Commit Graph

10178 Commits

Author SHA1 Message Date
Jaeden Amero
acdf07c033
Merge pull request #41 from hanno-arm/ec_pubkey_fmt_fixes
Make further adaptations to new EC public key format
2019-02-01 13:05:48 +00:00
Andrzej Kurek
de5a007316 Merge development commit f352f7 into development-psa 2019-02-01 07:03:03 -05:00
Hanno Becker
00114d71f4 Adapt test in test_suite_pk to work with new PSA public key format 2019-02-01 11:56:42 +00:00
Hanno Becker
9acfd730ed Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.

Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.

Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.

The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.

By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.

The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.

That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 11:56:37 +00:00
Hanno Becker
65935d90c9 Add missing include to library/pkwrite.c 2019-02-01 11:55:03 +00:00
Hanno Becker
69777ca867 Add function to find OID for PSA ECC curve identifiers 2019-02-01 11:52:59 +00:00
Hanno Becker
cd0f276cee Update pointer in PSA-based mbedtls_pk_write_pubkey() 2019-02-01 11:52:58 +00:00
Hanno Becker
56104ea9bb Adapt test in test_suite_pk to work with new PSA public key format 2019-02-01 11:48:19 +00:00
Andrzej Kurek
39456532c6 Update submodule version to 3a181009
Point to the new, merged version of the submodule branch
2019-02-01 05:47:17 -05:00
Hanno Becker
493c171a1c Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format
Context: There are two public key writing functions in Mbed TLS. First,
mbedtls_pk_write_pubkey(), which exports a public key in the form of a
SubjectPublicKey structure containing the raw keying material
(for example, EC point coordinates for an EC public key, without
reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(),
which exports a public key in the form of a SubjectPublicKeyInfo structure,
wrapping the SubjectPublicKey structure by additional information
identifying the type of public key (and for ECC, e.g., it'd also contain
the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der()
calls mbedtls_pk_write_pubkey() first and then adds the corresponding
algorithm identifier wrapper.

Both of these functions need to be provided for PSA-based opaque PK contexts,
based on PSA's public key export function.

Previously, PSA used the SubjectPublicKeyInfo structure as its export format,
so mbedtls_pk_write_pubkey_der() could be easily implemented, while
mbedtls_pk_write_pubkey() would need to trim the output of the PSA export.

The previous implementation of mbedtls_pk_write_pubkey() is not quite right
because it calls PSA export doesn't do any trimming, hence exporting the large
SubjectPublicKeyInfo structure instead of the small SubjectPublicKey.
mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling
mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo
structure, which is correct.

By now, the PSA public key export format has changed to the smaller
SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey()
can be implemented by just calling the PSA export, and that
mbedtls_pk_write_pubkey_der() needs to add the algorithm information around
it, just as in the other types of PK contexts. While not correct for the
old format, the existing code for mbedtls_pk_write_pubkey() is therefore
correct for the new PSA public key format, and needs no change apart from
the missing pointer shift in the last commit.

The implementation of mbedtls_pk_write_pubkey_der() needs a special code
path for PSA-based opaque PK contexts, as the PK context only contains
the PSA key handle, and the PSA API needs to be used to extract the
underlying EC curve to be able to write the AlgorithmParameter structure
that's part of the SubjectPublicKeyInfo structure.

That's what this commit does, (hopefully) making both
mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export
the correctly formatted public key based on the new PSA public key format.
2019-02-01 10:25:25 +00:00
Hanno Becker
812e12452a Add function to find OID for PSA ECC curve identifiers 2019-02-01 10:06:51 +00:00
Hanno Becker
4fb8db23b9 Update pointer in PSA-based mbedtls_pk_write_pubkey() 2019-02-01 09:57:20 +00:00
Andrzej Kurek
409fdae6bf test_suite_ctr_drbg: use ctr_drbg_update_ret instead of ctr_drbg_update
Align files with development to ensure the same state of repositories.
2019-02-01 02:53:16 -05:00
Andrzej Kurek
f093a3dc61 Use ecdh_setup instead of ecp_group_load
Align files with development to ensure the same state of repositories.
2019-02-01 02:50:36 -05:00
Peter Kolbus
60c6da2352 all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
There were no tests for a non-default MPI window size. Add one.

Change-Id: Ic08fbc9161d0b3ee67eb3c91f9baf602646c9dfe
2019-01-31 19:41:11 -06:00
Peter Kolbus
e6bcad3f79 Fix DEADCODE in mbedtls_mpi_exp_mod()
In mbedtls_mpi_exp_mod(), the limit check on wsize is never true when
MBEDTLS_MPI_WINDOW_SIZE is at least 6. Wrap in a preprocessor guard
to remove the dead code and resolve a Coverity finding from the
DEADCODE checker.

Change-Id: Ice7739031a9e8249283a04de11150565b613ae89
2019-01-31 19:37:51 -06:00
Gilles Peskine
7b3950862f Documentation: link to the specification separately
Link to rendered copies of the specification on a separate branch,
since the implementation is not always up-to-date with the
specification.

Fix the broken link to the HTML to something that works on the web.

