Commit Graph

4194 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
276cb64e6c Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
7d51255ca7 Implement pk_sign() for opaque ECDSA keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
07b103fe07 Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
683632b78e Add support for get_(bit)len on opaque keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
274f521b9a Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
3bc2029a33 Clarify return value of pk_check_pair() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1ecf92c364 Skeleton for PK_OPAQUE_PSA 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
26fd730876 Add config option for X.509/TLS to use PSA 2018-11-22 16:25:36 +00:00
Gilles Peskine
a678f233a7
Merge pull request #197 from netanelgonen/entropy-inject
Add entropy inject API (#197)
2018-11-21 19:21:05 +01:00
avolinski
0d2c266c06 change MBEDTLS_RANDOM_SEED_ITS define to be PSA_CRYPTO_ITS_RANDOM_SEED_UID 2018-11-21 17:31:07 +02:00
avolinski
1c66205df6 Remove trailing space in psa_crypto.c 2018-11-21 16:54:09 +02:00
Gilles Peskine
83146e10bb
Merge pull request #211 from ARMmbed/bug_fix_210
Fix memory allocation check in psa_save_generated_persistent_key (#211)
2018-11-21 15:51:07 +01:00
avolinski
13beb100c2 Adjust psa entropy inject tests to take as minimum seed size
the maximum of MBEDTLS_ENTROPY_MIN_PLATFORM and MBEDTLS_ENTROPY_BLOCK_SIZE
2018-11-21 16:24:53 +02:00
avolinski
7cc8229d80 Replace MBED_RANDOM_SEED_ITS_UID with MBEDTLS_RANDOM_SEED_ITS_UID
Update mbedtls_psa_inject_entropy function documentation
2018-11-21 16:24:53 +02:00
Netanel Gonen
21f37cbbec Add Tests for psa crypto entropy incjection
Adjust code to handle and work with MBEDTLS_ENTROPY_BLOCK_SIZE definition option
2018-11-21 16:24:52 +02:00
Netanel Gonen
2bcd312cda Add entropy injection function to psa cripto APIs 2018-11-21 16:15:14 +02:00
itayzafrir
910c76b3d1 Check that memory allocation was successful in psa_save_generated_persistent_key 2018-11-21 16:10:33 +02:00
Gilles Peskine
3d5d8372a5
Merge pull request #198 from ARMmbed/psa_crypto_its
PSA Crypto Storage backend implementation over PSA ITS APIs (#198)
2018-11-21 15:04:03 +01:00
Jaeden Amero
c6e4ab00a8 Use parent module includes when used as a submodule
For Makefiles, enable overriding where includes can come from in order to
enable the parent module to set the include path. This allows the parent
module to specify that its config.h should be used, even when the submodule
when built standalone would use a different config.h.

For CMake, always look in the parent's include folder and our own. List the
parent's include folder first, so that preference is given to parent
include files.
2018-11-21 12:17:31 +00:00
Jaeden Amero
5ae1fb6f69 CMake: Don't build non-crypto when a subproject
When building Mbed Crypto as a subproject, don't add targets for
libmbedx509 or libmbedtls, as the parent project should build these. The
parent project will define USE_CRYPTO_SUBMODULE variable when using Mbed
Crypto as a submodule, so we can depend on that variable to control whether
or not we build non-crypto libraries.
2018-11-21 12:16:40 +00:00
Moran Peker
a26d764bae Add new PSA Crypto Storage backend implementation using ITS APIs
The new file is conditionally compiled with the new mbedtls
configuration option that  Mbed OS would set by default -
`MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C`.

-
2018-11-21 13:28:10 +02:00
Moran Peker
a90abf13b6 add MBEDTLS_PSA_HAS_ITS_IO
update config.h,config-psa-crypto.h, version_features.c and config.pl
2018-11-21 13:28:09 +02:00
Moran Peker
4611956560 Add new MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C configuration option
- update configuration requires
- update check_config.h to include MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
- update con and config.h
2018-11-21 13:28:09 +02:00
Darryl Green
0c6575a84d psa: Extend psa_generate_key to support persistent lifetimes 2018-11-20 15:40:32 +00:00
Darryl Green
dd8fb777ce psa: Refactor psa_internal_export_key to use slot, rather than key
When generating keys that have persistent lifetime, we will need
the keys to be in the exported format to save to persistent storage.
This refactoring to separate checking the slots usage from the
exporting of the key data will be necessary for using
psa_internal_export_key in psa_generate_key.
2018-11-20 15:40:32 +00:00
Darryl Green
d49a499d03 psa: Implement persistent keys
Allow use of persistent keys, including configuring them, importing and
exporting them, and destroying them.

When getting a slot using psa_get_key_slot, there are 3 scenarios that
can occur if the keys lifetime is persistent:

1. Key type is PSA_KEY_TYPE_NONE, no persistent storage entry:
   -  The key slot is treated as a standard empty key slot
2. Key type is PSA_KEY_TYPE_NONE, persistent storage entry exists:
   -  Attempt to load the key from persistent storage
3. Key type is not PSA_KEY_TYPE_NONE:
   -  As checking persistent storage on every use of the key could
      be expensive, the persistent key is assumed to be saved in
      persistent storage, the in-memory key is continued to be used.
2018-11-20 15:40:25 +00:00
Darryl Green
40225ba709 psa: Refactor psa_destroy_key()
Create a new function psa_remove_key_from_memory() from psa_destroy_key().
This is needed as psa_destroy_key() will remove all key data, including
persistent storage. mbedtls_psa_crypto_free() will now only free in-memory
data and not persistent data.
2018-11-20 15:21:22 +00:00
Darryl Green
06fd18de37 psa: Move get_key_slot functions
Move the psa_get_key_slot and related static functions as they will need
to call psa_import_key_into_slot() for persistent keys.
2018-11-20 15:21:22 +00:00
Darryl Green
940d72c3e8 psa: Refactor psa_import_key()
Create a new function psa_import_key_into_slot() from psa_import_key().
This is common functionality that will be used both when importing a
key and loading a key from persistent storage.
2018-11-20 15:21:22 +00:00
Moran Peker
96ebf9efcf psa: Add magic header to storage backend
Add a magic header to the storage format used with files. The
header is used as an initial check that the data is what we expect,
rather than garbage data.
2018-11-20 15:21:22 +00:00
Darryl Green
db2b8db715 psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.

