Commit graph

20517 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
a9e1d9953e Rm useless use of MD in PKCS#1v1.5 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.

It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.

The changes to the .data file were done using the following python
script:

import hashlib

suite = 'pkcs1_v15'

functions = {
        'pkcs1_rsassa_v15_sign': (10, 12),
        'pkcs1_rsassa_v15_verify': (6, 8),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx]
    msg_hex = msg_str[1:-1]
    msg = bytes.fromhex(msg_hex)
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:07:02 +02:00
Manuel Pégourié-Gonnard
4c1087f474 Use MBEDTLS_OR_PSA_WANT_xxx in test_suite_rsa
The encrypt/decrypt cases don't depend on actually computing a hash,
just on information about it being available, and this information is
guarded by MBEDTLS_OR_PSA_WANT_xxx.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Manuel Pégourié-Gonnard
f88b1b5375 Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros
Currently just replacing existing uses, but the real point of having
these conditions as a single macro is that we'll be able to use them in
tests case dependencies, see next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Manuel Pégourié-Gonnard
3637c516a4 Refine dependencies in test_suite_pkcs1_v15
Having the whole .function file depend on SHA-1 was wrong: dependencies
in .function files are for compile-time dependencies all functions in
this file build just fine without SHA-1. It's just some tests cases that
do need SHA-1 at runtime, use dependencies on those specific tests in
the .data file then.

This reduces the number of cases skipped in this test suite in
test_psa_crypto_config_accel_hash_use_psa from 28 (all of them) down to
12 (those that actually use SHA-1 as opposed to no hash).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-13 12:41:36 +02:00
Manuel Pégourié-Gonnard
af8cf5c04e Add a partial plan towards G5
Strategy for dependencies inside libmbecrypto, in particular in the PSA
Crypto core, are outside the scope of the present study.

Note: PR 6065, referenced in a few places, is the one that also
introduces the present commit. It kicks of the work towards G5 in parts
of the code governed by MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
c0d78e9e69 Remove outdated paragraphs about G5
- lack of support for PSA_CRYPTO_CONFIG is not really a reason not to
enable MBEDTLS_USE_PSA_CRYPTO by default - while it's true that
currently X.509/TLS do not behave as expected when PSA_CRYPTO_CONFIG and
MBEDTLS_USE_PSA_CRYPTO are both enabled, it's no worse than when
MBEDTLS_USE_PSA_CRYPTO is disabled.
- as a consequence of removing the paragraph mentioned above, the
sub-section about PSA_CRYPTO_CONFIG no longer belongs in the
"compile-time option" section. Also, it's superseded by the study work
that happened in the meantime (of which this PR is part). So let's
remove it, and the new commit will add something more up-to-date
instead.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
481846c82f General update of PSA strategy documentation
Not related to the changes in this PR, except in the next commit I'll
update the strategy document for changes in this PR and to outline
likely follow-ups, and while looking at the document I noticed a few
things that needed updated, so here there are in their own commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
7b0825d180 Build with SHA-256 accelerated too
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
f0f63bc1b6 Test without MD_C
test_suite_pk still passes, with the same number of skipped tests as in
the default config minus PKCS#1v2.1

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
bbd0dc6cbd Fix hash-specific dependencies of test_suite_pk
Applied:

    sed -i -f use_psa_hash.sed tests/suites/test_suite_pk.*

with use_psa_hash.sed as follows:

    s/MBEDTLS_MD5_C/MBEDTLS_USE_PSA_WANT_ALG_MD5/g
    s/MBEDTLS_RIPEMD160_C/MBEDTLS_USE_PSA_WANT_ALG_RIPEMD160/g
    s/MBEDTLS_SHA1_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_1/g
    s/MBEDTLS_SHA224_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_224/g
    s/MBEDTLS_SHA256_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_256/g
    s/MBEDTLS_SHA384_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_384/g
    s/MBEDTLS_SHA512_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_512/g

With this commit, test_suite_pk achieves parity between:

- crypto_full minus PKCS#1v2.1
- same minus MD (from all.sh's test_crypto_full_no_md)

and between:

- default config plus use_psa minus PKCS#1v2.1
- same with accelerators (test_psa_crypto_config_accel_hash_use_psa)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
abcfa90276 PK test functions don't depend on software SHA-256
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
2d08ea49c8 Some PK test functions no longer depend on MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
043c8c5de8 Add USE_PSA version of PK test functions
While at it, also fix buffer size for functions that already depend on
USE_PSA: it should be PSA_HASH_MAX_SIZE for functions that always use
PSA, and the new macro MBEDTLS_USE_PSA_MD_MAX_SIZE for functions that
use it or not depending on USE_PSA.

The only case where MBEDTLS_MD_MAX_SIZE is OK is when the function
always uses MD - currently this is the case with
pk_sign_verify_restart() as it is incompatible with USE_PSA anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
bab73ab842 Loosen guards in mbedtls_psa_translate_md()
Depending only of our software implementation was too strict. The
function can be useful when only the PSA implementation is available,
since oftentimes the algorithm will still be expressed as an md_type for
legacy reasons.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
5508673832 Add helper macros for dependencies based on USE_PSA
For now in an internal header as it's the safest option and that way we
can change whenever we want.

