Gilles Peskine
e3f694f49a
Remove non-standard hash algorithms
2018-09-05 11:53:25 +03:00
Gilles Peskine
06dc26350e
Fix macro definitions for ECC keys
...
Public keys and key pairs have different types.
2018-09-05 11:53:25 +03:00
Gilles Peskine
40f68b9863
Use unhexify_alloc where applicable
2018-09-05 11:53:25 +03:00
Gilles Peskine
dc2fc8443f
Rename xxx_of_psa functions to xxx_from_psa
...
Be consistent with how similar functions are named in Mbed TLS.
2018-09-05 11:53:25 +03:00
Gilles Peskine
3c6e970752
Fix memory leak in psa_destroy_key
2018-09-05 11:53:25 +03:00
Gilles Peskine
6d9121381a
Add some comments to document some non-obvious coding choices
2018-09-05 11:53:25 +03:00
Gilles Peskine
03182e99b6
Fix parameter name in PSA_BLOCK_CIPHER_BLOCK_SIZE
2018-09-05 11:53:25 +03:00
Gilles Peskine
f5b9fa13e0
Documentation clarifications
...
Clarify or add the documentation of some functions and constants.
Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-09-05 11:53:25 +03:00
Gilles Peskine
2905a7adcc
Fix namespace violation
2018-09-05 11:53:25 +03:00
Gilles Peskine
e4ebc12fcd
psa_crypto_init: set the global initialized flag
2018-09-05 11:53:25 +03:00
Gilles Peskine
609b6a5b67
Get the lifetime of a key slot
2018-09-05 11:53:25 +03:00
Gilles Peskine
7698bcf338
Basic interface for key policies
...
Get/set the policy of a key slot.
Opaque structure for key policies and field access functions.
2018-09-05 11:53:25 +03:00
Gilles Peskine
92b3073e36
Minor documentation fixes
2018-09-05 11:53:25 +03:00
Gilles Peskine
3b555710e2
Prototypes for AEAD functions
...
This is still tentative.
2018-09-05 11:53:25 +03:00
Gilles Peskine
428dc5aef1
Prototypes for symmetric cipher functions
2018-09-05 11:53:25 +03:00
Gilles Peskine
7e4acc5ef8
Document some MAC functions: psa_mac_start
...
Adapt the documentation of hash functions.
State that the key object does not need to remain valid throughout the
operation.
2018-09-05 11:53:25 +03:00
Gilles Peskine
8c9def3e7f
PSA: Implement MAC functions
...
Implement psa_mac_start, psa_mac_update and psa_mac_final.
Implement HMAC anc CMAC.
Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine
308b91d7db
Wrote documentation for several functions, macros and types
...
Document key import/export functions, hash functions, and asymmetric
sign/verify, as well as some related macros and types.
Nicer formatting for return values: use \retval.
2018-09-05 11:53:25 +03:00
Gilles Peskine
9ef733faa0
Implement hash functions
...
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.
Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine
a590529938
Greatly expanded mbedtls_to_psa_error
...
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine
98f0a24255
Improve key type and algorithm encodings
...
Refine the encoding of key types and algorithms so that ranges of bits
make more sense.
Define a few symmetric cipher algorithms.
2018-09-05 11:53:24 +03:00
Gilles Peskine
93aa0334d9
PSA asymmetric signature: set *signature_length = 0 on failure
2018-09-05 11:53:24 +03:00
Gilles Peskine
0189e7512d
PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
...
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine
20035e3579
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
...
Define hash algorithms and RSA signature algorithms.
New function psa_asymmetric_sign.
Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine
c66ea6a921
PSA key import: support RSA public keys
...
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
969ac726d9
PSA RSA key import: don't rely on pk so much
...
Don't use the pk module except as required for pkparse/pkwrite. The
PSA crypto layer is meant to work alongside pk, not on top of it.
Fix the compile-time dependencies on RSA/ECP handling in
psa_export_key, psa_destroy_key and psa_get_key_information.
2018-09-05 11:53:24 +03:00
Gilles Peskine
2f9c4dc5ad
Add key management functions
...
