eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6017 commits 89 branches 205 tags 107 MiB
Commit graph

717 commits

Author SHA1 Message Date
Hanno Becker
1e801f5706 Clarify guarantees made by rsa_complete and rsa_check_privkey 2017-10-10 16:44:47 +01:00
Hanno Becker
68b4d58bd8 Remove PRNG argument from mbedtls_rsa_deduce_moduli 
It is not necessary to pass a CSPRNG to `mbedtls_rsa_deduce_moduli`, as there
exist well-working static strategies, and even if a PRNG is preferred, a
non-secure one would be sufficient.

Further, the implementation is changed to use a static strategy for the choice
of candidates which according to some benchmarks even performs better than the
previous one using random candidate choices.
 2017-10-10 16:39:10 +01:00
Hanno Becker
1a9a51c7cf Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. 
Add a reference to the relevant RFC, adapt ChangeLog.
 2017-10-06 11:58:50 +01:00
Hanno Becker
0446a39744 Enhance documentation of mbedtls_ssl_set_hostname 
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
 2017-10-06 11:58:50 +01:00
Hanno Becker
bc389d1d3c Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code 2017-10-05 11:49:53 +01:00
Hanno Becker
3cdc711972 Deprecate usage of RSA primitives with wrong key type 
Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those
may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
 2017-10-05 10:28:21 +01:00
Hanno Becker
e3481ab533 Improve top warning in dhm.h 2017-10-04 16:05:10 +01:00
Hanno Becker
a90658f248 Add ssl_conf_dh_param_bin superseding ssl_conf_dh_param 2017-10-04 15:29:08 +01:00
Hanno Becker
470a8c4d87 Deprecate mbedtls_ssl_conf_dh_param 2017-10-04 15:28:46 +01:00
Hanno Becker
d25d444134 Don't allocate space for DTLS header if DTLS is disabled 2017-10-04 13:58:03 +01:00
Hanno Becker
5e6b8d7d29 Add missing whitespace 2017-10-04 13:41:36 +01:00
Hanno Becker
0482fd597a Remove reference to utility program for RFC 3526/7919 verification 2017-10-04 13:39:08 +01:00
Hanno Becker
5a7c35d1a8 Correct documentation of mbedtls_ssl_conf_dh_param 2017-10-04 13:32:12 +01:00
Hanno Becker
8880e75dcb Add new function mbedtls_dhm_set_group to DHM Group 2017-10-04 13:17:52 +01:00
Hanno Becker
e2fcfa84ea Stick to the use of constant-macros 
This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros
providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated.
 2017-10-04 13:12:15 +01:00
Hanno Becker
0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
Hanno Becker
8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
Hanno Becker
5178dcab12 Clarify parameter ownership in mbedtls_rsa_import[_raw] 2017-10-03 14:29:37 +01:00
Hanno Becker
f9734b35b5 Change wording of warnings 2017-10-03 12:09:22 +01:00
Hanno Becker
f240ea0b50 Expand documentation of mbedtls_dhm_read_params 2017-10-02 15:09:14 +01:00
Hanno Becker
f8258e7d5a Adapt documentation of mbedtls_ssl_conf_dh_param to new moduli 2017-10-02 15:04:40 +01:00
Hanno Becker
70da2c545b Improve documentation of mbedtls_dhm_make_params 2017-10-02 15:02:59 +01:00
Hanno Becker
b5beaa8995 Check that 1 < D, E < N in mbedtls_rsa_validate_params 2017-10-02 13:20:20 +01:00
Hanno Becker
c6fc878eda Remove mbedtls_rsa_check_crt 
This is no longer needed after the decision to not exhaustively validate private key material.
 2017-10-02 13:20:15 +01:00
Hanno Becker
98838b04af Minor improvements 2017-10-02 13:17:01 +01:00
Hanno Becker
7471631dde Make input arguments to mbedtls_rsa_import_raw constant 
Original intention was to be allowed to perform in-place operations like changing the byte-order before importing
parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments
to be left untouched.
 2017-10-02 13:17:01 +01:00
