Commit graph

29351 commits

Author SHA1 Message Date
Gilles Peskine
0b17255da1 Introduce mbedtls_pk_get_psa_attributes
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)

This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Ryan Everett
90afb132e0 Add ..._GOTO_EXIT macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:34:55 +00:00
Ryan Everett
d6d6a76e46 Add ..._GOTO_RETURN macro
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:32:42 +00:00
Chien Wong
019c2a7817
Handle sizeof(size_t) > sizeof(uint64_t)
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-23 21:38:06 +08:00
Janos Follath
aa3fa98bc4
Merge pull request #8726 from v1gnesh/patch-1
Update entropy_poll.c to allow build in z/OS
2024-01-23 12:43:18 +00:00
Dave Rodgman
c64280a2d7 Fix comment typo
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 10:05:08 +00:00
v1gnesh
468c02cf61
Update ChangeLog.d/8726.txt
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
2024-01-23 15:29:40 +05:30
Dave Rodgman
00b530e395 Limit compiler hint to compilers that are known to benefit from it
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 09:41:34 +00:00
Dave Rodgman
e23d6479cc Bump version
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Dave Rodgman
6ba416968b Assemble Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:40:12 +00:00
Janos Follath
0d57f1034e Update Marvin fix Changelog entry
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:58 +00:00
Janos Follath
393df9c995 Add warning for PKCS 1.5 decryption
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
16ab76bbe7 Fix typo
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
b4b8f3df3b RSA: improve readability
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
47ee770812 RSA: remove unneeded temporaries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
e6750b2a0b RSA: document Montgomery trick in unblind
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
a62a554071 Fix style
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
100dcddfca Make local function static
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
a865fc951e Add Changelog for the Marvin attack fix
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
6bcbc925bf Extend blinding to RSA result check
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Janos Follath
d6b096532c Make RSA unblinding constant flow
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Paul Elliott
968a928659 Add Changelog for #8687
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-22 15:32:18 +00:00
Jonathan Winzig
af553bf719 Add required dependency to the testcase
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
acd35a55c8 Remove unneeded testcase
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
144bfde1cd Update test-data to use SIZE_MAX
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
93f5240ae5 Add missing newline at the end of test_suite_x509write.data
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
a0c9448bea Update fix to be more platform-independent
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
63b5e216f8 Fix Issue #8687
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
1c7629c1c0 Add tests for Issue #8687
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Antonio de Angelis
90d18343ce Update the initialization macros
The initializatio macros need to be updated to support the case
where the crypto client view of the structures is being initialized

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-22 13:15:39 +00:00
Chien Wong
858bc65d74
Add comment on impossible overflows
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-22 20:47:26 +08:00
Chien Wong
bf4b5ed7a4
Add back restriction on AD length of GCM
Fixes: bd513bb53d
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-22 20:43:54 +08:00
v1gnesh
d0b55edea3
Create 8726.txt changelog entry
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
2024-01-22 17:13:56 +05:30
Antonio de Angelis
6425a188df Add a client view of the multipart contexts
In case MBEDTLS_PSA_CRYPTO_CLIENT is defined and MBEDTLS_PSA_CRYPTO_C
is not, a client view of the multipart operation contexts is provided
through an handle object that allows mapping to the corresponding
service side data structures.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-22 11:39:36 +00:00
v1gnesh
3c129dd6aa
Update entropy_poll.c
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
2024-01-22 15:59:49 +05:30
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461
psa_asymmetric_encrypt() doesn't work with opaque driver
2024-01-22 08:43:08 +00:00
Ronald Cron
f8fdbb5174 tests: tls13: Run early data test only in TLS 1.3 only config
Temporary workaround to not run the early data test
in Windows-2013 where there is an issue with
mbedtls_vsnprintf().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
Ronald Cron
a8dd81b4de tests: tls13: Add early data unit test
This aims to provide a basis for negative
testing around TLS 1.3 early data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
Ronald Cron
ec3408d707 tests: ssl: Move setting of debug callback
Move the setting of the debug callback to
the endpoint initialization function. That
way, no need to repeat it in various testing
scenarios.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
Ronald Cron
d903a86e52 tests: tls13: Add session resume with ticket unit test
This aims to provide a basis for negative testing
around TLS 1.3 ticket, replacing eventually the
negative tests done in ssl-opt.sh using the
dummy_ticket option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
Ronald Cron
77abfe67db ssl_helpers.c: Add ticket write/parse test functions
Add ticket write/parse test functions as defined
by mbedtls_ssl_ticket_write/parse_t. They are
intended to be used in negative testing
involving tickets.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
Ronald Cron
297c608915 tls13: cli: Fix setting of early data transform
Fix setting of early data transform when we
do not send dummy CCS for middlebox compatibility.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
Janos Follath
fb12d9204d
Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex
Implement the key slot mutex
2024-01-19 20:49:18 +00:00
Dave Rodgman
075f8797ac Remove include of build_info.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 16:48:42 +00:00
Dave Rodgman
336efeec50 Move MBEDTLS_COMPILER_IS_GCC & MBEDTLS_GCC_VERSION into build_info
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 16:38:53 +00:00
Dave Rodgman
00b4eeb0b3 Improve comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 16:14:55 +00:00
Dave Rodgman
7470557855 Add changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 16:14:55 +00:00
Dave Rodgman
2143a4ad1f Improve mbedtls_xor docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 15:25:33 +00:00
Dave Rodgman
18d90d7519 Make mbedtls_xor always inline
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 15:25:33 +00:00
Dave Rodgman
55b5dd2cfc Make unaligned accessors always inline
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 15:25:33 +00:00