Commit Graph

13597 Commits

Author SHA1 Message Date
Gilles Peskine
1540e5bd04 Move MBEDTLS_CTR_DRBG_USE_128_BIT_KEY to the correct section
It's an on/off feature, so it should be listed in version_features.
2019-10-04 11:16:24 +02:00
Gilles Peskine
d0c64c856d CTR_DRBG: more consistent formatting and wording
In particular, don't use #MBEDTLS_xxx on macros that are undefined in
some configurations, since this would be typeset with a literal '#'.
2019-10-04 11:12:04 +02:00
Gilles Peskine
2884ba3720 CTR_DRBG: Improve the explanation of security strength
Separate the cases that achieve a 128-bit strength and the cases that
achieve a 256-bit strength.
2019-10-04 11:09:03 +02:00
Gilles Peskine
017778e9d8 CTR_DRBG: make it easier to understand the security strength
Explain how MBEDTLS_CTR_DRBG_ENTROPY_LEN is set next to the security
strength statement, rather than giving a partial explanation (current
setting only) in the documentation of MBEDTLS_CTR_DRBG_ENTROPY_LEN.
2019-10-04 11:09:03 +02:00
Gilles Peskine
5d9fd07938 HMAC_DRBG: note that the initial seeding grabs entropy for the nonce 2019-10-04 11:09:03 +02:00
Gilles Peskine
217b8159da Use standard terminology to describe the personalization string
NIST and many other sources call it a "personalization string", and
certainly not "device-specific identifiers" which is actually somewhat
misleading since this is just one of many things that might go into a
personalization string.
2019-10-04 11:09:03 +02:00
Gilles Peskine
2d8f069472 Do note that xxx_drbg_random functions reseed with PR enabled 2019-10-04 11:09:03 +02:00
Gilles Peskine
10f16ac74a Consistently use \c NULL and \c 0 2019-10-04 11:09:03 +02:00
Gilles Peskine
3457b5e05e HMAC_DRBG: improve the documentation of the entropy length 2019-10-04 11:09:03 +02:00
Gilles Peskine
74efcd2b71 HMAC_DRBG documentation improvements clarifications
Improve the formatting and writing of the documentation based on what
had been done for CTR_DRBG.

Document the maximum size and nullability of some buffer parameters.
2019-10-04 11:09:03 +02:00
Gilles Peskine
ec51dd12fa More CTR_DRBG documentation improvements and clarifications 2019-10-04 11:09:03 +02:00
Gilles Peskine
6fdf0b3a47 CTR_DRBG: improve the discussion of entropy length vs strength 2019-10-04 11:09:02 +02:00
Gilles Peskine
223deea86b CTR_DRBG: Document the security strength and SP 800-90A compliance
Document that a derivation function is used.

Document the security strength of the DRBG depending on the
compile-time configuration and how it is set up. In particular,
document how the nonce specified in SP 800-90A is set.

Mention how to link the ctr_drbg module with the entropy module.
2019-10-04 11:09:02 +02:00
Gilles Peskine
944bc587e8 CTR_DRBG: Document the maximum size of some parameters 2019-10-04 11:09:02 +02:00
Gilles Peskine
6b2a779323
Merge pull request #286 from athoelke/at-version
Fix defgroup syntax for API version section
2019-10-03 16:07:08 +02:00
Jaeden Amero
e4209c0e62
Merge pull request #278 from RonEld/fix_on_target_test_issues
Fix on target test issues
2019-10-03 14:10:05 +01:00
Gilles Peskine
08875d441e CTR_DRBG documentation clarifications
* State explicit whether several numbers are in bits or bytes.
* Clarify whether buffer pointer parameters can be NULL.
* Explain the value of constants that are dependent on the configuration.
2019-10-02 19:16:09 +02:00
Jaeden Amero
74692aeb8c Merge remote-tracking branch 'origin/pr/2488' into development
* origin/pr/2488:
  Change X.509 test cases to not rely on asn1parse limitations
2019-10-02 18:01:57 +01:00
Jaeden Amero
230b87a1ea Merge remote-tracking branch 'origin/pr/2843' into development
* origin/pr/2843: (26 commits)
  Make hyperlink a hyperlink in every markdown flavor
  Update the crypto submodule to be the same as development
  Document test case descriptions
  Restore MBEDTLS_TEST_OUTCOME_FILE after test_default_out_of_box
  ssl-opt.sh: Fix some test case descriptions
  Reject non-ASCII characters in test case descriptions
  Process input files as binary
  Factor description-checking code into a common function
  Fix cosmetic error in warnings
  Fix regex matching run_test calls in ssl-opt.sh
  all.sh: run check-test-cases.py
  Better information messages for quick checks
  Fix configuration short name in key-exchanges.pl
  Make test case descriptions unique
  New test script check-test-cases.py
  Document the test outcome file
  Create infrastructure for architecture documents in Markdown
  all.sh --outcome-file creates an outcome file
  Set meaningful test configuration names when running tests
  ssl-opt: remove semicolons from test case descriptions
  ...
2019-10-02 18:01:32 +01:00
Andrew Thoelke
02b372b7b2 Fix defgroup syntax for API version section 2019-10-02 09:32:21 +01:00
Gilles Peskine
e1ee8f157c Test that SE driver persistent data is saved correctly
Add invasive checks that peek at the stored persistent data after some
successful import, generation or destruction operations and after
reinitialization to ensure that the persistent data in storage has the
expected content.
2019-10-01 16:56:27 +02:00
Gilles Peskine
d5536d8a5b SE driver: Fix loading of persistent data
The persistent data was not loaded correctly (the code was loading 0
bytes instead of the correct size).
2019-10-01 16:55:29 +02:00
Gilles Peskine
c84c70a83c SE driver: save the persistent data after calling p_init 2019-10-01 15:41:42 +02:00
Gilles Peskine
d9348f218e SE driver: call the p_init method during psa_crypto_init() 2019-10-01 15:22:29 +02:00
Gilles Peskine
5ec3a30edb SE driver: validate_slot_number: support changing persistent data
Add a parameter to the p_validate_slot_number method to allow the
driver to modify the persistent data.

