Commit graph

1985 commits

Author SHA1 Message Date
gabor-mezei-arm
4a21019653 Implement psa_sign_message and psa_verify_message functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:49 +02:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api
PSA API for PBKDF2-HMAC
2021-05-12 18:00:30 +02:00
TRodziewicz
102c89ed65 Remove the MBEDTLS_SSL_RECORD_CHECKING option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-12 13:28:59 +02:00
David Horstmann
fba138a08a Remove buffer_size maximum from ssl_server2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-05-11 15:23:56 +01:00
Mateusz Starzyk
72f60dfcc1 Remove MBEDTLS_TEST_NULL_ENTROPY config option.
Building the library without entropy sources negates any and all security
provided by the library.
This option was originally requested a relatively long time ago and it
does not provide any tangible benefit for users any more.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-11 13:15:19 +02:00
David Horstmann
95d516f319 Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-05-10 17:02:48 +01:00
Mateusz Starzyk
6326a8dd37 Fix SHA definitions and their dependencies in library and test suites.
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-10 13:51:53 +02:00
Manuel Pégourié-Gonnard
f0c28eff09 Avoid introducing PSA_ALG_NONE for now
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:13:48 +02:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder
Remove deprecated functions and constants.
2021-05-07 10:05:30 +02:00
Gilles Peskine
99cce1dd4f Remove copy-pasted definition of PYTHON that wasn't used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-06 11:36:50 +02:00
Ronald Cron
98d00d06a0
Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites
Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
2021-05-04 17:20:36 +02:00
Manuel Pégourié-Gonnard
71d955a79d Introduce PSA_ALG_NONE
It is required by the standard definition of PSA_ALG_GET_HASH.

Documentation and definition from:
https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_NONE

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:36:48 +02:00
Manuel Pégourié-Gonnard
c149e1de9b Remove duplicated definition of PSA_ALG_GET_HASH()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:25:05 +02:00
Manuel Pégourié-Gonnard
c7f8dbe837 Update generated files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 09:41:35 +02:00
Manuel Pégourié-Gonnard
aa923b9fed Update generated files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 11:03:24 +02:00
Gilles Peskine
59d97a16d6
Merge pull request #4437 from gilles-peskine-arm/aes2crypt-removal-2.x
Remove the sample program aescrypt2
2021-04-30 11:15:22 +02:00
TRodziewicz
85dfc4de20 Applying current changes
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
Reduce ROM usage due to X.509 info
2021-04-28 17:31:55 +01:00
Gilles Peskine
98b3cd6b23 Remove the sample program aescrypt2
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.

Fix #1906

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-28 15:57:30 +02:00
Mateusz Starzyk
e3c48b4a88 Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Mateusz Starzyk
3352a53475 Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.

check_config is the only module which enforces that SHA512 is
enabled together with SHA384.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 13:30:40 +02:00
Chris Jones
fa1f904990 Fix an error when copy-pasting x509_crt_verify_info
Made a mistake when copy-pasting and put the guard in the wrong place.
Fix that by moving the compile time guard.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-28 10:04:05 +01:00
Chris Jones
e383fa65d7 Move x509_crt_verify_info to ssl_test_common_source.c
This function was introduced before ssl_test_common_source.c and so the
function is replicated in both ssl_client2.c and ssl_server2.c. Move
the function to ssl_test_common_source.c to avoid duplication.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:38:24 +01:00
Chris Jones
ee33c60fc2 Fix minor styling issues
Remove some accidental newlines that were added previously.

Update some definition guards to make it clearer that
`MBEDTLS_X509_REMOVE_INFO` is defined and not undefined.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:38:24 +01:00
Hanno Becker
eb2efb0de7 Avoid unused variable warning in X.509 CSR fuzzing
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
da121744da Fix preprocessor guard in ssl_server2.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
54ac185f33 Adapt X.509 fuzzing code to support MBEDTLS_X509_REMOVE_INFO
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
2c2722d637 Add missing MBEDTLS_X509_REMOVE_INFO guards in ssl_context_info.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
7ac83f91bf Print X.509 verify info strings even if MBEDTLS_X509_REMOVE_INFO
The new compile-time option MBEDTLS_X509_REMOVE_INFO removes various
X.509 debugging strings and functionality, including

```
  mbedtls_x509_crt_verify_info()
```

which ssl_client2.c and ssl_server2.c use to print human readable
descriptions of X.509 verification failure conditions. Those
conditions are also grepped for in numerous ssl-opt.sh tests.

