Commit graph

23902 commits

Author SHA1 Message Date
Przemek Stekiel
5798003b99 Add enum that presents computation stage as single value
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
d6eb11007f Add draft documentation for the PAKE driver dispatch logic
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
9a5b812aa8 Cleanup the code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
fcd70e250f Adapt pake driver wrapper tests for the new design
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
2797d37424 Split handling of memory allocation for password between core and driver
Driver is now responsible for creating its own copy of the password in the setup function.
After calling pake setup driver entry point core frees memory for password.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
e12ed36a6c Move JPAKE state machine logic from driver to core
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
be5e27b5ad Remove redundant code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
3f9dbac83f Adapt ake driver tests to the new design
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
95629ab4ae Add forced status for pake setup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
c6b954686b Adapt test_suite_psa_crypto_pake test for the new design
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
ca67483b15 psa_crypto_pake.h: adapt function descriptions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
96ae8b939d Move pake definitions to headers for composite algorithms
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
51eac53b93 Divide pake operation into two phases collecting inputs and computation.
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
e5e41eb14c Remove redundant line (fix rebase error)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
061f6949fd Make psa_get_and_lock_key_slot_with_policy() static function
psa_get_and_lock_key_slot_with_policy() becomes public temporarily as part of:
https://github.com/Mbed-TLS/mbedtls/pull/6608

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
0c78180ee5 mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
4f0035be29 Add guards for buildin pake set_password function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
7658a0768b Add pake driver wrapper tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
061a016c65 Add ALG_TLS12_PRF, TLS12_PSK_TO_MS, LG_TLS12_ECJPAKE_TO_PMS support to test driver extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
6a9785f061 Add pake.h to test driver header
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
6c7644150a Adapt pake impl for driver dispatch
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
d91bcb7673 Refactor structures for pake driver support
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
03790029a6 Add test components to test accelerated pake and fallback
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
d3da040f34 Add test driver impl for pake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
2e73649f9c Add pake psa crypto driver wrappers implementation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
5ae609631e Move the common parameters check code out of the wrapper
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
a7d08c3009 Add PSA PAKE api calling the PAKE wrappers
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
7da8c56b84 Add PSA PAKE wrappers
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
56b8d23ca1 Add mbedtls_ prefix to PSA PAKE over MbedTLS implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Manuel Pégourié-Gonnard
63e33dd175 Fix unchecked return value
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-22 10:09:40 +01:00
Jerry Yu
3304c204ba Improve readabilities
- Add more comments
- Adjust setkey_enc

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-22 14:37:11 +08:00
Pengyu Lv
07d5085fcf Skip ECDH ciphersuites for O->m pair
The mechanism of detecting unsupported ciphersuites
for OpenSSL client doesn't work on a modern OpenSSL.
At least, it fails on Travis CI which is installed
with OpenSSL 1.1.1f. So we need to skip ECDH cipher-
suites for O->m.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-22 12:18:48 +08:00
Jerry Yu
4d786a732b Fix regression issue for clang workaround.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-22 11:01:07 +08:00
Pengyu Lv
f01ac3af0e Remove explicit ECDH exclusion for Travis CI
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-22 10:19:50 +08:00
Pengyu Lv
a64c277588 compat.sh: Skip all *ECDH_* ciphersuites
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-22 10:19:40 +08:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug
Fix bugs in OID to string conversion
2023-02-21 23:16:44 +01:00
Gilles Peskine
88f8eb5844
Merge pull request #7091 from paul-elliott-arm/remove_gcc_warning
Fix warning with GCC 12
2023-02-21 23:14:29 +01:00
Paul Elliott
48c591cb56 Fix warning with GCC 12
Fix warning about variable being used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-21 16:31:56 +00:00
Manuel Pégourié-Gonnard
da7979bb91 Restore debug message removed by mistake
Also while at it, fix debug level for existing DEBUG_RET: errors should
always be level 1.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
8e176f747c Fix wrong return statement
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
626aaed213 Fix unused variable warnings in some builds
Found by depends.py MBEDTLS_SHA512_C

In principle, the case where neither SHA-256 nor SHA-384 are available
should never occur, as both TLS 1.2 and TLS 1.3 depend on one of those
being defined. However for now dependencies for TLS 1.2 are not as tight
as they should be; this will be fixed later and is tracked as #6441.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
43cc127d3a Fix code style
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
e1a4caa934 Handle hash errors in calc_finished
That's the last family of functions. All calls to mbedtls_sha* and
psa_hash_* in library/ssl_tls.c are now checked for errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b9b564e64b Handle hash errors in calc_verify
On top on some calls not being checked, the PSA path was missing a call
to abort() on errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
df94901566 Handle hash errors in update_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b72ff498c9 Handle hash errors in reset_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b8b07aa24a Handle errors from functions that now return int
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.

This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
d7a7a23308 Use reset_checksum in reset_transcript_for_hrr
This function was manually resetting just the hash that would be used;
it's simpler to just call the function that resets all hashes. This also
avoids calling low-level code from TLS 1.3.

While at it, remove the guards about SHA-256 || SHA-384 that were around
update_checksum, as they are redundant: update_checksum already has
appropriate guards (and TLS 1.3 already depends on one of those tow
hashes being present anyway).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
537f231fd9 Split hash start out of handshake_params_init
This part can fail, so it shouldn't be intermixed with the part that
can't fail and is there to ensure all structures are in a clean state,
should any error happen.

Fortunately, the part that should be split out already had a function
doing it: reset_checksum. Also, handshake_params_init had only one
calling site to update.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
226aa15702 Make handshake hashing functions return int
There are three family of functions: update_checksum, calc_verify,
calc_finished, that perform hashing operations and were returning void
so far. This is not correct, as hashing functions can return errors (for
example, on hardware failure when accelerated). Change them to return
int.

This commit just changes the types: for now the functions always return
0, and their return value is not checked; this will be fixed in the
next few commits.

There is a related function in TLS 1.3,
mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and
already returns int but does not correctly check for errors from hashing
functions so far, it will also be handled in the next few commits.

There's a special case with handshake_params_init: _init functions
should return void, so we'll need to split out the part that can return
errors, see the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00