Commit Graph

3054 Commits

Author SHA1 Message Date
GuHaijun
983acb75f0 Fix include file path 2018-12-28 11:11:10 +08:00
Gilles Peskine
75976895c6 Split crypto_driver.h into one for each driver type
Split crypto_driver.h into 4:
* crypto_driver_common.h for common definitions, not meant to be
  included directly by driver code.
* crypto_accel_driver.h for drivers that work with transparent
  key material.
* crypto_se_driver.h for drivers that work with opaque key
  material.
* crypto_entropy_driver.h for drivers of entropy sources.

There is no code change in this commit, I only moved some code around.
2018-12-21 18:17:10 +01:00
Gilles Peskine
5e9c9cca03 Document macros that were referenced
Macros that are referenced need to be documented, otherwise Doxygen
has nothing to link to.
2018-12-21 17:53:12 +01:00
Gilles Peskine
2d59b2cd6b crypto_driver.h: get type definitions from crypto_enum.h
Now that the type definitions that are useful for driver are in a
separate header file from the application interface function
declarations, include that header file in crypto_driver.h.
2018-12-21 17:53:12 +01:00
Gilles Peskine
a7c26db335 Move remaining size macros from crypto.h to crypto_sizes.h
No functional changes, code was only moved from crypto.h to crypto_sizes.h.
2018-12-21 17:53:12 +01:00
Gilles Peskine
f3b731e817 Move integral types and associated macros to their own header
Some parts of the library, and crypto drivers, need to see key types,
algorithms, policies, etc. but not API functions. Move portable
integral types and macros to build and analyze values of these types
to a separate headers crypto_types.h and crypto_values.h.

No functional changes, code was only moved from crypto.h to the new headers.
2018-12-21 17:53:09 +01:00
Simon Butcher
6c164e754b Update the version of the library to 2.16.0 2018-12-21 10:51:51 +00:00
Gilles Peskine
0344d8171d Simplify the SPM compatibility hack
Define psa_status_t to int32_t unconditionally. There's no reason to
refer to psa_error_t here: psa_error_t is int32_t if it's present. We
would only need a conditional definition if psa_defs.h and
psa_crypto.h used the same type name.