Instead of disabling those tests if MBEDTLS_X509_REMOVE_INFO is set,
this commit essentially moves mbedtls_x509_crt_verify_info() to
ssl_client2.c and ssl_server2.c. However, instead of just copy-pasting
the code from x509_crt.c, the following approach is used:

A macro MBEDTLS_X509_CRT_ERROR_INFO_LIST is introduced which for each
verification failure condition invokes a user-defined macro X509_CRT_ERROR_INFO
with (a) the numerical error code, (b) the string presentation of the
corresponding error macro, (c) the info string for the error condition.
This macro can thus be used to generate code which somehow iterates over
the verifiation failure conditions, but the list of error conditions and
information strings is nowhere duplicated.

This is then used to re-implement mbedtls_x509_crt_verify_info() in
x509_crt.c and to provide a functionally equivalent (yet slightly different)
version in ssl_client2.c and ssl_server2.c in case MBEDTLS_X509_REMOVE_INFO
is set.

This way, little changes to ssl-opt.sh will be necessary in case
MBEDTLS_X509_REMOVE_INFO is set because the info strings for the
verification failure conditions will be printed regardless of whether
MBEDTLS_X509_REMOVE_INFO is set or not.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
5d4c4b1f95 Add missing dependencies on !MBEDTLS_X509_REMOVE_INFO
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Hanno Becker
612a2f1504 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO
The introduction of positive options to control the presence
of pre-existing functionality breaks the build for users of
handwritten configurations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:18:52 +01:00
Peter Kolbus
9a969b66c1 Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Ronald Cron
cee427002b Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
Fix 4416

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-27 09:34:14 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
Mateusz Starzyk
f9c7b3eb11 Remove PKCS#11 library wrapper.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-21 11:05:00 +02:00
Mateusz Starzyk
a58625f90d Remove optional SHA-1 in the default TLS configuration.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 18:39:10 +02:00
Bence Szépkúti
ec174e292d Update all uses of old AEAD output size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:06 +02:00
Steven Cooreman
6801f08973 Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
According to the design in psa-driver-interface.md. Compiles without
issue in test_psa_crypto_drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Mateusz Starzyk
c301bd56f0 Merge branch 'development_3.0' into drop_old_tls_options 2021-04-15 13:55:20 +02:00
Mateusz Starzyk
f5c535139d Remove remaining comments and strings refering to removed features.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-15 13:28:52 +02:00
Chris Jones
9c6356881f Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
This config option has been unused for >5 years and so should be removed.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-09 16:10:48 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Gilles Peskine
b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
Gilles Peskine
d5200371ec
Merge pull request #3512 from gilles-peskine-arm/ecp-alloc-202007
Reduce the number of allocations in ECP operations
2021-04-02 00:08:35 +02:00
Ronald Cron
17fbf5b3c4
Merge pull request #4237 from paul-elliott-arm/fix_printf_extra
Fix printf missed issues
2021-03-30 16:40:56 +02:00
Gilles Peskine
27354690cb Use a bit-size in the algorithm name
Call it “SHAKE256-512”, just like SHA3-512 has 512 bits of output.
SHAKE256-64 looks like it's 64 bits of output, but this is 64 bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
3a1101a122 Define algorithms for EdDSA
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
4a7074022a Add a compile-time dependency to psa_constant_names_generated.c
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers
Unify internal headers in library/
2021-03-29 11:18:54 +02:00
Mateusz Starzyk
a2d16b39bc Remove certs.h includes from test applications.
Tests should no longer consider certs.h as a part of public API.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-19 12:49:41 +01:00
Paul Elliott
29b641688d Fix printf format issue in programs
Fix issues that were missed as part of previous printf attribute
cleanup

