Commit Graph

1669 Commits

Author SHA1 Message Date
Hanno Becker
f9e184b9df Remove PRNG argument from mbedtls_rsa_complete 2017-10-10 16:55:41 +01:00
Hanno Becker
1e801f5706 Clarify guarantees made by rsa_complete and rsa_check_privkey 2017-10-10 16:44:47 +01:00
Hanno Becker
68b4d58bd8 Remove PRNG argument from mbedtls_rsa_deduce_moduli
It is not necessary to pass a CSPRNG to `mbedtls_rsa_deduce_moduli`, as there
exist well-working static strategies, and even if a PRNG is preferred, a
non-secure one would be sufficient.

Further, the implementation is changed to use a static strategy for the choice
of candidates which according to some benchmarks even performs better than the
previous one using random candidate choices.
2017-10-10 16:39:10 +01:00
Hanno Becker
0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
Hanno Becker
8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
Hanno Becker
5178dcab12 Clarify parameter ownership in mbedtls_rsa_import[_raw] 2017-10-03 14:29:37 +01:00
Hanno Becker
b5beaa8995 Check that 1 < D, E < N in mbedtls_rsa_validate_params 2017-10-02 13:20:20 +01:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt
This is no longer needed after the decision to not exhaustively validate private key material.
2017-10-02 13:20:15 +01:00
Hanno Becker
98838b04af Minor improvements 2017-10-02 13:17:01 +01:00
Hanno Becker
7471631dde Make input arguments to mbedtls_rsa_import_raw constant
Original intention was to be allowed to perform in-place operations like changing the byte-order before importing
parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments
to be left untouched.
2017-10-02 13:17:01 +01:00
Hanno Becker
43a08d029e Clarify guarantees made by rsa_check_privkey and rsa_complete
Document explicitly that `mbedtls_rsa_check_privkey` and `mbedtls_rsa_complete` succeeding does not guarantee the
consistency of the underlying RSA private key but only that enough information is present to perform a private key
operation.
2017-10-02 13:17:01 +01:00
Hanno Becker
1b831fe1c5 Clarify guarantees made by rsa_deduce_moduli/private/crt 2017-10-02 13:06:47 +01:00
Hanno Becker
bdefff1dde Change signature of mbedtls_rsa_deduce_private
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
2017-10-02 09:59:48 +01:00
Hanno Becker
ba5b755f1a Change signature and semantics of mbedtls_rsa_deduce_moduli
Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has
been found.
2017-10-02 09:55:49 +01:00
Hanno Becker
56bae95e1d Improve style and documentation, fix typo 2017-09-29 15:43:49 +01:00
Hanno Becker
4b2f691691 Doxygen: Use typewriter font for variables in rsa.h documentation 2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321 Increase readability of Doxygen output
Multiple lists were not properly recognized as such.
2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb Add and document an RSA-specific error code for unsupported exports
E.g., a private key on an external chip might not be exportable to RAM.
2017-09-29 12:50:12 +01:00
Hanno Becker
5063cd2cca Deprecate direct manipulation of structure fields in RSA context 2017-09-29 11:54:05 +01:00
Hanno Becker
603b8c62c4 Clarify guarantees made by successful mbedtls_rsa_complete call 2017-08-25 11:03:07 +01:00
Hanno Becker
d363799a9d Add mbedtls_rsa_validate_crt
This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function
mbedtls_rsa_check_crt is simplified accordingly.
2017-08-25 08:35:09 +01:00
Hanno Becker
750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Hanno Becker
b0c5edcc2f Correct typo in rsa.h 2017-08-23 22:16:10 +01:00
Hanno Becker
ab3773123c Add support for alternative RSA implementations
Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in
config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and
re-implementing the RSA interface specified in rsa.h.

Through the previous reworkings, the adherence to the interface is the only
implementation obligation - in particular, implementors are free to use a
different layout for the RSA context structure.
2017-08-23 16:24:51 +01:00
Hanno Becker
1a59e791e5 Remove CRT fields from RSA context if RSA_NO_CRT is defined 2017-08-23 16:17:28 +01:00
Hanno Becker
8fd5548241 Minor formatting changes 2017-08-23 14:47:25 +01:00
Hanno Becker
cbb59bc2a8 Extend RSA interface to allow structure-independent setup
This commit extends the RSA interface by import/export calls that can be used to
setup an RSA context from a subset of the core RSA parameters (N,P,Q,D,E).

The intended workflow is the following:
1. Call mbedtls_rsa_import one or multiple times to import the core parameters.
2. Call mbedtls_rsa_complete to deduce remaining core parameters as well as any
   implementation-defined internal helper variables.

The RSA context is ready for use after this call.

The import function comes in two variants mbedtls_rsa_import and
mbedtls_rsa_import_raw, the former taking pointers to MPI's as input, the latter
pointers buffers holding to big-endian encoded MPI's.
The reason for this splitting is the following: When only providing an import
function accepting const MPI's, a user trying to import raw binary data into an
RSA context has to convert these to MPI's first which before passing them to the
import function, introducing an unnecessary copy of the data in memory. The
alternative would be to have another MPI-based import-function with
move-semantics, but this would be in contrast to the rest of the library's
interfaces.

Similarly, there are functions mbedtls_rsa_export and mbedtls_rsa_export_raw for
exporting the core RSA parameters, either as MPI's or in big-endian binary
format.

