEDTLS_BYTE_x macros. Therefore
the contents of the macros now utilise the byte reading macros.

MBEDTLS_PUT_UINT64_LE's written order was also not consitent with
the other PUT macros, so that was modified.

Documentation comment said LSB instead of MSB and that has also been
resolved.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 14:09:12 +01:00
Joe Subbiani
c54e908656 Replace instances of byte reading macros with PUT
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 14:09:05 +01:00
Joe Subbiani
197e9edae5 Remove trailing white space
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 14:08:58 +01:00
Joe Subbiani
281956d5c3 Remove use of byte reading macro for uint16
Accidently used MBEDTLS_BYTE_16 for a uint16 variable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-03 14:08:50 +01:00