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-17 13:08:10 +00:00
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls.
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 15:51:25 +01:00
Mateusz Starzyk
e204dbf272 Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
5224e29f0e Drop support for RC4 TLS ciphersuites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
a3a9984a5d Drop support for TLS record-level compression.
Remove option MBEDTLS_ZLIB_SUPPORT.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:51 +01:00
Mateusz Starzyk
2012ed7560 Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:09 +01:00
Mateusz Starzyk
06b07fb839 Drop support for SSLv3.
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:05 +01:00
Ryan LaPointe
dbb192d157 Fix inaccurate comment in sample DTLS server
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:27 -04:00
Ryan LaPointe
59244e87e1 Actually use the READ_TIMEOUT_MS in the sample DTLS client and server
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:08 -04:00
Mateusz Starzyk
9e9ca1a738 Drop support for parsing SSLv2 ClientHello.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-15 11:40:28 +01:00
Chris Jones
a1df4949b9 Remove internal file references in programs/
`entropy_poll.h` and `md_wrap.h` were still being used in some of the
example programs. As these headers are now internal, remove their
references and replace them with publicly available functions.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-11 17:44:43 +00:00
Paul Elliott
61d2209e42 Fix missed invalid specifier in PSA Crypto build
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
9e3256aead Adding printf format warning flags to makefiles
Add printf format warning flags that are supported by GCC 3.0 or later
to the makefiles

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Chris Jones
ea0a865c69 Move entropy_poll.h to library
`entropy_poll.h` is not supposed to be used by application code and
is therefore being made internal.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
16dbaeb9eb Move padlock.h to library
`padlock.h` is actually an internal header and is moved accordingly.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
187782f41e Move aesni.h to library
`aesni.h` is an internal header and is moved accordingly.

Also removes some references to internal headers in scripts with
only public headers.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
daacb59c2e Rename <pk/md/cipher>_internal.h to *_wrap.h
Revert changes introduced in 50518f4195
as it is now clear that these headers are internal without the
`*_internal.h` suffix.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
84a773f8e6 Rename ssl_internal.h to ssl_misc.h
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
4c5819c318 Move bn_mul.h to library/
Move `include/mbedtls/bn_mul.h` to `library/bn_mul.h`.

Update includes and references to `bn_mul.h` to new location.

Also remove internal headers from `cpp_dummy_build.cpp` as it should only
test public headers in the library.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
e2191cd789 Update includes to use library/ instead of include/mbedtls/
Simple find and replace using `#include (<|")mbedtls/(.*)_internal.h(>|")`
and `#include $1$2_internal.h$3`.

Also re-generated visualc files by running
`scripts/generate_visualc_files.pl`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
7b9f33cc8c Move include/mbedtls/rsa_internal.h to library/rsa_internal.h
Only move `rsa_internal.h` for now to test dependancies. Other internal
headers will be moved in following commits.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:45:52 +00:00
Mateusz Starzyk
7d48b28218 Remove 1.3 to 2.0 transition helpers files.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-03 11:00:34 +01:00
Steven Cooreman
947bb0b06f Code readability improvements
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
4400c3a44a Add _AT_LEAST_THIS_LENGTH_ macros to PSA constants test
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Gilles Peskine
7f3d10de02
Merge pull request #4159 from d3zd3z/header-list
Add missing header to cpp_dummy_build.cpp test
2021-02-24 18:36:41 +01:00
Gilles Peskine
60fe6606bf Only define test_hooks_xxx under MBEDTLS_TEST_HOOKS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
00d0ad4036 Clarify the advice about reporting errors in test hooks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
76e9c64c3e Clarify the advice about reporting errors in test hooks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
414e717036 Deinitialize the PSA subsystem
The PSA subsystem may consume global resources. It currently doesn't
consume any heap when no keys are registered, but it may do so in the
future. It does consume mutexes, which are reported as leaks when
mutex usage checking is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
e374b95fe1 Detect and report mutex usage errors in SSL test programs
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
d0a46e5c7f ssl_server2: don't check test hooks failure in query_config mode
Test hook failure checks may print information to stdout, which messes
up the usage of query_config mode. Nothing interesting happens in
query_config mode anyway, so that's no loss.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
53dea743d5 SSL test programs: allow for test hooks init and error reports
Create utility functions to set up test hooks and report errors that
the test hooks might detect. Call them in ssl_client2 and ssl_server2.

Test hooks are potentially enabled by compiling with
MBEDTLS_TEST_HOOKS.