The main import/export functions deliberately do not include the additional
helper values DP, DQ and QP present in ASN.1-encoded RSA private keys. To
nonetheless be able to check whether given parameters DP, DQ and QP are in
accordance with a given RSA private key, the interface is extended by a function
mbedtls_rsa_check_opt (in line with mbedtls_rsa_check_privkey,
mbedtls_rsa_check_pubkey and mbedtls_rsa_check_pub_priv). Exporting the optional
parameters is taken care of by mbedtls_export_opt (currently MPI format only).
2017-08-23 14:44:36 +01:00
Hanno Becker
a3ebec2423 Declare RSA helper functions
This commit adds convenience functions to the RSA module for computing a
complete RSA private key (with fields N, P, Q, D, E, DP, DQ, QP) from a subset
of core parameters, e.g. (N, D, E).
2017-08-23 14:06:24 +01:00
Andres Amaya Garcia
fdd11b2531 Improve MBEDTLS_NO_UDBL_DIVISION description 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
de2e70431f Remove MBEDTLS_TYPE_UDBL option 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
713c6fdd4e Fix check_config.h #error directive 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
bebc5f69f8 Fix typo in check_config.h 2017-07-22 11:53:56 +02:00
Gilles Peskine
9a9adcd6aa MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
6ee7dad896 Allow forcing 64-bit integer type
Allow forcing 64-bit integer type for bignum operations. Also introduce
the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length
integer in unknown compilers.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
05d9535c90 Enable 64-bit compilation with ARM Compiler 6
This patch fixes the conditional preprocessor directives in
include/mbedtls/bignum.h to enable 64-bit compilation with ARM
Compiler 6.
2017-07-22 11:53:56 +02:00
Simon Butcher
c0da47dd1e Fix platform setup/teardown feature and comments
Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it
as a feature  in 'version_features.c'.
2017-07-21 23:48:55 +01:00
Simon Butcher
be4f75c12f Add additional comments to platform setup/teardown functions 2017-07-21 02:15:14 +02:00
Andres Amaya Garcia
9da69514ec Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT
Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive
as this macro enables/disables both functions.
2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
9d80a36336 Improve documentation for mbedtls_platform_context 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
82d7314c43 Remove internal functions from setup API 2017-07-21 02:12:49 +02:00
Andres Amaya Garcia
122d899296 Add library setup and teardown APIs
Add the following two functions to allow platform setup and teardown
operations for the full library to be hooked in:

* mbedtls_platform_setup()
* mbedtls_platform_teardown()

An mbedtls_platform_context C structure is also added and two internal
functions that are called by the corresponding setup and teardown
functions above:

* mbedtls_internal_platform_setup()
* mbedtls_internal_plartform_teardown()

Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow
mbedtls_platform_context and internal function to be overriden by the
user as needed for a platform.
2017-07-21 02:11:35 +02:00
Hanno Becker
1a28b01b5e Make minor changes to documentation 2017-07-20 12:36:53 +02:00
Hanno Becker
489b985fae Export mbedtls_aes_(en/de)crypt to retain for API compatibility
The commit f5bf7189d3 made the AES
functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing
the library's API.

This commit reverts this.
2017-07-20 12:36:53 +02:00
Hanno Becker
649dcab175 Clarify documentation for alternative AES implementations
The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been
superseded by mbedtls_aes_internal_decrypt and
mbedtls_aes_internal_encrypt, respectively. Alternative
implementations should now only replace the latter, and leave the
maintenance wrapper definitions of the former untouched.

This commit clarifies this in the documentation of the respective
configuration options MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ENCRYPT_ALT.
2017-07-20 12:36:53 +02:00
Hanno Becker
544039ac59 Undo API change
The previous commit b3e6872c93 changed
to public functions from ssl_ciphersuite.h to static inline. This
commit reverts this change.
2017-07-20 12:36:53 +02:00
Janos Follath
a9e775efe4 Remove mutexes from ECP hardware acceleration
Protecting the ECP hardware acceleratior with mutexes is inconsistent with the
philosophy of the library. Pre-existing hardware accelerator interfaces
leave concurrency support to the underlying platform.

Fixes #863
2017-07-19 02:07:59 +01:00
Hanno Becker
248ae6dbb8 Improve documentation of PKCS1 decryption functions
Document the preconditions on the input and output buffers for
the PKCS1 decryption functions
- mbedtls_rsa_pkcs1_decrypt,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt
- mbedtls_rsa_rsaes_oaep_decrypt
2017-07-19 01:46:44 +01:00
Simon Butcher
f2a597fa3d Update the version number to 2.5.1 2017-06-20 23:08:10 +01:00
Manuel Pégourié-Gonnard
4a42f3c405 Merge remote-tracking branch 'restricted/iotssl-1398' into development-restricted
* restricted/iotssl-1398:
  Add ChangeLog entry
  Ensure application data records are not kept when fully processed
  Add hard assertion to mbedtls_ssl_read_record_layer
  Fix mbedtls_ssl_read
  Simplify retaining of messages for future processing
2017-06-09 15:02:40 +02:00
Manuel Pégourié-Gonnard
db108ac944 Merge remote-tracking branch 'hanno/mpi_read_file_underflow' into development
* hanno/mpi_read_file_underflow:
  Fix potential stack underflow in mpi_read_file.
2017-06-08 19:48:03 +02:00