Commit graph

29768 commits

Author SHA1 Message Date
Ryan Everett
dcc03d552d Make restartable signature operations thread-safe
We copy the key from a slot to the operation object in _start.
_complete and _abort do not access any key slots, instead using
the local copy.

Concurrently using the same operation object is not thread-safe.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-22 10:27:52 +00:00
Ryan Everett
fb9857ff9e Make multi-part MAC operations thread-safe
Within setup we create a copy of the key and put it in the operation field.
After setup, we only ever use the new copy - and do not interact with any key slots.
Therefore we need only register as a reader of the key during setup,
then unregister after we stop accessing the key.

Simultaneous API calls on the same operation object are not thread-safe.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-22 10:27:52 +00:00
Gilles Peskine
7a3059ac92 Benchmark: not using private fields anymore
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 10:53:31 +01:00
Gilles Peskine
984352d6f1 Benchmark: remove the legacy-context ECDH block
We have two blocks of code to benchmark ECDH. One uses the legacy context
structure, which is only enabled when MBEDTLS_ECP_RESTARTABLE is enabled.
That block doesn't convey any information that's specific to restartable
ECC, it exists only for historical reasons (it came first). The other block
uses only the implementation-agnostic API.

Remove the block that uses the legacy context. It doesn't provide much
extra information and most users won't even see it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-22 10:50:12 +01:00
Ronald Cron
9f2c3c09df tls13: cli: Add mbedtls_ssl_get_early_data_status() API
Add mbedtls_ssl_get_early_data_status() API and its
testing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:51 +01:00
Ronald Cron
e21c2d2ce1 tls13: cli: Add missing MBEDTLS_SSL_EARLY_DATA guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:51 +01:00
Ronald Cron
0004600702 tests: write early data: Inverse loop over state logic
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:45 +01:00
Ronald Cron
bf5e909467 tests: write early data: Check we can complete handshake after writing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:42:59 +01:00
Ronald Cron
0aead12706 ssl_client2: Improve loop writing early data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:37:33 +01:00
Ronald Cron
b4fd47e897 ssl_client2: Default to library default for early data enablement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:37:33 +01:00
Ronald Cron
d4069247b8 Improve comments/documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:37:26 +01:00
Gilles Peskine
0aab69d2eb
Merge pull request #8807 from gilles-peskine-arm/pk_import_into_psa-implement_import
Implement mbedtls_pk_import_into_psa
2024-02-21 15:45:17 +00:00
Paul Elliott
d237190f04
Merge pull request #8773 from Ryan-Everett-arm/threadsafe-key-locking
Make key locking and one-shot operations thread safe
2024-02-21 13:55:12 +00:00
Ronald Cron
49221900b0 tls13: write_early_data: Add endpoint check
Return in error of the API is not called
from a client endpoint.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 14:37:52 +01:00
Gilles Peskine
dd49c739f0 Merge remote-tracking branch 'development' into pk_import_into_psa-implement_import
Conflicts:
* tests/suites/test_suite_pk.function: consecutive changes to the
  depends_on line of pk_sign_verify and its argument list.
2024-02-21 12:10:40 +01:00
David Horstmann
8ed3c60504 Remove unnecessary ChangeLog entry
This bug was never present in a release, so no ChangeLog entry is
needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-21 10:36:54 +00:00
David Horstmann
946491360b Unrestore mbedtls_x509_string_to_names()
This function should be internal, being exposed only via functions like
mbedtls_x509write_crt_set_subject_name().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-21 10:35:33 +00:00
Manuel Pégourié-Gonnard
0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
2024-02-21 09:38:46 +00:00
Ryan Everett
93cea578b9 Clarify which unregister operation needs to be used
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-20 18:01:29 +00:00
Gilles Peskine
23605d19d9 More renaming: method -> production parameters
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 17:10:56 +01:00
Gilles Peskine
092ce51c47 Rename "key generation method" to "key production parameters"
"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295

Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 16:18:13 +01:00
Manuel Pégourié-Gonnard
fc3f980f0f
Merge pull request #8826 from valeriosetti/issue8824
RSA keys set to PSS/OAEP padding perform PKCS1v1.5 when MBEDTLS_USE_PSA_CRYPTO is enabled
2024-02-20 14:08:41 +00:00
Manuel Pégourié-Gonnard
a7f651cf16
Merge pull request #8804 from valeriosetti/issue8799
mbedtls_rsa_parse_key and mbedtls_rsa_parse_pubkey accept trailing garbage
2024-02-20 11:58:52 +00:00
Gilles Peskine
e7a7013910 Remove initialization function for variable-length struct
Assigning the return value of a function that returns a struct with a
flexible array member does not fill the flexible array member, which leaves
a gap in the initialization that could be surprising to programmers. Also,
this is a borderline case in ABI design which could cause interoperability
problems. So remove this function.