This commit only sets up the functions. It doesn't make them do
anything yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman
d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
David Brown
5fd5747402 Add missing header to cpp_dummy_build.cpp test
Part of build_default_make_gcc_and_cxx compares the list of headers
included by `programs/test/cpp_dummy_build.cpp` and the actual headers
present.  Add in the missing `mbedtls/psa_config.h` file to this list so
that this test passes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-19 14:19:51 -07:00
Gilles Peskine
48113ebb62 Initialize the test RNG whenever it's present
It's no longer restricted to MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine
8133abd746 SSL test programs: always allow building with the PSA external RNG
The SSL test programs can now use the PSA RNG, and the PSA RNG can use
an external RNG. The build conditions hadn't been updated and didn't
cover the case when MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is enabled but
MBEDTLS_USE_PSA_CRYPTO is disabled. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine
b8c484088c Fix psa_destroy_key called after mbedtls_psa_crypto_free
Move the call to destroy the PSK to before freeing the SSL session
data and calling rng_free(), which deinitializes the PSA subsystem.
This particular ordering was chosen to make the ssl_client2 more
similar to ssl_server2. This fixes the client failing on the
psa_destroy_key() call in `ssl-opt.sh -f 'opaque psk on client'`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:02 +01:00
Gilles Peskine
34babfc5b2 Add comments to a few #endif closing a long chunk
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:44:37 +01:00
Gilles Peskine
8eb2943705 Support mbedtls_psa_get_random() in SSL test programs
The SSL test programs can now use mbedtls_psa_get_random() rather than
entropy+DRBG as a random generator. This happens if
the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if
MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine
bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00
Steven Cooreman
ea8d387406 Fix config query file
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:47 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Manuel Pégourié-Gonnard
4dad303e99
Merge pull request #4089 from mstarzyk-mobica/remove_havege
Remove Havege module.
2021-02-12 10:02:15 +01:00
Mateusz Starzyk
0fdcc8eee9 Remove Havege module.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-02-11 14:17:07 +01:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Gilles Peskine
d945871c55
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
Use PSA_ERROR_DATA_INVALID where warranted
2021-02-03 20:54:46 +01:00
Gilles Peskine
aaedbdcfd6 Refuse reproducible mode with MBEDTLS_USE_PSA_CRYPTO
With MBEDTLS_USE_PSA_CRYPTO, some of the randomness for the TLS
connection is generated inside the PSA crypto subsystem, which has no
reproducible mode. Whether there is a nonzero amount of randomness
coming from inside the PSA subsystem rather than from the random
generator set by mbedtls_ssl_conf_rng() depends on the choice of
cipher suite and other connection parameters as well as the level of
support for MBEDTLS_USE_PSA_CRYPTO. Rather than give unreliable
results, conservatively abort with a clear error message.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 13:55:22 +01:00
Gilles Peskine
4a23c98506 Fix exit status if the RNG seeding failed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 13:54:41 +01:00
Ronald Cron
3768ac12a8 Add MBEDTLS_PSA_CRYPTO_CLIENT configuration option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:16:01 +01:00
Gilles Peskine
53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
Ronald Cron
0426e2545d
Merge pull request #4020 from gilles-peskine-arm/ssl_test_lib-hmac_drg
Support HMAC_DRBG in SSL test programs
2021-01-29 08:58:23 +01:00
Ronald Cron
ddb3bd57d3
Merge pull request #3897 from d3zd3z/fix-cmake28
cmake: Fix added sources to targets
2021-01-26 13:35:56 +01:00
Gilles Peskine
da9529f3e0 Update copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-25 13:42:42 +01:00
Gilles Peskine
94ad831f8e Add comments to some endif guards
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-25 13:42:28 +01:00
gabor-mezei-arm
cbcec21684
Rename output buffer size macros
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Gilles Peskine
1af872d23b Move the fake PSA external RNG to its own header and source files
Move the declaration of the functions needed to use the test
implementation of mbedtls_psa_external_get_random() to a new header
file. Before, they were declared in
tests/include/test/psa_crypto_helpers.h, but this header file can't be
included in sample programs because it also includes headers from the
library directory which is not on the include path for sample
programs.

This fixes the build of the sample programs when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_USE_PSA_CRYPTO are
enabled.