Keep the conditional definition of PSA_SUCCESS. Although the C
preprocessor allows a duplicate definition for a macro, it has to be
the exact same token sequence, not merely an equivalent way to build
the same value.
2018-12-20 20:09:04 +01:00
Simon Butcher
fed19be501 Merge remote-tracking branch 'public/pr/2126' into development-restricted 2018-12-20 12:35:09 +00:00
Simon Butcher
6df8c53cd4 Merge remote-tracking branch 'public/pr/2134' into development-restricted 2018-12-20 12:34:44 +00:00
Simon Butcher
ad7c2105a2 Merge remote-tracking branch 'public/pr/2274' into development 2018-12-20 12:16:57 +00:00
Simon Butcher
12b4240300 Merge remote-tracking branch 'public/pr/2288' into development 2018-12-20 12:16:46 +00:00
Simon Butcher
c831193c85 Merge remote-tracking branch 'public/pr/2302' into development 2018-12-20 12:16:39 +00:00
Simon Butcher
1efda39f8a Merge remote-tracking branch 'public/pr/2297' into development 2018-12-20 12:16:29 +00:00
Simon Butcher
5aa7809ac8 Merge remote-tracking branch 'public/pr/2275' into development 2018-12-20 12:15:19 +00:00
Simon Butcher
780cf189b0 Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
Simon Butcher
032c037052 Merge remote-tracking branch 'public/pr/2270' into development 2018-12-20 12:04:13 +00:00
Simon Butcher
a033633bb0 Merge remote-tracking branch 'public/pr/2269' into development 2018-12-20 12:02:56 +00:00
Simon Butcher
70935a4001 Merge remote-tracking branch 'public/pr/2299' into development 2018-12-20 12:02:23 +00:00
Simon Butcher
003c0e032f Merge remote-tracking branch 'public/pr/2292' into development 2018-12-20 12:02:17 +00:00
Simon Butcher
decf2f5c2c Merge remote-tracking branch 'public/pr/2291' into development 2018-12-20 12:02:11 +00:00
Simon Butcher
65ce5dc981 Merge remote-tracking branch 'public/pr/2290' into development 2018-12-20 12:02:05 +00:00
Simon Butcher
ad2e0dae32 Merge remote-tracking branch 'public/pr/2283' into development 2018-12-20 12:01:58 +00:00
Simon Butcher
0bbf7f450d Merge remote-tracking branch 'public/pr/2279' into development 2018-12-20 12:01:49 +00:00
Simon Butcher
962b7b17d5 Merge remote-tracking branch 'public/pr/2273' into development 2018-12-20 12:01:17 +00:00
Simon Butcher
6be67a6518 Merge remote-tracking branch 'public/pr/2281' into development 2018-12-20 12:01:09 +00:00
Simon Butcher
dac513e246 Merge remote-tracking branch 'public/pr/2282' into development 2018-12-20 12:01:04 +00:00
Simon Butcher
ccafd14fee Merge remote-tracking branch 'public/pr/2276' into development 2018-12-20 12:00:57 +00:00
Simon Butcher
2a8d32c6c1 Merge remote-tracking branch 'public/pr/2287' into development 2018-12-20 12:00:50 +00:00
k-stachowiak
247a782668 Increase strictness of NULL parameter validity in CCM's doxygen 2018-12-19 19:02:39 +01:00
k-stachowiak
