Commit graph

1239 commits

Author SHA1 Message Date
Jaeden Amero
44a59ab3f5 psa: Enable use of PSA examples with CHECK_PARAMS
When MBEDTLS_CHECK_PARAMS is enabled, it's required to have an
implementation of mbedtls_param_failed() present. Without it in the PSA
examples, building the PSA examples will result in linker errors like
the following.

  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_import':
  rsa.c:(.text+0x9fd): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_import_raw':
  rsa.c:(.text+0xb0b): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_complete':
  rsa.c:(.text+0xe63): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_export_raw':
  rsa.c:(.text+0xfee): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o): In function `mbedtls_rsa_export':
  rsa.c:(.text+0x116f): undefined reference to `mbedtls_param_failed'
  ../../library/libmbedcrypto.a(rsa.c.o):rsa.c:(.text+0x1304): more undefined
  references to `mbedtls_param_failed' follow
  collect2: error: ld returned 1 exit status
  programs/psa/CMakeFiles/crypto_examples.dir/build.make:97: recipe for target
  'programs/psa/crypto_examples' failed
  make[2]: *** [programs/psa/crypto_examples] Error 1

Add an implementation of mbedtls_param_failed() to the PSA Crypto
examples to avoid getting this error on the PSA examples.
2019-02-14 16:01:14 +00:00
Jaeden Amero
67ea2c5e6d Merge branch 'development-psa-proposed' into development
Resolve conflicts by performing the following.

- Take the upstream Mbed TLS ChangeLog verbatim.
- Reject changes to Makefiles and CMake that are related to using Mbed
  Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a
  submodule of itself.
- Reject README changes, as Mbed Crypto has its own, different README.
- Reject PSA-related changes to config.h. We don't want to disable the
  availability of the PSA Crypto API by default in the Mbed Crypto
  config.h.
- Don't inadvertently revert dead code removal in
  mbedtls_cipher_write_tag() which was added in f2a7529403 ("Fix
  double return statement in cipher.c")
- Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from
  past companion PRs) take the latest version from Mbed TLS which
  includes integration with MBEDTLS_CHECK_PARAMS.
- Update the version of the shared library files to match what's
  currently present in Mbed TLS.
- Reject removal of testing with PSA from config full tests.
- Resolve conflicts in test tests/suites/helpers.function, where both
  Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT.
  Combine text from both documentation efforts.
- Reject adding a submodule of ourselves.
- Reject addition of submodule tests in all.sh.
- Reject addition of submodule to library path in
  tests/scripts/run-test-suites.pl.
- Avoid using USE_CRYPTO_SUBMODULE=1 in
  component_test_use_psa_crypto_full_cmake_asan() in all.sh.
2019-02-14 15:58:43 +00:00
Jaeden Amero
1fb011f2a6
Merge pull request #152 from ARMmbed/psa-test-psa_constant_names
Test psa_constant_names
2019-02-12 13:39:25 +00:00
Darryl Green
21b33b07df Run generate_psa_constants.py before building psa_constant_names with cmake 2019-02-07 13:08:34 +00:00
Jaeden Amero
68933640f5 Merge commit '01b34fb316a5' into development
Merge a development version of Mbed TLS 2.16.0 that doesn't have
parameter validation into development.

The following conflicts were resolved:

- Update ChangeLog to include release notes merged from development so
  far, with a version of "2.14.0+01b34fb316a5" and release date of
  "xxxx-xx-xx" to show this is not a released version, but instead a
  snapshot of the development branch equivalent to version of the 2.14.0
  with additional commits from the mbedtls/development branch up through
  01b34fb316 included. Entries added for unreleased versions of Mbed
  Crypto remain at the top of the file for Mbed TLS 2.xx.x.
- Replace the Mbed Crypto version of
  mbedtls_rsa_rsaes_pkcs1_v15_decrypt() with the version from Mbed TLS
  which fixes timing variations and memory access variations that could
  lead to a Bleichenbacher-style padding oracle attack. This will
  prevent using psa_asymmetric_decrypt() with zero-length output buffers
  until a follow up commit is made to restore this capability.
- In ssl_srv.c, include changes for both the new ECDH interface and
  opaque PSK as already added to development previously.
2019-02-07 12:19:59 +00:00
Darryl Green
da7c80e3f1 Add dependency to Makefile 2019-02-06 16:24:43 +00:00
Darryl Green
d519583ae3 Run generate_psa_constants.py in cmake builds 2019-02-06 13:45:03 +00:00
Andrzej Kurek
b274f2739e Documentation fixes 2019-02-05 05:06:35 -05:00
Andrzej Kurek
c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Gilles Peskine
6a78573088 CMake: psa_constant_names and test_psa_constant_names
Build and install psa_constant_names.