Later on if we think the macros can be useful to applications as well then we
can move them to a public location.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
525add631e Add component with accelerated hashes and USE_PSA
Currently the test suites are passing because a lot of tests
functions/cases explicitly depend on SHAxxx_C, resulting in them being
skipped in this build. The goal of the next few commits is going to make
them pass and achieve test parity with a non-accelerated build for
selected modules.

Note: compared to the previous component, I'm using 'make tests' not
'make' (ie not building program) because I'm betting build failures
(some header not found) in programs which are not my interest atm.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
97ab2a3ae2 Clean up two accel tests in all.sh
- TLS versions earlier than 1.2 have been removed
- fix a copy-paste typo

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
46a295422d Build and test RSA PKCS#1v1.5 without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
e496c6273e Sort out MD dependencies in RSA tests
When MD is only used to compute a size, use md_internal.h instead.

When it's actually used to compute a hash, mark the test function as
depending on it. This is probably suboptimal in the long run, and we
might want to either adapt the code so that it can use PSA Crypto
instead, or just pre-compute the hash in the test data.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
3f4778995e Rm dependency on MD in psa_crypto_rsa.c
The previous commit made the PKCS#1v1.5 part of rsa.c independent from
md.c, but there was still a dependency in the corresponding part in PSA.
This commit removes it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
fe2b9b5397 Make mbedtls_oid_get_md_alg() always available
This is a step towards building with RSA PKCS#1v1.5 without MD.

Also loosen guards around oid data: the OID definitions clearly don't
depend on our software implementation.

We could simply have no dependency as this is just data. But for the
sake of code size, let's have some guards so that people who don't use
MD5, SHA1 or RIPEMD160 don't have to pay the price for them.

Note: this is used for RSA (PKCS#v1.5) signatures among other things, an
area that is not influenced by USE_PSA, so the guards should not depend
on it either.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
f493f2ad1d Use md_internal_get_size() in rsa.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
3356b89b64 Add missing guard around call to MD
PKCS#1 v1.5 mostly does not need hash operations. This is a first step
towards allowing builds with PKCS#1 v1.5 only (no v2.1) without MD.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
b86279fc63 Build and test PK without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
6a0a160f99 Avoid a dependency on MD in test_suite_pk
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
a370e06e30 Avoid dependency of PK on MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
d8a298e1fc Add internal MD size getter
Modules / tests that only need to get the size of a hash from its type,
without actually computing a hash, need not depend on MD_C.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Paul Elliott
6dc7cdfdd1
Merge pull request #959 from paul-elliott-arm/merge-into-3.2.0
Merge 3.2.0 into development
2022-07-11 20:01:18 +01:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release"
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 18:18:30 +01:00
Paul Elliott
3aef7670b7
Merge pull request #957 from paul-elliott-arm/mbedtls-3.2.0rc0-pr
Mbedtls 3.2.0rc0 PR
2022-07-11 15:45:03 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
f14b742689 Update BRANCHES.md for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
2238eed2d9 Update Changelog for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:55:59 +01:00
Paul Elliott
2089fd0ea9 Rename Changelog entries that don't have .txt extension
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:54 +01:00
Paul Elliott
237c87ba0e Add missing Changelog entries
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:28 +01:00
Paul Elliott
f518f81d41 Ensure return for mbedtls_ssl_write_alpn_ext() is checked
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 12:37:47 +01:00
Paul Elliott
9a8d78419f Fixup test tls13_server_certificate_msg_invalid_vector_len
The parameters for init_handshake_options had changed on the development
branch after this test was created, so fixing up this test in order to
correct build failures after merge.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 11:34:14 +01:00
Paul Elliott
20ccd6e8bb Merge remote-tracking branch 'origin/development' into mbedtls-3.2.0rc2-pr
Merge missing commits from development into release
2022-07-11 11:29:32 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
a343d34f0d
Merge pull request #6077 from paul-elliott-arm/fix_generate_debug_helpers_pylint
Fix formatting of generate_ssl_debug_helpers.py
2022-07-08 22:28:41 +01:00
Paul Elliott
4a49651860 Fix formatting of generate_ssl_debug_helpers.py
Satisfy pylint formatting errors

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 20:45:39 +01:00
Dave Rodgman
391e33ac93
Merge pull request #6076 from paul-elliott-arm/fix_generate_debug_helpers
Fix generation of ssl_debug_helpers
2022-07-08 17:55:51 +01:00
Paul Elliott
fe9d43c21d Fix generation of ssl_debug_helpers
File was being generated with tabs rather than spaces which breaks
release builds

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 17:27:25 +01:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Andrzej Kurek
1ce9ca0630 Changelog rewording
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 06:50:30 -04:00
Andrzej Kurek
21b50808cd Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 03:26:55 -04:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks
Fix resource leaks
2022-07-05 23:12:02 +01:00
Andrzej Kurek
3a29e9cf57 Improve changelog wording
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-05 10:49:10 -04:00
Dave Rodgman
c6a4a1cc13
Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01
Fix uninitialised memory access in test
2022-07-05 13:59:34 +01:00