Nir Sonnenschein
d708260de4
add key policy enforcement implementation
...
add checks that keys have been set for the correct usage for asymmetric
functions.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
ca466c89b0
Set output length to safe value
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
c460291714
Re-Add ECC verification code which was not properly merged in re-base.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
4db79eb36b
Extract common code
...
Make code easier to maintain.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
717a040df5
Remove duplicate / unneeded code
...
1. remove duplicate function introduced by re-base
2. remove unneeded code
2018-09-05 12:44:17 +03:00
Gilles Peskine
5b051bc608
Remove trailing whitespace
...
Only horizontal whitespace changes in this commit.
2018-09-05 12:44:12 +03:00
Gilles Peskine
6afe789d4c
Finish renaming around PSA_ALG_IS_RSA_PKCS1V15
...
Now the code compiles. Some OAEP and PSS macros may still need to be fixed.
2018-09-05 12:41:53 +03:00
Gilles Peskine
d6125ca63b
Merge remote-tracking branch 'psa/pr/24' into feature-psa
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
4f594eca40
remove check for key pair (public key should be enough for verification)
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
7f5a31915b
code fixes for internal code review:
...
1. change to correct error code
2. removed unneeded comment
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
39e59144f6
added support for PKCSv1.5 signature verification and encryption/decryption and very basic tests.
2018-09-05 12:41:53 +03:00
Gilles Peskine
bb1072f642
Fix use of mbedtls_cipher_info_from_psa
...
One branch added an extra argument, the other branch added a call of
this function. Pass the extra argument on the code from the other
branch.
2018-09-05 12:41:52 +03:00
Gilles Peskine
84861a95ca
Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa
2018-09-05 12:41:52 +03:00
Gilles Peskine
154bd95131
psa_destroy_key: return SUCCESS on an empty slot
...
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine
71bb7b77f0
Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
...
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
mohammad1603
fc614b1e0e
fix parentheses
2018-09-05 12:41:52 +03:00
mohammad1603
e109f21638
remove unnecessary check for block size
2018-09-05 12:41:52 +03:00
mohammad1603
a1d9801683
add slot validation
2018-09-05 12:41:52 +03:00
mohammad1603
e3cb8a8d8b
return PSA_ERROR_BUFFER_TOO_SMALL intead of PSA_ERROR_INVALID_ARGUMENT
2018-09-05 12:41:52 +03:00
mohammad1603
6b4d98cf78
remove trailing spaces
2018-09-05 12:41:52 +03:00
mohammad1603
5ed0621dd4
aligned with coding standards - line length
2018-09-05 12:41:52 +03:00
mohammad1603
f14394b25f
add policy checks
2018-09-05 12:41:52 +03:00
mohammad1603
96910d807e
fix block size depending on algorithm
2018-09-05 12:41:51 +03:00
mohammad1603
60a64d079a
remove unnecessary argument to the psa_aead_unpadded_locate_tag function
2018-09-05 12:41:51 +03:00
mohammad1603
15223a8b89
write the tag directly on the ciphertext buffer.
2018-09-05 12:41:51 +03:00
mohammad1603
4fc744f8af
change the check of block size for all supported algorithms
2018-09-05 12:41:51 +03:00
mohammad1603
0f21465175
use mbedtls_cipher_info_from_psa to get cipher ID
2018-09-05 12:41:51 +03:00
mohammad1603
f58aa6ade6
use memset instead of mbedtils_zeroize
2018-09-05 12:41:51 +03:00
mohammad1603
554faad260
return NOT_SUPPORTED instead of INVLID_ARGUMENT
2018-09-05 12:41:51 +03:00
mohammad1603
95893f834d
remove usless cast
2018-09-05 12:41:51 +03:00
mohammad1603
f08a550e68
set output length to zero to cover output length in error case
2018-09-05 12:41:51 +03:00
mohammad1603
f4f0d612ba
change mbedtls_cipher_info_from_psa to provide cipher_id also
2018-09-05 12:41:51 +03:00
mohammad1603
9375f8403a
fix code offsets after rebase
2018-09-05 12:41:51 +03:00
Gilles Peskine
ee652a344c
Fix psa_aead_decrypt to read the tag at the end of the ciphertext
2018-09-05 12:41:51 +03:00
Gilles Peskine
a40d77477d
Whitespace fixes
...
