Commit graph

29566 commits

Author SHA1 Message Date
Gilles Peskine
63072b1f94 Only test custom-e RSA key generation when built in
Custom-e RSA key generation is not yet supported in the test driver, and we
don't support fallback from the test driver to the built-in
implementation (even though we're testing with MBEDTLS_RSA_C). So for the
time being, only run psa_generate_key_ext test cases for RSA with a custom
public exponent when using the built-in implementation.

Add a test case to validate that psa_generate_key_ext test cases for RSA
with a custom public exponent returns NOT_SUPPORTED (rather than silently
doing the wrong thing) when not using built-in RSA (which is subtly
different from when having accelerated RSA: if both are enabled, which we
currently don't do in all.sh, then this should be supported and this is
validated by the test cases above).

This wart will be resolved when we add support for drivers with a
generate_key_ext entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 12:02:04 +01:00
Gilles Peskine
69f11c8dfb generate key ext: skip driver invocation with non-default method
In the driver wrapper for psa_generate_key() and psa_generate_key_ext():

* Invoke the built-in code if using a non-default method, even if there
  might be an accelerator. This is ok because we only support non-default
  methods for RSA and we don't support driver-only RSA, therefore a
  non-default method will always have built-in code behind it.
* Return NOT_SUPPORTED if trying to use a non-default method with an opaque
  driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
c81393b2ed generate/derive key ext: pass method_data_length rather than method_length
Instead of passing the size of the whole structure, just pass the data
length and let the implementation worry about adding the size of the
structure. The intent with passing the structure size was to allow
the client code in a client-server implementation to know nothing
about the structure and just copy the bytes to the server. But that was not
really a useful consideration since the application has to know the
structure layout, so it has to be available in the client implementation's
headers. Passing the method data length makes life simpler for everyone by
not having to worry about possible padding at the end of the structure, and
removes a potential error condition
(method_length < sizeof(psa_key_generation_method_t)).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
7a18f9645c psa_generate_key_ext: RSA: support custom public exponent
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:46 +01:00
Gilles Peskine
f0765fa06a Implement psa_generate_key_ext, psa_key_derivation_output_key_ext
Implement and unit-test the new functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext(), only for the default method.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:19:27 +01:00
Gilles Peskine
1d25a0a810 Refactoring: extract rsa_test_e
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:19:27 +01:00
Gilles Peskine
6d81cbc81f Document new functions psa_generate_key_ext, psa_key_derivation_output_key_ext
Document proposed additions to the PSA API: psa_generate_key_ext(),
psa_key_derivation_output_key_ext(). For psa_generate_key_ext(), document
the one use case we intend to implement immediately, which is generating an
RSA key with a custom public exponent.