Move the implementation of the functions to a separate .c file as
well. This isn't strictly necessary, but makes the structure of the
source code easier to understand.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 20:02:01 +01:00
Gilles Peskine
2146211204 SSL test programs: enable the PSA test external RNG
Currently, MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is tested with a dummy
insecure implementation of mbedtls_psa_external_get_random. This
function needs to be explicitly enabled at runtime. This needs to
happen when the PSA external RNG is used, which currently is the case
in SSL test programs only when MBEDTLS_USE_PSA_CRYPTO is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 23:53:09 +01:00
Gilles Peskine
ba74904c48 SSL test programs: support HMAC_DRBG
Support HMAC_DRBG in ssl_client2 and ssl_server2, in addition to
CTR_DRBG. CTR_DRBG is still used if present, but it's now possible to
run the SSL test programs with CTR_DRBG disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:30:03 +01:00
Gilles Peskine
535fb37870 SSL test programs: abstract CTR_DRBG away
In ssl_client2 and ssl_server2, to generate random data, go through a
level of indirection provided by ssl_test_lib. This way the programs
don't depend on a particular choice of RNG implementation, and only
ssl_test_lib.{h,c} explicitly reference CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:18:32 +01:00
Gilles Peskine
f1cb75fe13 Local cleanups following the code move
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:18:27 +01:00
Gilles Peskine
daa94c4ff5 SSL test programs: move RNG common code to ssl_test_lib
This commit is deliberately arranged to minimize code changes.
Subsequent commits will clean up the resulting code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:13:47 +01:00
Gilles Peskine
b3715eb86e SSL test programs: prepare to unify common code
In preparation for unifying the common RNG-related code of ssl_client2
and ssl_server2, make it possible to copy-paste that code out of these
programs' main() functions:

* Replaces reads of the non-unifiable structure opt by reads of a
  separate variable.
* Replace references to the local variable rng by a pointer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:08:14 +01:00
Gilles Peskine
8a8492bcd4 SSL test programs: stuff RNG context into a struct
Group the random generation context (entropy and DRBG) into a struct.
This is in preparation for unifying the common RNG-related code of
ssl_client2 and ssl_server2, then generalizing that code to support
methods other than entropy+CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 18:17:32 +01:00
paul-elliott-arm
2427d15ea3
Merge pull request #3986 from gilles-peskine-arm/ssl_test_lib-create
Unify common code of ssl_client2.c and ssl_server2.c
2021-01-13 15:30:00 +00:00
Gilles Peskine
c772b1822a Move the declaration of query_config() to a dedicated header file
Declaring query_config() belongs with the query_config program, not in
ssl_test_lib.h, so move the declaration to a new header file
query_config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 14:19:43 +01:00
Gilles Peskine
b4df754274 Update #else and #endif comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-08 21:21:27 +01:00
Steven Cooreman
97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine
504c1a361e ssl_test_lib: move common functions and variables
Move from ssl_*2.c to ssl_test_lib.c:
* Functions that have exactly identical definitions in the two
  programs, and that don't reference the global variable opt which
  has a different type in the client and in the server. Also declare
  these functions in ssl_test_lib.h.

Move from ssl_*2.c to ssl_test_common_source.c:
* Functions that have exactly identical definitions in the two
  programs, but access fields of the global variable opt which
  has a different structure type in the client and in the server.
* The array ssl_sig_hashes_for_test, because its type is incomplete.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
7c818d68be ssl_test_lib: move common type definitions
Move from ssl_*2.c to ssl_test_lib.h:
* Types defined identically in both files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
c11eb1fa07 Prepare to merge identical code from ssl_client2.c and ssl_server2.c
Adjust whitespace and comments in code of ssl_client2.c and
ssl_server2.c that was almost identical to make these chunks exactly
identical.

Make the common functions non-static.

This is in preparation for moving the common code to ssl_test_lib.c.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
7f679c7bf4 ssl_test_lib: move declaration of query_config
Move from ssl_*2.c to ssl_test_lib.h:
* The declaration of query_config(). Also document it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
67638d6828 ssl_test_lib: move common includes
Move from ssl_*2.c to ssl_test_lib.h:
* Include directives for headers included by both programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
ab7ce96d7b ssl_test_lib: move initial includes and is-it-supported check
Move from ssl_*2.c to ssl_test_lib.h:
* The inclusion of the config header file (identical).
* The fallback definitions of platform functions (almost identical:
  server2 also had snprintf and the order and whitespace was slightly
  different).
* The compilation guards checking that required options are
  enabled (tweaked to make them common, with MBEDTLS_SSL_{CLI,SRV}_C
  separated out).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
0d980b8be8 ssl_test_common_source.c: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c, but cannot be compiled separately and instead needs
to be #include'd in each program that uses it.