Hanno Becker
43a08d029e Clarify guarantees made by rsa_check_privkey and rsa_complete 
Document explicitly that `mbedtls_rsa_check_privkey` and `mbedtls_rsa_complete` succeeding does not guarantee the
consistency of the underlying RSA private key but only that enough information is present to perform a private key
operation.
 2017-10-02 13:17:01 +01:00
Hanno Becker
1b831fe1c5 Clarify guarantees made by rsa_deduce_moduli/private/crt 2017-10-02 13:06:47 +01:00
Hanno Becker
bdefff1dde Change signature of mbedtls_rsa_deduce_private 
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
 2017-10-02 09:59:48 +01:00
Hanno Becker
ba5b755f1a Change signature and semantics of mbedtls_rsa_deduce_moduli 
Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has
been found.
 2017-10-02 09:55:49 +01:00
Hanno Becker
2f38a43d3a Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. 
Add a reference to the relevant RFC, adapt ChangeLog.
 2017-09-30 23:35:21 +01:00
Hanno Becker
f5f9d11acc Enhance documentation of mbedtls_ssl_set_hostname 
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
 2017-09-30 23:35:12 +01:00
Hanno Becker
56bae95e1d Improve style and documentation, fix typo 2017-09-29 15:43:49 +01:00
Hanno Becker
4b2f691691 Doxygen: Use typewriter font for variables in rsa.h documentation 2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321 Increase readability of Doxygen output 
Multiple lists were not properly recognized as such.
 2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb Add and document an RSA-specific error code for unsupported exports 
E.g., a private key on an external chip might not be exportable to RAM.
 2017-09-29 12:50:12 +01:00
Hanno Becker
5063cd2cca Deprecate direct manipulation of structure fields in RSA context 2017-09-29 11:54:05 +01:00
Hanno Becker
a2f6b72cbb Add warnings regarding the use of DHM in general 2017-09-28 11:06:31 +01:00
Hanno Becker
e764324d96 Improve documentation in dhm.h 2017-09-28 11:06:31 +01:00
Hanno Becker
4c72b000cb Add const-qualifiers to prime constants 2017-09-27 16:06:37 +01:00
Hanno Becker
b1d4d1fa6e Add description of how the primes from RFC 3526/7919 were generated 2017-09-27 12:43:57 +01:00
Hanno Becker
b2bad800e4 Introduce Diffie-Hellman parameters from RFC 7919 2017-09-27 12:43:55 +01:00
Hanno Becker
0e6dc84f3e Deprecate Diffie-Hellman groups from RFC 5114 
Also, change the way the standardized Diffie-Hellman groups are provided from
macro-based string-literals to global variables.
 2017-09-27 11:48:02 +01:00
Jaeden Amero
1526330931 Allow alternate implementation of GCM 
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
 2017-09-22 17:42:44 +01:00
Hanno Becker
a8434e8f95 Add compile-time checks for size of record content and payload 2017-09-18 10:56:14 +01:00
Hanno Becker
603b8c62c4 Clarify guarantees made by successful mbedtls_rsa_complete call 2017-08-25 11:03:07 +01:00
Hanno Becker
d363799a9d Add mbedtls_rsa_validate_crt 
This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function
mbedtls_rsa_check_crt is simplified accordingly.
 2017-08-25 08:35:09 +01:00
Hanno Becker
750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Hanno Becker
b0c5edcc2f Correct typo in rsa.h 2017-08-23 22:16:10 +01:00
Hanno Becker
ab3773123c Add support for alternative RSA implementations 
Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in
config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and
re-implementing the RSA interface specified in rsa.h.

Through the previous reworkings, the adherence to the interface is the only
implementation obligation - in particular, implementors are free to use a
different layout for the RSA context structure.
 2017-08-23 16:24:51 +01:00