cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
7,991 Commits 7 Branches 115 Tags
Commit Graph

7991 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
781afb4b07 Merge remote-tracking branch 'psa/pr/45' into feature-psa 2018-09-12 16:13:49 +03:00
Gilles Peskine
6de7a179c8 Fix file permissions 
Some files were marked as executable but shouldn't have been.
 2018-09-12 16:13:49 +03:00
itayzafrir
27fbaf7781 Fixed test sign_deterministic, macro PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE 
Arguments in the wrong order
 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
aa5aea0bac fix spaces and add braces 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
e9664c30f0 space and style fixes 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9627241beb change macro PSA_HASH_BLOCK_SIZE to function psa_get_hash_block_size 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
5ca6547b77 Renamed hmac_ctx to opad and removed null check. 
this array is now part of the struct and not dynamically allocated
so it can't be null.
 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
caec7f0c49 Fix rename issue missed by re-base 2018-09-12 16:13:49 +03:00
Gilles Peskine
d223b52a9a psa_hmac_start: reduce stack usage 
Store the temporary key in the long-key case (where the key is first
hashed) directly into ipad. This reduces the stack usage a little, at
a slight cost in complexity.
 2018-09-12 16:13:49 +03:00
Gilles Peskine
6a0a44e167 HMAC: clean up local variables containing key material 
In psa_mac_start, the hash of the key and ipad contain material that
can be used to make HMAC calculations with the key, therefore they
must be wiped.

In psa_mac_finish_internal, tmp contains an intermediate value which
could reveal the HMAC. This is definitely sensitive in the verify case,
and marginally sensitive in the finish case (it isn't if the hash
function is ideal, but it could make things worse if the hash function
is partially broken).
 2018-09-12 16:13:49 +03:00
Gilles Peskine
c102e3ce4b psa_hmac_start: simplify key_length logic in hash-the-key case 2018-09-12 16:13:49 +03:00
Gilles Peskine
e1bc6800cc psa_hmac_start: remove useless casts 2018-09-12 16:13:49 +03:00
Gilles Peskine
7e454bc19f Split out CMAC and HMAC code into auxiliary functions 
Split algorithm-specific code out of psa_mac_start. This makes the
function easier to read.

The behavior is mostly unchanged. In a few cases, errors before
setting a key trigger a context wipe where they didn't. This is a
marginal performance loss but only cases that are an error in caller
code.
 2018-09-12 16:13:49 +03:00
Gilles Peskine
99bc649760 Normalize whitespace to Mbed TLS standards 
Only whitespace changes in this commit.
 2018-09-12 16:13:49 +03:00
Gilles Peskine
ef057ac8ed Remove dead code 
Remove an unused function and an unused variable. Now the code builds
with gcc -Wall -Wextra -Werror.
 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
084832d65f replace get_block_size_from_hash_algorithm with PSA_HASH_BLOCK_SIZE macro 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9e2ffe83ac change type of hash block to uint8_t 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
1e2b046026 adding more test cases for hmac 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601 change hmac context to use statically allocated memory 
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
0c9ec53a10 remove reliance on md_info context for hash information 
1. remove reliance on md_info context for hash information by decoding locally
2. remove block_size field in context as this is dynamically computed
 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
eeace0bf7f Code style fix : changed keylen to key_length 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
7810be273a Code correction: remove unneeded sizeof 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f Commit changes to hmac to not use MD abstraction 
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
 2018-09-12 16:13:49 +03:00
itayzafrir
3e02b3b280 On target testing tests adaptation 
Updated all psa crypto tests to use the new test format
 2018-09-12 16:13:39 +03:00
itayzafrir
423f219bb2 Fixed missing dependencies in psa crypto tests 
PSA verify RSA PKCS#1 v1.5 SHA-256, wrong hash
    PSA Symmetric decryption: AES-CTR, 16 bytes, good
    PSA Symmetric encryption: AES-CTR, 15 bytes, good
    PSA Symmetric encryption: AES-CTR, 16 bytes, good
 2018-09-05 12:46:20 +03:00
Gilles Peskine
8605428dcf Merge remote-tracking branch 'psa/pr/27' into feature-psa 2018-09-05 12:46:19 +03:00
Gilles Peskine
eebd7381bb Rename asymmetric_encrypt to clarify what it does 
Renamed to asymmetric_encrypt_decrypt
 2018-09-05 12:44:18 +03:00
Gilles Peskine
c4def2f228 Add input length check in psa_asymmetric_decrypt 
Remove output size check which is not needed here and was copypasta.