6adb0574ea Improve details of CCM parameter validation and documentation 2018-12-19 19:02:39 +01:00
k-stachowiak
9da5d7cd83 Adjust mbedtls_ccm_free() documentation 2018-12-19 19:02:39 +01:00
k-stachowiak
373a660193 Fix a documentation typo 2018-12-19 19:02:39 +01:00
k-stachowiak
b92f9334e4 Doxygen comments improvement 2018-12-19 19:02:39 +01:00
k-stachowiak
12f0d5c66d Improve the constraints definition in the doxygen comments in CCM 2018-12-19 19:02:39 +01:00
k-stachowiak
fd42d531ba Explicitly allow NULL as an argument to mbedtls_ccm_free() 2018-12-19 19:02:39 +01:00
k-stachowiak
438448e45f Format NULL occurrences in CCM's Doxygen comments 2018-12-19 19:02:39 +01:00
k-stachowiak
26d365eb54 Add parameter validation for CCM 2018-12-19 19:02:39 +01:00
Gilles Peskine
6af45ec53e PK: document context validity requirements
Document when a context must be initialized or not, when it must be
set up or not, and whether it needs a private key or a public key will
do.

The implementation is sometimes more liberal than the documentation,
accepting a non-set-up context as a context that can't perform the
requested information. This preserves backward compatibility.
2018-12-19 18:10:03 +01:00
Gilles Peskine
d54b97503b pk parse: the password is optional
For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is
optional. Clarify what this means: NULL is ok and means no password.
Validate parameters and test accordingly.
2018-12-19 17:36:14 +01:00
k-stachowiak
e4b8d28ca7 Remove imprecise clause from documenting comment 2018-12-19 17:34:58 +01:00
k-stachowiak
95070a8286 Make some cipher parameter validation unconditional 2018-12-19 17:34:58 +01:00
k-stachowiak
6df25e7930 Increase strictness of NULL parameter validity in Cipher's doxygen 2018-12-19 17:34:58 +01:00
k-stachowiak
90b8d4a11e Include static cipher functions in the parameter validation scheme 2018-12-19 17:34:13 +01:00
k-stachowiak
d5913bc115 Improve documentation of the parameter validation in the Cipher module 2018-12-19 17:34:13 +01:00
Krzysztof Stachowiak
e0215d7869 Add Cipher module parameter validation 2018-12-19 17:34:13 +01:00
k-stachowiak
6009ece91d Increase strictness of NULL parameter validity in GCM's doxygen 2018-12-19 17:32:19 +01:00
k-stachowiak
21298a20c4 Improve parameter validation in mbedtls_gcm_free() 2018-12-19 17:32:19 +01:00
k-stachowiak
2ae7ae5301 Doxygen comments improvement 2018-12-19 17:30:38 +01:00
k-stachowiak
8ffc92a1e8 Add parameter validation for the GCM module 2018-12-19 17:30:38 +01:00
Hanno Becker
8ce11a323e Minor improvements to bignum module 2018-12-19 16:18:52 +00:00
Gilles Peskine
159171b72a PK parse/write: support keylen=0 correctly
A 0-length buffer for the key is a legitimate edge case. Ensure that
it works, even with buf=NULL. Document the key and keylen parameters.

