From 41bc8b6b1ef76f10411c90d269efcf37bd313241 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 14 Mar 2023 23:59:24 +0100 Subject: [PATCH] ECJPAKE: always use MD light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This enables access to all available hashes, instead of the previous situation where you had to choose by including MD_C or not. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 3 ++- include/mbedtls/check_config.h | 8 +++---- include/mbedtls/mbedtls_config.h | 15 ++++++------ library/ecjpake.c | 29 ------------------------ tests/suites/test_suite_ecjpake.function | 21 ++++++++++++++++- 5 files changed, 32 insertions(+), 44 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index bfbf9de57..b84aaee38 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -89,7 +89,8 @@ /* Auto-enable MBEDTLS_MD_LIGHT if some module needs it. */ -#if defined(MBEDTLS_PEM_PARSE_C) || \ +#if defined(MBEDTLS_ECJPAKE_C) || \ + defined(MBEDTLS_PEM_PARSE_C) || \ defined(MBEDTLS_RSA_C) #define MBEDTLS_MD_LIGHT #endif diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ffaeccb1d..4f214cf50 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -374,12 +374,10 @@ #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif -/* Use of EC J-PAKE in TLS requires SHA-256. - * This will be taken from MD if it is present, or from PSA if MD is absent. - * Note: MBEDTLS_ECJPAKE_C depends on MBEDTLS_MD_C || MBEDTLS_PSA_CRYPTO_C. */ +/* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) && \ - !( !defined(MBEDTLS_MD_C) && defined(PSA_WANT_ALG_SHA_256) ) + !(defined(MBEDTLS_SHA256_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index bf88f61ec..0940cb6ef 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -993,9 +993,13 @@ * might still happen. For this reason, this is disabled by default. * * Requires: MBEDTLS_ECJPAKE_C - * SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C) + * SHA-256 (via MBEDTLS_SHA256_C or a PSA driver) * MBEDTLS_ECP_DP_SECP256R1_ENABLED * + * \warning If SHA-256 is provided only by a PSA driver, you must call + * psa_crypto_init() before the first hanshake (even if + * MBEDTLS_USE_PSA_CRYPTO is disabled). + * * This enables the following ciphersuites (if other requisites are * enabled as well): * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 @@ -2504,13 +2508,8 @@ * * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C * - * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() - * before doing any EC J-PAKE operations. - * - * \warning When building with MBEDTLS_MD_C, all hashes used with this - * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, - * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by - * this module in builds where MBEDTLS_MD_C is disabled. + * \warning If using a hash that is only provided by PSA drivers, you must + * call psa_crypto_init() before doing any EC J-PAKE operations. */ #define MBEDTLS_ECJPAKE_C diff --git a/library/ecjpake.c b/library/ecjpake.c index 36c1327bd..d3836ac0b 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -30,18 +30,6 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -/* We use MD first if it's available (for compatibility reasons) - * and "fall back" to PSA otherwise (which needs psa_crypto_init()). */ -#if !defined(MBEDTLS_MD_C) -#include "psa/crypto.h" -#include "mbedtls/psa_util.h" -#if !defined(MBEDTLS_ECJPAKE_ALT) -#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_md_errors, \ - psa_generic_status_to_mbedtls) -#endif /* !MBEDTLS_ECJPAKE_ALT */ -#endif /* !MBEDTLS_MD_C */ - #include "hash_info.h" #include @@ -66,19 +54,8 @@ static int mbedtls_ecjpake_compute_hash(mbedtls_md_type_t md_type, const unsigned char *input, size_t ilen, unsigned char *output) { -#if defined(MBEDTLS_MD_C) return mbedtls_md(mbedtls_md_info_from_type(md_type), input, ilen, output); -#else - psa_algorithm_t alg = mbedtls_psa_translate_md(md_type); - psa_status_t status; - size_t out_size = PSA_HASH_LENGTH(alg); - size_t out_len; - - status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len); - - return PSA_TO_MBEDTLS_ERR(status); -#endif /* !MBEDTLS_MD_C */ } /* @@ -142,15 +119,9 @@ int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, ctx->role = role; -#if defined(MBEDTLS_MD_C) if ((mbedtls_md_info_from_type(hash)) == NULL) { return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; } -#else - if (mbedtls_psa_translate_md(hash) == MBEDTLS_MD_NONE) { - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - } -#endif ctx->md_type = hash; diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index d5c0f07d4..20f1bf8f8 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -109,6 +109,8 @@ void ecjpake_invalid_param() mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1; + MD_PSA_INIT(); + mbedtls_ecjpake_init(&ctx); TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -118,14 +120,19 @@ void ecjpake_invalid_param() valid_group, buf, len)); exit: - return; + MD_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void ecjpake_selftest() { + MD_PSA_INIT(); + TEST_ASSERT(mbedtls_ecjpake_self_test(1) == 0); + +exit: + MD_PSA_DONE(); } /* END_CASE */ @@ -137,6 +144,8 @@ void read_bad_md(data_t *msg) const size_t pw_len = 0; int any_role = MBEDTLS_ECJPAKE_CLIENT; + MD_PSA_INIT(); + mbedtls_ecjpake_init(&corrupt_ctx); TEST_ASSERT(mbedtls_ecjpake_setup(&corrupt_ctx, any_role, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, @@ -148,6 +157,7 @@ void read_bad_md(data_t *msg) exit: mbedtls_ecjpake_free(&corrupt_ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -158,6 +168,8 @@ void read_round_one(int role, data_t *msg, int ref_ret) const unsigned char *pw = NULL; const size_t pw_len = 0; + MD_PSA_INIT(); + mbedtls_ecjpake_init(&ctx); TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, role, @@ -168,6 +180,7 @@ void read_round_one(int role, data_t *msg, int ref_ret) exit: mbedtls_ecjpake_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -178,6 +191,8 @@ void read_round_two_cli(data_t *msg, int ref_ret) const unsigned char *pw = NULL; const size_t pw_len = 0; + MD_PSA_INIT(); + mbedtls_ecjpake_init(&ctx); TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_CLIENT, @@ -194,6 +209,7 @@ void read_round_two_cli(data_t *msg, int ref_ret) exit: mbedtls_ecjpake_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -204,6 +220,8 @@ void read_round_two_srv(data_t *msg, int ref_ret) const unsigned char *pw = NULL; const size_t pw_len = 0; + MD_PSA_INIT(); + mbedtls_ecjpake_init(&ctx); TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_SERVER, @@ -220,5 +238,6 @@ void read_round_two_srv(data_t *msg, int ref_ret) exit: mbedtls_ecjpake_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */