Commit Graph

9236 Commits

Author SHA1 Message Date
Jaeden Amero
886ffc278f
Merge pull request #228 from ARMmbed/github-template-for-issue-tracking
Add github issue template
2018-11-30 11:35:56 +00:00
Jaeden Amero
368aa771a8
Merge pull request #225 from ARMmbed/dev/Patater/add-psa-crypto-docs
Add generated documentation for mbedcrypto-0.1.0b
2018-11-30 11:13:23 +00:00
Simon Butcher
51b8a2fa87 Merge remote-tracking branch 'restricted/pr/512' into development 2018-11-29 16:56:02 +00:00
Simon Butcher
b9eb7866eb Merge remote-tracking branch 'restricted/pr/535' into development 2018-11-29 16:54:51 +00:00
Simon Butcher
658618b6b2 Merge remote-tracking branch 'restricted/pr/516' into development 2018-11-29 16:53:51 +00:00
itayzafrir
ce6ec7d5e7 Add github issue template
Required for internal issue tracking.
2018-11-29 15:53:00 +02:00
Gilles Peskine
50da016e5c Add changelog entry for mbedtls_mpi_write_binary fix 2018-11-29 12:46:05 +01:00
Gilles Peskine
056f19c79f Tweak RSA vulnerability changelog entry
* Correct the list of authors.
* Add the CVE number.
* Improve the impact description.
2018-11-29 12:45:01 +01:00
Gilles Peskine
59fd5aee42
Merge pull request #227 from ARMmbed/psa-aead-guards-fix
Add missing compilation guards for GCM and CCM
2018-11-28 18:28:11 +01:00
Gilles Peskine
b0b189f31f Add missing compilation guards for GCM and CCM
Add missing compilation guards that broke the build if either GCM or
CCM was not defined.

Add missing guards on test cases that require GCM or CBC.

The build and tests now pass for any subset of {MBEDTLS_CCM_C,
MBEDTLS_GCM_C}. There are still unused variables warnings if neither
is defined.
2018-11-28 17:30:58 +01:00
Gilles Peskine
c4a8017e3e mbedtls_ctr_drbg_update_ret: correct doc for input length limit
Unlike mbedtls_ctr_drbg_update, this function returns an error if the
length limit is exceeded, rather than silently truncating the input.
2018-11-26 19:26:22 +01:00
Gilles Peskine
5da0505842 Add ChangeLog entry for deprecation of mbedtls_xxx_drbg_update
Fixes ARMmbed/mbedtls#1798
2018-11-26 19:26:22 +01:00
Gilles Peskine
8220466297 Streamline mbedtls_xxx_drbg_update_seed_file
Refactor mbedtls_ctr_drbg_update_seed_file and
mbedtls_hmac_drbg_update_seed_file to make the error logic clearer.

The new code does not use fseek, so it works with non-seekable files.
2018-11-26 19:26:22 +01:00
Gilles Peskine
b7f71c8bc1 HMAC_DRBG: report all errors from HMAC functions
Make sure that any error from mbedtls_md_hmac_xxx is propagated.
2018-11-26 19:26:22 +01:00
Gilles Peskine
e0e9c573ad HMAC_DRBG: deprecate mbedtls_hmac_drbg_update because it ignores errors
Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a
new function mbedtls_hmac_drbg_update_ret which reports error.
2018-11-26 19:26:21 +01:00
Gilles Peskine
d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
2018-11-26 19:26:00 +01:00
Jaeden Amero
8fe3372de1 Add generated documentation for mbedcrypto-0.1.0b 2018-11-26 17:21:23 +00:00
Gilles Peskine
1b09f4027e Add ChangeLog entry for wiping sensitive buffers 2018-11-26 16:19:22 +01:00
Gilles Peskine
afa803775a HMAC_DRBG: clean stack buffers
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
2018-11-26 15:47:14 +01:00
Gilles Peskine
d9aa84dc0d CTR_DRBG: clean stack buffers
Wipe stack buffers that may contain sensitive data (data that
contributes to the DRBG state.
2018-11-26 15:47:14 +01:00
Gilles Peskine
9e1be6a246 Create the NV seed file for the tests if needed
Write an all-bits-zero NV seed file for the tests. Without this, if
the seed file is not present when this test suite is executed, the
PSA module initialization will fail, causing most test cases to fail.

Also write an all-bits-zero NV seed file at the end. The test cases in
this test suite mess with the file, but subsequent test suites may
need it.
2018-11-23 22:58:40 +01:00
Gilles Peskine
0fce4c5830 Add init tests with entropy from NV seed 2018-11-23 22:58:40 +01:00
Gilles Peskine
0b3b5733fc Support NV seed enabled at compile time but not at runtime
When testing with custom entropy sources, if MBEDTLS_ENTROPY_NV_SEED
is enabled at compile time but the NV seed source is not used at
runtime, mbedtls_entropy_func makes a second pass anyway. Cope with
this in the test code by telling the entropy module not to make this
second pass.
2018-11-23 22:58:40 +01:00
Gilles Peskine
ebe770c693 Add tests with a fake entropy source
Add tests with a fake entropy source to check that the required amount
of entropy is one block, fed in one or more steps.
2018-11-23 22:58:40 +01:00
Gilles Peskine
5e76952235 Add a facility to configure entropy sources
Add a function to configure entropy sources. For testing only.