There are already test cases for parsing an empty buffer. A subsequent
commit will add tests for writing to an empty buffer.
2018-12-19 17:03:28 +01:00
Hanno Becker
df4b59696d Minor Camellia documentation improvements 2018-12-19 15:50:02 +00:00
Hanno Becker
ed54128fdb Minor Blowfish documentation improvements 2018-12-19 15:48:37 +00:00
Hanno Becker
70ded3602c Minor improvements to Camellia module and documentation 2018-12-19 13:42:05 +00:00
Hanno Becker
20376d631d Don't promise that passing NULL input to Blowfish works
It seems to work, but we don't test it currently,
so we shouldn't promise it.
2018-12-19 12:52:59 +00:00
Hanno Becker
3d9a3490f8 Improve Blowfish documentation 2018-12-19 12:52:59 +00:00
Hanno Becker
49acc64c69 Minor improvements to Blowfish documentation and tests 2018-12-19 12:52:59 +00:00
Hanno Becker
3b4d6c6925 Document parameter preconditions for Blowfish module 2018-12-19 12:52:59 +00:00
Hanno Becker
938a15e584 Leave behaviour on NULL input unspecified in ARIA
We allow a NULL input buffer if the input length is zero,
but we don't test it. As long as that's the case, we shouldn't
promise to support it.
2018-12-19 12:51:00 +00:00
Hanno Becker
2f87504cb7 Minor ARIA documentation improvements 2018-12-19 12:51:00 +00:00
Hanno Becker
02d524c05c Minor ARIA documentation improvements 2018-12-19 12:51:00 +00:00
Hanno Becker
139d8313d9 Document parameter preconditions for the ARIA module 2018-12-19 12:51:00 +00:00
Hanno Becker
1e2f3ed08f Remove merge artifact 2018-12-19 12:47:55 +00:00
Hanno Becker
bdb7cd4840 Don't promise that passing NULL input to Camellia works 2018-12-19 12:47:55 +00:00
Hanno Becker
c7579ecb17 Improve Camellia documentation 2018-12-19 12:47:55 +00:00
Hanno Becker
af4b83bb2a Minor improvements to CAMELLIA documentation 2018-12-19 12:47:55 +00:00
Hanno Becker
e939de7247 Minor fixes to Camellia parameter validation 2018-12-19 12:47:55 +00:00
Hanno Becker
f10905a6a7 Use full sentences in documentation of CAMELLIA preconditions 2018-12-19 12:47:55 +00:00
Hanno Becker
b4b7fb7504 Implement parameter validation for CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker
7a16aaddba Document parameter preconditions in CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker
bb186f89fc Weaken preconditions for mbedtls[_internal]_sha512_process() 2018-12-19 10:27:24 +00:00
Hanno Becker
fbf67770d8 Improve ECJPAKE documentation 2018-12-19 10:14:43 +00:00
Hanno Becker
185e516309 Minor fixes to ECJPAKE parameter validation 2018-12-19 09:48:50 +00:00
Simon Butcher
54b789aa74 Merge remote-tracking branch 'public/pr/2298' into development 2018-12-19 08:08:14 +00:00
Gilles Peskine
a310b41ebe Add null-pointer support information to init/free 2018-12-19 00:51:21 +01:00
Hanno Becker
035c6baefe Fix documentation bug in ECDSA module 2018-12-18 23:35:53 +00:00
Hanno Becker
c81cfece8f Minor fixes to parameter validation in ECDH module 2018-12-18 23:32:42 +00:00
Hanno Becker
3f1f4ad9bd Weaken preconditions on mbedtls_[internal_]sha256_process() 2018-12-18 23:19:37 +00:00
Hanno Becker
79b9e39732 Weaken preconditions for mbedtls[_internal]_sha1_process() 2018-12-18 23:17:49 +00:00
Hanno Becker
d01ff493e5 Minor improvements in bignum documentation 2018-12-18 23:10:28 +00:00
Hanno Becker
3f2d1ef169 Fix typo in SHA512 documentation 2018-12-18 18:41:40 +00:00
Hanno Becker
42f783d3b7 Fix minor issues in SHA1 documentation 2018-12-18 18:39:32 +00:00
Hanno Becker
d73101266d Don't promise that passing a NULL to mbedtls_mpi_read_string works 2018-12-18 18:12:13 +00:00
Hanno Becker
01c3c10640 Fix typos in documentation of bignum module
Found by doxygen.sh
2018-12-18 18:12:13 +00:00
Hanno Becker
e118504a5f Numerous minor improvements to bignum documentation 2018-12-18 18:12:13 +00:00
Hanno Becker
8282c2f070 Minor improvements to bignum documentation 2018-12-18 18:12:13 +00:00
Hanno Becker
c23483ed8c Document preconditions on parameters in public bignum API 2018-12-18 18:12:13 +00:00
Hanno Becker
974ca0d947 Fix documentation bug on necessity of RNG in RSA PKCS v1.5 2018-12-18 18:03:24 +00:00
Hanno Becker
2f660d047d Forbid passing NULL input buffers to RSA encryption routines 2018-12-18 17:07:30 +00:00
Hanno Becker
9171c6e9ec Leave behaviour on NULL buffers to SHA-1 unspecified for now
We deal correctly with NULL being passed alongside a zero length
argument, but don't have tests for it, so we shouldn't promise
that it works.
2018-12-18 17:01:58 +00:00
Hanno Becker
6c5c45f400 Document parameter preconditions in DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker
ca6f4585c7 Fix parameter validation in SHA-512 module 2018-12-18 16:36:26 +00:00
Hanno Becker