Subsequent commits will implement the documented functionality.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:19:26 +01:00
Gilles Peskine
3ea9450463
Merge pull request #8734 from valeriosetti/issue8564
Add test for driver-only HMAC
2024-02-14 13:43:40 +00:00
Gilles Peskine
0020080f44
Merge pull request #8810 from PiotrBzdrega/development
move entropy init prior arguments number recognition
2024-02-14 13:43:36 +00:00
Tom Cosgrove
1c0b1bffee
Merge pull request #8779 from gilles-peskine-arm/rsa-bitlen-fix
Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
2024-02-14 11:18:25 +00:00
Tom Cosgrove
d26df72256
Merge pull request #8820 from gilles-peskine-arm/sha3-compressed-rc
SHA3: Pack the iota round constants
2024-02-14 09:33:50 +00:00
PiotrBzdrega
dc6606b5e3 newline at end of changelog file
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-13 22:17:08 +01:00
Manuel Pégourié-Gonnard
e6c80bc6e5
Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status
TLS 1.3: Refine and test client early data status
2024-02-13 20:36:42 +00:00
Gilles Peskine
f8b983c855 Pack the iota round constants
This saves ~160 bytes of code size, at the cost of a bit of localized
complexity in the code. The impact on performance is measurable but small
(<5% observed on x86_64) and can go either way (there's a calculation vs
memory bandwidth compromise).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-13 18:14:58 +01:00
Paul Elliott
1f3a7d659f
Merge pull request #8816 from paul-elliott-arm/fix_test_fail_deadlock
Fix deadlock with test failures
2024-02-13 16:34:23 +00:00
Dave Rodgman
1e23f938cb
Merge pull request #8817 from daverodgman/iar-pk-fix
Compiler warning fixes
2024-02-13 16:33:24 +00:00
PiotrBzdrega
e0a6f7d320 fill out missing dot in changelog
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-13 17:08:40 +01:00
Tom Cosgrove
8fe2e36de5
Merge pull request #8801 from gilles-peskine-arm/sha3-no-table
Inline the SHA3 parameters table into a switch
2024-02-13 14:06:44 +00:00
Paul Elliott
9718203308 Fix deadlock with test failures
Calling mbedtls_test_fail() attempts to lock the test data mutex.
Unfortunately we were calling this from places where we already held
this mutex, and this mutex is not recursive, so this deadlocks. Split
out mbedtls_test_fail() into mbedtls_test_fail_internal() in order to
address this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-13 13:57:31 +00:00
Dave Rodgman
b4cb8bef42 Fix remaining warnings from -Wshorten-64-to-32
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-13 13:41:16 +00:00
Dave Rodgman
aa74165948 Fix IAR cast warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-13 13:40:26 +00:00
Manuel Pégourié-Gonnard
cd376dbec8
Merge pull request #8802 from mpg/adjust-vs-check
Misc. clean-ups in `check_config.h`
2024-02-13 08:45:18 +00:00
Piotr Bzdręga
7238efd136 changelog for bugfix
Signed-off-by: Piotr Bzdręga <piotrbz@mikronika.com.pl>
2024-02-12 21:06:54 +01:00
Gilles Peskine
069cec1737 Also check the RSA length for public keys
Do for public keys what
"Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes"
did for key pairs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 16:59:17 +01:00
Gilles Peskine
59d09486dc Cosmetic fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 16:58:39 +01:00
Gilles Peskine
34a074af37 Add missing dependency on PEM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:24:10 +01:00
Gilles Peskine
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:24:08 +01:00
Gilles Peskine
19f1adfc69 New function mbedtls_rsa_get_bitlen()
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:23:05 +01:00
Janos Follath
f741db3d6e
Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping
Make key destruction thread safe
2024-02-12 09:37:59 +00:00
PiotrBzdrega
f6a9cfa5d2 adjust indentation
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-11 09:41:56 +01:00
PiotrBzdrega
2b20ff62fc move entropy init prior arguments number recognition
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-11 02:15:03 +01:00
Manuel Pégourié-Gonnard
c3d17cde46
Merge pull request #8702 from minosgalanakis/update/dhm_context_in_programs_5015
[MBEDTLS_PRIVATE] Update dhm context in programs
2024-02-10 08:47:51 +00:00
Manuel Pégourié-Gonnard
2e2af414d0
Merge pull request #7604 from zvolin/feature/pkcs5-aes
Add AES encrypted keys support for PKCS5 PBES2
2024-02-10 08:46:18 +00:00
Paul Elliott
53ddf420c8
Merge pull request #8689 from paul-elliott-arm/make_tests_thread_safe
Make test data thread safe
2024-02-09 19:43:09 +00:00
Paul Elliott
5d2bcc63cd Fix typo / improve documentation for test step fns
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-09 14:41:24 +00:00
Paul Elliott
54ad01efed Merge remote-tracking branch 'upstream/development' into make_tests_thread_safe 2024-02-09 14:33:58 +00:00
Ryan Everett
9dc076b4f4 Fix issue with lock failures returning CORRUPTION_DETECTED
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:20:09 +00:00
Ryan Everett
7fee4f7318 Fix mutex unlock error handling in psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:11:27 +00:00
Ryan Everett
67f3568895 Reduce analyze_block_cipher_dispatch exceptions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 13:02:23 +00:00
Manuel Pégourié-Gonnard
ac60afc2d2 Remove useless overly strong dependency
ECJPAKE_C only needs MD_LIGHT and it allready auto-enables it in
config_adjust_legacy_crypto.h, so nothing to check here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 23:46:55 +01:00
Ryan Everett
75e65fe24b Reformat AES encryption test data in pkcs5 tests
The added comma is needed so that these tests match the regex exceptions
in analyze_outcomes.py.
Moved the Encryption tests so that they are separate to decryption.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 15:44:43 +00:00
Ryan Everett
afb2eee263 Add PKCS5/12 exceptions to analyze_block_cipher_dispatch
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:31:54 +00:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:26:29 +00:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface
New test thread interface
2024-02-08 12:35:40 +00:00
Manuel Pégourié-Gonnard
a6184b2cc8 Remove redundant check
We're already making sure of that in
include/mbedtls/config_adjust_psa_superset_legacy.h - no need to
double-check here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:55:53 +01:00
Manuel Pégourié-Gonnard
1463e49a3c Move config adjustment to config_adjust
After this change, check_config.h does not have any #defined except:
- the standard header double-inclusion guard
- short-lived helpers that are #undef-ed in the same paragraph

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:55:52 +01:00
Manuel Pégourié-Gonnard
e1f3faf5bf Remove temporary macros that are not needed
Those were only used for KEY_EXCHANGE_ECJPAKE, but had a much larger
scope than needed. We actually don't need those macros if we distinguish
between cases when expressing dependencies for this key exchange.

The remaining helper macros are all short lived.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:55:51 +01:00
Manuel Pégourié-Gonnard
61758e606e Fix wrong dependency of ECJPAKE_C
It always uses MD now. (The "fall back" to PSA Crypto was only in the
1st iteration of driver-only hash support, before we changed the
architecture to make everything go through MD.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:44:22 +01:00
Manuel Pégourié-Gonnard
49f64b4cac Fix dependency on low-level hash modules
None of the TLS code is calling low-level hash functions directly. So
the correct dependencies here are MD_CAN.

(I checked and this was the only occurrence.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:44:21 +01:00
Manuel Pégourié-Gonnard
7eb3f9a523 Simplify and fix dependency of MD_C on a hash
Simplify: let's take advantage of the MD_CAN macros instead of doing it
again ourselves.

Fix: SHA-3 was forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 12:44:21 +01:00