Use it to test that the library initialization fails properly if there is no
entropy source.
2018-11-23 22:58:38 +01:00
Jaeden Amero
0e9ff8546b
Merge pull request #224 from ARMmbed/feature-psa-tls-integration-proposed
Update with "Mbed TLS using PSA" mini-release
2018-11-23 21:30:23 +00:00
Gilles Peskine
c117d5928c check-files: detect merge artifacts
Detect Git merge artifacts. These are lines starting with "<<<<<<",
"|||||||" or ">>>>>>>" followed by a space, or containing just
"=======". For "=======", exempt Markdown files, because this can be
used to underline a title, as a compromise between false negatives and
false positives.
2018-11-23 21:11:52 +01:00
Gilles Peskine
043980585c Factor record_issue into its own method 2018-11-23 21:11:30 +01:00
Hanno Becker
9edcc3e8fb Merge branch 'iotssl-2597-psa-hashing-x509_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 16:00:34 +00:00
Hanno Becker
8295695aca Merge branch 'iotssl-2578-psa-sig-verification_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 16:00:32 +00:00
Hanno Becker
02f20216bd Merge branch 'psa_cipher_integration_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:59:26 +00:00
Hanno Becker
6b01a9fa7c Merge branch 'psa_cipher_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:27 +00:00
Hanno Becker
e322d3edd5 Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:24 +00:00
Hanno Becker
a96cc8a9fd Merge branch 'iotssl-2596-opaque-csr-creation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:22 +00:00
Hanno Becker
826987f26c Merge branch 'iotssl-2574-pk-opaque-tls_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:21 +00:00
Hanno Becker
7fde035ddc Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:20 +00:00
Jaeden Amero
dc5f950e25
Merge pull request #223 from ARMmbed/dev/Patater/fix-unused-mac_setup
psa: Unused key_bits is OK
2018-11-23 15:35:43 +00:00
Jaeden Amero
82df32e3fd psa: Unused key_bits is OK
When MD or CMAC are disabled, let the compiler know that it is OK that
`key_bits` is set but not used by casting `key_bits` to `(void)`.
2018-11-23 15:20:56 +00:00
Jaeden Amero
80a23a5bc4 check-files: Don't check same-named files
The check-files script contains the strings "TODO" and "todo" in order to
search for files that contain TODO items. So, any check-files script would
need to be excluded from the list of files that gets checked for "TODO".
Normally, the script excludes itself from checks, but with the addition of
the crypto submodule, there is another copy of the script present from the
project root. We must avoid checking check-files scripts for TODO items.
This also helps if you run check-files from another working tree in your
working tree.
2018-11-23 13:14:38 +00:00
Jaeden Amero
565e0bf49d
Merge pull request #212 from ARMmbed/psa-integration-utilities_CRYPTO
Mbed TLS integration: Shared code between module-specific integration work
2018-11-23 09:00:22 +00:00
Andrzej Kurek
266d907c87 pk_wrap.c: fix length mismatch check placement 2018-11-22 13:37:14 -05:00
Andrzej Kurek
96cc1b3def pk_wrap.c: tidy up signature extraction
Add a sanity check for signature length, remove superfluous bounds check.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
e30ad542a1 Cosmetic changes
Move memset to a more relevant spot, fix one whitespace error
2018-11-22 13:37:14 -05:00
Andrzej Kurek
73bf6b9e00 pk_wrap: rework and tidy up signature extraction
Improve comments, use a normal buffer instead of mbedtls_asn1_buf,
remove unneeded variables and use shared utilities where possible.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
688ea8d10d pk_wrap: reuse a static buffer for signature extraction
Use a buffer left over after importing a key to hold an extracted signature.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
3016de3eeb pk_wrap: rework signature extraction to work with small r and s values
There is a probability that r will be encoded as 31 or less bytes in DER,
so additional padding is added in such case.
Added a signature-part extraction function to tidy up the code further.
2018-11-22 13:37:14 -05:00
Manuel Pégourié-Gonnard
7b7808cc76 Add tests for ECDSA verify with short r, s values
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
45fc464156 pk_wrap: improve error codes returned from ecdsa_verify_wrap
Use the shared PSA utilities to translate errors.
2018-11-22 13:37:14 -05:00
Andrzej Kurek
ca6330992e pk_wrap: switch to helper functions defined in psa_util.h
Remove duplicated helper functions.
Remove an unnecessary call to psa_crypto_init().
2018-11-22 13:37:14 -05:00
Andrzej Kurek
510ee70501 pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap
Adjust tests to pass a valid algorithm
2018-11-22 13:37:14 -05:00