Commit graph

10756 commits

Author SHA1 Message Date
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
2024-03-04 08:52:08 +01:00
Manuel Pégourié-Gonnard
e33b349c90
Merge pull request #8864 from valeriosetti/issue8848
Deprecate or remove mbedtls_pk_wrap_as_opaque
2024-03-01 15:54:32 +00:00
Ronald Cron
9b4e964c2c
Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data
TLS 1.3: Add mbedtls_ssl_write_early_data() API
2024-02-29 14:31:55 +00:00
Gilles Peskine
c0f7a8680f mbedtls_ecp_write_key(): deprecate the old function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 13:19:42 +01:00
Gilles Peskine
84b9f1b039 mbedtls_ecp_write_key_ext(): migrate internally
Stop using mbedtls_ecp_write_key() except to test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 13:19:42 +01:00
Gilles Peskine
e3fb4ccabf mbedtls_ecp_write_key_ext(): new function
Same as mbedtls_ecp_write_key(), but doesn't require the caller to figure out
the length of the output and possibly distinguish between Weierstrass and
Montgomery curves.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 13:19:42 +01:00
Manuel Pégourié-Gonnard
7f523bf9eb
Merge pull request #8845 from gilles-peskine-arm/ecp-write-doc-3.6
Document ECP write functions
2024-02-28 11:04:38 +00:00
Valerio Setti
b484e37d91 pk: fix alg selection in mbedtls_pk_sign_ext() for opaque keys
This commit also fixes pk_psa_wrap_sign_ext() setting the RSA padding
mode so that mbedtls_pk_get_psa_attributes() correctly guesses
the PSA alg to be used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-28 09:44:35 +01:00
Valerio Setti
23e637a7c7 test_suite_pk: initialize all PSA key IDs and attributes
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-27 13:56:57 +01:00
Valerio Setti
a9de9445b1 ssl_helpers: minor fix in mbedtls_test_ssl_endpoint_certificate_init()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-27 13:56:09 +01:00
Tom Cosgrove
ca21b241bd
Merge pull request #8840 from gilles-peskine-arm/domain_parameters-remove
Remove domain parameters
2024-02-27 10:36:51 +00:00
Valerio Setti
1fa2f6e9af test: remove usage of mbedtls_pk_wrap_as_opaque() from tests
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-27 09:23:35 +01:00
Tom Cosgrove
f4a200f106
Merge pull request #8838 from paul-elliott-arm/improve_test_data_accessors
Improve test info data accessors
2024-02-26 11:22:20 +00:00
Gilles Peskine
4c32b69f37 Ignore domain parameters in RSA key generation
Remove the ability to select a custom public exponent via domain parameters
in RSA key generation. The only way to select a custom public exponent is
now to pass custom production parameters to psa_generate_key_ext().

A subsequent commit will remove domain parameters altogether from the API,
thus this commit does not bother to update the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-26 08:50:38 +01:00
Gilles Peskine
0f63028809
Merge pull request #8815 from gilles-peskine-arm/psa_generate_key_ext-prototype
Introduce psa_generate_key_ext
2024-02-26 07:16:49 +00:00
Paul Elliott
9011dae0c1 Improve documentation / comments
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-24 10:57:22 +00:00
Tom Cosgrove
817772a6ca
Merge pull request #8716 from mschulz-at-hilscher/feature/gcm_largetable
Use large GCM tables
2024-02-23 16:25:38 +00:00
Ronald Cron
dcb09ca6df tests: write early data: Improve get_early_data_status testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-22 12:22:59 +01:00
Ronald Cron
7d158f41ca tests: read early data: Use write API to send early data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-22 11:46:08 +01:00
Ronald Cron
110303fbe5 tests: read early data: Add no early data indication sent scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-22 11:46:02 +01:00
Ronald Cron
86d288c0d4 tests: ssl: Rename tls13_early_data to tls13_read_early_data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-22 11:28:29 +01:00
Ronald Cron
9f2c3c09df tls13: cli: Add mbedtls_ssl_get_early_data_status() API
Add mbedtls_ssl_get_early_data_status() API and its
testing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:51 +01:00
Ronald Cron
0004600702 tests: write early data: Inverse loop over state logic
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:45 +01:00
Ronald Cron
bf5e909467 tests: write early data: Check we can complete handshake after writing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:42:59 +01:00
Ronald Cron
d4069247b8 Improve comments/documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:37:26 +01:00
Gilles Peskine
0aab69d2eb
Merge pull request #8807 from gilles-peskine-arm/pk_import_into_psa-implement_import
Implement mbedtls_pk_import_into_psa
2024-02-21 15:45:17 +00:00
Gilles Peskine
dd49c739f0 Merge remote-tracking branch 'development' into pk_import_into_psa-implement_import
Conflicts:
* tests/suites/test_suite_pk.function: consecutive changes to the
  depends_on line of pk_sign_verify and its argument list.
2024-02-21 12:10:40 +01:00
Manuel Pégourié-Gonnard
0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
2024-02-21 09:38:46 +00:00
Gilles Peskine
23605d19d9 More renaming: method -> production parameters
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 17:10:56 +01:00
Gilles Peskine
092ce51c47 Rename "key generation method" to "key production parameters"
"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295

Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 16:18:13 +01:00
Manuel Pégourié-Gonnard
fc3f980f0f
Merge pull request #8826 from valeriosetti/issue8824
RSA keys set to PSS/OAEP padding perform PKCS1v1.5 when MBEDTLS_USE_PSA_CRYPTO is enabled
2024-02-20 14:08:41 +00:00
Manuel Pégourié-Gonnard
a7f651cf16
Merge pull request #8804 from valeriosetti/issue8799
mbedtls_rsa_parse_key and mbedtls_rsa_parse_pubkey accept trailing garbage
2024-02-20 11:58:52 +00:00
Gilles Peskine
e7a7013910 Remove initialization function for variable-length struct
Assigning the return value of a function that returns a struct with a
flexible array member does not fill the flexible array member, which leaves
a gap in the initialization that could be surprising to programmers. Also,
this is a borderline case in ABI design which could cause interoperability
problems. So remove this function.

This gets rid of an annoying note from GCC about ABI compatibility on
(at least) x86_64.
```
In file included from include/psa/crypto.h:4820,
                 from <stdin>:1:
include/psa/crypto_struct.h: In function ‘psa_key_generation_method_init’:
include/psa/crypto_struct.h:244:1: note: the ABI of passing struct with a flexible array member has changed in GCC 4.4
  244 | {
      | ^
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 12:17:00 +01:00
Valerio Setti
80bc5d6aad test_suite_pk: fix data in some RSA related test cases
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 16:13:47 +01:00
Valerio Setti
f966a97806 test_suite_pk: remove leftover comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:30:27 +01:00
Valerio Setti
e88a1c5b85 pem: fix return values in pem_check_pkcs_padding()
Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of
MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors.
This commit also fix related failures in test pkparse and
pem test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:09:41 +01:00
Valerio Setti
e10674d547 test_suite_pem: fix comment in test case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 14:52:54 +01:00
Gilles Peskine
1c7ff7ea53 mbedtls_ecp_write_key: document and test smaller output buffer
Document and test the current behavior, even if it is weird:

* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
  not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:49:45 +01:00
Gilles Peskine
a395bdd066 mbedtls_ecp_write_key: document and test larger output buffer
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:30:31 +01:00
Valerio Setti
eba4ca19c6 test_suite_pem: solve driver test disparities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 07:42:18 +01:00
Valerio Setti
4cc6522a85 pem: do not parse ASN1 data after decryption (removes ASN1 dependency)
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:12 +01:00
Valerio Setti
8aff4ef274 test_suite_pem: add more test cases for invalid padding data
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:08 +01:00
Gilles Peskine
46ee81d259 test_suite_pk: add test cases for RSA keys (sign/verify & crypt/decrypt)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Valerio Setti
0f286d5453 pem: reject empty PEM contents
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 14:30:58 +01:00
Gilles Peskine
2ec141a429 After pk_import_into_psa, test that the keys match
We were testing the internal consistency of the resulting key, and that the
resulting key had the right metadata, but we were not testing that the PSA
key had the expected key material. Comparing the public keys fixes that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:22:37 +01:00
Gilles Peskine
6fe8a06f7e New test helper: mbedtls_test_key_consistency_psa_pk
Test that a PK key and a PSA key are consistent, i.e. that they have the
same type (or are a key pair and the corresponding public key) and that
they have the same public key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:21:17 +01:00
Ronald Cron
24da9917a6 tests: ssl: early data: Add systematic default case in scenario switches
In TLS 1.3 early data tests, to reduce the risk
of not updating a switch over possible scenarios
when adding a new scenario, add systematically a
default case that fails the test.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
b9a9b1f5a5 tls13: Fix/Improve comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
5fbd27055d tls13: Use a flag not a counter for CCS and HRR handling
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:02 +01:00
Gilles Peskine
d6fc3501c0 Test mbedtls_pk_import_into_psa with different bits
This was only tested with opaque keys. Since the code paths are different
depending on the PK type, we also need to test RSA and ECKEY.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00