Commit graph

6779 commits

Author SHA1 Message Date
Gilles Peskine
acdc52e154 mbedtls_ecp_write_key_ext(): recommend over the old function in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 13:19:42 +01:00
Gilles Peskine
e3fb4ccabf mbedtls_ecp_write_key_ext(): new function
Same as mbedtls_ecp_write_key(), but doesn't require the caller to figure out
the length of the output and possibly distinguish between Weierstrass and
Montgomery curves.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 13:19:42 +01:00
Manuel Pégourié-Gonnard
7f523bf9eb
Merge pull request #8845 from gilles-peskine-arm/ecp-write-doc-3.6
Document ECP write functions
2024-02-28 11:04:38 +00:00
Manuel Pégourié-Gonnard
5b5faf0898
Merge pull request #8844 from davidhorstmann-arm/restore-x509-functions-to-public
Restore some X509 functions to public headers
2024-02-27 10:55:16 +00:00
Gilles Peskine
97c0b2f393 Remove domain parameters from psa_key_attributes_t
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-26 16:57:30 +01:00
David Horstmann
ef950ccb1d Un-unrestore mbedtls_x509_string_to_names()
Re-restore mbedtls_x509_string_to_names() to public as our example
programs use it, and it is the reverse of mbedtls_x509_dn_gets().

Add a docstring, so that it is a properly documented public function.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-26 13:59:43 +00:00
Gilles Peskine
ae5eb64705 Remove domain parameters from the public API
Only leave deprecated, minimal non-linkable functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-26 08:50:53 +01:00
Gilles Peskine
6a2c400b8c typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-26 08:34:06 +01:00
Gilles Peskine
0f63028809
Merge pull request #8815 from gilles-peskine-arm/psa_generate_key_ext-prototype
Introduce psa_generate_key_ext
2024-02-26 07:16:49 +00:00
Tom Cosgrove
817772a6ca
Merge pull request #8716 from mschulz-at-hilscher/feature/gcm_largetable
Use large GCM tables
2024-02-23 16:25:38 +00:00
Gilles Peskine
0aab69d2eb
Merge pull request #8807 from gilles-peskine-arm/pk_import_into_psa-implement_import
Implement mbedtls_pk_import_into_psa
2024-02-21 15:45:17 +00:00
Gilles Peskine
dd49c739f0 Merge remote-tracking branch 'development' into pk_import_into_psa-implement_import
Conflicts:
* tests/suites/test_suite_pk.function: consecutive changes to the
  depends_on line of pk_sign_verify and its argument list.
2024-02-21 12:10:40 +01:00
David Horstmann
946491360b Unrestore mbedtls_x509_string_to_names()
This function should be internal, being exposed only via functions like
mbedtls_x509write_crt_set_subject_name().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-21 10:35:33 +00:00
Manuel Pégourié-Gonnard
0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
2024-02-21 09:38:46 +00:00
Gilles Peskine
23605d19d9 More renaming: method -> production parameters
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 17:10:56 +01:00
Gilles Peskine
092ce51c47 Rename "key generation method" to "key production parameters"
"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295

Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 16:18:13 +01:00
Manuel Pégourié-Gonnard
fc3f980f0f
Merge pull request #8826 from valeriosetti/issue8824
RSA keys set to PSS/OAEP padding perform PKCS1v1.5 when MBEDTLS_USE_PSA_CRYPTO is enabled
2024-02-20 14:08:41 +00:00
Manuel Pégourié-Gonnard
a7f651cf16
Merge pull request #8804 from valeriosetti/issue8799
mbedtls_rsa_parse_key and mbedtls_rsa_parse_pubkey accept trailing garbage
2024-02-20 11:58:52 +00:00
Gilles Peskine
e7a7013910 Remove initialization function for variable-length struct
Assigning the return value of a function that returns a struct with a
flexible array member does not fill the flexible array member, which leaves
a gap in the initialization that could be surprising to programmers. Also,
this is a borderline case in ABI design which could cause interoperability
problems. So remove this function.

