Commit Graph

5758 Commits

Author SHA1 Message Date
Andrzej Kurek
b91a393a31 ECDSA: Add mbedtls_raw_ecdsa_signature_to_asn1 without MPI usage
Refactor mbedtls_ecdsa_signature_to_raw to allow overlapping buffers
2018-03-01 09:09:55 -05:00
Andrzej Kurek
dfedd825c8 ECDSA: Refactor mbedtls_ecdsa_signature_to_raw
Change mbedtls_ecdsa_signature_to_raw so that it does not use MPI.
Add documentation changes.
2018-02-27 09:23:22 -05:00
Andrzej Kurek
6518fc8355 PKCS11: Extend test dependencies
Add relevant dependencies to tests.
Temporarily remove RSA tests in PK.
2018-02-19 04:08:52 -05:00
Andrzej Kurek
9982e07a92 PKCS11: Refactor mpi_to_ck
Refactor mpi_to_ck to return zero on success, and
propagate mbedtls_mpi_write_binary error on fail
2018-02-19 04:07:31 -05:00
Andrzej Kurek
12603548fd PKCS11: Rename mbedtls_pk_xxx functions
Rename mbedtls_pk_setup_pkcs11 and mbedtls_pk_import_to_pkcs11
to reflect the proper namespace they are in.
2018-02-19 04:06:05 -05:00
Andrzej Kurek
33f566541c PKCS11: Parametrize buffers
Change magic numbers to more descriptive names
2018-02-19 04:03:11 -05:00
Andrzej Kurek
7e19f77745 PKCS11: Rename flags to reflect the proper namespace
Rename all MBEDTLS_PK_FLAG_XX to MBEDTLS_PKCS11_FLAG_XX
2018-02-19 04:00:27 -05:00
Andrzej Kurek
e1f26b8759 Documentation fix
Add relevant comments and explanations.
Fix indentation.
Add copyright notes.
2018-02-19 03:57:07 -05:00
Andrzej Kurek
cc6294c12e Opaque keys tests - remove private key access during verification
Removing private key from pkcs11 context for verification tests
2018-01-25 02:43:24 -05:00
Andrzej Kurek
18f5389525 Change key type when getting CKA_EC_PARAMS 2018-01-23 06:30:09 -05:00
Andrzej Kurek
b03bc43f22 pkcs11_client tests - hardcoded signature verification
Add review fixes - naming changes, importing a signature instead of
generating it.
2018-01-23 06:25:32 -05:00
Andrzej Kurek
c289bf1a30 Add ECDSA verify
Add tests for external verification when signing is done both internally and externally
2018-01-23 06:10:53 -05:00
Andrzej Kurek
4226dec155 syslog2stderr dynamic library
The SoftHSM library writes to the system logs. Preload this library to
make it write to stderr instead.
2018-01-23 05:51:11 -05:00
Andrzej Kurek
c53dee302d New module: pkcs11_client
New module pkcs11_client.c, defining an opaque pk engine whose backend
is a PKCS#11 token (cryptographic module using the Cryptoki API).

New config option PKCS11_CLIENT_C. Requires pkcs11.h to compile and a
pkcs11 library to link.

Test setup meant to be used with the SoftHSM v2 library (libsofthsm2).
The test setup is not yet integrated with the Mbed TLS test framework.
Before running tests involving PKCS#11, you need to run

    cd tests && scripts/pkcs11-client-test.sh init
2018-01-23 05:44:20 -05:00
Andrzej Kurek
e735310551 Declare mbedtls_pk_info_t through macro
New macro MBEDTLS_PK_OPAQUE_INFO_1 to initialize mbedtls_pk_info_t structures.
Document that this macro must be used in engine implementations for forward
compatibility. Use this macro rather than accessing the structure directly
in tests and in the sample engine to set a good example.
2018-01-22 07:52:58 -05:00
Andrzej Kurek
8b6aaca7e5 pk_info: Make signature_size mandatory
All pk implementations must supply a signature_size method if they
support signing.
Move the function together with the other metadata functions.
2018-01-22 07:52:57 -05:00
Gilles Peskine
420d7d9cbd ECP: Write RFC5480 representation of a group/point
New functions to write a representation of an elliptic curve group and
point according to X9.62 and RFC5480: ECParameters as OID and ECPoint
as octet string.
2018-01-22 07:52:57 -05:00
Gilles Peskine
e4cd2988d9 PK: robustness of mbedtls_pk_rsa and mbedtls_pk_ec
Change the documentation of mbedtls_pk_rsa and mbedtls_pk_ec to
require that mbedtls_pk_get_type returns a corresponding transparent
key time.