Changed indentation to match Mbed TLS style. Wrapped some lines to 80 columns.
2018-09-05 12:41:51 +03:00
mohammad1603
39574652ae
add else for not supported algorithm
2018-09-05 12:38:18 +03:00
mohammad1603
5c8845f563
return invalid argument for unsupported algorithms
2018-09-05 12:38:18 +03:00
mohammad1603
e58e68458e
fix condition over key type
2018-09-05 12:38:18 +03:00
mohammad1603
17638efc46
remove unused variable
2018-09-05 12:38:18 +03:00
mohammad1603
dad36fa855
add Key and Algorithm validation
2018-09-05 12:38:18 +03:00
mohammad1603
a7e6df76ea
Validation fixes for key_type
2018-09-05 12:38:18 +03:00
mohammad1603
4f5eb7cb54
Fill the the output buffer with zero data in case of failure
2018-09-05 12:38:18 +03:00
mohammad1603
6bbd8c75dc
Remove unnecessary cast
...
Remove unnecessary cast
2018-09-05 12:38:18 +03:00
mohammad1603
db6247315f
Parameters validation fixes
...
Fix key_type validation test and no need to ask for place for tag in decryption
2018-09-05 12:38:18 +03:00
mohammad1603
ce5cba9a6a
unify the concatenation of the tag and update output length
2018-09-05 12:38:18 +03:00
mohammad1603
9e5a515aa8
Fix parameter validation
2018-09-05 12:38:18 +03:00
mohammad1603
47ddf3d544
Concatenate the tag to the output buffer
...
Concatenate the tag to the output buffer.
2018-09-05 12:38:18 +03:00
mohammad1603
5955c98779
Initial implementation of the AEAD decrypt/encrypt APIs
...
Initial implementation for the AEAD APIs, missing the following:
* Concatenation of the tag to the output buffer.
* Updated documentation of the new functions.
* argument validations
* tests
2018-09-05 12:38:18 +03:00
Gilles Peskine
3aa8efb230
Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa
2018-09-05 12:38:17 +03:00
Gilles Peskine
2c5219a06d
Whitespace normalization
...
No semantic change.
2018-09-05 12:14:29 +03:00
Gilles Peskine
5351420b3e
Use block local variable for padding_mode for readability
...
No intended behavior change.
2018-09-05 12:14:29 +03:00
Moran Peker
7cb22b8327
abort operation before return + fix error checks
2018-09-05 12:14:29 +03:00
Gilles Peskine
89d789c9bc
Refactor some argument checks for readability
...
No intended behavior change.
2018-09-05 12:14:29 +03:00
Gilles Peskine
7e9288520f
Wrap lines to 80 columns
2018-09-05 12:14:29 +03:00
Gilles Peskine
e553c65cc3
Fix indentation and horizontal whitespace
...
Only whitespace changes in this commit.
