Commit graph

29777 commits

Author SHA1 Message Date
David Horstmann
762f9f9cbb Restore X509 functions erroneously made private
Restore the following functions to public headers:
* mbedtls_x509_dn_get_next()
* mbedtls_x509_serial_gets()
* mbedtls_x509_time_cmp()
* mbedtls_x509_time_gmtime()
* mbedtls_x509_time_is_past()
* mbedtls_x509_time_is_future()
* mbedtls_x509_parse_subject_alt_name()
* mbedtls_x509_free_subject_alt_name()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-19 11:07:50 +00:00
Manuel Pégourié-Gonnard
d93e640882
Merge pull request #8797 from adeaarm/check_config_look_for_crypto_client
Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT
2024-02-19 08:14:34 +00:00
Valerio Setti
eba4ca19c6 test_suite_pem: solve driver test disparities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 07:42:18 +01:00
Valerio Setti
4cc6522a85 pem: do not parse ASN1 data after decryption (removes ASN1 dependency)
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:12 +01:00
Valerio Setti
8aff4ef274 test_suite_pem: add more test cases for invalid padding data
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:08 +01:00
Valerio Setti
90ea4fd201 pk: fix documentation for sign/verify and encrypt/decrypt
Remove exception warnings about PKCS1v1.5, since now both padding
formats are treated properly no matter if USE_PSA_CRYPTO is
defined or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Gilles Peskine
46ee81d259 test_suite_pk: add test cases for RSA keys (sign/verify & crypt/decrypt)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Valerio Setti
0f286d5453 pem: reject empty PEM contents
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 14:30:58 +01:00
Gilles Peskine
83b8baf899 mbedtls_pk_import_into_psa: fix Montgomery keys in the legacy case
Fix the workaround for the weirdness of mbedtls_ecp_write_key(), which
assumed a Weierstrass key.

This fixes the Montgomery private key parse tests in test_suite_pkparse.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:26:07 +01:00
Gilles Peskine
2ec141a429 After pk_import_into_psa, test that the keys match
We were testing the internal consistency of the resulting key, and that the
resulting key had the right metadata, but we were not testing that the PSA
key had the expected key material. Comparing the public keys fixes that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:22:37 +01:00
Gilles Peskine
6fe8a06f7e New test helper: mbedtls_test_key_consistency_psa_pk
Test that a PK key and a PSA key are consistent, i.e. that they have the
same type (or are a key pair and the corresponding public key) and that
they have the same public key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:21:17 +01:00
Ronald Cron
24da9917a6 tests: ssl: early data: Add systematic default case in scenario switches
In TLS 1.3 early data tests, to reduce the risk
of not updating a switch over possible scenarios
when adding a new scenario, add systematically a
default case that fails the test.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
d6d32b9210 tls13: Improve declaration and doc of early data status
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
b9a9b1f5a5 tls13: Fix/Improve comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
84dfbf488a tls13: client: Add comment about early data in 2nd ClientHello
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
5fbd27055d tls13: Use a flag not a counter for CCS and HRR handling
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:02 +01:00
Gilles Peskine
4da1f01f88 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00
Gilles Peskine
d6fc3501c0 Test mbedtls_pk_import_into_psa with different bits
This was only tested with opaque keys. Since the code paths are different
depending on the PK type, we also need to test RSA and ECKEY.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00
Valerio Setti
93ecbef6a8 pk_wrap: set proper PSA algin rsa wrappers based on padding mode set in RSA context
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-15 15:52:05 +01:00
Paul Elliott
ba536dc1db Lock test mutex before doing mutex usage check
Although this again should only happen post all threads stopping, guard
this just in case things change.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-15 13:04:31 +00:00
Paul Elliott
114ed5ef1e Fix missing mutex lock for mutex usage error
Although this can only be read in a situation where threads should have
already stopped, best to fix this as its public.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-15 12:52:45 +00:00
Paul Elliott
264e21011a Rename internal test info data accessors
Rename internal test info data accessors by adding _internal to mark
them as obviously internal. Add to the intial comment block to further
explain the mutex locking policy.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-15 12:52:45 +00:00
Gilles Peskine
68a287dc7a Use named constants FROM_PAIR/FROM_PUBLIC for readability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:30:55 +01:00
Gilles Peskine
f50cd59b51 Fix encrypt/decrypt confusion
The values are the same for all supported mechanisms (RSA-based), so no
semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:13:26 +01:00
Gilles Peskine
cbd2cbb408 Rename identifier for consistency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:12:44 +01:00
Janos Follath
0315123cfb
Merge pull request #8691 from billatarm/add-pc-files
pkg-config: add initial pkg-config files
2024-02-15 11:21:14 +00:00
Gilles Peskine
63072b1f94 Only test custom-e RSA key generation when built in
Custom-e RSA key generation is not yet supported in the test driver, and we
don't support fallback from the test driver to the built-in
implementation (even though we're testing with MBEDTLS_RSA_C). So for the
time being, only run psa_generate_key_ext test cases for RSA with a custom
public exponent when using the built-in implementation.

Add a test case to validate that psa_generate_key_ext test cases for RSA
with a custom public exponent returns NOT_SUPPORTED (rather than silently
doing the wrong thing) when not using built-in RSA (which is subtly
different from when having accelerated RSA: if both are enabled, which we
currently don't do in all.sh, then this should be supported and this is
validated by the test cases above).

