Commit Graph

6354 Commits

Author SHA1 Message Date
Ronald Cron
d6ec3035a4 psa: Move ECP key import to psa_crypto_ecp.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
b14dbbeb92 psa: Rename ECP key import function
Rename ECP key import function before to move
it to psa_crypto_ecp.c to adapt to the naming
of exported functions in psa_crypto_ecp.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
79cc548cf2 psa: Change psa_import_ecp_key() signature
Change psa_import_ecp_key() signature to the signature of an
import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
13f8b098cb psa: ecp: import: Move key buffer allocation
Move key buffer allocation from ECP specific
importation function up to psa_import_key_into_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
abf2aef90f psa: Move RSA key import to psa_crypto_rsa.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
b6420e3797 psa: Rename psa_import_rsa_key to mbedtls_psa_rsa_import_key
Rename psa_import_rsa_key to mbedtls_psa_rsa_import_key to
align its name with the naming conventions of exported
functions in psa_crypto_rsa.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
4f2a7f0190 psa: Change psa_import_rsa_key() signature
Change psa_import_rsa_key() signature to the signature of an
import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
8f813ee8d8 psa: rsa: import: Move key buffer allocation
Move key buffer allocation from RSA specific
importation function up to psa_import_key_into_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
f1057d3589 psa: Add ECP/RSA transparent test driver export_public_key entry point
Add ECP/RSA transparent test driver export_public_key
entry point and use it in the transparent test driver
supporting both ECP and RSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
e5ca3d8533 psa: Move RSA/ECP export code to RSA/ECP specific C file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
152e3f82e7 psa: export: Move registered SE support to the driver wrapper
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
672279829a psa: Call export software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
7285cda387 psa: Export internally psa_export_(public_)key_internal
Export psa_export_(public_)key_internal from psa_crypto.c
to make it available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
d18b5f84c6 psa: Change psa_export_(public_)key_internal signature
Change psa_export_(public_)key_internal signature to
the signature of an export_(public_)key driver entry
point.

This is a preparatory commit to be able to call the
software implementations as a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
9486f9d8f0 psa: Disentangle public export and export code
Disentangle public export and export code to be
able to move the call to export and public
export operations to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
200a52c246 psa: Align naming of export internal functions
Align naming of export internal functions with the way
other psa_crypto.c internal functions are named, ending
with _internal.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
00b7bfc2c4 psa: Move xxx_load_representation functions to RSA/ECP specific modules
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
3c8ca3ad00 psa: Rename psa_export_rsa/ecp_key to mbedtls_psa_rsa/ecp_export_key
Rename psa_export_rsa/ecp_key to
mbedtls_psa_rsa/ecp_export_key before to move them to
RSA/ECP specific PSA crypto C files.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
9085708371 psa: Rename psa_load_rsa/ecp_representation
Rename psa_load_rsa/ecp_representation to
mbedtls_psa_rsa/ecp_load_representation
before to move them in their RSA/ECP
specific PSA crypto C modules.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
84cc99420c psa: Change psa_driver_wrapper_export_public_key() signature
Change psa_driver_wrapper_export_public_key() signature
to the signature of an export_public_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
8328287956 psa: Move from validate_key to import_key entry point
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
ea0f8a6d1a psa: se: Create key context in SE key slots
In key slots containing the description of a key of a
dynamically registered Secure Element (SE), store the
key slot number in a key context as defined in the
PSA driver interface for opaque drivers.

That way transparent key data and slot numbers are
, in a key slot, both stored in a dynamically allocated
buffer. The `data` union in structures of type
psa_key_slot_t to distinguish between the storage of
transparent key data and slot numbers is consequently
not necessary anymore and thus removed.

This alignement of some part of the code dedicated to
dynamically registered SE with the PSA driver interface
specification is done to ease the support of both
dynamically registered and statically defined secure
elements.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Gilles Peskine
c8a9177110 mbedtls_mpi_sub_abs: fix buffer overflow in error case
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

Fix #4042

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:28:03 +01:00
Daniel Otte
79fb5da632 adding parentheses to macro definitions, to avoid confusion and possible mistakes in usage.
Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-01 14:26:08 +01:00
Daniel Otte
39f361466b avoid errorneous computation of RSA_PRV_DER_MAX_BYTES if MBEDTLS_MPI_MAX_SIZE is odd.
if MBEDTLS_MPI_MAX_SIZE is odd then RSA_PRV_DER_MAX_BYTES will be two less than expected, since the macros are lacking parentheses.