fc2a0b2e67 Minor SHA-256 documentation improvement 2018-12-18 16:32:50 +00:00
Hanno Becker
77886af63e Improve SHA-256 documentation on parameter preconditions 2018-12-18 16:30:36 +00:00
Hanno Becker
ad7581fac5 Minor improvements to ChaCha20/Poly1305/ChaChaPoly documentation 2018-12-18 15:30:30 +00:00
Hanno Becker
e463c42902 Minor improvements 2018-12-18 15:30:30 +00:00
Hanno Becker
b3c10b348b Add documentation on parameter preconditions to ChaChaPoly modules 2018-12-18 15:30:30 +00:00
Hanno Becker
b5c99f5c72 Improve documentation of SHA-512 parameter preconditions 2018-12-18 15:29:32 +00:00
Andres Amaya Garcia
ff1052e6b0 Document valid function params for SHA-512 functions 2018-12-18 15:06:39 +00:00
Andres Amaya Garcia
ba519b94a5 Add parameter validation to SHA-512 module 2018-12-18 15:06:39 +00:00
Hanno Becker
a9020f2107 Clarify the need for a PRNG in various RSA operations 2018-12-18 14:45:45 +00:00
Hanno Becker
e2e509ca5d Document parameter preconditions in ECDSA module 2018-12-18 14:31:50 +00:00
Hanno Becker
8ce3d939be Fix typo in documentation of ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker
c4e5aa5746 Document parameter preconditions for ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker
60b65044ac Fix parameter name in documentation of ECDH module 2018-12-18 14:30:39 +00:00
Hanno Becker
e77ef2ad33 Document parameter preconditions in ECH module 2018-12-18 14:30:39 +00:00
Hanno Becker
5bdfca926f Further RSA documentation improvements 2018-12-18 13:59:28 +00:00
Hanno Becker
f66f294e2e Improve documentation in RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker
0118d4190a Document that RSA public exponent must be odd 2018-12-18 13:38:05 +00:00
Hanno Becker
385ce91592 Minor improvements 2018-12-18 13:38:05 +00:00
Hanno Becker
9a46777d66 Document parameter preconditions in RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker
486f1b33d7 Improve wording in ECP documentation 2018-12-18 13:00:48 +00:00
Hanno Becker
5edcfa529f Improve ECP documentation 2018-12-18 13:00:48 +00:00
Hanno Becker
ebffa7995b Document parameter preconditions in ECP module 2018-12-18 13:00:48 +00:00
Hanno Becker
03f2ffa7bc Undo documentation change in ARIA, Blowfish, Camellia modules 2018-12-18 12:45:06 +00:00
Andres Amaya Garcia
0152f1e948 Document valid function params for SHA-256 functions 2018-12-18 11:41:20 +00:00
Andres Amaya Garcia
79e593f617 Add parameter validation to SHA-256 module 2018-12-18 11:41:20 +00:00
Hanno Becker
5359ca8a54 Improve SHA-1 documentation 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
c523e011e0 Document valid function params for SHA-1 functions 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
a685d4f28d Add MBEDTLS_ERR_SHA1_BAD_INPUT_DATA to error.{h,c} 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia
f7c43b3145 Add parameter validation to SHA-1 2018-12-18 11:37:28 +00:00
Manuel Pégourié-Gonnard
b66e7dbcc1 Fix some documentation markup/wording issues 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
ad54c49e75 Document AES accelerator functions as internal 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
2bc535be86 Add parameter validation for AES-CTR 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
8e41eb7187 Add parameter validation for AES-OFB 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
1677cca54b Add parameter validation for AES-CFB functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
191af1313a Add param validation for mbedtls_aes_crypt_xts() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
3178d1a997 Add param validation for mbedtls_aes_crypt_cbc() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
1aca260571 Add parameter validation for mbedtls_aes_crypt_ecb() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
68e3dff3f1 Add parameter validation XTS setkey functions 2018-12-18 12:22:40 +01:00
Hanno Becker
6640b0d9a3 Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH 2018-12-18 09:53:14 +00:00
Hanno Becker
a034369eca Undo deprecation of MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH 2018-12-18 09:53:11 +00:00
Hanno Becker
938f9e9bdb Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and
MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break.
2018-12-18 09:50:57 +00:00
Hanno Becker
9dbefa1793 Fix conflict between constant deprecation and check-names.sh
The previous introduction of constant deprecation macros
in platform_util.h lead to failure of tests/scrips/check-names.sh
because the regular expressions in the latter choked on the brackets
in the part `__attribute__((deprecated))` of the definition of the
helper type `mbedtls_deprecated_{numeric|string}_constant_t`.