Define psa_key_type_t and a first stab at a few values.
New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.
Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
1d26709dbd
New function mbedtls_rsa_get_bitlen
...
Add a new function mbedtls_rsa_get_bitlen which returns the RSA key
size, i.e. the bit size of the modulus. In the pk module, call
mbedtls_rsa_get_bitlen instead of mbedtls_rsa_get_len, which gave the
wrong result for key sizes that are not a multiple of 8.
This commit adds one non-regression test in the pk suite. More tests
are needed for RSA key sizes that are a multiple of 8.
This commit does not address RSA alternative implementations, which
only provide an interface that return the modulus size in bytes.
2018-09-05 11:53:24 +03:00
Gilles Peskine
4a6aaa4c51
Remove Github templates
...
These templates are not applicable to PSA development.
2018-09-05 11:51:24 +03:00
Gilles Peskine
66920ceb19
Set the default configuration to PSA
...
This will simplify development in the PSA branch.
2018-09-05 11:49:51 +03:00
Gilles Peskine
d8374ba92b
New configuration file for PSA crypto
...
New configuration file with all cryptographic modules and
MBEDTLS_PSA_CRYPTO_C, but no X.509 or TLS.
2018-09-05 10:59:02 +03:00
Gilles Peskine
62a7e7e65f
Add a Doxygen-only section
...
This is intended to document platform-specific definitions in PSA.
2018-09-05 10:59:02 +03:00
Gilles Peskine
e59236fc17
Add PSA crypto module
...
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.
Implement psa_crypto_init function which sets up a RNG.
Add a mbedtls_psa_crypto_free function which deinitializes the
library.
Define a first batch of error codes.
2018-09-05 10:59:00 +03:00
Simon Butcher
c0a63bd0c1
Remove duplication of some entries in the ChangeLog
...
Fixes for #1941 and #1954 were listed twice.
2018-09-04 09:54:28 +01:00
Simon Butcher
b70158b9b4
Merge pull request #505 from sbutcher-arm/mbedtls-version-2.13.0
...
Update library version number to 2.13.0
2018-08-31 17:29:05 +01:00
Simon Butcher
4d075cd7d0
Update library version number to 2.13.0
2018-08-31 15:59:10 +01:00
Simon Butcher
b5afb97244
Revised and clarified ChangeLog
...
Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
2018-08-31 11:59:56 +01:00
Simon Butcher
0bbb4fc132
Merge branch 'development' into development
2018-08-30 01:11:35 +01:00
Simon Butcher
552754a6ee
Merge remote-tracking branch 'public/pr/1988' into development
2018-08-30 00:57:28 +01:00
Simon Butcher
68dbc94720
Merge remote-tracking branch 'public/pr/1951' into development
2018-08-30 00:56:56 +01:00
Simon Butcher
e50128a692
Merge remote-tracking branch 'public/pr/1994' into development
2018-08-30 00:56:18 +01:00
Simon Butcher
07de4c0035
Merge remote-tracking branch 'public/pr/1920' into development
2018-08-30 00:56:08 +01:00
Simon Butcher
822a9cca8c
Merge remote-tracking branch 'public/pr/1994' into development-restricted
2018-08-29 18:03:03 +01:00
Hanno Becker
108992e776
Add MTU auto-reduction test with valgrind
2018-08-29 17:19:09 +01:00
Hanno Becker
37029ebc63
Skip MTU auto-reduction test when running valgrind
2018-08-29 17:19:06 +01:00
Hanno Becker
f34a4c176c
UDP proxy: Correct debug output for delay_srv option
2018-08-28 17:52:53 +01:00
Hanno Becker
a591c48302
Correct typo in debug message
2018-08-28 17:52:53 +01:00
Hanno Becker
83ab41c665
Correct typo in comment
2018-08-28 17:52:53 +01:00
Hanno Becker
cd9dcda0a0
Add const qualifier to handshake header reading functions
2018-08-28 17:52:53 +01:00
Hanno Becker
39b8bc9aef
Change wording of debug message
2018-08-28 17:52:49 +01:00