Add instructions to generate the library documentation in HTML locally.
2019-01-31 18:10:05 +01:00
Andrzej Kurek
c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Gilles Peskine
f8785f740c Remove API specification PDFs from the implementation repository 2019-01-31 11:55:46 +01:00
Jaeden Amero
f352f75f6b Merge remote-tracking branch 'origin/pr/2332' into development 2019-01-30 15:53:00 +00:00
Jaeden Amero
c4cc2511d0 Merge remote-tracking branch 'origin/pr/2325' into development 2019-01-30 15:35:44 +00:00
Jaeden Amero
91af329a55 Merge remote-tracking branch 'origin/pr/2214' into development 2019-01-30 15:08:25 +00:00
Jaeden Amero
14eca249f1 Merge remote-tracking branch 'origin/pr/2213' into development 2019-01-30 15:01:20 +00:00
Jaeden Amero
c89148bba7 Merge remote-tracking branch 'origin/pr/2207' into development 2019-01-30 14:57:44 +00:00
Jaeden Amero
b18239713e Merge remote-tracking branch 'origin/pr/2191' into development 2019-01-30 14:56:58 +00:00
Jaeden Amero
6f4a8ef1ee Merge remote-tracking branch 'origin/pr/2137' into development 2019-01-30 14:55:09 +00:00
Jaeden Amero
c42dd60f1f Merge remote-tracking branch 'origin/pr/1949' into development 2019-01-30 14:46:35 +00:00
Jaeden Amero
dac9f45e5a Merge remote-tracking branch 'origin/pr/1551' into development 2019-01-30 13:24:55 +00:00
Jaeden Amero
e6e2686cf8 Merge remote-tracking branch 'origin/pr/2055' into development
Resolve conflicts in ctr_drbg.c where zeroization had been added upon
exit.
2019-01-30 13:23:03 +00:00
Jaeden Amero
ad88be05b6 Add ChangeLog entry for #2371 2019-01-30 13:19:01 +00:00
Jaeden Amero
730ecdf3b1 Merge remote-tracking branch 'origin/pr/2371' into development 2019-01-30 13:15:40 +00:00
Andrzej Kurek
92dd4d0307 ssl-opt.sh: add a test for "calc PSA finished" log to the PSA tests 2019-01-30 04:10:19 -05:00
Andrzej Kurek
683d77e836 ssl_opt: check client and server output for PSA calc verify in PSA tests
Increase debug level to 2 in PSA tests and check for "PSA calc verify"
to ensure that the PSA code is being run.
2019-01-30 03:50:42 -05:00
Andrzej Kurek
2ad229725c ssl_tls: add psa_hash_abort when reseting checksum 2019-01-30 03:32:12 -05:00
Andrzej Kurek
972fba51ed ssl_tls: rename sha_512_psa to sha_384_psa 2019-01-30 03:29:12 -05:00
Darryl Green
ec07950e53 Exclude ECDH and FFDH key agreement algorithms for now 2019-01-29 16:08:46 +00:00
Gilles Peskine
95ab71a19a test_psa_constant_names: make tmp files easier to recognize 2019-01-29 16:08:46 +00:00
Gilles Peskine
17542086ab Recognize kdf_alg as KDF algorithm parameter name 2019-01-29 16:08:46 +00:00
Gilles Peskine
6d194bd92b Read constant names from crypto_extra.h as well as crypto_values.h
test_psa_constant_names.py was originally written before the split of
crypto.h into crypto_values.h and more, so it now needs to read
crypto_values.h as well.

In both generate_psa_constants.py and test_psa_constant_names.py, read
crypto_extra.h as well. We don't currently define any value there, but
it's plausible that we will one day.
2019-01-29 16:08:46 +00:00
Gilles Peskine
6a78573088 CMake: psa_constant_names and test_psa_constant_names
Build and install psa_constant_names.

Make sure that test_psa_constant_names passes in an out-of-tree build.
2019-01-29 16:08:46 +00:00
Gilles Peskine
f31dbb7bf1 CMake: build and install key_ladder_demo 2019-01-29 16:08:46 +00:00
Gilles Peskine
738f017c12 Fix the build of key_ladder_demo under Clang
Clang -Wall -Wincompatible-pointer-types-discards-qualifiers said:
thou shalt not put a string literal in a non-const char*.
2019-01-29 16:08:46 +00:00
Gilles Peskine
451e24c1d8 Fix out-of-tree builds that use the PSA crypto API headers 2019-01-29 16:08:46 +00:00
Gilles Peskine
265a171c52 Error out if a value is out of range
psa_status_t is currently a signed type where only non-negative values
are used, which makes things a bit awkward. For now, non-negative
values trigger an error. This code will need to be revised if we
switch to using negative values as error codes.
2019-01-29 16:08:46 +00:00
Gilles Peskine
182c2e9836 psa_constant_names: fix display for truncated unknown MAC/AEAD algorithm 2019-01-29 16:08:46 +00:00
Gilles Peskine
c68ce9637a Exclude full-length-algorithm macros from testing
Calls to PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH and
PSA_ALG_FULL_LENGTH_MAC are not in canonical form, so exclude them
from the list of constructor macros to test.
2019-01-29 16:08:46 +00:00
Gilles Peskine
434899fccd Test truncated MAC and AEAD algorithms
For MAC and AEAD algorithms, test the algorithm truncated to certain
lengths (1 and 63 bytes).
2019-01-29 16:08:46 +00:00
Gilles Peskine
f96ed6615c Fix bug in distribute_arguments for multi-argument macros 2019-01-29 16:08:46 +00:00
Gilles Peskine
cf9c18e696 Add option to keep the temporary C files
Useful for debugging and for reviewing what test cases are generated.
2019-01-29 16:08:45 +00:00
Gilles Peskine
a0a315c815 Add location information to input processing exceptions
If parsing fails, report the input file name and line number.

If distribute_arguments fails, report for what name.
2019-01-29 16:08:45 +00:00