Postponing any further study and potential robustness improvements
in check-names.sh to another time, this commit circumvents this
problem by temporarily abbreviating  `__attribute__((deprecated))`
as `MBEDTLS_DEPRECATED`, which doesn't lead to problems with
check-names.sh.
2018-12-17 22:49:13 +00:00
Hanno Becker
4fb258a868 Remove mentioning of deprecated error codes 2018-12-17 16:09:15 +00:00
Hanno Becker
d2f3a00062 Introduce single BLOWFISH error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
* MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
2018-12-17 13:26:37 +00:00
Hanno Becker
4c029d09be Introduce single CAMELLIA error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:33 +00:00
Hanno Becker
2f47550018 Introduce single ARIA error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:28 +00:00
Manuel Pégourié-Gonnard
548cecdd2c Discourage making MBEDTLS_PARAM_FAILED() empty. 2018-12-17 13:13:30 +01:00
Hanno Becker
6d0816a8ae Introduce macros to deprecate constants in the API
This commit introduces macros

* MBEDTLS_DEPRECATED_STRING_CONSTANT
* MBEDTLS_DEPRECATED_NUMERIC_CONSTANT

to platform_util.h which can be used to deprecate public macro constants.

Their definition is essentially taken from dhm.h where the
MBEDTLS_DEPRECATED_STRING_CONSTANT was used to deprecate
insecure hardcoded DHM primes.
2018-12-17 11:39:38 +00:00
Ron Eldor
9cbd1b2ecd Include configuration file for all headers
Include the configuration file for all headers that were not
included, and for new headers introduced.
2018-12-16 12:14:37 +02:00
Ron Eldor
8b0cf2e76f Include configuration file to headers
Add inclusion to configration file in header files,
instead of relying on other header files to include
the configuration file. This issue resolves #1371
2018-12-16 12:02:50 +02:00
Manuel Pégourié-Gonnard
e7306d30a9 Improve some documentation and ChangeLog entry 2018-12-13 09:45:49 +01:00
Manuel Pégourié-Gonnard
cd2b29cd12 Improve wording in documentation and ChangeLog 2018-12-12 10:23:57 +01:00
Manuel Pégourié-Gonnard
ed459e6995 Fix content and style of constraints documentation
- Be specific about the constraints: be a readable/writable buffer of length
  X, be an initialized context, be a context initialized and bound to a key...
- Always use full sentences with all the required pronouns.
2018-12-12 10:20:33 +01:00
Gilles Peskine
23fd2bdb94 Update some documentation related to key slots
Some of the documentation is obsolete in its reference to key slots
when it should discuss key handles. This may require a further pass,
possibly with some reorganization of error codes.

Update the documentation of functions that modify key slots (key
material creation and psa_set_key_policy()) to discuss how they affect
storage.
2018-12-11 16:48:14 +01:00
Gilles Peskine
b77a6b25c0 Remove psa_set_key_lifetime
This function is no longer relevant. Use psa_create_key instead.
2018-12-11 16:48:13 +01:00
Gilles Peskine
f6cc435a8a Remove psa_key_slot_t from public headers
This commit marks the beginning of the removal of support for direct
access to key slots. From this commit on, programs that use
psa_key_slot_t will no longer compile.

Subsequent commits will remove the now-unused legacy support in
psa_crypto.c.
2018-12-11 16:48:13 +01:00
Gilles Peskine
ae32aac48e Switch function declarations from key slots to key handles
Replace `psa_key_slot_t key` by `psa_key_handle_t` in function
declarations.

This is a transition period during which handles are key slot numbers
and the whole library can still be used by accessing a key slot number
without allocating a handle.
2018-12-11 16:48:10 +01:00
Gilles Peskine
644cd5fd89 Linkify some macros that were just typeset as text 2018-12-11 16:47:35 +01:00
Gilles Peskine
f535eb2e61 Declare the new slot management functions in crypto.h
No changes to existing functions.
2018-12-11 16:06:51 +01:00
Manuel Pégourié-Gonnard
35acb099d6 Fix some documentation typos/markup/duplication. 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
9b8ea89ae5 Fix a few style / whitespace issues 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
22028a0b8d Fix a typo in documentation 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
0e17cc93c6 Avoid stringifying condition too early
It's better if the macro receives the condition as an expression rather than a
string - that way it can choose to use it as is or stringify it. Also, the
documentation states that the parameter is an expression, not a string.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
44c5d58d05 Document AES functions and fix free() functions 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
0e9cddbf1a Introduce generic validation macros
Avoid duplicating source code for each module.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
a967626753 Make MBEDTLS_CHECK_PARAMS disabled by default 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
ab588529e1 Rework documentation. 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
a2b0e27378 Skip param validation tests if custom macro used
The test framework for validation of parameters depends on the macro
MBEDTLS_PARAM_FAILED() being set to its default value when building the
library. So far the test framework attempted to define this macro but this was
the wrong place - this definition wouldn't be picked by the library.

Instead, a different approach is taken: skip those tests when the macro is
defined in config.h, as in that case we have no way to know if it will indeed
end up calling mbedtls_param_failed() as we need it to.

This commit was tested by manually ensuring that aes_invalid_params:

- passes (and is not skipped) in the default configuration
- is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
8e661bf6a8 Fix arity of the PARAM_FAILED() macro and function
It was inconsistent between files: sometimes 3 arguments, sometimes one.