This gets rid of an annoying note from GCC about ABI compatibility on
(at least) x86_64.
```
In file included from include/psa/crypto.h:4820,
                 from <stdin>:1:
include/psa/crypto_struct.h: In function ‘psa_key_generation_method_init’:
include/psa/crypto_struct.h:244:1: note: the ABI of passing struct with a flexible array member has changed in GCC 4.4
  244 | {
      | ^
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 12:17:00 +01:00
Gilles Peskine
dc5597b3dd Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 11:42:18 +01:00
Valerio Setti
3e6ac1b5d1 fix changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 11:33:32 +01:00
Valerio Setti
56457b9eac add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 11:05:54 +01:00
Valerio Setti
7e1596d24c rsa: remove leftovers from mbedtls_rsa_parse_[pub]key()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 10:23:49 +01:00
Valerio Setti
02f30230c4 pem: zeroize the entire buffer in case of errors in mbedtls_pem_read_buffer()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-20 10:22:36 +01:00
Janos Follath
9fb53a9e26
Merge pull request #8744 from Ryan-Everett-arm/threadsafe-key-loading
Make key loading thread safe
2024-02-19 16:30:36 +00:00
Janos Follath
028a38b7cb
Merge pull request #8661 from BensonLiou/use_init_api
use mbedtls_ssl_session_init() to init session variable
2024-02-19 15:49:34 +00:00
Valerio Setti
80bc5d6aad test_suite_pk: fix data in some RSA related test cases
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 16:13:47 +01:00
Valerio Setti
85e568c76d pk: fix documentation for RSA sign/verify and encrypt/decrypt
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:45:00 +01:00
Valerio Setti
f966a97806 test_suite_pk: remove leftover comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:30:27 +01:00
Valerio Setti
e88a1c5b85 pem: fix return values in pem_check_pkcs_padding()
Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of
MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors.
This commit also fix related failures in test pkparse and
pem test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 15:09:41 +01:00
Valerio Setti
e10674d547 test_suite_pem: fix comment in test case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 14:52:54 +01:00
Gilles Peskine
7511d4aed7 ECP write/export key: document that these functions don't detect unset data
Fixes #8803.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:56:39 +01:00
Gilles Peskine
1c7ff7ea53 mbedtls_ecp_write_key: document and test smaller output buffer
Document and test the current behavior, even if it is weird:

* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
  not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:49:45 +01:00
Gilles Peskine
a395bdd066 mbedtls_ecp_write_key: document and test larger output buffer
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:30:31 +01:00
Gilles Peskine
5bb04e03ac mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-19 13:24:41 +01:00
David Horstmann
8de8cc0bd8 Add ChangeLog entry for restoring X509 functions
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-19 11:21:37 +00:00
David Horstmann
762f9f9cbb Restore X509 functions erroneously made private
Restore the following functions to public headers:
* mbedtls_x509_dn_get_next()
* mbedtls_x509_serial_gets()
* mbedtls_x509_time_cmp()
* mbedtls_x509_time_gmtime()
* mbedtls_x509_time_is_past()
* mbedtls_x509_time_is_future()
* mbedtls_x509_parse_subject_alt_name()
* mbedtls_x509_free_subject_alt_name()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-19 11:07:50 +00:00
Manuel Pégourié-Gonnard
d93e640882
Merge pull request #8797 from adeaarm/check_config_look_for_crypto_client
Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT
2024-02-19 08:14:34 +00:00
Valerio Setti
eba4ca19c6 test_suite_pem: solve driver test disparities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-19 07:42:18 +01:00
Valerio Setti
4cc6522a85 pem: do not parse ASN1 data after decryption (removes ASN1 dependency)
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:12 +01:00
Valerio Setti
8aff4ef274 test_suite_pem: add more test cases for invalid padding data
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:26:08 +01:00
Valerio Setti
90ea4fd201 pk: fix documentation for sign/verify and encrypt/decrypt
Remove exception warnings about PKCS1v1.5, since now both padding
formats are treated properly no matter if USE_PSA_CRYPTO is
defined or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Gilles Peskine
46ee81d259 test_suite_pk: add test cases for RSA keys (sign/verify & crypt/decrypt)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 15:19:19 +01:00
Valerio Setti
0f286d5453 pem: reject empty PEM contents
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-16 14:30:58 +01:00
Gilles Peskine
83b8baf899 mbedtls_pk_import_into_psa: fix Montgomery keys in the legacy case
Fix the workaround for the weirdness of mbedtls_ecp_write_key(), which
assumed a Weierstrass key.

This fixes the Montgomery private key parse tests in test_suite_pkparse.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:26:07 +01:00