2018-09-05 12:14:29 +03:00
Moran Peker
3520c2c4f7
unset iv_required to 0 (psa_encrypt_set_iv)and block_size (psa_cipher_setup)
2018-09-05 12:14:29 +03:00
Moran Peker
395db875e6
adjust indentation per Mbed TLS standards
2018-09-05 12:14:29 +03:00
Moran Peker
ae382791fb
add missing psa_cipher_abort( operation )
2018-09-05 12:14:28 +03:00
Moran Peker
70531163a9
fix compilation error - missing if
2018-09-05 12:14:28 +03:00
Moran Peker
a28258c594
adjust indentation per Mbed TLS standards
2018-09-05 12:14:28 +03:00
Moran Peker
2cab25aacf
fix conditions in psa_cipher_finish function
2018-09-05 12:14:28 +03:00
Moran Peker
dc38ebc068
delete decrypt checks + fix memcpy& return value
2018-09-05 12:14:28 +03:00
Moran Peker
ad9d82cc0e
add iv_required field to psa_cipher_operation_s and fix relevant functions
2018-09-05 12:14:28 +03:00
Moran Peker
71f19ae6f8
add missing call to psa_cipher_abort in cipher_setup func + iv_length check in cipher_set_iv func
2018-09-05 12:14:28 +03:00
Moran Peker
406008ab4c
add missing check on output_size in psa_cipher_update func
2018-09-05 12:14:28 +03:00
Moran Peker
bed71a2b17
fix missing check on output_size in psa_cipher_finish func
2018-09-05 12:14:28 +03:00
Moran Peker
0071b873a3
add missing parameter output_size on psa_cipher_finish
2018-09-05 12:14:28 +03:00
Moran Peker
4c80d8331a
adjust indentation per Mbed TLS standards
2018-09-05 12:14:28 +03:00
mohammad1603
b152d4d8b6
add test scenarios to decrypt and encrypt input and compare with given output
2018-09-05 12:14:28 +03:00
mohammad1603
89e0f468bf
style
2018-09-05 12:14:28 +03:00
Moran Peker
41deec4494
partly pr fix
2018-09-05 12:14:28 +03:00
Moran Peker
e1210dcac3
remove unused parameter in psa_cipher_finish.
2018-09-05 12:14:28 +03:00
Moran Peker
3205a6592b
tests fix
2018-09-05 12:14:28 +03:00
mohammad1603
16864af80b
fix static function name
2018-09-05 12:14:28 +03:00
mohammad1603
8481e74ecc
CR fixes
...
more fixes
Compilation fixes
Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603
efb0107fbe
CR fix, remove exposing ECB
2018-09-05 12:14:27 +03:00
mohammad1603
990a18c2f0
add ecb to cipher algorithms
2018-09-05 12:14:27 +03:00
Gilles Peskine
5100318a92
Merge pull request #18 from ARMmbed/psa-wrapper-apis-export-publickey
...
Export public key implementation (#18 )
2018-09-05 12:13:23 +03:00
mohammad1603
8275961178
warnings fixes
2018-09-05 12:13:23 +03:00
mohammad1603
503973bdf3
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-09-05 12:13:23 +03:00
Moran Peker
8756763cf1
change error check on psa_internal_export_key func
2018-09-05 12:13:23 +03:00
Gilles Peskine
785fd55a39
Whitespace fixes; removed redundant parentheses
...
No semantic change.
2018-09-05 12:13:23 +03:00
Moran Peker
cceea98bfe
adjust indentation per Mbed TLS standards
2018-09-05 12:13:23 +03:00
Moran Peker
d732659867
adjust indentation per Mbed TLS standards
2018-09-05 12:13:23 +03:00
Moran Peker
17e36e1bd9
fix conditions
2018-09-05 12:13:23 +03:00
Moran Peker
6036432617
adjust indentation per Mbed TLS standards
2018-09-05 12:13:23 +03:00
Moran Peker
a998bc6ac9
psa_internal_export_key function for common code.
...
create psa_internal_export_key function for common code in psa_export_key and psa_export_public_key.
2018-09-05 12:13:22 +03:00
Moran Peker
5010828fb6
adjust indentation per Mbed TLS standards
2018-09-05 12:13:22 +03:00
Moran Peker
b4d0ddd2d3
psa_export_public_key
2018-09-05 12:13:20 +03:00
Moran Peker
dd4ea38d58
export public key
2018-09-05 12:10:47 +03:00
itayzafrir
7b30f8b0c9
Added handling for MBEDTLS_ERR_ECP_XXX error codes
...
Added handling for MBEDTLS_ERR_ECP_XXX error codes
2018-09-05 12:10:47 +03:00
itayzafrir
5c7533923a
ECDSA sign and verify implementation and tests
...
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine
a0655c3501
Merge remote-tracking branch 'psa/pr/13' into feature-psa
...