Add non-regression tests.
 2018-09-05 12:44:18 +03:00
Gilles Peskine
b75e4f1314 Remove ECC boilerplate in asymmetric encrypt/decrypt 
We don't have any encryption algorithm using ECC keys at the moment.
 2018-09-05 12:44:17 +03:00
Gilles Peskine
beb4948d10 Add RSA PSS verification (untested) 2018-09-05 12:44:17 +03:00
Gilles Peskine
625b01c9c3 Add OAEP placeholders in asymmetric encrypt/decrypt 
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.

Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
 2018-09-05 12:44:17 +03:00
Gilles Peskine
8b18a4fef3 Rename verify_RSA_hash_input_and_get_md_type 
Give it a shorter name that's more in line with our naming conventions.
 2018-09-05 12:44:17 +03:00
Gilles Peskine
61b91d4476 Normalize whitespace to Mbed TLS standards 
Only whitespace changes in this commit.
 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
1c2a7ea4e2 Allow psa_asymmetric_verify and psa_asymmetric_encrypt to use public key only. 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d708260de4 add key policy enforcement implementation 
add checks that keys have been set for the correct usage for asymmetric
functions.
 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
ca466c89b0 Set output length to safe value 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
c460291714 Re-Add ECC verification code which was not properly merged in re-base. 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
4db79eb36b Extract common code 
Make code easier to maintain.
 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
717a040df5 Remove duplicate / unneeded code 
1. remove duplicate function introduced by re-base
2. remove unneeded code
 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d70bc48630 Fix test output size 
1. set output size to safe value
2. set output size correctly
3. check correct length of actual output
 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
553b8f39e9 Fix test data 
test data used incorrect clear-text length.
 2018-09-05 12:44:17 +03:00
Nir Sonnenschein
72eca16afe Fix scenario test names 
1. make all names unique
2. fix spacing issue in names
 2018-09-05 12:44:17 +03:00
Gilles Peskine
723feffe15 Fix some errors in PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE 
A call to PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE wouldn't even have
compiled. Fix some obvious errors. This is still untested.
 2018-09-05 12:44:17 +03:00
Gilles Peskine
5b051bc608 Remove trailing whitespace 
Only horizontal whitespace changes in this commit.
 2018-09-05 12:44:12 +03:00
Gilles Peskine
ad44f11257 Merge remote-tracking branch 'psa/pr/54' into feature-psa 2018-09-05 12:41:53 +03:00
Gilles Peskine
6afe789d4c Finish renaming around PSA_ALG_IS_RSA_PKCS1V15 
Now the code compiles. Some OAEP and PSS macros may still need to be fixed.
 2018-09-05 12:41:53 +03:00
Gilles Peskine
d6125ca63b Merge remote-tracking branch 'psa/pr/24' into feature-psa 2018-09-05 12:41:53 +03:00
Gilles Peskine
a1cac84e83 Move AEAD tests just after cipher 
Always adding things at the end tends to create merge conflicts.
Adding in the middle in this way makes the order more logical in
addition to avoiding conflicts.
 2018-09-05 12:41:53 +03:00
Nir Sonnenschein
4f594eca40 remove check for key pair (public key should be enough for verification) 2018-09-05 12:41:53 +03:00
Nir Sonnenschein
7f5a31915b code fixes for internal code review: 
1. change to correct error code
2. removed unneeded comment
 2018-09-05 12:41:53 +03:00