Commit graph

29665 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
dd9cbf99c2 Benchmark only one side of ECDH, both static and ephemeral
Static ECDH is of interest to us as developers because it's a generic
scalar multiplication (as opposed to using the standard base point) and
it's useful to have that handy.

For reference the other operations of interest to developers are:
- multiplication of the conventional base point: ECDSA signing is almost
exactly that (just a few field ops on top, notably 1 inversion);
- linear combination: ECDSA verification is almost exactly that too.

Including ephemeral as well, because it's hopefully what's of interest
to most users.

Compared to the previous version, include only one side of the
operations. I don't think including both sides is of interest to anyone.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-22 12:29:06 +01:00
Gilles Peskine
74589ba31c ssl_context_info: explicitly note accesses to private fields
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 12:12:01 +01:00
Gilles Peskine
72da8b3521 Don't authorize private access to fields where not actually needed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 12:07:29 +01:00
Gilles Peskine
abf0be392a fuzz_dtlsserver: explicitly note the one access to a private field
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 12:07:09 +01:00
Gilles Peskine
d5f68976e8 fuzz_pubkey, fuzz_privkey: no real need to access private fields
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 12:05:35 +01:00
Gilles Peskine
7a3059ac92 Benchmark: not using private fields anymore
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 10:53:31 +01:00
Gilles Peskine
984352d6f1 Benchmark: remove the legacy-context ECDH block
We have two blocks of code to benchmark ECDH. One uses the legacy context
structure, which is only enabled when MBEDTLS_ECP_RESTARTABLE is enabled.
That block doesn't convey any information that's specific to restartable
ECC, it exists only for historical reasons (it came first). The other block
uses only the implementation-agnostic API.

Remove the block that uses the legacy context. It doesn't provide much
extra information and most users won't even see it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 10:50:12 +01:00
Gilles Peskine
0aab69d2eb
Merge pull request #8807 from gilles-peskine-arm/pk_import_into_psa-implement_import
Implement mbedtls_pk_import_into_psa
2024-02-21 15:45:17 +00:00
Paul Elliott
d237190f04
Merge pull request #8773 from Ryan-Everett-arm/threadsafe-key-locking
Make key locking and one-shot operations thread safe
2024-02-21 13:55:12 +00:00
Gilles Peskine
dd49c739f0 Merge remote-tracking branch 'development' into pk_import_into_psa-implement_import
Conflicts:
* tests/suites/test_suite_pk.function: consecutive changes to the
  depends_on line of pk_sign_verify and its argument list.
2024-02-21 12:10:40 +01:00
Manuel Pégourié-Gonnard
0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
2024-02-21 09:38:46 +00:00
Ryan Everett
93cea578b9 Clarify which unregister operation needs to be used
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-20 18:01:29 +00:00
Manuel Pégourié-Gonnard
fc3f980f0f
Merge pull request #8826 from valeriosetti/issue8824
RSA keys set to PSS/OAEP padding perform PKCS1v1.5 when MBEDTLS_USE_PSA_CRYPTO is enabled
2024-02-20 14:08:41 +00:00
Manuel Pégourié-Gonnard
a7f651cf16
Merge pull request #8804 from valeriosetti/issue8799
mbedtls_rsa_parse_key and mbedtls_rsa_parse_pubkey accept trailing garbage
2024-02-20 11:58:52 +00:00
Valerio Setti
3e6ac1b5d1 fix changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 11:33:32 +01:00
Valerio Setti
56457b9eac add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 11:05:54 +01:00
Valerio Setti
7e1596d24c rsa: remove leftovers from mbedtls_rsa_parse_[pub]key()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 10:23:49 +01:00
Valerio Setti
02f30230c4 pem: zeroize the entire buffer in case of errors in mbedtls_pem_read_buffer()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 10:22:36 +01:00
Janos Follath
9fb53a9e26
Merge pull request #8744 from Ryan-Everett-arm/threadsafe-key-loading
Make key loading thread safe
2024-02-19 16:30:36 +00:00
Janos Follath
028a38b7cb
Merge pull request #8661 from BensonLiou/use_init_api
use mbedtls_ssl_session_init() to init session variable
2024-02-19 15:49:34 +00:00
Valerio Setti
80bc5d6aad test_suite_pk: fix data in some RSA related test cases
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 16:13:47 +01:00
Valerio Setti
85e568c76d pk: fix documentation for RSA sign/verify and encrypt/decrypt
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:45:00 +01:00
Valerio Setti
f966a97806 test_suite_pk: remove leftover comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:30:27 +01:00
Valerio Setti
e88a1c5b85 pem: fix return values in pem_check_pkcs_padding()
Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of
MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors.
This commit also fix related failures in test pkparse and
pem test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:09:41 +01:00
Valerio Setti
e10674d547 test_suite_pem: fix comment in test case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 14:52:54 +01:00
Manuel Pégourié-Gonnard
d93e640882
Merge pull request #8797 from adeaarm/check_config_look_for_crypto_client
Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT
2024-02-19 08:14:34 +00:00
Valerio Setti
eba4ca19c6 test_suite_pem: solve driver test disparities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 07:42:18 +01:00
Valerio Setti
4cc6522a85 pem: do not parse ASN1 data after decryption (removes ASN1 dependency)
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:12 +01:00
Valerio Setti
8aff4ef274 test_suite_pem: add more test cases for invalid padding data
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:08 +01:00
Valerio Setti
90ea4fd201 pk: fix documentation for sign/verify and encrypt/decrypt
Remove exception warnings about PKCS1v1.5, since now both padding
formats are treated properly no matter if USE_PSA_CRYPTO is
defined or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Gilles Peskine
46ee81d259 test_suite_pk: add test cases for RSA keys (sign/verify & crypt/decrypt)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Valerio Setti
0f286d5453 pem: reject empty PEM contents
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 14:30:58 +01:00
Gilles Peskine
83b8baf899 mbedtls_pk_import_into_psa: fix Montgomery keys in the legacy case
Fix the workaround for the weirdness of mbedtls_ecp_write_key(), which
assumed a Weierstrass key.