Conflicts:
library/psa_crypto.c
tests/suites/test_suite_psa_crypto.data
tests/suites/test_suite_psa_crypto.function
All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
mohammad1603
ea0500936e
Change behavior of psa_get_key_lifetime()
...
psa_get_key_lifetime() behavior changed regarding empty slots, now
it return the lifetime of and empty slots. Documentation in header
file updated accordingly.
2018-09-05 12:01:37 +03:00
mohammad1603
5d7ec2033d
fix key lifetime set implementation , tests accordingly
2018-09-05 12:01:37 +03:00
mohammad1603
ba178511f4
Remove unused and duplicated erros, fix documentation and tests
...
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603
060ad8ac34
Compilation and tests fixes
2018-09-05 12:01:37 +03:00
mohammad1603
804cd71bf8
initial key lifetime implementation and tests
2018-09-05 12:01:37 +03:00
Gilles Peskine
c63b6ba754
Merge remote-tracking branch 'psa/pr/14' into feature-psa
...
Conflict resolution:
* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14 ,
rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
Gilles Peskine
47c1bc0458
Correct some return codes
2018-09-05 11:53:26 +03:00
mohammad1603
38a622b68b
Function psa_get_key_policy() now return policy value for empty slots
...
Function psa_get_key_policy() now return policy value for empty slots
2018-09-05 11:53:26 +03:00
mohammad1603
5feda72d7a
Remove usage of PSA_ERROR_INVALID_KEY_POLICY
...
use PSA_ERROR_INVALID_ARGUMENT instead of INVALID_KEY_POLICY error
2018-09-05 11:53:26 +03:00
mohammad1603
6df908f234
Add static internal MAC finish function
...
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
Gilles Peskine
a59262338a
Rename PKCS1V15 to PKCS1V15_SIGN
...
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
mohammad1603
4eed757901
add new test scenarios
2018-09-05 11:53:26 +03:00
mohammad1603
06e7920be5
integrate policy key usage in export and asymmetric sign functions
2018-09-05 11:53:26 +03:00
mohammad1603
8cc1ceec3e
Key Policy APIs implementation
2018-09-05 11:53:26 +03:00
Gilles Peskine
dc2fc8443f
Rename xxx_of_psa functions to xxx_from_psa
...
Be consistent with how similar functions are named in Mbed TLS.
2018-09-05 11:53:25 +03:00
Gilles Peskine
3c6e970752
Fix memory leak in psa_destroy_key
2018-09-05 11:53:25 +03:00
Gilles Peskine
6d9121381a
Add some comments to document some non-obvious coding choices
2018-09-05 11:53:25 +03:00
Gilles Peskine
e4ebc12fcd
psa_crypto_init: set the global initialized flag
2018-09-05 11:53:25 +03:00
Gilles Peskine
8c9def3e7f
PSA: Implement MAC functions
...
Implement psa_mac_start, psa_mac_update and psa_mac_final.
Implement HMAC anc CMAC.
Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine
9ef733faa0
Implement hash functions
...
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.
Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine
a590529938
Greatly expanded mbedtls_to_psa_error
...
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine
93aa0334d9
PSA asymmetric signature: set *signature_length = 0 on failure
2018-09-05 11:53:24 +03:00
Gilles Peskine
20035e3579
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
...
Define hash algorithms and RSA signature algorithms.
New function psa_asymmetric_sign.
Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine
c66ea6a921
PSA key import: support RSA public keys
...
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
969ac726d9
PSA RSA key import: don't rely on pk so much
...
Don't use the pk module except as required for pkparse/pkwrite. The
PSA crypto layer is meant to work alongside pk, not on top of it.
Fix the compile-time dependencies on RSA/ECP handling in
psa_export_key, psa_destroy_key and psa_get_key_information.
2018-09-05 11:53:24 +03:00
Gilles Peskine
2f9c4dc5ad
Add key management functions
...
Define psa_key_type_t and a first stab at a few values.
New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.
Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
e59236fc17
Add PSA crypto module
...
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.
Implement psa_crypto_init function which sets up a RNG.
Add a mbedtls_psa_crypto_free function which deinitializes the
library.
Define a first batch of error codes.
2018-09-05 10:59:00 +03:00