Commit graph

14055 commits

Author SHA1 Message Date
Ronald Cron
adc2ff28b0 Adapt programs to PSA openless APIs
PSA and SSL programs are PSA clients thus should use
psa_key_id_t as the type for key identifiers, not
mbedtls_svc_key_id_t.

As a consequence, PSA, ssl_server2 and ssl_client2
programs cannot compile and must not be compiled if
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined.
Thus, add MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
compilation guard to those programs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c3623dbc76 State PSA_CRYPTO_KEY_ID_ENCODES_OWNER and USE_PSA_CRYPTO incompatibility
Code under MBEDTLS_USE_PSA_CRYPTO define is PSA client
code intended to use key identifiers of type psa_key_id_t.
Thus the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
configuration option is incompatible with
MBEDTLS_USE_PSA_CRYPTO.

State this in config.h and check_config.h.

As a consequence:
. remove MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER from
  the full configuration, as MBEDTLS_USE_PSA_CRYPTO is
  part of it.

. add a new component in all.sh to keep testing the
  library when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
  is set.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
277a85f1ef Add psa_purge_key API
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
cf56a0a320 psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
e4f6d5c5fe tests: Fix persistent slot lifecycle tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
4184107d2e tests: Fix checks of volatile key identifier
Volatile keys have now a volatile non-null key
identifier.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
432e19c7b2 tests: Fix error codes when using "invalid" handles
As handles are now key identifiers, a handle may be
valid now even if it does not refer to any key
known to the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
2d52eb2f78 tests: Fix invalid key identifier error code
PSA Crypto API spec defines the error code for
an invalid key identifier as PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c4d1b514ab Define handles as key identifiers
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.

The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
47a85614ed Introduce psa_key_handle_equal inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c26f8d467a Introduce psa_key_handle_is_null inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
98a54ddbd6 psa: slot mgmt: Don't use handles to loop through slot array
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
2a99315cc5 Add volatile key identifiers
Volatile key identifiers are introduced in
PSA Crypto API v1.0.0. They are returned by the APIs
when importing or generating or deriving a volatile key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:31 +01:00
Ronald Cron
d2ed4815da Split persistence and key id validation
With key usage based on key identifiers and not
key handles (openless APIs), volatile keys will
also have a key identifier. Thus, isolate key
identifier validation from key persistence
validation to clarify that key identifiers
are not specific to persistent keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-09 15:14:38 +01:00
Gilles Peskine
a455e71588
Merge pull request #3780 from stevew817/feature/validate_key_in_driver
Add validate_key hooks and tests
2020-11-02 11:37:42 +01:00
Steven Cooreman
40120f6b76 Address review comments
* zero key buffer on failure
* readability improvements
* psa_finish_key_creation adjustment after removing import_key_into_slot

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-30 10:20:01 +01:00
Gilles Peskine
52f32c913e
Merge pull request #3787 from bensze01/iv_nonce_size
PSA: Add support macros for IV/nonce sizes
2020-10-30 09:45:11 +01:00
Gilles Peskine
2da4292dc1
Merge pull request #3790 from peter-toft-greve/development
Add fix for cmake control of CMAKE_BUILD_TYPE only if mbedtls is the root project
2020-10-30 09:44:29 +01:00
Gilles Peskine
868906cd06
Merge pull request #3235 from jeannotlapin/pr1813
Add Dtls Srtp support (RFC5764)
2020-10-29 22:21:56 +01:00
Steven Cooreman
162ec8758f Detecting bit size is no longer required
Storage format has been changed to always store the key's bit size

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Steven Cooreman
c4813a6e80 Rename 'keygen' to 'key management'
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Bence Szépkúti
423d3e7fcf Update support macros for IV/nonce sizes
This commit defines the following new macros added to the PSA Crypto API
between versions 1.0 beta 3 and 1.0.0 final:

PSA_AEAD_NONCE_LENGTH
PSA_AEAD_NONCE_MAX_SIZE
PSA_CIPHER_IV_LENGTH
PSA_CIPHER_IV_MAX_SIZE

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-10-29 11:07:39 +01:00
Johan Pascal
5fbe9e7ac0 remove useless parentheses
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 10:50:54 +01:00
Johan Pascal
c3ccd98a91 Check transport in the extension parser/writer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
5ef72d214f Style and typos
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
2258a4f481 Do not return a structure, use a return parameter
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
0dbcd1d3f0 Make API safer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
275874bc47 Fix previous commit
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
20c7db3a67 API modified so server side can get mki value
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
adbd9449ec More minor fix
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
76fdf1d60e Minor fix and improvements
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
104031547f style
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
9bc50b0122 Test check the key material exported match
- include interop with openssl client

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
39cfd3b96e interop test: openssl generate the DTLS-SRTP keys
Missing a command in the test script to compare with peer's output

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
d387aa0586 style + missing cast
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
842d671316 Update include/mbedtls/config.h
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
77696eedac Add bound check in the client ssl_write_use_srtp_ext
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
aae4d22b16 Improve code readability
+micro optimization
+style

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
e79c1e8121 style
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
a455cd9a47 mbedtls_ssl_get_srtp_profile_as_string declared and defined in ssl.h
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
f6417ecf60 mki length feats in a uint16_t
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
253d0263a6 set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
43f9490a52 SRTP profiles definition use macros only
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
4f099264b5 use_srtp extension shall not interfere in the handshake settings
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
d576fdb1d6 Style + fix bound check in write_use_srt_ext
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
9bc97ca19d SRTP-DTLS protection profile configuration list not copied into ssl_config
+ improve test
+ minor style fix

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
8f70fba988 Check the server hello output buffer size when writing the use_srtp ext
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
042d456832 Improve client Hello use_srtp parsing
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
a89ca8679f The client shall not enforce the use of client certificate with use_srtp extension
This is server's task to request it if needed

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00