This fixes the Montgomery private key parse tests in test_suite_pkparse.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:26:07 +01:00
Gilles Peskine
2ec141a429 After pk_import_into_psa, test that the keys match
We were testing the internal consistency of the resulting key, and that the
resulting key had the right metadata, but we were not testing that the PSA
key had the expected key material. Comparing the public keys fixes that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:22:37 +01:00
Gilles Peskine
6fe8a06f7e New test helper: mbedtls_test_key_consistency_psa_pk
Test that a PK key and a PSA key are consistent, i.e. that they have the
same type (or are a key pair and the corresponding public key) and that
they have the same public key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:21:17 +01:00
Gilles Peskine
4da1f01f88 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00
Gilles Peskine
d6fc3501c0 Test mbedtls_pk_import_into_psa with different bits
This was only tested with opaque keys. Since the code paths are different
depending on the PK type, we also need to test RSA and ECKEY.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00
Valerio Setti
93ecbef6a8 pk_wrap: set proper PSA algin rsa wrappers based on padding mode set in RSA context
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-15 15:52:05 +01:00
Gilles Peskine
68a287dc7a Use named constants FROM_PAIR/FROM_PUBLIC for readability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:30:55 +01:00
Gilles Peskine
f50cd59b51 Fix encrypt/decrypt confusion
The values are the same for all supported mechanisms (RSA-based), so no
semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:13:26 +01:00
Gilles Peskine
cbd2cbb408 Rename identifier for consistency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:12:44 +01:00
Janos Follath
0315123cfb
Merge pull request #8691 from billatarm/add-pc-files
pkg-config: add initial pkg-config files
2024-02-15 11:21:14 +00:00
Manuel Pégourié-Gonnard
59d63b2106
Merge pull request #8582 from yanrayw/issue/8167/PK_parse_write_OID_dependency
PK parse and PK write: add dependency check with OID
2024-02-15 08:34:14 +00:00
Yanray Wang
a8f8eb1e35 check_config: add missing dependency check for MBEDTLS_PK_WRITE_C
MBEDTLS_PK_WRITE_C requires MBEDTLS_ASN1_WRITE_C, but there is no
corresponding check in check_config.h. In addition, corresponding
documentation for `Requires` is updated in mbedtls_config.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 16:00:35 +00:00
Yanray Wang
072a068f9f check_config: combine check for MBEDTLS_PK_PARSE_C
- check_config.h: combine separate check for MBEDTLS_PK_PARSE_C
- mbedtls_config.h: update documentation for `Requires`

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 16:00:28 +00:00
Yanray Wang
5b118d4aed Check MBEDTLS_PK_{PARSE,WRITE}_C requires MBEDTLS_OID_C
- check_config.h: add this dependency check
- mbedtls_config.h: update corresponding requirement documentation

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
687bfcb54c pk: remove duplicate define of MBEDTLS_PK_HAVE_ECC_KEYS
In pk.h, MBEDTLS_PK_HAVE_ECC_KEYS is enabled if ECP_C is defined or
USE_PSA_CRYPTO && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY are defined.
But this logic is duplicate with its definition in
config_adjust_legacy_crypto.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
e9954bb9d5 test_suite_pk.function: add correct dependency
In valid_parameters_pkwrite, we first parse a public key then test
with mbedtls_pk_write_xxx functions. So valid_parameters_pkwrite
should depend on both MBEDTLS_PK_WRITE_C and MBEDTLS_PK_PARSE_C.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Yanray Wang
b807cc6eba Add checks for PK_[PARSE/WRITE]_C when PK_HAVE_ECC_KEYS is set
When PK_HAVE_ECC_KEYS is set with PK_[PARSE/WRITE]_C, it needs OID_C
to be enabled. This commit adds proper checks in check_config.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-02-14 15:56:02 +00:00
Ryan Everett
73feaf2682 Comment on locking strategy in psa_fail_key_creation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-14 14:19:54 +00:00