Commit graph

29667 commits

Author SHA1 Message Date
Yanray Wang
b807cc6eba Add checks for PK_[PARSE/WRITE]_C when PK_HAVE_ECC_KEYS is set
When PK_HAVE_ECC_KEYS is set with PK_[PARSE/WRITE]_C, it needs OID_C
to be enabled. This commit adds proper checks in check_config.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Ryan Everett
73feaf2682 Comment on locking strategy in psa_fail_key_creation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
3d8118d9dc Revert psa_reserve_free_key_slot changes, lock in start_key_creation instead
This means we can hold the mutex around the call to reserve_free_key_slot
in get_and_lock_key_slot, avoiding inefficient rework.
(Changes to get_and_lock_key_slot are not in scope in this PR)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
b71014406c Make psa_fail_key_creation thread safe
Hold the mutex for the entirety of the call.
We need the mutex for the wipe, also hold it for aborting driver transactions as this
may have side effects.
We can't use the macros here as this function returns void.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
91ffe5b871 Make psa_finish_key_creation thread safe
Hold mutex for the entirety of the call.
We are writing to storage and writing to the slot state here.
If we didn't keep the mutex for the whole duration then we may end up with
another thread seeing that a persistent key is in storage before
our slot is set to FULL; this would be unlinearizable behaviour.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Ryan Everett
024b395f85 Make psa_reserve_free_key_slot thread safe
Everything needs to be done under the mutex here, we operate directly on FULL/EMPTY
slots, and we can't let key_slots_initialized change before we operate on slots.
Refactor to use an exit label.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00
Gilles Peskine
3ea9450463
Merge pull request #8734 from valeriosetti/issue8564
Add test for driver-only HMAC
2024-02-14 13:43:40 +00:00
Gilles Peskine
0020080f44
Merge pull request #8810 from PiotrBzdrega/development
move entropy init prior arguments number recognition
2024-02-14 13:43:36 +00:00
Tom Cosgrove
1c0b1bffee
Merge pull request #8779 from gilles-peskine-arm/rsa-bitlen-fix
Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
2024-02-14 11:18:25 +00:00
Tom Cosgrove
d26df72256
Merge pull request #8820 from gilles-peskine-arm/sha3-compressed-rc
SHA3: Pack the iota round constants
2024-02-14 09:33:50 +00:00
Valerio Setti
d8840ec6e5 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-14 06:44:31 +01:00
Valerio Setti
3a4f2040b3 test_suite_psa_crypto: fix some test descriptions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-14 06:44:31 +01:00
Valerio Setti
c1b93751b3 test_suite_pem: add more test cases for encrypted PEM buffers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-14 06:44:28 +01:00
Valerio Setti
095e1ac71c pem: check data padding in DES/AES decrypted buffers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-14 06:44:07 +01:00
PiotrBzdrega
dc6606b5e3 newline at end of changelog file
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-13 22:17:08 +01:00
Manuel Pégourié-Gonnard
e6c80bc6e5
Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status
TLS 1.3: Refine and test client early data status
2024-02-13 20:36:42 +00:00
Gilles Peskine
f8b983c855 Pack the iota round constants
This saves ~160 bytes of code size, at the cost of a bit of localized
complexity in the code. The impact on performance is measurable but small
(<5% observed on x86_64) and can go either way (there's a calculation vs
memory bandwidth compromise).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-13 18:14:58 +01:00
Paul Elliott
1f3a7d659f
Merge pull request #8816 from paul-elliott-arm/fix_test_fail_deadlock
Fix deadlock with test failures
2024-02-13 16:34:23 +00:00
Dave Rodgman
1e23f938cb
Merge pull request #8817 from daverodgman/iar-pk-fix
Compiler warning fixes
2024-02-13 16:33:24 +00:00
PiotrBzdrega
e0a6f7d320 fill out missing dot in changelog
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-13 17:08:40 +01:00
Dave Rodgman
fff51ceccd
Update ChangeLog.d/pkg-config-files-addition.txt
Fix syntax errors in Changelog (and tidy up punctuation)

