Commit graph

8166 commits

Author SHA1 Message Date
Hanno Becker
ef42f22edd Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2018-11-22 13:41:07 +00:00
Manuel Pégourié-Gonnard
23a1ccd23f Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 12:21:20 +01:00
Simon Butcher
3459c749fb Create a block list for Travis CI, and fix the Coverity email 2018-11-22 10:14:03 +00:00
Hanno Becker
e10f191543 Remove MBEDTLS_PSA_CRYPTO_SPM from config.pl
This configuration option has been removed by now.
2018-11-22 09:43:35 +00:00
Manuel Pégourié-Gonnard
fa9a1ca967 Improve description of a test 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
347a00e07e Add test utility function: wrap_as_opaque()
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
59eecb0e9e Guard against PSA generating invalid signature
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
9a5a77ba7c Use shared function for error translation 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
45013a1d54 Fix a compliance issue in signature encoding
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
509aff111f Improve documentation of an internal function 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
d8454bc515 Get rid of large stack buffers in PSA sign wrapper 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
2f2b396b7a Add new macro to detemine ECDSA signature length
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71

This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
392dc045c9 Improve documentation of mbedtls_pk_setup_opaque() 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
69baf70984 Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
3686771dfa Implement pk_sign() for opaque ECDSA keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
d97390e97d Add tests for unsupported operations/functions 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
920c063bad Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
0184b3c69b Add support for get_(bit)len on opaque keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
01a12c49aa Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
7b5fe041f1 Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
eaeb7b23ff Clarify return value of pk_check_pair() 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
20678b2ae2 Skeleton for PK_OPAQUE_PSA 2018-11-22 09:59:34 +01:00
Hanno Becker
c44e0a4bd1 Initialize PSA key slot as invalid in ssl_client2.c
Otherwise, if `mbedtls_psa_get_free_key_slot()` fails to find a fresh
key slot, the slot value will be undefined, and the call to
`psa_destroy_key()` at the end of `main()` is undefined behavior.
2018-11-21 21:12:58 +00:00
Hanno Becker
7390c71609 Share code for PSK identity configuration
This commit shares the code for setting the PSK identity hint between
the functions mbedtls_ssl_conf_psk() and mbedtls_ssl_conf_psk_opaque().
2018-11-21 21:12:58 +00:00
Hanno Becker
f9a3287b7f Fix typo in documentation of mbedtls_ssl_conf_psk() 2018-11-21 21:12:58 +00:00
Hanno Becker
1d911cd59d Automatically allocate opaque PSK key slots in ssl_{client/server}2
Previously, command line arguments `psk_slot` and `psk_list_slot`
could be used to indicate the PSA key slots that the example
applications should use to store the PSK(s) provided.

This commit changes this approach to use the utility function
`mbedtls_psa_get_free_key_slot()` to obtain free key slots from
the PSA Crypto implementation automatically, so that users only
need to pass boolean flags `psk_opaque` and `psk_list_opaque`
on the command line to enable / disable PSA-based opaque PSKs.
2018-11-21 21:12:58 +00:00
Hanno Becker
c43b6ea847 Destroy PSA-based temporary opaque PSKs at the end of ssl_server2 2018-11-21 21:12:58 +00:00
Hanno Becker
3f24ea976d Destroy PSA-based temporary opaque PSK key at the end of ssl_client2 2018-11-21 21:12:58 +00:00
Hanno Becker
5cd607bf2e Remove overly long line in ssl_client2.c 2018-11-21 21:12:58 +00:00
Hanno Becker
a63ac3f149 Safe-guard ssl_conf_remove_psk() for simultaneous raw-opaque PSKs
The code maintains the invariant that raw and opaque PSKs are never
configured simultaneously, so strictly speaking `ssl_conf_remove_psk()`
need not consider clearing the raw PSK if it has already cleared an
opaque one - and previously, it didn't. However, it doesn't come at
any cost to keep this check as a safe-guard to future unforeseen
situations where opaque and raw PSKs _are_ both present.
2018-11-21 21:12:58 +00:00
Hanno Becker
f9ed7d5f76 Don't use 48 as a magic number in ssl_derive_keys()
In multiple places, it occurrs as the fixed length of
the master secret, so use a constant with a descriptive
name instead. This is reinforced by the fact the some
further occurrences of '48' are semantically different.
2018-11-21 21:12:58 +00:00
Hanno Becker
c1385c104f Don't use idiom if( func() ) but always add explicit value check 2018-11-21 21:12:58 +00:00
Hanno Becker
463194d47a Fix typo in documentation of mbedtls_ssl_conf_opaque_psk() 2018-11-21 21:12:58 +00:00
Hanno Becker
28c79dc3d0 Add tests to ssl-opt.sh exercising server-side opaque PSK 2018-11-21 21:12:58 +00:00
Hanno Becker
845b946d92 Add server-support for opaque PSKs 2018-11-21 21:12:58 +00:00
Hanno Becker
520224e577 Rename ssl_conf_has_[raw_]_psk to ssl_conf_has_static_[raw_]psk
This is to differentiate the function from the functions relevant
on the server-side, which also need to take into the PSK callback.
2018-11-21 21:12:58 +00:00
Hanno Becker
b64ba5f2c0 Add support for opaque PSKs to ssl_server2 example application
This commit adds command line parameters `psk_slot` and `psk_list_slot`
to the example application `programs/ssl/ssl_server2`. These have the
following semantics:

- `psk_slot`: The same semantics as for the `ssl_client2` example
   application. That is, if a PSK is configured through the use
   of the command line parameters `psk` and `psk_identity`, then
   `psk_slot=X` can be used to import the PSK into PSA key slot X
   and registering it statically with the SSL configuration through
   the new API call mbedtls_ssl_conf_hs_opaque().
- `psk_list_slot`: In addition to the static PSK registered in the
   the SSL configuration, servers can register a callback for picking
   the PSK corresponding to the PSK identity that the client chose.
   The `ssl_server2` example application uses such a callback to select
   the PSK from a list of PSKs + Identities provided through the
   command line parameter `psk_list`, and to register the selected
   PSK via `mbedtls_ssl_set_hs_psk()`. In this case, the new parameter
   `psk_list_slot=X` has the effect of registering all PSKs provided in
   in `psk_list` as PSA keys in the key slots starting from slot `X`,
   and having the PSK selection callback register the chosen PSK
   through the new API function `mbedtls_ssl_set_hs_psk_opaque()`.
2018-11-21 21:12:58 +00:00
Hanno Becker
f7027514fb Add tests to ssl-opt.sh exercising client-side opaque PSK 2018-11-21 21:12:58 +00:00
Hanno Becker
afd311ee12 Skip PMS generation on client if opaque PSK is used
For opaque PSKs, the PSK-to-MS expansion is performed atomatically
on the PSA-side.
2018-11-21 21:12:58 +00:00
Hanno Becker
7d0a569d38 Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys 2018-11-21 21:12:58 +00:00
Hanno Becker
35b23c7484 Simplify master secret derivation in mbedtls_ssl_derive_keys() 2018-11-21 21:12:58 +00:00
Hanno Becker
dfab8e221a Allow opaque PSKs in pure-PSK ciphersuites only
In contrast, RSA-PSK, ECDHE-PSK and DHE-PSK are explicitly excluded
for the moment.
2018-11-21 21:12:58 +00:00
Hanno Becker
2e4f616708 Don't suggest the use of a PSK suite if no PSK configured on client 2018-11-21 21:12:58 +00:00
Hanno Becker
e86964ca01 Add support for opaque PSKs in ssl_client2 example program
This commit adds support for the use of PSA-based opaque PSKs
in the TLS client example application programs/ssl/ssl_client2.

Specifically, a numerical command line option `psk_slot` with
the following constraints and semantics is added:
- It can only be used alongside the provisioning of a raw PSK
  through the preexisting `psk` command line option.
- It can only be used if both TLS 1.2 and a PSK-only ciphersuite
  are enforced through the appropriate use of the `min_version`
  and `force_ciphersuite` command line options.
- If the previous conditions are met, setting `psk_slot=d` will
  result in the PSA key slot with identifier `d` being populated
  with the raw PSK data specified through the `psk` parameter
  and passed to Mbed TLS via `mbedtls_ssl_conf_psk_opaque()`
  prior to the handshake.

Enforcing the TLS version and ciphersuite is necessary to determine
the exact KDF algorithm the PSK will be used for. This is required
as it is currently not possible to set up a key without specifying
exactly one algorithm the key may be used with.
2018-11-21 21:12:58 +00:00
Hanno Becker
d20a8ca733 Implement API for configuration of opaque PSKs
This commit adds implementations of the two new API functions

mbedtls_ssl_conf_psk_opaque()
mbedtls_ssl_set_hs_psk_opaque().
2018-11-21 21:12:58 +00:00
Hanno Becker
4363313976 Add opaque PSK identifier to SSL configuration 2018-11-21 21:12:58 +00:00
Hanno Becker
d9f7d43b5f Add opaque PSK identifier to mbedtls_ssl_handshake_params
This commit adds a field `psk_opaque` to the handshake parameter
struct `mbedtls_ssl_handshake_params` which indicates if the user
has configured the use of an opaque PSK.
2018-11-21 21:12:58 +00:00
Hanno Becker
0228304b5f Add API for configuration of opaque PSK
This commit adds two public API functions

mbedtls_ssl_conf_psk_opaque()
mbedtls_ssl_set_hs_psk_opaque()

which allow to configure the use of opaque, PSA-maintained PSKs
at configuration time or run time.
2018-11-21 21:12:58 +00:00
Hanno Becker
6e02197e24 Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh 2018-11-21 21:08:43 +00:00
Hanno Becker
4d30776826 Remove double white space 2018-11-21 21:08:43 +00:00