With the current structure of the core, the persistent data is already
updated. All it took was adding a way to modify it.
2019-10-01 14:27:23 +02:00
Gilles Peskine
3efcebbc5e SE support: Use a transaction when registering a key
When registering a key in a secure element, go through the transaction
mechanism. This makes the code simpler, at the expense of a few extra
storage operations. Given that registering a key is typically very
rare over the lifetime of a device, this is an acceptable loss.

Drivers must now have a p_validate_slot_number method, otherwise
registering a key is not possible. This reduces the risk that due to a
mistake during the integration of a device, an application might claim
a slot in a way that is not supported by the driver.
2019-10-01 14:18:35 +02:00
Gilles Peskine
7334462278 Make hyperlink a hyperlink in every markdown flavor 2019-10-01 10:36:10 +02:00
Gilles Peskine
006c1b5f4e Prefer initializing ret to error values
These initial values shouldn't be used, but in case they accidentally
get used after a code change, fail safe.
2019-09-30 17:29:54 +02:00
Benjamin Kier
7edad28036 Fixed possibly undefined variable warnings by initializing variables to 0. 2019-09-30 17:24:08 +02:00
Gilles Peskine
a990c49caf
Merge pull request #269 from adrianlshaw/version
Add PSA API versioning
2019-09-30 15:59:21 +02:00
Gilles Peskine
9a562d471e
Merge pull request #277 from jack-fortanix/faster-pbkdf2
Improve speed of PBKDF2 by caching the digest state of the passphrase
2019-09-30 15:53:49 +02:00
Gilles Peskine
013ba71c2b Update the crypto submodule to be the same as development 2019-09-27 20:33:33 +02:00
Gilles Peskine
e94bc87ebe Document test case descriptions 2019-09-27 20:24:33 +02:00
Gilles Peskine
717cd76e8a Restore MBEDTLS_TEST_OUTCOME_FILE after test_default_out_of_box
Since components run in the main process, unsetting
MBEDTLS_TEST_OUTCOME_FILE unset it in subsequent components as well.
To avoid this, save and restore the value.

(Making each component run in a subshell would be a better solution,
but it would be a much bigger change.)
2019-09-27 20:24:33 +02:00
Gilles Peskine
1c668136af Parse HelloVerifyRequest buffer overread: add changelog entry 2019-09-27 14:08:12 +02:00
Gilles Peskine
b64bf0638f Parse HelloVerifyRequest: avoid buffer overread at the start
In ssl_parse_hello_verify_request, we read 3 bytes (version and cookie
length) without checking that there are that many bytes left in
ssl->in_msg. This could potentially read from memory outside of the
ssl->receive buffer (which would be a remotely exploitable
crash).
2019-09-27 14:02:44 +02:00
Gilles Peskine
b51130dd5c Parse HelloVerifyRequest: avoid buffer overread on the cookie
In ssl_parse_hello_verify_request, we print cookie_len bytes without
checking that there are that many bytes left in ssl->in_msg. This
could potentially log data outside the received message (not a big
deal) and could potentially read from memory outside of the receive
buffer (which would be a remotely exploitable crash).
2019-09-27 14:00:36 +02:00
Gilles Peskine
bdcca14076 Merge remote-tracking branch 'upstream-public/pr/2858' into development 2019-09-27 11:08:51 +02:00
irwir
89af51ff39 Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used) 2019-09-26 21:04:56 +03:00
irwir
734f0cf65e Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined 2019-09-26 21:03:24 +03:00
irwir
40883e91a6 Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number) 2019-09-26 21:00:56 +03:00
Gilles Peskine
2a7030429b Update crypto submodule to support EAP-TLS key derivation
Update the crypto submodule to a version where
psa_key_derivation_input_bytes() can be used with
PSA_KEY_DERIVATION_INPUT_SECRET.
2019-09-26 15:32:27 +02:00
Gilles Peskine
37b5c831b4
Merge pull request #276 from gilles-peskine-arm/psa-key_derivation-relax_inputs
Relax input restrictions for key derivation
2019-09-26 15:29:34 +02:00
k-stachowiak
bbc1c699fc Fix potential resource leak in sslserver2 example 2019-09-26 13:43:31 +02:00
k-stachowiak
20935ebd34 Fix buffer size in an AES example 2019-09-26 11:22:02 +02:00
Andrew Thoelke
214064ea85 Xref documentation for ECC curves and DH groups.
Connect the types to the key type construction macros by x-refs.
2019-09-25 22:16:21 +01:00
Andrew Thoelke
fd368e50d5 Support for vendor-defined ECC curves and DH groups
Define a vendor-range within the the private use ranges in the IANA 
registry. Provide recommendations for how to support vendor-defined 
curves and groups.
2019-09-25 22:14:29 +01:00
Andrew Thoelke
c625045da6 Tighten up language regarding direct use of the IANA registry values 2019-09-25 22:11:36 +01:00
Ron Eldor
038ab053d6 Add const to variable
Add const type that was accidently removed.
2019-09-25 14:06:15 +03:00
Jaeden Amero
5a627c5e19
Merge pull request #264 from gilles-peskine-arm/test_malloc_0_null
Test the library when malloc(0) returns NULL
2019-09-25 09:28:54 +01:00