Make sure that test_psa_constant_names passes in an out-of-tree build.
2019-01-29 16:08:46 +00:00
Gilles Peskine
f31dbb7bf1 CMake: build and install key_ladder_demo 2019-01-29 16:08:46 +00:00
Gilles Peskine
738f017c12 Fix the build of key_ladder_demo under Clang
Clang -Wall -Wincompatible-pointer-types-discards-qualifiers said:
thou shalt not put a string literal in a non-const char*.
2019-01-29 16:08:46 +00:00
Gilles Peskine
265a171c52 Error out if a value is out of range
psa_status_t is currently a signed type where only non-negative values
are used, which makes things a bit awkward. For now, non-negative
values trigger an error. This code will need to be revised if we
switch to using negative values as error codes.
2019-01-29 16:08:46 +00:00
Gilles Peskine
567840e335 Support multiple values on the command line 2019-01-29 16:07:45 +00:00
Hanno Becker
330b9a4586 PSA: Adapt ssl_server2 to modified key allocation API 2019-01-25 14:36:28 +00:00
Hanno Becker
f3adecf479 PSA: Adapt ssl_server2 to hew key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker
2261a0ff52 PSA: Adapt ssl_client2 to new key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker
d74dfc2984 PSA: Adapt ssl_client2 to modified key slot allocation API 2019-01-25 14:36:28 +00:00
Hanno Becker
32809e8c70 PSA: Adapt ssl_server2 to modified key allocation API 2019-01-25 14:31:00 +00:00
Hanno Becker
9bd8842c77 PSA: Adapt ssl_server2 to hew key policy initialization API 2019-01-25 14:27:01 +00:00
Hanno Becker
1387124c89 PSA: Adapt ssl_client2 to new key policy initialization API 2019-01-25 14:26:26 +00:00
Hanno Becker
37519ea5f8 PSA: Adapt ssl_client2 to modified key slot allocation API 2019-01-25 14:26:01 +00:00
Jaeden Amero
0b6b871056
Merge pull request #22 from ARMmbed/iotssl-2697-psa-key-allocation-crypto
Adapting to the new PSA key slot allocation mechanism
2019-01-23 15:00:19 +00:00
Andrzej Kurek
c750932f2c Adapt to the new key allocation mechanism 2019-01-23 06:22:32 -05:00
Gilles Peskine
d40c1fbd50 Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.
2019-01-19 12:20:52 +01:00
Andrzej Kurek
2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
Jaeden Amero
70261c513a psa: Add initializers for key policies
Add new initializers for key policies and use them in our docs, example
programs, tests, and library code. Prefer using the macro initializers
due to their straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero
d668baebc5
Merge pull request #3 from gilles-peskine-arm/key_ladder_demo-maybe_uninitialized
Fix maybe-uninitialized warning
2019-01-04 14:50:34 +00:00
Gilles Peskine
f3b731e817 Move integral types and associated macros to their own header
Some parts of the library, and crypto drivers, need to see key types,
algorithms, policies, etc. but not API functions. Move portable
integral types and macros to build and analyze values of these types
to a separate headers crypto_types.h and crypto_values.h.

No functional changes, code was only moved from crypto.h to the new headers.
2018-12-21 17:53:09 +01:00
Gilles Peskine
5e09bc7eb5 Fix maybe-uninitialized warning
GCC 4.8 warns that some variables may be used without having been
initialized. They aren't, but determining that takes nontrivial
analysis, so initialize them at the point of definition.
2018-12-21 12:06:15 +01:00
Gilles Peskine
b0edfb513b Convert the PSA example programs to the new handle API
Switch from the direct use of slot numbers to handles allocated by
psa_allocate_key.
2018-12-11 16:48:13 +01:00
Jaeden Amero
52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Jaeden Amero
9055a7d855 Merge remote-tracking branch 'upstream-public/pr/2175' into development 2018-12-06 16:09:58 +00:00
Janos Follath
52735ef2fe ECDH: Prevent direct access in non-legacy mode
Some sample programs access structure fields directly. Making these work is
desirable in the long term, but these are not essential for the core
functionality in non-legacy mode.
2018-11-30 14:21:35 +00:00
Hanno Becker
e322d3edd5 Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:24 +00:00
Jaeden Amero
b1c48d3d83 psa: Include PSA headers for tests and programs
Programs and tests need to be able to use PSA header files when
USE_CRYPTO_SUBMODULE and MBEDTLS_USE_PSA_CRYPTO are set. Add the crypto
submodule include folder, which contains psa headers, after the main
include folder so that psa headers can be found and crypto submodule
headers don't take precedence over mbedtls headers.
2018-11-23 15:22:44 +00:00
Hanno Becker
485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Manuel Pégourié-Gonnard
f83d31260d Implement key_opaque option to ssl_client2 2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard
ca906fb8b9 Add option key_opaque to ssl_client2 (skeleton)
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
2018-11-22 16:41:07 +00:00
Hanno Becker
4097578207 Initialize PSA key slot as invalid in ssl_client2.c
Otherwise, if `mbedtls_psa_get_free_key_slot()` fails to find a fresh
key slot, the slot value will be undefined, and the call to
`psa_destroy_key()` at the end of `main()` is undefined behavior.
2018-11-22 16:30:20 +00:00
Hanno Becker
a6f1d18afe Automatically allocate opaque PSK key slots in ssl_{client/server}2
Previously, command line arguments `psk_slot` and `psk_list_slot`
could be used to indicate the PSA key slots that the example
applications should use to store the PSK(s) provided.