Signed-off-by: Daniel Otte <d.otte@wut.de>
2021-02-01 14:23:30 +01:00
Ronald Cron
21b5616ea3 psa: Move PSA client code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:17:06 +01:00
Ronald Cron
d7906327ca psa: Add psa_crypto_client.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:16:44 +01:00
Ronald Cron
3768ac12a8 Add MBEDTLS_PSA_CRYPTO_CLIENT configuration option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:16:01 +01:00
Gilles Peskine
53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Janos Follath
a209f34faf
Merge pull request #3996 from stevew817/feature/allow_reading_external_keys
Allow loading external wrapped keys
2021-01-29 13:34:11 +00:00
Janos Follath
594d7afa00
Merge pull request #3994 from stevew817/feature/cmac_self_test_skip_unsupported
Allow CMAC self test to skip tests for unsupported primitives
2021-01-29 13:17:17 +00:00
paul-elliott-arm
a14d1642f4
Merge pull request #4008 from stevew817/bugfix/fix_dependencies
Fix warnings and dependencies when using _ALT in test
2021-01-29 12:24:54 +00:00
Steven Cooreman
c7da6a48dd Update comment to only apply to AES-192
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-29 11:09:50 +01:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
Steven Cooreman
7dadf14e7b Minor language correction after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-28 19:46:52 +01:00
David Carlier
2b8c2657e4 Implements getrandom's wrapper for handful of BSD.
Signed-off-by: David Carlier <devnexen@gmail.com>
2021-01-26 17:03:51 +00:00
Steven Cooreman
d80e8a4112 Check for existence of key material on store/load
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-26 14:28:48 +01:00
gabor-mezei-arm
86326a9131
Fix possible error codes in the documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-26 13:48:26 +01:00
Steven Cooreman
107409f470 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-26 12:01:22 +01:00
Janos Follath
b034683a70
Merge pull request #4007 from stevew817/feature/alt_implementation_is_not_deterministic
Don't self-test ECJPAKE ALT implementations against known entropy
2021-01-25 12:39:03 +00:00
Steven Cooreman
64f2773eab Skip tests requiring known entropy for ECJPAKE ALT implementations
These implementations don't necessarily consume entropy the same way the
mbed TLS internal software implementation does, and the 'reference
handshake' test vectors can thus not be applied to an ALT implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-22 14:23:08 +01:00
Steven Cooreman
7eb2aa0dc1 Reworked NO_FALLBACK logic according to review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-22 09:43:59 +01:00
gabor-mezei-arm
cbcec21684
Rename output buffer size macros
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Gilles Peskine
43f958b24d Rename unnamespaced identifiers
Rename the enum constants TLS12_PRF_xxx, which are declared in a
public header but not intended for use in application code, to start
with MBEDTLS_PSA_.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 17:42:25 +01:00
Steven Cooreman
03f40849c5 Apply suggestions from code review
Code style changes.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

Co-authored-by: Chris Jones <70633990+chris-jones-arm@users.noreply.github.com>
2021-01-19 13:34:56 +01:00
Dave Rodgman
6fbff5b557
Merge pull request #3698 from darrenkrahn/development
Mark basic constraints critical as appropriate.
2021-01-17 18:06:18 +00:00
Steven Cooreman
ac3434fc19 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-15 20:43:23 +01:00
Steven Cooreman
b2f3e6ca35 Restrict test skipping to AES-192 specifically
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-15 16:49:55 +01:00
paul-elliott-arm
94ca18733a
Merge pull request #3809 from AndrzejKurek/refactor-variable-buffers
Refactor variable I/O buffers feature to reduce code duplication
2021-01-14 14:25:56 +00:00
Steven Cooreman
fa6641b806 Avoid unreferenced item warnings in ECDSA when ALT is in use
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 17:11:39 +01:00
Andrzej Kurek
069fa96cd7 Use size_t instead of uint32_t for ssl I/O buffer lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:13:58 -05:00
Andrzej Kurek
4a0637981b Refactor the variable I/O buffer size feature
Reduce code duplication to simplify the feature and reduce code size.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:12:53 -05:00
Steven Cooreman
655b012b6c Unconditionally include platform.h in CMAC
As is the case for aes.c et al