Align to 1 argument for the macro and 3 for the function, because:
- we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__
  in its expansion, while the function needs them as parameters to be correct;
- people who re-defined the macro should have flexibility, and 3 arguments
  can give the impression they they don't have as much as they actually do;
- the design document has the macro with 1 argument, so let's stick to that.
2018-12-11 12:28:56 +01:00
Simon Butcher
4c37db6d87 Remove the library provided function of MBEDTLS_PARAM_FAILED
The function called through the macro MBEDTLS_PARAM_FAILED() must be supplied by
users and makes no sense as a library function, apart from debug and test.
2018-12-11 12:28:56 +01:00
Simon Butcher
5201e414aa Add optional parameter validation to the AES module
This adds additional and optional parameter validation to the AES module that
can be used by enabling the MBEDTLS_CHECK_PARAMS config.h option.
2018-12-11 12:28:56 +01:00
Simon Butcher
b4868034dd Add initial options and support for parameter validation
This function adds the additional config.h option of MBEDTLS_CHECK_PARAMS which
allows additional validation of parameters passed to the library.
2018-12-11 12:28:56 +01:00
Jaeden Amero
01b34fb316 Merge remote-tracking branch 'upstream-public/pr/2267' into development 2018-12-07 16:17:12 +00:00
Jaeden Amero
52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Janos Follath
172ba63463 Add guard for MBEDTLS_ECP_INTERNAL_ALT
MBEDTLS_ECP_RESTARTABLE and MBEDTLS_ECP_INTERNAL_ALT are mutually
exclusive, can't work and shouldn't be compiled together.
2018-12-07 13:13:42 +00:00
Janos Follath
d2af46f1e6 Fix typo in ECP alternative documentation 2018-12-07 11:05:21 +00:00
Jaeden Amero
083681c832 Merge remote-tracking branch 'upstream-public/pr/2039' into development 2018-12-06 15:55:34 +00:00
Jaeden Amero
833c053b71 Merge remote-tracking branch 'upstream-public/pr/1982' into development 2018-12-06 15:54:21 +00:00
Jaeden Amero
41722ec29e Merge remote-tracking branch 'upstream-public/pr/1958' into development 2018-12-06 15:53:56 +00:00
Janos Follath
c3b680b028 Clarify requirements on handling ECP group IDs 2018-12-06 12:24:04 +00:00
Janos Follath
948f4bedcc Debug: Add functions for ECDH contexts
The SSL module accesses ECDH context members directly to print debug
information. This can't work with the new context, where we can't make
assumptions about the implementation of the context. This commit adds
new debug functions to complete the encapsulation of the ECDH context
and work around the problem.
2018-12-06 12:22:46 +00:00
Gilles Peskine
3cac8c4d78 Move declarations related to lifetimes further up in crypto.h
No content change. This is in preparation for declaring the slot
management functions, which need the type psa_key_lifetime_t.
2018-12-05 09:40:07 +01:00
Jaeden Amero
5dfca1e1bd Update library version to 2.15.1 2018-12-01 18:44:29 +00:00
Janos Follath
c9c32f3f63 ECDH: Add flexible context and legacy flag
We want to support alternative software implementations and we extend
the ECDH context to enable this. The actual functional change that makes
use of the new context is out of scope for this commit.

Changing the context breaks the API and therefore it has to be
excluded from the default configuration by a compile time flag.
We add the compile time flag to the module header instead of
`config.h`, because this is not a standalone feature, it only
enables adding new implementations in the future.

The new context features a union of the individual implementations
and a selector that chooses the implementation in use. An alternative
is to use an opaque context and function pointers, like for example the
PK module does it, but it is more dangerous, error prone and tedious to
implement.

We leave the group ID and the point format at the top level of the
structure, because they are very simple and adding an abstraction
layer around them away does not come with any obvious benefit.

Other alternatives considered:

- Using the module level replacement mechanism in the ECP module. This
would have made the use of the replacement feature more difficult and
the benefit limited.
- Replacing our Montgomery implementations with a new one directly. This
would have prevented using Montgomery curves across implementations.
(For example use implementation A for Curve448 and implementation B for
Curve22519.) Also it would have been inflexible and limited to
Montgomery curves.
- Encoding the implementation selector and the alternative context in
`mbedtls_ecp_point` somehow and rewriting `mbedtls_ecp_mul()` to
dispatch between implementations. This would have been a dangerous and
ugly hack, and very likely to break legacy applications.
- Same as above just with hardcoding the selector and using a compile
time option to make the selection. Rejected for the same reasons as
above.
- Using the PK module to provide to provide an entry point for
alternative implementations. Like most of the above options this
wouldn't have come with a new compile time option, but conceptually
would have been very out of place and would have meant much more work to
complete the abstraction around the context.