This wart will be resolved when we add support for drivers with a
generate_key_ext entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 12:02:04 +01:00
Gilles Peskine
69f11c8dfb generate key ext: skip driver invocation with non-default method
In the driver wrapper for psa_generate_key() and psa_generate_key_ext():

* Invoke the built-in code if using a non-default method, even if there
  might be an accelerator. This is ok because we only support non-default
  methods for RSA and we don't support driver-only RSA, therefore a
  non-default method will always have built-in code behind it.
* Return NOT_SUPPORTED if trying to use a non-default method with an opaque
  driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
c81393b2ed generate/derive key ext: pass method_data_length rather than method_length
Instead of passing the size of the whole structure, just pass the data
length and let the implementation worry about adding the size of the
structure. The intent with passing the structure size was to allow
the client code in a client-server implementation to know nothing
about the structure and just copy the bytes to the server. But that was not
really a useful consideration since the application has to know the
structure layout, so it has to be available in the client implementation's
headers. Passing the method data length makes life simpler for everyone by
not having to worry about possible padding at the end of the structure, and
removes a potential error condition
(method_length < sizeof(psa_key_generation_method_t)).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
7a18f9645c psa_generate_key_ext: RSA: support custom public exponent
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:46 +01:00
Gilles Peskine
f0765fa06a Implement psa_generate_key_ext, psa_key_derivation_output_key_ext
Implement and unit-test the new functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext(), only for the default method.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:19:27 +01:00
Gilles Peskine
1d25a0a810 Refactoring: extract rsa_test_e
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:19:27 +01:00
Gilles Peskine
6d81cbc81f Document new functions psa_generate_key_ext, psa_key_derivation_output_key_ext
Document proposed additions to the PSA API: psa_generate_key_ext(),
psa_key_derivation_output_key_ext(). For psa_generate_key_ext(), document
the one use case we intend to implement immediately, which is generating an
RSA key with a custom public exponent.

Subsequent commits will implement the documented functionality.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:19:26 +01:00
Manuel Pégourié-Gonnard
59d63b2106
Merge pull request #8582 from yanrayw/issue/8167/PK_parse_write_OID_dependency
PK parse and PK write: add dependency check with OID
2024-02-15 08:34:14 +00:00
Yanray Wang
a8f8eb1e35 check_config: add missing dependency check for MBEDTLS_PK_WRITE_C
MBEDTLS_PK_WRITE_C requires MBEDTLS_ASN1_WRITE_C, but there is no
corresponding check in check_config.h. In addition, corresponding
documentation for `Requires` is updated in mbedtls_config.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 16:00:35 +00:00
Yanray Wang
072a068f9f check_config: combine check for MBEDTLS_PK_PARSE_C
- check_config.h: combine separate check for MBEDTLS_PK_PARSE_C
- mbedtls_config.h: update documentation for `Requires`

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 16:00:28 +00:00
Yanray Wang
5b118d4aed Check MBEDTLS_PK_{PARSE,WRITE}_C requires MBEDTLS_OID_C
- check_config.h: add this dependency check
- mbedtls_config.h: update corresponding requirement documentation

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
687bfcb54c pk: remove duplicate define of MBEDTLS_PK_HAVE_ECC_KEYS
In pk.h, MBEDTLS_PK_HAVE_ECC_KEYS is enabled if ECP_C is defined or
USE_PSA_CRYPTO && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY are defined.
But this logic is duplicate with its definition in
config_adjust_legacy_crypto.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
e9954bb9d5 test_suite_pk.function: add correct dependency
In valid_parameters_pkwrite, we first parse a public key then test
with mbedtls_pk_write_xxx functions. So valid_parameters_pkwrite
should depend on both MBEDTLS_PK_WRITE_C and MBEDTLS_PK_PARSE_C.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
b807cc6eba Add checks for PK_[PARSE/WRITE]_C when PK_HAVE_ECC_KEYS is set
When PK_HAVE_ECC_KEYS is set with PK_[PARSE/WRITE]_C, it needs OID_C
to be enabled. This commit adds proper checks in check_config.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Paul Elliott
e66c841c73 Make internal test info accessor functions static.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-14 15:03:11 +00:00
Ryan Everett
73feaf2682 Comment on locking strategy in psa_fail_key_creation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
3d8118d9dc Revert psa_reserve_free_key_slot changes, lock in start_key_creation instead
This means we can hold the mutex around the call to reserve_free_key_slot
in get_and_lock_key_slot, avoiding inefficient rework.
(Changes to get_and_lock_key_slot are not in scope in this PR)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
b71014406c Make psa_fail_key_creation thread safe
Hold the mutex for the entirety of the call.
We need the mutex for the wipe, also hold it for aborting driver transactions as this
may have side effects.
We can't use the macros here as this function returns void.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
91ffe5b871 Make psa_finish_key_creation thread safe
Hold mutex for the entirety of the call.
We are writing to storage and writing to the slot state here.
If we didn't keep the mutex for the whole duration then we may end up with
another thread seeing that a persistent key is in storage before
our slot is set to FULL; this would be unlinearizable behaviour.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
024b395f85 Make psa_reserve_free_key_slot thread safe
Everything needs to be done under the mutex here, we operate directly on FULL/EMPTY
slots, and we can't let key_slots_initialized change before we operate on slots.
Refactor to use an exit label.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Gilles Peskine
3ea9450463
Merge pull request #8734 from valeriosetti/issue8564
Add test for driver-only HMAC
2024-02-14 13:43:40 +00:00
Gilles Peskine
0020080f44
Merge pull request #8810 from PiotrBzdrega/development
move entropy init prior arguments number recognition
2024-02-14 13:43:36 +00:00
Tom Cosgrove
1c0b1bffee
Merge pull request #8779 from gilles-peskine-arm/rsa-bitlen-fix
Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
2024-02-14 11:18:25 +00:00
Tom Cosgrove
d26df72256
Merge pull request #8820 from gilles-peskine-arm/sha3-compressed-rc
SHA3: Pack the iota round constants
2024-02-14 09:33:50 +00:00