This gets rid of an annoying note from GCC about ABI compatibility on
(at least) x86_64.
```
In file included from include/psa/crypto.h:4820,
                 from <stdin>:1:
include/psa/crypto_struct.h: In function ‘psa_key_generation_method_init’:
include/psa/crypto_struct.h:244:1: note: the ABI of passing struct with a flexible array member has changed in GCC 4.4
  244 | {
      | ^
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 12:17:00 +01:00
Gilles Peskine
dc5597b3dd Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 11:42:18 +01:00
Janos Follath
028a38b7cb
Merge pull request #8661 from BensonLiou/use_init_api
use mbedtls_ssl_session_init() to init session variable
2024-02-19 15:49:34 +00:00
Valerio Setti
85e568c76d pk: fix documentation for RSA sign/verify and encrypt/decrypt
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:45:00 +01:00
Gilles Peskine
7511d4aed7 ECP write/export key: document that these functions don't detect unset data
Fixes #8803.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:56:39 +01:00
Gilles Peskine
1c7ff7ea53 mbedtls_ecp_write_key: document and test smaller output buffer
Document and test the current behavior, even if it is weird:

* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
  not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:49:45 +01:00
Gilles Peskine
a395bdd066 mbedtls_ecp_write_key: document and test larger output buffer
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:30:31 +01:00
Gilles Peskine
5bb04e03ac mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:24:41 +01:00
David Horstmann
762f9f9cbb Restore X509 functions erroneously made private
Restore the following functions to public headers:
* mbedtls_x509_dn_get_next()
* mbedtls_x509_serial_gets()
* mbedtls_x509_time_cmp()
* mbedtls_x509_time_gmtime()
* mbedtls_x509_time_is_past()
* mbedtls_x509_time_is_future()
* mbedtls_x509_parse_subject_alt_name()
* mbedtls_x509_free_subject_alt_name()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-19 11:07:50 +00:00
Manuel Pégourié-Gonnard
d93e640882
Merge pull request #8797 from adeaarm/check_config_look_for_crypto_client
Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT
2024-02-19 08:14:34 +00:00
Valerio Setti
4cc6522a85 pem: do not parse ASN1 data after decryption (removes ASN1 dependency)
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:12 +01:00
Valerio Setti
90ea4fd201 pk: fix documentation for sign/verify and encrypt/decrypt
Remove exception warnings about PKCS1v1.5, since now both padding
formats are treated properly no matter if USE_PSA_CRYPTO is
defined or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Gilles Peskine
4da1f01f88 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00
Gilles Peskine
c81393b2ed generate/derive key ext: pass method_data_length rather than method_length
Instead of passing the size of the whole structure, just pass the data
length and let the implementation worry about adding the size of the
structure. The intent with passing the structure size was to allow
the client code in a client-server implementation to know nothing
about the structure and just copy the bytes to the server. But that was not
really a useful consideration since the application has to know the
structure layout, so it has to be available in the client implementation's
headers. Passing the method data length makes life simpler for everyone by
not having to worry about possible padding at the end of the structure, and
removes a potential error condition
(method_length < sizeof(psa_key_generation_method_t)).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
6d81cbc81f Document new functions psa_generate_key_ext, psa_key_derivation_output_key_ext
Document proposed additions to the PSA API: psa_generate_key_ext(),
psa_key_derivation_output_key_ext(). For psa_generate_key_ext(), document
the one use case we intend to implement immediately, which is generating an
RSA key with a custom public exponent.

Subsequent commits will implement the documented functionality.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:19:26 +01:00
Yanray Wang
a8f8eb1e35 check_config: add missing dependency check for MBEDTLS_PK_WRITE_C
MBEDTLS_PK_WRITE_C requires MBEDTLS_ASN1_WRITE_C, but there is no
corresponding check in check_config.h. In addition, corresponding
documentation for `Requires` is updated in mbedtls_config.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 16:00:35 +00:00
Yanray Wang
072a068f9f check_config: combine check for MBEDTLS_PK_PARSE_C
- check_config.h: combine separate check for MBEDTLS_PK_PARSE_C
- mbedtls_config.h: update documentation for `Requires`

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 16:00:28 +00:00
Yanray Wang
5b118d4aed Check MBEDTLS_PK_{PARSE,WRITE}_C requires MBEDTLS_OID_C
- check_config.h: add this dependency check
- mbedtls_config.h: update corresponding requirement documentation

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
687bfcb54c pk: remove duplicate define of MBEDTLS_PK_HAVE_ECC_KEYS
In pk.h, MBEDTLS_PK_HAVE_ECC_KEYS is enabled if ECP_C is defined or
USE_PSA_CRYPTO && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY are defined.
But this logic is duplicate with its definition in
config_adjust_legacy_crypto.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
b807cc6eba Add checks for PK_[PARSE/WRITE]_C when PK_HAVE_ECC_KEYS is set
When PK_HAVE_ECC_KEYS is set with PK_[PARSE/WRITE]_C, it needs OID_C
to be enabled. This commit adds proper checks in check_config.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Tom Cosgrove
1c0b1bffee
Merge pull request #8779 from gilles-peskine-arm/rsa-bitlen-fix
Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
2024-02-14 11:18:25 +00:00
Manuel Pégourié-Gonnard
e6c80bc6e5
Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status
TLS 1.3: Refine and test client early data status
2024-02-13 20:36:42 +00:00
Antonio de Angelis
aa33d600cf Merge remote-tracking branch 'origin/development' into check_config_look_for_crypto_client 2024-02-13 11:43:05 +00:00
Manuel Pégourié-Gonnard
cd376dbec8
Merge pull request #8802 from mpg/adjust-vs-check
Misc. clean-ups in `check_config.h`
2024-02-13 08:45:18 +00:00
Gilles Peskine
19f1adfc69 New function mbedtls_rsa_get_bitlen()
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:23:05 +01:00
Janos Follath
f741db3d6e
Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping
Make key destruction thread safe
2024-02-12 09:37:59 +00:00
Gilles Peskine
05ee3fbdc0 mbedtls_pk_import_into_psa: documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Matthias Schulz
a6ac0f1330 Replaced MBEDTLS_GCM_LARGETABLE by MBEDTLS_GCM_LARGE_TABLE. Removed empty comment line in doc block.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-09 17:11:54 +01:00
Ronald Cron
7fdee8b710 ssl_session: Reorder some fields to reduce padding
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 09:26:12 +01:00
Valerio Setti
2653e92a57 pem: fix valid data length returned by mbedtls_pem_read_buffer()
ctx->buflen now returns the amount of valid data in ctx->buf.
Unencrypted buffers were already ok, but encrypted ones were
used to return the length of the encrypted buffer, not the
unencrypted one.
This commit fix this behavior for encrypted buffers.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Valerio Setti
b1f6d2ad6f asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Manuel Pégourié-Gonnard
ac60afc2d2 Remove useless overly strong dependency
ECJPAKE_C only needs MD_LIGHT and it allready auto-enables it in
config_adjust_legacy_crypto.h, so nothing to check here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 23:46:55 +01:00