In retrospect:

- We could have used the group ID as the selector, but this would have
made the code less flexible and only marginally simpler. On the other
hand it would have allowed to get rid of the compile time option if a
tight integration of the alternative is possible. (It does not seem
possible at this point.)
- We could have used the same approach we do in this commit to the
`mbedtls_ecp_point` structure. Completing the abstraction around this
structure would have been a much bigger and much riskier code change
with increase in memory footprint, potential decrease in performance
and no immediate benefit.
2018-11-30 14:21:35 +00:00
Janos Follath
f61e486179 ECDH: Add mbedtls_ecdh_setup()
In the future we want to support alternative ECDH implementations. We
can't make assumptions about the structure of the context they might
use, and therefore shouldn't access the members of
`mbedtls_ecdh_context`.

Currently the lifecycle of the context can't be done without direct
manipulation. This commit adds `mbedtls_ecdh_setup()` to complete
covering the context lifecycle with functions.
2018-11-30 14:09:57 +00:00
Janos Follath
89ac8c9266 ECP: Add mbedtls_ecp_tls_read_group_id()
`mbedtls_ecp_tls_read_group()` both parses the group ID and loads the
group into the structure provided. We want to support alternative
implementations of ECDH in the future and for that we need to parse the
group ID without populating an `mbedtls_ecp_group` structure (because
alternative implementations might not use that).

This commit moves the part that parses the group ID to a new function.
There is no need to test the new function directly, because the tests
for `mbedtls_ecp_tls_read_group()` are already implicitly testing it.

There is no intended change in behaviour in this commit.
2018-11-30 14:09:57 +00:00
Gilles Peskine
c4a8017e3e mbedtls_ctr_drbg_update_ret: correct doc for input length limit
Unlike mbedtls_ctr_drbg_update, this function returns an error if the
length limit is exceeded, rather than silently truncating the input.
2018-11-26 19:26:22 +01:00
Gilles Peskine
e0e9c573ad HMAC_DRBG: deprecate mbedtls_hmac_drbg_update because it ignores errors
Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a
new function mbedtls_hmac_drbg_update_ret which reports error.
2018-11-26 19:26:21 +01:00
Gilles Peskine
d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
2018-11-26 19:26:00 +01:00
Simon Butcher
60ee838a8a Merge remote-tracking branch 'public/pr/2224' into development-psa-proposed 2018-11-23 21:18:32 +00:00
Hanno Becker
6b01a9fa7c Merge branch 'psa_cipher_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:27 +00:00
Hanno Becker
e322d3edd5 Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:24 +00:00
Hanno Becker
7fde035ddc Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:20 +00:00
Simon Butcher
ebeb6cb446 Update library version to 2.15.0 2018-11-23 14:18:15 +00:00
Hanno Becker
f8b5f27bce Merge branch 'psa_cipher' into development-psa-proposed 2018-11-23 11:18:02 +00:00
Hanno Becker
485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Jaeden Amero
565e0bf49d
Merge pull request #212 from ARMmbed/psa-integration-utilities_CRYPTO
Mbed TLS integration: Shared code between module-specific integration work
2018-11-23 09:00:22 +00:00
Netanel Gonen
596e65e1a5 Fix indentation 2018-11-22 18:41:43 +02:00
Manuel Pégourié-Gonnard
2614562212 Add test utility function: wrap_as_opaque()
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
fe8607350c Add new macro to detemine ECDSA signature length
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71

This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
35a7ff9366 Improve documentation of mbedtls_pk_setup_opaque() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
276cb64e6c Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
07b103fe07 Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
06c631859c Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
3bc2029a33 Clarify return value of pk_check_pair() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1ecf92c364 Skeleton for PK_OPAQUE_PSA 2018-11-22 16:39:39 +00:00