An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
2018-11-20 15:21:22 +00:00
Jaeden Amero
818eab2e76 Merge tag 'mbedtls-2.14.0' into feature-psa
Mbed TLS version 2.14.0

Resolved conflicts in include/mbedtls/config.h,
tests/scripts/check-files.py, and yotta/create-module.sh by removing yotta.

Resolved conflicts in tests/.jenkins/Jenkinsfile by continuing to run
mbedtls-psa job.
2018-11-19 19:25:56 +00:00
Simon Butcher
c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Hanno Becker
1aaedc03d4 Add implementation of TLS-1.2 PSK-to-MS key derivation 2018-11-19 11:24:25 +00:00
Gilles Peskine
93f8500e2e Fix unused variables warning if MBEDTLS_ECDH_C is off
depends-pkalgs.pl passes.
2018-11-16 16:43:31 +01:00
Gilles Peskine
346797d7b9 Add missing cleanup on failure in psa_key_agreement
If psa_key_derivation_internal() fails, it's up to the caller to clean
up. Do this, and add a note at the top of
psa_key_derivation_internal() and its auxiliary functions.

There is no non-regression test because at the moment the only way to
trigger an error is a borderline low-memory condition and we don't
have the means to trigger this.
2018-11-16 16:09:27 +01:00
Gilles Peskine
a05219c70b Add some missing compilation guards
Add missing checks for defined(MBEDTLS_MD_C) around types and
functions that require it (HMAC, HKDF, TLS12_PRF).

Add missing checks for defined(MBEDTLS_ECDSA_DETERMINISTIC) around
code that calls mbedtls_ecdsa_sign_det().

Add missing checks for defined(MBEDTLS_ECDH_C) around ECDH-specific
functions.
2018-11-16 16:09:24 +01:00
Hanno Becker
353e45361d Don't call memcpy() with 0-length arguments
The standard prohibits calling memcpy() with NULL pointer
arguments, even if the size argument is 0.

The TLS-1.2 PRF generator setup function previously called
memcpy() with the label and salt as the source, even if
they were of length 0, as exercised by the derive_key_policy
test case in the PSA crypto test suite.

This commit adds guards around the memcpy() calls so that they
are only executed of salt or label have positive length, respectively.
2018-11-16 11:24:59 +00:00
Hanno Becker
3b339e2342 Simplify psa_generator_tls12_prf_generate_next_block() 2018-11-16 11:24:59 +00:00
Hanno Becker
580fba1431 Dynamically allocate A(i) + seed buffer for TLS-1.2 PRF 2018-11-16 11:24:59 +00:00
Hanno Becker
c8a41d71cb Add implementation of TLS-1.2 PRF 2018-11-16 11:24:55 +00:00
Gilles Peskine
b408661be9 ECDH: check that the keys are on the same curve
In psa_key_agreement_ecdh, check that the public key is on the same
curve as the private key. The underlying mbedtls API doesn't check.

If the curves don't match, psa_key_agreement_ecdh is practically
guaranteed to return INVALID_ARGUMENT anyway, because way the code is
written, the public point is interpreted on the curve of the private
point, and it is rejected because the point is not on the curve. This
is why the test case "PSA key agreement setup: ECDH, raw: public key
on different curve" passed even before adding this check.
2018-11-14 21:17:16 +01:00
Gilles Peskine
88714d78b8 Allow ECDH-only public key in ECDH
In ECDH key agreement, allow a public key with the OID id-ECDH, not
just a public key with the OID id-ecPublicKey.

Public keys with the OID id-ECDH are not permitted by psa_import_key,
at least for now. There would be no way to use the key for a key
agreement operation anyway in the current API.
2018-11-14 21:17:16 +01:00
Gilles Peskine
211a436f2e Document that key agreement produces a maximum-capacity generator 2018-11-14 21:15:37 +01:00
Gilles Peskine
b7ecdf0509 Implement ECDH 2018-11-14 21:15:37 +01:00
Gilles Peskine
01d718cee8 New API function: psa_key_agreement
Set up a generator from a key agreement.
2018-11-14 21:15:37 +01:00
Gilles Peskine
8feb3a886d Support key derivation with non-predefined capacity
psa_key_derivation requires the caller to specify a maximum capacity.
This commit adds a special value that indicates that the maximum
capacity should be the maximum supported by the algorithm. This is
currently meant only for selection algorithms used on the shared
secret produced by a key agreement.
2018-11-14 21:15:37 +01:00
Gilles Peskine
751d965dfc Implement PSA_ALG_SELECT_RAW 2018-11-14 21:15:37 +01:00
Gilles Peskine
cce18aec4c Split off psa_key_derivation_internal
Refactor psa_key_derivation to prepare for key agreement algorithms
which need to plug into key derivation after argument validation.
2018-11-14 21:15:37 +01:00
Gilles Peskine
e19b7d54d0 Revert "New function mbedtls_rsa_get_bitlen"
This reverts commit 1d26709dbd.
2018-11-12 19:14:34 +01:00