This commit changes this approach to use the utility function
`mbedtls_psa_get_free_key_slot()` to obtain free key slots from
the PSA Crypto implementation automatically, so that users only
need to pass boolean flags `psk_opaque` and `psk_list_opaque`
on the command line to enable / disable PSA-based opaque PSKs.
2018-11-22 16:30:20 +00:00
Hanno Becker
01612e2886 Destroy PSA-based temporary opaque PSKs at the end of ssl_server2 2018-11-22 16:30:20 +00:00
Hanno Becker
923cd655e0 Destroy PSA-based temporary opaque PSK key at the end of ssl_client2 2018-11-22 16:30:20 +00:00
Hanno Becker
39eb4274bb Remove overly long line in ssl_client2.c 2018-11-22 16:30:20 +00:00
Hanno Becker
ef29b2c3c9 Add support for opaque PSKs to ssl_server2 example application
This commit adds command line parameters `psk_slot` and `psk_list_slot`
to the example application `programs/ssl/ssl_server2`. These have the
following semantics:

- `psk_slot`: The same semantics as for the `ssl_client2` example
   application. That is, if a PSK is configured through the use
   of the command line parameters `psk` and `psk_identity`, then
   `psk_slot=X` can be used to import the PSK into PSA key slot X
   and registering it statically with the SSL configuration through
   the new API call mbedtls_ssl_conf_hs_opaque().
- `psk_list_slot`: In addition to the static PSK registered in the
   the SSL configuration, servers can register a callback for picking
   the PSK corresponding to the PSK identity that the client chose.
   The `ssl_server2` example application uses such a callback to select
   the PSK from a list of PSKs + Identities provided through the
   command line parameter `psk_list`, and to register the selected
   PSK via `mbedtls_ssl_set_hs_psk()`. In this case, the new parameter
   `psk_list_slot=X` has the effect of registering all PSKs provided in
   in `psk_list` as PSA keys in the key slots starting from slot `X`,
   and having the PSK selection callback register the chosen PSK
   through the new API function `mbedtls_ssl_set_hs_psk_opaque()`.
2018-11-22 16:30:20 +00:00
Hanno Becker
fac92db771 Add support for opaque PSKs in ssl_client2 example program
This commit adds support for the use of PSA-based opaque PSKs
in the TLS client example application programs/ssl/ssl_client2.

Specifically, a numerical command line option `psk_slot` with
the following constraints and semantics is added:
- It can only be used alongside the provisioning of a raw PSK
  through the preexisting `psk` command line option.
- It can only be used if both TLS 1.2 and a PSK-only ciphersuite
  are enforced through the appropriate use of the `min_version`
  and `force_ciphersuite` command line options.
- If the previous conditions are met, setting `psk_slot=d` will
  result in the PSA key slot with identifier `d` being populated
  with the raw PSK data specified through the `psk` parameter
  and passed to Mbed TLS via `mbedtls_ssl_conf_psk_opaque()`
  prior to the handshake.

Enforcing the TLS version and ciphersuite is necessary to determine
the exact KDF algorithm the PSK will be used for. This is required
as it is currently not possible to set up a key without specifying
exactly one algorithm the key may be used with.
2018-11-22 16:30:20 +00:00
Hanno Becker
06b6f34e9f Initialize PSA Crypto implementation in ssl_server2 2018-11-22 16:27:57 +00:00
Hanno Becker
50955d1c18 Initialize PSA Crypto implementation in ssl_client2.c 2018-11-22 16:27:56 +00:00
Manuel Pégourié-Gonnard
cfdf8f4d8f Implement key_opaque option to ssl_client2 2018-11-22 14:35:11 +00:00
Manuel Pégourié-Gonnard
ef68be4553 Add option key_opaque to ssl_client2 (skeleton)
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
2018-11-22 14:35:11 +00:00