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 14:34:51 +01:00
Steven Cooreman
98435ddf84 Allow loading wrapped keys even when SE support is compiled in
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 11:33:10 +01:00
Steven Cooreman
830d5af2f3 Allow CMAC self test to skip tests for unsupported primitives
Same type of skipping as in AES and GCM self test routines.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 18:01:46 +01:00
Steven Cooreman
97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine
dbf6896c82 mbedtls_to_psa_error: prefer dispatching on the low-level error
When an Mbed TLS error code combines a low-level error and a
high-level error, the low-level error is usually closer to the root
cause (for example HW_ACCEL_FAILED or ENTROPY_SOURCE_FAILED is more
informative than RSA_PRIVATE_FAILED). So prioritize the low-level code
when converting to a PSA error code, rather than the high-level code
as was (rather arbitrarily) done before.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:04:23 +01:00
Gilles Peskine
ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
40d8160c8e mbedtls_to_psa_error: fix a copypasta and a missing translation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Manuel Pégourié-Gonnard
75fdd0640f
Merge pull request #3973 from stroebeljc/development
Fixed seed variable concatenation pointer.
2021-01-06 10:07:52 +01:00
Gilles Peskine
73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
Gilles Peskine
9c3e060253 Explain the design of mbedtls_psa_get_random better
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 16:03:55 +01:00
Gilles Peskine
0c59ba88cb Fix the error detection in psa_generate_random
If a call to mbedtls_psa_get_random other than the last one failed,
this went undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 14:10:59 +01:00
stroebeljc
d4de1b5d4e Updated per comments from @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:14:32 -06:00
Gilles Peskine
71ddab9154 Simplify the chunk loop in psa_generate_random
Make the code slightly more readable and slightly smaller.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:01:07 +01:00
Gilles Peskine
88fa5c463e Minor documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:00:53 +01:00
ENT\stroej1
70f63d0883 Added references to the NIST test data used in the self-test function.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-28 08:50:23 -06:00
ENT\stroej1
df307002cf Updated self test to use NIST test vectors and produce proper result.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-26 12:41:04 -06:00
ENT\stroej1
a0deec0509 Extended test vectors to accomodate addition of nonce to test input array and updated results.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 15:26:27 -06:00
ENT\stroej1
1446211e5e Update self-test vectors to include nonce and test it as part of reseeding.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:24:35 -06:00
ENT\stroej1
4b91986a76 Fixed seed variable concatenation pointer.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-23 19:23:05 -06:00
Fredrik Strupe
462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Gilles Peskine
b3cd9633f4 Pacify check-names.sh
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 19:54:24 +01:00
Gilles Peskine
b2b64d3642 Rename psa_crypto_random.h to psa_crypto_random_impl.h
Make it clear that this is an abstraction of the random generator
abstraction, and not an abstraction of the PSA random generator.

mbedtls_psa_get_random and MBEDTLS_PSA_RANDOM_STATE are public-facing
definitions and will be moved in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 16:43:58 +01:00
Gilles Peskine
8814fc4a34 Make mbedtls_psa_get_random more usable outside psa_crypto.c
In the external RNG case, don't make mbedtls_psa_get_random() a
static inline function: this would likely result in identical
instances of this function in every module that uses it. Instead, make
it a single function with external linkage.

In the non-external case, instead of a trivial wrapper function, make
mbedtls_psa_get_random a constant pointer to whichever DRBG function
is being used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 15:33:44 +01:00
Gilles Peskine
5894e8e7a4 Replace mbedtls_psa_random_state( ... ) by MBEDTLS_PSA_RANDOM_STATE
Hide the obtention of the pointer to the RNG state behind a macro.

To make it possible to use this macro in a module other than
psa_crypto.c, which will happen in the future, make sure that the
definition of the macro does not reference internal variables of
psa_crypto.c. For this purpose, in the internal-DRBG case, export a
symbol containing the address of the DRBG state.

