Commit graph

29566 commits

Author SHA1 Message Date
Valerio Setti
9f521056bc driver-only-builds: add documentation for HMAC acceleration
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 15:44:24 +01:00
Antonio de Angelis
667cad5b81 Put the id field at the end of the psa_key_attributes_s structure
Putting the id at the of the psa_key_attributes_s structure allows
for a more efficient marshalling of the parameters around a transport
channel which provides separation between a client view and a service
view of the key parameters.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-24 13:34:48 +00:00
Ryan Everett
3877d4858b Refactor macros
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-24 13:26:26 +00:00
Valerio Setti
cd89b0b536 all.sh: disable legacy hash support in test_psa_crypto_config_accel_hmac()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 14:24:55 +01:00
Chien Wong
99ff1f505b
Add test cases on GCM AD, input, IV length
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-24 20:52:27 +08:00
Valerio Setti
a5f36fcaae rsa: write documentation of new functions for parse/writing RSA priv/pub keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
18dd00052e pk_wrap: use RSA module functions to write priv/pub key in RSA wrappers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
c6d7f53adc all.sh: update common_test_psa_crypto_config_accel_ecc_some_curves()
Do not disable RSA_C and related modules because now it does not
automatically re-enable PK module.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
2ddabb34d6 config_adjust_legacy: do not auto-enable PK when RSA is enabled in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
dccfd3612d rsa: update return values of priv/pub parse/write functions
The goal is to remove usage of PK return values in order to
completely eliminate that dependency.
This commit also updates pkparse and test_suite_x509parse to
align with this change in return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:34 +01:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Dave Rodgman
daca7a3979 Update BRANCHES.md
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-24 09:49:11 +00:00
Gilles Peskine
64996c3be9 Disable MBEDTLS_PSA_CRYPTO_CLIENT in no-PSA builds
When building without PSA crypto functions, disable
MBEDTLS_PSA_CRYPTO_CLIENT as well as MBEDTLS_PSA_CRYPTO_C. With
just MBEDTLS_PSA_CRYPTO_CLIENT, PSA crypto API functions are supposed to
exist at link time but be provided by a third party.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:25:47 +01:00
Gilles Peskine
00f3085163 Missing dependency for MBEDTLS_PK_ECDSA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:25:34 +01:00
Ryan Everett
cb05ce30e9 Minor fixes to locking macros
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 19:25:10 +00:00
Gilles Peskine
55effd9456 Fix the build with MBEDTLS_RSA_ALT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
51860149f4 Allow context types with an ALT version to be linked in Doxygen
In our tests, we run `tests/scripts/doxygen.sh`, which checks that `doxygen`
runs without warnings after `scripts/config.py realfull`. In this
configuration, alternative implementations such as `MBEDTLS_RSA_ALT` are
enabled, which allows the documentation to contain references to the
`MBEDTLS_xxx_ALT` symbol itself. However, this disables context types that
alternative implementations must define in their header, such as
`mbedtls_rsa_context`. See https://github.com/Mbed-TLS/mbedtls/issues/4518

As a partial fix, allow `tests/scripts/doxygen.sh` to see dummy definitions
of the context type. This way, we can use both `#MBEDTLS_RSA_ALT` and
`#mbedtls_rsa_context` cross-references in our documentation. This is not
ideal, because `doxygen.sh` isn't testing for errors in the documentation of
the affected context types, but it's cheap progress.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
c09df2f24c Unify want_private detection
This commit makes the code arguably slightly simpler and fixes the build
with clang -Wimplicit-fallthrough. No intended semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
f3dbc98d96 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
7354f1e178 Allow building with MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_ECP_C
This isn't officially supported, but it's convenient to build the library
this way for quick testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
758d8c7631 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
94e3a873ce mbedtls_pk_get_psa_attributes: test bad usage value
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
ace7c7721e mbedtls_pk_get_psa_attributes: ECC support
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().

This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
6ea18361df mbedtls_pk_get_psa_attributes: RSA support
Add code and unit tests for MBEDTLS_PK_RSA in mbedtls_pk_get_psa_attributes().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
1f97e73114 mbedtls_pk_get_psa_attributes: force enrollment algorithm off
This avoids a possible gotcha when if the application code reuses an
existing attribute structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
0b17255da1 Introduce mbedtls_pk_get_psa_attributes
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)

This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Ryan Everett
90afb132e0 Add ..._GOTO_EXIT macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:34:55 +00:00
Ryan Everett
d6d6a76e46 Add ..._GOTO_RETURN macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:32:42 +00:00
Valerio Setti
7b7ffd3bb9 psa_crypt_rsa: remove dependency from the PK module
Use new functions from the RSA module to parse and write
private and public keys in PKCS#1 format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 16:14:18 +01:00
Valerio Setti
b054e449c9 test_suite_psa_crypto: remove tests for importing an RSA key in PEM format
This feature was an unofficial extension which was never documented.
Now that we are removing the PK dependency in order to use only
functions from RSA module, PEM support is unavailable. Therefore
we explicitly remove it.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 16:12:27 +01:00
Valerio Setti
8e6093dd9f test_suite_rsa: add some basic testing of new parse/write priv/pub keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 15:19:07 +01:00
Valerio Setti
b328c44932 pk/rsa: move RSA parse/write private/public key functions to rsa module
These functions are meant to be used internally, so their prototype
declaration is kept into rsa_internal.h.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 15:18:57 +01:00
Chien Wong
019c2a7817
Handle sizeof(size_t) > sizeof(uint64_t)
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-23 21:38:06 +08:00
Janos Follath
aa3fa98bc4
Merge pull request #8726 from v1gnesh/patch-1
Update entropy_poll.c to allow build in z/OS
2024-01-23 12:43:18 +00:00
Dave Rodgman
c64280a2d7 Fix comment typo
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 10:05:08 +00:00
v1gnesh
468c02cf61
Update ChangeLog.d/8726.txt
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
2024-01-23 15:29:40 +05:30
Dave Rodgman
00b530e395 Limit compiler hint to compilers that are known to benefit from it
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 09:41:34 +00:00
Valerio Setti
429cd50ac8 pkwrite: split pk_write_rsa_der() with a dedicated function for non-opaque RSA key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 09:10:22 +01:00
Valerio Setti
fd49a46a36 pkparse: rename RSA key and pubkey parsing functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 08:35:11 +01:00
Dave Rodgman
e23d6479cc Bump version
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Dave Rodgman
6ba416968b Assemble Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:40:12 +00:00
Janos Follath
0d57f1034e Update Marvin fix Changelog entry
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:58 +00:00
Janos Follath
393df9c995 Add warning for PKCS 1.5 decryption
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
16ab76bbe7 Fix typo
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
b4b8f3df3b RSA: improve readability
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
47ee770812 RSA: remove unneeded temporaries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
e6750b2a0b RSA: document Montgomery trick in unblind
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
a62a554071 Fix style
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
100dcddfca Make local function static
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
a865fc951e Add Changelog for the Marvin attack fix
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00