Commit Graph

9335 Commits

Author SHA1 Message Date
Jaeden Amero
65408c5f92 Merge remote-tracking branch 'origin/pr/2355' into development-psa 2019-02-04 16:41:12 +00:00
Jaeden Amero
d4a31d3581 Merge remote-tracking branch 'origin/pr/2350' into development-psa 2019-02-04 16:40:06 +00:00
Andrzej Kurek
1359a8f3c6 Update submodule version to point to fixed, forked repository 2019-02-04 07:32:12 -05:00
Hanno Becker
23cfea01e8 Improve documentation of mbedtls_mpi_write_string() 2019-02-04 09:45:07 +00:00
Peter Kolbus
995d5c1f8a Add ChangeLog entry 2019-02-03 09:01:55 -06:00
Peter Kolbus
1bc1a4c639 all.sh: Fix check_headers_in_cpp
When all.sh invokes check_headers_in_cpp, a backup config.h exists. This
causes a stray difference vs cpp_dummy_build.cpp. Fix by only collecting
the *.h files in include/mbedtls.

Change-Id: Ifd415027e856858579a6699538f06fc49c793570
2019-02-01 17:58:59 -06:00
Hanno Becker
f5e2861958 Adapt ChangeLog 2019-02-01 16:42:48 +00:00
Hanno Becker
c983c81a23 Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
This can only occur for negative numbers. Fixes #2404.
2019-02-01 16:41:30 +00:00
Hanno Becker
70fc6550cc Update Crypto submodule to merge of sibling PR 2019-02-01 13:08:41 +00:00
Andrzej Kurek
de5a007316 Merge development commit f352f7 into development-psa 2019-02-01 07:03:03 -05:00
Hanno Becker
65935d90c9 Add missing include to library/pkwrite.c 2019-02-01 11:55:03 +00:00
Hanno Becker
56104ea9bb Adapt test in test_suite_pk to work with new PSA public key format 2019-02-01 11:48:19 +00:00
Andrzej Kurek
39456532c6 Update submodule version to 3a181009
Point to the new, merged version of the submodule branch
2019-02-01 05:47:17 -05:00
Hanno Becker
493c171a1c Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.

Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.

Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.

The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.

By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.

The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.

That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:25:25 +00:00
Hanno Becker
812e12452a Add function to find OID for PSA ECC curve identifiers 2019-02-01 10:06:51 +00:00
Hanno Becker
4fb8db23b9 Update pointer in PSA-based mbedtls_pk_write_pubkey() 2019-02-01 09:57:20 +00:00
Andrzej Kurek
409fdae6bf test_suite_ctr_drbg: use ctr_drbg_update_ret instead of ctr_drbg_update
Align files with development to ensure the same state of repositories.
2019-02-01 02:53:16 -05:00
Andrzej Kurek
f093a3dc61 Use ecdh_setup instead of ecp_group_load
Align files with development to ensure the same state of repositories.
2019-02-01 02:50:36 -05:00
Peter Kolbus
60c6da2352 all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
There were no tests for a non-default MPI window size. Add one.

Change-Id: Ic08fbc9161d0b3ee67eb3c91f9baf602646c9dfe
2019-01-31 19:41:11 -06:00
Peter Kolbus
e6bcad3f79 Fix DEADCODE in mbedtls_mpi_exp_mod()
In mbedtls_mpi_exp_mod(), the limit check on wsize is never true when
MBEDTLS_MPI_WINDOW_SIZE is at least 6. Wrap in a preprocessor guard
to remove the dead code and resolve a Coverity finding from the
DEADCODE checker.

