Commit Graph

2135 Commits

Author SHA1 Message Date
Steffen Jaeckel
5a33be0dbc improve MPI providers section in documentation
.. also add a checkbox regarding MPI providers to the issue template

This closes #605

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:09 +00:00
Steffen Jaeckel
97d0f61491 port cmake integration changes from libtommath
... also enable building of tests.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:09 +00:00
Adrian Antonana
d07a66f9b2 introduce initial cmake support 2024-02-18 17:02:09 +00:00
Steffen Jaeckel
82ec3fea54 remove camellia tests if LTC_TEST is not defined
Fixes #600

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
3c05f2b65a fix incompatibility issues with LLP64 data models
This is also a fixup of a921112fe32fce1d5cce386ab09d3edcaa004c51

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
791e5e7098 don't overwrite arguments
There's no need to store those values first somewhere else.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
1c303e8c13 optimize stack arrays
* minimize stack usage
* no need to zero-initialize the arrays

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
bb7712bd64 ensure that ctx is non-NULL
The code-path via the `ed25519ph_*()` APIs would have allowed to get here
and de-reference `ctx` even if it is `NULL`.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
fd41f04026 re-factor tweetnacl_crypto_hash[_ctx]()
@etienne-lms remarked in [0] that the stack usage could be minimized
by using `hash_memory_multi()` instead of copying the data, so let's do
that.

[0] https://github.com/OP-TEE/optee_os/pull/5486#discussion_r955095821

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
25b724e0d8 Update makefiles 2024-02-18 17:02:08 +00:00
Steffen Jaeckel
df529c3cbc add test-case that uses LTC_NO_NULL_TERMINATION_CHECK
It's a compile-only test, but we run it anyways so we can finally get
`crypt_fsa()` included in the coverage report. It's not really useful but
also doesn't hurt.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
f73a6893ef fix possible UB
A user isn't guaranteed to use the `der_..._multi()` in a correct fashion.
Therefor change the pattern in the library and terminate further vararg
processing immediately after the `EOL` marker is hit.

The previous changes introducing the function-`attribute(sentinel)` would
allow detecting this, but not all compilers have support for the attribute.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
ae1c26842b use LTC_NULL in the library code
`NULL` as defined by the standard is not guaranteed to be of a pointer
type. In order to make sure that in vararg API's a pointer type is used,
define our own version and use that one internally.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
1277dab32a introduce LTC_NULL_TERMINATED function attribute
In order to be able to check at compile time whether a vararg function
is correctly NULL-terminated.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
0507657b07 Update makefiles 2024-02-18 17:02:08 +00:00
Steffen Jaeckel
57c90507ae re-factor some parts of the Ed25519ctx and Ed25519ph implementation
* The RFC doesn't limit the context to be a string.
  It talks about `octets` which means it could be any binary data.
* Move the context-preprocessing function out of tweetnacl.c
* Fix potential segfaults when Ed25519 signature verification fails and
  `LTC_CLEAN_STACK` is enabled.
* Fix all the warnings.
* Update documentation.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Valerii Chubar
3f91f261ff Add ed25519ctx and ed25519ph support
Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
2024-02-18 17:02:08 +00:00
Valerii Chubar
a37f4ca5df ed25519: Add testcase for segfault on verify
In case when the signature is not verified the "mlen" variable
is equal to ULONG_MAX. When LTC_CLEAN_STACK has been defined
this results in a segmentation fault.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
142d5033f1 Ensure that hash overflow is detected
Previously it was not detected if `inlen` itself was too big and would
overflow the multiplication by 8.

Related to #592

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Steffen Jaeckel
243099fee7 also build with MSVC 2019 & 2022
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:08 +00:00
Oliver Schneider
aa6dcd8de6 Spelling fix in tomcrypt_cfg.h 2024-02-18 17:02:08 +00:00
Steffen Jaeckel
8059e5a097 fix sporadically failing tests when built with pthreads support
... I hope ... :)