Change the implementation of mbedtls_pk_rsa and mbedtls_pk_ec to
return NULL if called with an argument that is not suitable, rather
than returning an invalid pointer.
2018-01-22 07:52:57 -05:00
Gilles Peskine
02768b436b PK: support for opaque keys
Add a new key pair object type: MBEDTLS_PK_OPAQUE, intended for
implementations of asymmetric cryptography operations that call an
external cryptographic module.

External cryptographic module engines must implement the API described
by a mbedtls_pk_info_t structure and, usually, a custom setup function.

Document the fields of the mbedtls_pk_info_t structure and the
requirements on a PK engine. Also document non-obvious aspects of the
behavior of the pk interface functions on opaque keys.

Change the interface of check_pair_func to take a pointer to a full
mbedtls_pk_context as its pub argument, and not just the data part of
the context. This is necessary because when prv is opaque, pub may
legitimately be of a different type (typically prv would be opaque and
pub would be transparent).
2018-01-22 07:52:56 -05:00
Gilles Peskine
5cc7bc596d Move pk_info structure to its own file
This is in preparation to adding support for opaque keys in the pk layer. The
header files are for use as follows:

* pk.h for users of the pk interface.
* pk_info.h for implementers of opaque key engines.
* pk_internal.h only inside libmbedcrypto to implement built-in pk types.
2018-01-22 07:51:24 -05:00
Gilles Peskine
cd062d84d6 pk: function to calculate the signature size
Expose a function mbedtls_pk_signature_size to calculate the maximum
size of a signature made with a given key. Document that this is the
buffer size that mbedtls_pk_sign requires.

Add a corresponding field signature_size_func to the mbedtls_pk_info
structure.
2018-01-22 07:51:24 -05:00
Gilles Peskine
bce41d373a Expose ecdsa_signature_to_asn1
Expose ecdsa_signature_to_asn1 in the API. It's useful when converting
between RFC 4492 format and other representations that might be used
in external crypto processors.
2018-01-22 07:51:24 -05:00
Gilles Peskine
9a8bb67935 ECDSA: macro/function to calculate the signature size
Expose a macro MBEDTLS_ECDSA_MAX_SIG_LEN and a function
mbedtls_ecdsa_max_sig_len to calculate the size of an ECDSA signature
based on the curve size.

Document that this is the buffer size that
mbedtls_ecdsa_write_signature requires.
2018-01-22 07:51:24 -05:00
Gilles Peskine
373deea06d pk_internal: pass context to can_do
In the mbedtls_pk_info_t method can_do, pass the context data. This
will be needed for opaque keys, where the info structure depends on
the method to access the opaque key and not on the key type.
2018-01-22 07:51:24 -05:00
Gilles Peskine
858880686e Don't rely on private key metadata in SSL
When checking whether a server key matches the handshake parameters,
rely only on the offered certificate and not on the metadata of the
private key. Specifically, with an EC key, check the curve in the
certificate rather than in the associated private key.

This was the only place in the SSL module where mbedtls_pk_ec or
mbedtls_pk_rsa was called to access a private signature or decryption
key (as opposed to a public key or a key used for DH/ECDH).
2018-01-22 07:51:24 -05:00
Gilles Peskine
2ba437ad3c Generate #line in all blocks
Generate proper #line directives in all BEGIN_xxx blocks. Before,
there were #line directives for BEGIN_SUITE_HELPERS and BEGIN_CASE but
not BEGIN_HEADER, so debug information for code in the header block
pointed inside helpers.function instead of the test's source file.
2018-01-22 07:51:24 -05:00
Gilles Peskine
cd95756251 Ignore some generated and developer files
Ignore doxygen-generated documentation.

Ignore ctags/etags/global files and gdb configuration file.
2018-01-22 07:51:23 -05:00
Gilles Peskine
badc52993f Improved documentation a bit in the PK interface 2018-01-22 07:51:23 -05:00
Gilles Peskine
297d7535fb Merge branch 'pr_1078' into development 2018-01-17 08:02:44 +01:00
Gilles Peskine
5098400d71 Add ChangeLog entry 2018-01-17 08:01:37 +01:00
Hanno Becker
87ae197f3e Add explicit uint truncation casts
This commit adds some explicit downcasts from `size_t` to `uint8_t` in
the RSASSA signature encoding function `rsa_rsassa_pkcs1_v15_encode`.
The truncation is safe as it has been checked beforehand that the
respective values are in the range of a `uint8_t`.
2018-01-15 15:27:56 +00:00
Hanno Becker
71b0060af7 Merge branch 'development' into iotssl-247 2018-01-15 11:31:34 +00:00
Jaeden Amero
b8ab22f646 Merge remote-tracking branch 'upstream-public/pr/1265' into development 2018-01-10 13:07:38 +00:00
Hanno Becker
997e2184c5 Adapt ChangeLog 2018-01-10 10:41:39 +00:00
Hanno Becker
adb0b2e935 Update Visual Studio project files
This commit updates the Visual Studio project file
`visualc/VS2010/mbedTLS.vcxproj` to add the newly
introduced `rsa_internal.h` and `rsa_internal.c`.
2018-01-10 10:41:00 +00:00
Hanno Becker
d4d60579e4 Address issues found by coverity
1) `mbedtls_rsa_import_raw` used an uninitialized return
   value when it was called without any input parameters.
   While not sensible, this is allowed and should be a
   succeeding no-op.

2) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

3) Both the RSA keygeneration example program and the
   RSA test suites contained code initializing an RSA context
   after a potentially failing call to CTR DRBG initialization,
   leaving the corresponding RSA context free call in the
   cleanup section of the respective function orphaned.
   While this defect existed before, Coverity picked up on
   it again because of newly introduced MPI's that were
   also wrongly initialized only after the call to CTR DRBG
   init. The commit fixes both the old and the new issue
   by moving the initializtion of both the RSA context and
   all MPI's prior to the first potentially failing call.
2018-01-10 07:30:47 +00:00
Jaeden Amero
0bc9e30435 Merge remote-tracking branch 'upstream-public/pr/1060' into development 2018-01-09 12:20:54 +00:00
Jaeden Amero
7de0b8aae7 Merge remote-tracking branch 'upstream-public/pr/1046' into development 2018-01-09 11:31:55 +00:00
Jaeden Amero
35285cca67 Merge remote-tracking branch 'upstream-public/pr/1027' into development 2018-01-09 10:42:03 +00:00
Hanno Becker
d485c319a5 Make small corrections to all.sh
Correct gcc flags in !MBEDTLS_SSL_CLI_C test (preexisting) and build and test
for RSA_NO_CRT in ASan mode.
2018-01-05 13:03:53 +00:00
Hanno Becker
3a760a1857 Add size check for RSA modulus to mbedtls_rsa_complete
The function `mbedtls_rsa_complete` is supposed to guarantee that
RSA operations will complete without failure. In contrast, it does
not ensure consistency of parameters, which is the task of the
checking functions `rsa_check_pubkey` and `rsa_check_privkey`.

Previously, the maximum allowed size of the RSA modulus was checked
in `mbedtls_rsa_check_pubkey`. However, exceeding this size would lead
to failure of some RSA operations, hence this check belongs to
`mbedtls_rsa_complete` rather than `mbedtls_rsa_check_pubkey`.
This commit moves it accordingly.
2018-01-05 08:14:49 +00:00
Hanno Becker
895c5ab88e Preserve old behavior by checking public key in RSA parsing function
The function `pk_get_rsapubkey` originally performed some basic
sanity checks (e.g. on the size of public exponent) on the parsed
RSA public key by a call to `mbedtls_rsa_check_pubkey`.
This check was dropped because it is not possible to thoroughly
check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ).

Still, for the sake of not silently changing existing behavior,
this commit puts back the call to `mbedtls_rsa_check_pubkey`.
2018-01-05 08:08:09 +00:00
Hanno Becker
efeef6cf03 Correct typo in bignum.h 2018-01-05 08:07:47 +00:00
Hanno Becker
88683b2c6d Correct all.sh and config.h after merge commit
- Adapt the change in all.sh to the new keep-going mode
- Restore alphabetical order of configuration flags for
  alternative implementations in config.h and rebuild
  library/version_features.c
2018-01-04 18:48:32 +00:00
Hanno Becker
8bc74d6f2f Merge branch 'development' into iotssl-1619 2018-01-03 10:24:02 +00:00
Hanno Becker
e963efa110 Don't limit RSA_NO_CRT test in all.sh to 64-bit systems
Compilation and test for the `MBEDTLS_RSA_NO_CRT` option were
previously guarded by a check for 64-bit systems, for which there
is no reason. This commit moves both outside of the guard.
2018-01-03 10:03:43 +00:00
Hanno Becker
4952e7a8d6 Add explicit type cast to avoid truncation warning
`mbedtls_rsa_deduce_primes` implicitly casts the result of a call to
`mbedtls_mpi_lsb` to a `uint16_t`. This is safe because of the size
of MPI's used in the library, but still may have compilers complain
about it. This commit makes the cast explicit.
2018-01-03 09:27:40 +00:00
Gilles Peskine
ec9c626b75 ChangeLog entry for PR #964 2018-01-02 16:27:50 +01:00
Gilles Peskine
17196cd3be Merge remote-tracking branch 'upstream-public/pr/964' into development 2018-01-02 16:24:29 +01:00
Gilles Peskine
8e09d8f6a5 Add full stop to ChangeLog entry 2018-01-02 16:09:42 +01:00