When the RNG state is a pointer a DRBG state, just keep this pointer
in a variable: there's no need to store a pointer to a larger structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 14:57:24 +01:00
Janos Follath
0cbdc61171 Bump version to Mbed TLS 2.25.0
Executed ./scripts/bump_version.sh --version 2.25.0 --so-crypto 6

Increasing the SO version of the crypto library, because the openless
API improvement came with API/ABI incompatibilities. For example
    - the size of psa_key_handle_t changed
    - the type of a parameter in 18 public functions has changed from
      psa_key_handle_t to mbedtls_svc_key_id_t

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:05:22 +00:00
Janos Follath
a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00
Gilles Peskine
6d5c7bc69a
Merge pull request #3898 from paul-elliott-arm/fix_pem_write
Remove Extraneous bytes from buffer post pem write
2020-12-08 12:31:40 +01:00
Gilles Peskine
2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Bence Szépkúti
cbe395332c Substitute PSA_ALG_STREAM_CIPHER into all files
Deprecate PSA_ALG_ARC4 and PSA_ALG_CHACHA20.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:01:31 +01:00
Bence Szépkúti
1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Paul Elliott
557b8d663a Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 17:29:42 +00:00
Ronald Cron
771090659e
Merge pull request #3393 from geecrypt/development
Support set *_drbg reseed interval before seed
2020-12-07 14:29:52 +01:00
Janos Follath
3aae5d4ed7
Merge pull request #781 from mpg/cipher-auth-crypt-restricted
Fix buffer overflow with NIST-KW in cipher layer
2020-12-07 12:58:36 +00:00
Gilles Peskine
3a0535b465
Merge pull request #3916 from jdurkop/psa-crypto-config-hashes-3672
Add support to crypto config for hashes
2020-12-07 13:50:56 +01:00
Manuel Pégourié-Gonnard
841b6fa97f Fix unused param warnings in auth_xxcrypt_ext()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-07 10:42:21 +01:00
Janos Follath
7973e2b358
Merge pull request #772 from chris-jones-arm/development-restricted
Fix Diffie-Hellman large key size DoS
2020-12-07 09:28:55 +00:00
Gilles Peskine
4e0a4d444d Clarifying comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:08:30 +01:00
Gilles Peskine
a56d3d9e75 cipher_auth_xxcrypt_ext: Make NIST_KW case more robust
Don't invoke classic NIST_KW in case PSA gains support for NIST_KW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:08:10 +01:00
Gilles Peskine
e09aeb4923 Remove redundant NIST_KW checks in cipher_auth_xxcrypt()
The internal functions mbedtls_cipher_aead_{encrypt,decrypt} reject
unsupported algorithms, so there's no need for an additional check in
the legacy wrappers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:07:26 +01:00
Gilles Peskine
70edd689a8 cipher_auth_xxcrypt(): fix some null pointer handling
Make sure that if a buffer is allowed to be empty, a null pointer is
accepted if the buffer length is 0. This was already the case for most
but not all arguments to mbedtls_cipher_auth_{en,de}crypt{,_ext}.

Make sure to pass NULL for an empty buffer in the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 09:58:26 +01:00
Gilles Peskine
e54be3a9c3 Fix uncaught error if fix_negative fails
fix_negative allocates memory for its result. The calling site didn't
check the return value, so an out-of-memory error could lead to an
incorrect calculation. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
Gilles Peskine
89b4130098 Fix memory leak in mbedtls_mpi_sub_abs
Fix a memory leak in mbedtls_mpi_sub_abs when the output parameter is
aliased to the second operand (X = A - X) and the result is negative.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-06 22:32:02 +01:00
John Durkop
6ca2327150 Update guards for ALG_SHA_224 and ALG_SHA_384 in crypto library
The previous revision of guards around SHA_224 and SHA_384 were not
correct. This set of changes ensures the proper code is available
when SHA_224 and SHA_384 are enabled for use.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-12-03 06:07:04 -08:00
Gilles Peskine
227366b4b0 Merge branch 'development' into development-restricted 2020-12-03 12:39:44 +01:00
Gilles Peskine
54a6f23393
Merge pull request #3930 from ccvca/fix_missing_argument
Fix: Add missing arguments to debug message.
2020-12-03 12:29:03 +01:00
Manuel Pégourié-Gonnard
f5cf71e14a Stop using deprecated functions in the library
all.sh -k '*deprecated*' now passes again

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:10 +01:00
Manuel Pégourié-Gonnard
513c243317 Deprecate mbedtls_cipher_auth_xxcrypt()
This temporarily breaks all.sh '*deprecated*' (deprecated functions still used
in the library), which will be fix in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00