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
599d4861a3 make sure to check yarrow_read() return values
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
64010a939b pack up failed build to be able to investigate
Sometimes it's hard to reproduce an issue as they happen on CI, so let's
pack-up what we can on failure and upload it as artifact.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
2af7e7e65d add hash Id to docs 2024-02-18 17:02:07 +00:00
Steffen Jaeckel
fdd96a7fbc add cipher Id to docs
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
9385809717 silence valgrind
When compiling with clang (9-12) and then running the tests in
valgrind (I tested 3.13.0 and 3.15.0) the following error was created:

```
Conditional jump or move depends on uninitialised value(s)
   at 0x47761F: ecc_ssh_ecdsa_encode_name (ecc_ssh_ecdsa_encode_name.c:38)
   ...
Uninitialised value was created by a stack allocation
   at 0x477570: ecc_ssh_ecdsa_encode_name (ecc_ssh_ecdsa_encode_name.c:21)
```

This silences this error by initialising the stack-array on creation.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
13f2ab092a better debug output
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
d016615d0b migrate from travis CI to GitHub actions
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
6ee927a3e2 improve pk_oid_num_to_str()
* allow `OID` to be `NULL` until you want to write it ...
* make sure we don't overflow the `int i`

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
ee92fce094 fix/improve DER tests
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
39c44e14fe prevent UB
This prevents incrementing `adata`, which can be a NULL pointer at this
point.

Fixes #583

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
c2a6b1a9fb add (private) rsa_import_pkcs1()
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
832e66c102 signal a potential overflow when decoding a LTC_ASN1_SHORT_INTEGER
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
48c5894d40 continue looping on NOP
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
c4b30b61dc slightly improve base64 encoding
* ensure base64 encode in&out buffers aren't the same
* allow calling any of the encode functions with `out` being a
  NULL-pointer, to be able to determine the size for storing
  the output.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
8f9d80f171 correctly prefix enum ltc_oid_id members
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
deaa907a5c add base64_encode_pem()
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
4499b5cdb7 fix typo
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
39f9cd9420 re-order code a bit
... so only relevant parts are executed

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
71e54554ff add SSH-style padding
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Steffen Jaeckel
c450bf4912 annotate some and fix un-aligned #endif
This fixes #572

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2024-02-18 17:02:07 +00:00
Cedric Neveux
4cd4761284 documentation: add new rsa generate key API
Add rsa_make_key_ubin_e api documentation.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
2024-02-18 17:02:06 +00:00
Cedric Neveux
a7a81d63e1 test: add test rsa key generate with public exponent upto 256 bits
Add a RSA test generating a RSA key with a 256 bits public exponent.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
2024-02-18 17:02:06 +00:00
Cedric Neveux
16d422ee86 rsa: add rsa key generate with public exponent upto 256 bits
Function rsa_make_key() limits the RSA key generates to a public
exponent of type long (32 bits or 64 bits).
RSA standard specify that public exponent e can be between 65537 (included)
and 2^256 (excluded).

Add function rsa_make_key_ubin_e to use a hexadecimal public exponent.
Add function rsa_make_key_bn_e to use a bignumber public exponent
(op-tee).

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
2024-02-18 17:02:06 +00:00
Karel Miko
8a46b4cd71 DSA gen params: fixed check group_size vs LTC_MDSA_MAX_GROUP, updated LTC_MDSA_DELTA, new LTC_MDSA_MAX_MODULUS 2024-02-18 17:02:06 +00:00
Steffen Jaeckel
1a97b0f78d don't undermine hash-registry concept
This allows registering an own implementation with a different
descriptor name.
2024-02-18 17:02:06 +00:00
Steffen Jaeckel
8f8a4e3c68 use sha3 if available 2024-02-18 17:02:06 +00:00
Steffen Jaeckel
b49a26dd4b fix dependency to sha2
DSA had a hard dependency to the basic sha2 operations.
In case one wanted to compile e.g. only with sha256 this lead to a
compilation error.
2024-02-18 17:02:06 +00:00
David Cantrell
8aca6a351c m68k platforms are big endian
The endianness fallback in tomcrypt_cfg.h lacked a check for the gcc
define for m68k.  I discovered this while building dropbear on A/UX
3.1.1 on a Macintosh Quadra 700 (yes, in 2021).  Adding the check for
the gcc __m68k__ define gets everything building.

Signed-off-by: David Cantrell <david.l.cantrell@gmail.com>
2024-02-18 17:02:06 +00:00