Change-Id: Ice7739031a9e8249283a04de11150565b613ae89
2019-01-31 19:37:51 -06:00
Andrzej Kurek
c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Jaeden Amero
f352f75f6b Merge remote-tracking branch 'origin/pr/2332' into development 2019-01-30 15:53:00 +00:00
Jaeden Amero
c4cc2511d0 Merge remote-tracking branch 'origin/pr/2325' into development 2019-01-30 15:35:44 +00:00
Jaeden Amero
91af329a55 Merge remote-tracking branch 'origin/pr/2214' into development 2019-01-30 15:08:25 +00:00
Jaeden Amero
14eca249f1 Merge remote-tracking branch 'origin/pr/2213' into development 2019-01-30 15:01:20 +00:00
Jaeden Amero
c89148bba7 Merge remote-tracking branch 'origin/pr/2207' into development 2019-01-30 14:57:44 +00:00
Jaeden Amero
b18239713e Merge remote-tracking branch 'origin/pr/2191' into development 2019-01-30 14:56:58 +00:00
Jaeden Amero
6f4a8ef1ee Merge remote-tracking branch 'origin/pr/2137' into development 2019-01-30 14:55:09 +00:00
Jaeden Amero
c42dd60f1f Merge remote-tracking branch 'origin/pr/1949' into development 2019-01-30 14:46:35 +00:00
Jaeden Amero
dac9f45e5a Merge remote-tracking branch 'origin/pr/1551' into development 2019-01-30 13:24:55 +00:00
Jaeden Amero
e6e2686cf8 Merge remote-tracking branch 'origin/pr/2055' into development
Resolve conflicts in ctr_drbg.c where zeroization had been added upon
exit.
2019-01-30 13:23:03 +00:00
Jaeden Amero
ad88be05b6 Add ChangeLog entry for #2371 2019-01-30 13:19:01 +00:00
Jaeden Amero
730ecdf3b1 Merge remote-tracking branch 'origin/pr/2371' into development 2019-01-30 13:15:40 +00:00
Andrzej Kurek
92dd4d0307 ssl-opt.sh: add a test for "calc PSA finished" log to the PSA tests 2019-01-30 04:10:19 -05:00
Andrzej Kurek
683d77e836 ssl_opt: check client and server output for PSA calc verify in PSA tests
Increase debug level to 2 in PSA tests and check for "PSA calc verify"
to ensure that the PSA code is being run.
2019-01-30 03:50:42 -05:00
Andrzej Kurek
2ad229725c ssl_tls: add psa_hash_abort when reseting checksum 2019-01-30 03:32:12 -05:00
Andrzej Kurek
972fba51ed ssl_tls: rename sha_512_psa to sha_384_psa 2019-01-30 03:29:12 -05:00
Andrzej Kurek
eb342241a5 ssl_tls: use PSA to compute running handshake hash for TLS 1.2 2019-01-29 09:14:33 -05:00
k-stachowiak
f4ab6b21bd Improve wording in the ChangeLog 2019-01-29 11:55:11 +01:00
Hanno Becker
62efb9c3ba Update crypto submodule to merge commit of sibling PR 2019-01-29 10:14:20 +00:00
k-stachowiak
21daa3c1ee Reduce the timing tests complexity 2019-01-29 10:19:49 +01:00
Hanno Becker
ccf574e030 Fix outdated comment in ecdsa_verify_wrap() 2019-01-29 08:26:15 +00:00
Andrzej Kurek
2d4faa6afa ssl_tls: remove redundant status check 2019-01-29 03:14:15 -05:00
Ron Eldor
17233f5a5c Increase okm_hex buffer to contain null character
Add an additional byte for the `okm_hex` buffer, to assure
it is null-terminated in case `okm` is 128 bytes long.
2019-01-28 15:18:15 +02:00
Andrzej Kurek
2f76075b78 ssl_tls: adjust to the new key policy initialization and key allocation 2019-01-28 08:08:15 -05:00
Ron Eldor
bc93219f66 Minor modifications to hkdf test
1. Fix comment grammar.
2. Rename `okm_string` to `okm_hex`.
2019-01-28 15:07:55 +02:00
Ron Eldor
1a3a7e5fc7 Add explanation for okm_string size
Add explanation for why the size of `okm_string` buffer
is twice as `okm` buffer.
2019-01-28 15:01:53 +02:00
Andrzej Kurek
ac5dc3423a Fix key allocation for tls_prf_generic 2019-01-28 07:49:56 -05:00
Andrzej Kurek
3317126819 ssl_tls: add missing return brackets 2019-01-28 07:49:56 -05:00
Andrzej Kurek
70737ca827 ssl_tls: add key destruction upon generator failure 2019-01-28 07:49:56 -05:00