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-13 15:32:29 +00:00
Tom Cosgrove
8fe2e36de5
Merge pull request #8801 from gilles-peskine-arm/sha3-no-table
Inline the SHA3 parameters table into a switch
2024-02-13 14:06:44 +00:00
Paul Elliott
9718203308 Fix deadlock with test failures
Calling mbedtls_test_fail() attempts to lock the test data mutex.
Unfortunately we were calling this from places where we already held
this mutex, and this mutex is not recursive, so this deadlocks. Split
out mbedtls_test_fail() into mbedtls_test_fail_internal() in order to
address this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-13 13:57:31 +00:00
Dave Rodgman
b4cb8bef42 Fix remaining warnings from -Wshorten-64-to-32
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-13 13:41:16 +00:00
Dave Rodgman
aa74165948 Fix IAR cast warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-13 13:40:26 +00:00
Antonio de Angelis
aa33d600cf Merge remote-tracking branch 'origin/development' into check_config_look_for_crypto_client 2024-02-13 11:43:05 +00:00
Manuel Pégourié-Gonnard
cd376dbec8
Merge pull request #8802 from mpg/adjust-vs-check
Misc. clean-ups in `check_config.h`
2024-02-13 08:45:18 +00:00
Piotr Bzdręga
7238efd136 changelog for bugfix
Signed-off-by: Piotr Bzdręga <piotrbz@mikronika.com.pl>
2024-02-12 21:06:54 +01:00
Gilles Peskine
465e4ed56b Prioritize SHA2 over MD5 for KNOWN_SUPPORTED_HASH_ALG
This fixes the ability to exercise keys in configurations where MD5 is
supported for direct use, but not inside some accelerated algorithms. This
is the case in `all.sh test_psa_crypto_config_accel_ecc_ecp_light_only` and
some other accelerated-ECC components of `all.sh`, where the driver is built
without MD5 support but built-in MD5 remains enabled.

This is only a hack, not a theoretically correct fix, but a correct fix is
out of scope of my current work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:54:53 +01:00
Gilles Peskine
34955677e5 Don't exercise if the algorithm is not supported
Parsing a key and importing it into PSA may result in a policy that
specifies an algorithm that is not included in the build. This happens if
the key type is supported, but not the algorithm, e.g. in a build with
MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:31:55 +01:00
Gilles Peskine
1d33876d37 Fix some preprocessor guards
Fix the build in some configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
74860ddec2 Don't define pk_sign_verify in configurations where it's unused
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:

```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```

This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
35cb319832 depends.py: set unique configuration names in outcome file
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.

Fix #7290

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
157679c0d5 mbedtls_pk_import_into_psa: positive tests with pkparse output
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
10e9c412c0 mbedtls_pk_import_into_psa: negative tests for different ECC curve
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fc3d866ad2 mbedtls_pk_import_into_psa: implement and test
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.

Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fdb809ef86 exercise_key: fix asymmetric encrypt/decrypt with >2028-bit RSA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:31:03 +01:00
Gilles Peskine
4781bd9773 exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH
There was already code to instantiate the wildcard for sign/verify-hash.
Make that work with sign/verify-message as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:30:27 +01:00
Gilles Peskine
069cec1737 Also check the RSA length for public keys
Do for public keys what
"Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes"
did for key pairs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 16:59:17 +01:00
Gilles Peskine
59d09486dc Cosmetic fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 16:58:39 +01:00
Ryan Everett
91ce792253 Fix return code error when locking mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-12 12:17:28 +00:00
Gilles Peskine
34a074af37 Add missing dependency on PEM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:24:10 +01:00
Gilles Peskine
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:24:08 +01:00
Gilles Peskine
19f1adfc69 New function mbedtls_rsa_get_bitlen()
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:23:05 +01:00
Ryan Everett
e02b63ac89
Merge branch 'Mbed-TLS:development' into threadsafe-key-locking 2024-02-12 10:04:07 +00:00
Janos Follath
f741db3d6e
Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping
Make key destruction thread safe
2024-02-12 09:37:59 +00:00
PiotrBzdrega
f6a9cfa5d2 adjust indentation
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-11 09:41:56 +01:00
PiotrBzdrega
2b20ff62fc move entropy init prior arguments number recognition
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-11 02:15:03 +01:00
Manuel Pégourié-Gonnard
c3d17cde46
Merge pull request #8702 from minosgalanakis/update/dhm_context_in_programs_5015
[MBEDTLS_PRIVATE] Update dhm context in programs
2024-02-10 08:47:51 +00:00
Manuel Pégourié-Gonnard
2e2af414d0
Merge pull request #7604 from zvolin/feature/pkcs5-aes
Add AES encrypted keys support for PKCS5 PBES2
2024-02-10 08:46:18 +00:00