This is for code that references macros or types that are defined
differently in the two programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
a3ed34fed6 ssl_test_lib.[hc]: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c. This commit only creates the file; subsequent
commits will populate it.

Add it to the official build systems (make, cmake, VS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
d20a210bbd git: don't ignore fuzz/Makefile
*/Makefile is ignored (because it's created by cmake in in-tree builds).
But fuzz/Makefile is checked into git, so don't ignore it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 21:06:11 +01:00
Gilles Peskine
f06a54cb18 With make, build query_config.c only once
Build query_config.o then link it, instead of building query_config.c
in each of the four programs that use it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 21:06:05 +01:00
Bence Szépkúti
880334cba0 Fix use-after-scope error in programs/ssl
mbedtls_ssl_conf_dtls_srtp_protection_profiles stores the pointer to the
profiles in the configuration.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-15 10:22:05 +01:00
Manuel Pégourié-Gonnard
a27a4e2f18
Merge pull request #3929 from gilles-peskine-arm/psa-driver-remove-old-accel
Remove old proposed accelerator interfaces
2020-12-10 11:31:47 +01:00
Gilles Peskine
2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Gilles Peskine
28f62f6212 Support running the benchmark with a single curve
If you pass a curve name to the benchmark program, the ECDH and ECDSA
benchmarks will only run for that particular curve. By default, all
curves are benchmarked.

To simplify the implementation, if you pass multiple curves, only the
last one will be benchmarked.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 22:51:25 +01:00
Bence Szépkúti
1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Gilles Peskine
db6b03b4f2 Remove old-style accelerator and entropy driver interfaces
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.

The partially implemented dynamic secure element interface is staying
for now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-30 17:37:14 +01:00
Rodrigo Dias Correa
80448aae2c Fix GCC warning about test_snprintf
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".

Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-25 01:13:12 -03:00
gabor-mezei-arm
fe30924c45 Use PSA_ERROR_DATA_INVALID error code
If the file is read correctly, but it contains data that isn't valid,
the crypto storage code returns PSA_ERROR_DATA_INVALID.
The PSA_ERROR_DATA_CORRUPT and PSA_ERROR_STORAGE_FAILURE error codes are
replaced with PSA_ERROR_DATA_INVALID, except in the ITS subsystem.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-24 13:37:52 +01:00
gabor-mezei-arm
3d8b4f54d3 Add missing error code documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-24 13:37:52 +01:00
Gilles Peskine
ed03890281 PSA: allow the configuration to favor HMAC_DRBG
Allow the user to configure PSA to use HMAC_DRBG even if CTR_DRBG is
available, or to explicitly select the hash algorithm to use for
HMAC_DRBG, by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE in config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine
f08b3f8624 Autonomous random driver: create configuration option
Create a configuration option for autonomous random drivers, i.e. PSA
crypto drivers that provide a random generator, that have their own
entropy source and do not support injecting entropy from another
source.

This commit only creates the configuration option. Subsequent commits
will add the implementation and tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 16:28:09 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Ronald Cron
c9851141a2 programs: ssl: Fix printf parameter type cast
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
David Brown
a8e309e01d cmake: Fix added sources to targets
In cmake version < 3.0, the SOURCES property on targets cannot be
modified after the target is defined.  There are several instances in
the code that were using `target_properties()`, which is not available
in the older versions of cmake.  Unfortunately, the workaround in #3801
(381c1078fc) assumes that this SOURCES property can be modified.

Work around this by building up any necessary sources before declaring
the target.  This is more awkward, but needed to continue to be able to
support the old versions of cmake.

Fixes #3788.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-11-18 16:28:00 -07:00
Gilles Peskine
c70431451b
Merge pull request #3867 from gilles-peskine-arm/error-include-string
Fix several configuration-related issues
2020-11-17 20:32:59 +01:00
Ronald Cron
77c89f5ad6 Fix several typos
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-11 15:12:14 +01:00