ECJPAKE: always use MD light

This enables access to all available hashes, instead of the previous situation where you had to choose by including MD_C or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-14 23:59:24 +01:00 · 2023-03-14 23:59:24 +01:00 · 41bc8b6b1e
commit 41bc8b6b1e
parent ffcda5679a
5 changed files with 32 additions and 44 deletions
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@ -89,7 +89,8 @@

 /* Auto-enable MBEDTLS_MD_LIGHT if some module needs it.
 */
-#if defined(MBEDTLS_PEM_PARSE_C) || \
+#if defined(MBEDTLS_ECJPAKE_C) || \
+    defined(MBEDTLS_PEM_PARSE_C) || \
    defined(MBEDTLS_RSA_C)
 #define MBEDTLS_MD_LIGHT
 #endif
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -374,12 +374,10 @@
 #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
 #endif

-/* Use of EC J-PAKE in TLS requires SHA-256.
- * This will be taken from MD if it is present, or from PSA if MD is absent.
- * Note: MBEDTLS_ECJPAKE_C depends on MBEDTLS_MD_C || MBEDTLS_PSA_CRYPTO_C. */
+/* Use of EC J-PAKE in TLS requires SHA-256. */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    !( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) &&          \
-    !( !defined(MBEDTLS_MD_C) && defined(PSA_WANT_ALG_SHA_256) )
+    !(defined(MBEDTLS_SHA256_C) || \
+      (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)))
 #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
 #endif

--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@ -993,9 +993,13 @@
 * might still happen. For this reason, this is disabled by default.
 *
 * Requires: MBEDTLS_ECJPAKE_C
- *           SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
+ *           SHA-256 (via MBEDTLS_SHA256_C or a PSA driver)
 *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
 *
+ * \warning If SHA-256 is provided only by a PSA driver, you must call
+ * psa_crypto_init() before the first hanshake (even if
+ * MBEDTLS_USE_PSA_CRYPTO is disabled).
+ *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
@ -2504,13 +2508,8 @@
 *
 * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
 *
- * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
- * before doing any EC J-PAKE operations.
- *
- * \warning When building with MBEDTLS_MD_C, all hashes used with this
- * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
- * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
- * this module in builds where MBEDTLS_MD_C is disabled.
+ * \warning If using a hash that is only provided by PSA drivers, you must
+ * call psa_crypto_init() before doing any EC J-PAKE operations.
 */
 #define MBEDTLS_ECJPAKE_C

--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@ -30,18 +30,6 @@
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"

-/* We use MD first if it's available (for compatibility reasons)
- * and "fall back" to PSA otherwise (which needs psa_crypto_init()). */
-#if !defined(MBEDTLS_MD_C)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status,   \
-                                                           psa_to_md_errors,              \
-                                                           psa_generic_status_to_mbedtls)
-#endif /* !MBEDTLS_ECJPAKE_ALT */
-#endif /* !MBEDTLS_MD_C */
-
 #include "hash_info.h"

 #include <string.h>
@ -66,19 +54,8 @@ static int mbedtls_ecjpake_compute_hash(mbedtls_md_type_t md_type,
                                        const unsigned char *input, size_t ilen,
                                        unsigned char *output)
 {
-#if defined(MBEDTLS_MD_C)
    return mbedtls_md(mbedtls_md_info_from_type(md_type),
                      input, ilen, output);
-#else
-    psa_algorithm_t alg = mbedtls_psa_translate_md(md_type);
-    psa_status_t status;
-    size_t out_size = PSA_HASH_LENGTH(alg);
-    size_t out_len;
-
-    status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
-
-    return PSA_TO_MBEDTLS_ERR(status);
-#endif /* !MBEDTLS_MD_C */
 }

 /*
@ -142,15 +119,9 @@ int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,

    ctx->role = role;

-#if defined(MBEDTLS_MD_C)
    if ((mbedtls_md_info_from_type(hash)) == NULL) {
        return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
    }
-#else
-    if (mbedtls_psa_translate_md(hash) == MBEDTLS_MD_NONE) {
-        return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
-    }
-#endif

    ctx->md_type = hash;

--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@ -109,6 +109,8 @@ void ecjpake_invalid_param()
    mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
    mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1;

+    MD_PSA_INIT();
+
    mbedtls_ecjpake_init(&ctx);

    TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
@ -118,14 +120,19 @@ void ecjpake_invalid_param()
                                     valid_group,
                                     buf, len));
 exit:
-    return;
+    MD_PSA_DONE();
 }
 /* END_CASE */

 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void ecjpake_selftest()
 {
+    MD_PSA_INIT();
+
    TEST_ASSERT(mbedtls_ecjpake_self_test(1) == 0);
+
+exit:
+    MD_PSA_DONE();
 }
 /* END_CASE */

@ -137,6 +144,8 @@ void read_bad_md(data_t *msg)
    const size_t pw_len = 0;
    int any_role = MBEDTLS_ECJPAKE_CLIENT;

+    MD_PSA_INIT();
+
    mbedtls_ecjpake_init(&corrupt_ctx);
    TEST_ASSERT(mbedtls_ecjpake_setup(&corrupt_ctx, any_role,
                                      MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
@ -148,6 +157,7 @@ void read_bad_md(data_t *msg)

 exit:
    mbedtls_ecjpake_free(&corrupt_ctx);
+    MD_PSA_DONE();
 }
 /* END_CASE */

@ -158,6 +168,8 @@ void read_round_one(int role, data_t *msg, int ref_ret)
    const unsigned char *pw = NULL;
    const size_t pw_len = 0;

+    MD_PSA_INIT();
+
    mbedtls_ecjpake_init(&ctx);

    TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, role,
@ -168,6 +180,7 @@ void read_round_one(int role, data_t *msg, int ref_ret)

 exit:
    mbedtls_ecjpake_free(&ctx);
+    MD_PSA_DONE();
 }
 /* END_CASE */

@ -178,6 +191,8 @@ void read_round_two_cli(data_t *msg, int ref_ret)
    const unsigned char *pw = NULL;
    const size_t pw_len = 0;

+    MD_PSA_INIT();
+
    mbedtls_ecjpake_init(&ctx);

    TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_CLIENT,
@ -194,6 +209,7 @@ void read_round_two_cli(data_t *msg, int ref_ret)

 exit:
    mbedtls_ecjpake_free(&ctx);
+    MD_PSA_DONE();
 }
 /* END_CASE */

@ -204,6 +220,8 @@ void read_round_two_srv(data_t *msg, int ref_ret)
    const unsigned char *pw = NULL;
    const size_t pw_len = 0;

+    MD_PSA_INIT();
+
    mbedtls_ecjpake_init(&ctx);

    TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_SERVER,
@ -220,5 +238,6 @@ void read_round_two_srv(data_t *msg, int ref_ret)

 exit:
    mbedtls_ecjpake_free(&ctx);
+    MD_PSA_DONE();
 }
 /* END_CASE */