Commit graph

8818 commits

Author SHA1 Message Date
Hanno Becker
fc20c14e76 Use PSA-based ciphers for record protections in TLS-1.2 only
Reasons:
- For the first release, we attempt to support TLS-1.2 only,
- At least TLS-1.0 is known to not work at the moment, as
  for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf()
  and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt()
  updates the structure field for the IV in the cipher context,
  which the PSA-based implementation currently doesn't.
2018-11-22 16:38:06 +00:00
Hanno Becker
329919eadf Use PSA-based ciphers for SSL ticket protection
This commit modifies the default SSL ticket implementation
from `library/ssl_ticket.c` to use PSA-based cipher context
for ticket creation and parsing.

As in mbedtls_ssl_derive_keys() adapted in an earlier commit,
we allow fallback to the ordinary mbedtls_cipher_setup()
if the provided cipher is not known. We do this even though
we always call mbedtls_ssl_ticket_setup() with AES-GCM
in our own code since this function is public and might
be used with other ciphers by users.
2018-11-22 16:38:06 +00:00
Hanno Becker
4724645e28 Introduce macros for constants in SSL ticket implementation 2018-11-22 16:38:06 +00:00
Hanno Becker
f43177d1d0 Add runs for specific PSA-supported ciphersuites to ssl-opt.sh
So far, make sure we test the following ciphersuites
without any fallback to non-PSA ciphers:

TLS-ECDHE-ECDSA-WITH-AES-128-CCM
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-256-CCM
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2018-11-22 16:38:06 +00:00
Hanno Becker
2dd04907e2 Omit tests from ssl-opt.sh which force a disabled ciphersuite 2018-11-22 16:38:06 +00:00
Hanno Becker
be3ffba33d Setup PSA-based cipher context in mbedtls_ssl_derive_keys()
This commit changes the code path in mbedtls_ssl_derive_keys()
responsible for setting up record protection cipher contexts
to attempt to use the new API mbedtls_cipher_setup_psa() in
case MBEDTLS_USE_PSA_CRYPTO is set.

For that, the AEAD tag length must be provided, which is already
computed earlier in mbedtls_ssl_derive_keys() and only needs to be
stored a function scope to be available for mbedtls_cipher_setup_psa().

If mbedtls_cipher_setup_psa() fails cleanly indicating that the
requested cipher is not supported in PSA, we fall through to
the default setup using mbedtls_cipher_setup(). However, we print
a debug message in this case, to allow catching the fallthrough in
tests where we know we're using a cipher which should be supported
by PSA.
2018-11-22 16:38:06 +00:00
Hanno Becker
432084d3f8 Improve doc wording of PSA status field of mbedtls_cipher_context_t 2018-11-22 16:33:01 +00:00
Hanno Becker
7b05629641 Return 'Feature unavailable' error for ciphers unsupported by PSA 2018-11-22 16:33:01 +00:00
Hanno Becker
9de97d7773 Don't use multiline comments in enums to silence check-names.sh
The sanity checking script tests/scripts/check-names.sh uses a
simple state machine paired with a sequence of `sed` commands to
extract enumeration constants from the code. This code, however,
doesn't work properly when using multiline comments in enumerations
such as recently done in the constants MBEDTLS_CIPHER_PSA_KEY_XXX.

This commit doesn't attempt to make check-names.sh more robust
but instead uses /* ... */ comment indicators in each comment line,
while silences check-names.sh.

Increasing the robustness of check-names.sh is instead tracked
in #2210.
2018-11-22 16:33:01 +00:00
Hanno Becker
91cb605032 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 16:33:01 +00:00
Hanno Becker
fea4915459 Minor rewording in documentation of PSA-based cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker
1908655231 Use enum for slot state in PSA-based cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker
4ee7e76378 Check support for cipher in mbedtls_cipher_setup_psa()
mbedtls_cipher_setup_psa() should return
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE when the requested
cipher is not supported by PSA, so that the caller can
try the original mbedtls_cipher_setup() instead.

The previous version of mbedtls_cipher_setup_psa(), however,
only attempted to translate the cipher mode (GCM, CCM, CBC,
ChaChaPoly, Stream), but didn't consider the underlying
cipher primitive. Hence, it wouldn't fail when attempting
to setup a cipher context for, say, 3DES-CBC, where CBC
is currently supported by PSA but 3DES isn't.

This commit adds a check to mbedtls_cipher_setup_psa()
for whether the requested cipher primitive is available
in the underlying PSA Crypto implementation, and fails
cleanly with MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE if
it is isn't.
2018-11-22 16:33:01 +00:00
Hanno Becker
e15c71ca72 Test PSA-based GCM cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker
78115ac478 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 16:33:01 +00:00
Hanno Becker
1ccb1d614d Test PSA-based CCM cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker
fe73adee5a Implement PSA-based AEAD enc/dec cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker
20120b373e Add AEAD tag length to new mbedtls_cipher_setup_psa()
For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
2018-11-22 16:33:01 +00:00
Hanno Becker
a395d8f1e9 Always configure PSA-based keys for encryption and decryption
Mbed TLS cipher layer allows usage of keys for other purposes
than indicated in the `operation` parameter of `mbedtls_cipher_setkey()`.
The semantics of the PSA Crypto API, in contrast, checks key
usage against the key policy.

As a remedy, this commit modifies the PSA key slot setup to
always allow both encryption and decryption.
2018-11-22 16:33:01 +00:00
Hanno Becker
58fc9aab54 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 16:33:01 +00:00
Hanno Becker
55e2e3d5cc Implement PSA-based version of mbedtls_cipher_crypt() 2018-11-22 16:33:01 +00:00
Hanno Becker
edda8b8830 Implement mbedtls_cipher_setkey() for PSA-based cipher contexts
This commit implements the internal key slot management performed
by PSA-based cipher contexts. Specifically, `mbedtls_cipher_setkey()`
wraps the provided raw key material into a key slot, and
`mbedtls_cipher_free()` destroys that key slot.
2018-11-22 16:33:01 +00:00
Hanno Becker
6118e43d15 Add PSA-specific cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker
ce1ddee13a Add psa_enabled field to cipher ctx and add dummy implementations
This field determines whether a cipher context should
use an external implementation of the PSA Crypto API for
cryptographic operations, or Mbed TLS' own crypto library.

The commit also adds dummy implementations for the cipher API.
2018-11-22 16:33:01 +00:00
Hanno Becker
4ccfc40aef Add declaration and dummy-definition of mbedtls_cipher_setup_psa() 2018-11-22 16:33:01 +00:00
Hanno Becker
73907f842b Improve wording in documentation of mbedtls_cipher_setup() 2018-11-22 16:33:01 +00:00
Hanno Becker
f28d344832 Expand documentation of mbedtls_cipher_list() 2018-11-22 16:33:01 +00:00
Hanno Becker
18597cd3c4 Fix style in cipher.c 2018-11-22 16:33:01 +00:00
Hanno Becker
c8b699dfa4 Fix style in cipher.h 2018-11-22 16:33:01 +00:00
Hanno Becker
0953ba1899 Fix style in NUM_CIPHERS definition in cipher_wrap.c
Use brackets around `sizeof()` arguments as well as the entire macro.
2018-11-22 16:33:01 +00:00
Hanno Becker
2e009fe013 Fix style in definition of mbedtls_cipher_mode_t 2018-11-22 16:33:01 +00:00
Hanno Becker
4ba0901bfc Merge branch 'gcm_through_cipher_api_tests' into gcm_through_cipher_api_tests_tmp 2018-11-22 16:32:30 +00:00
Hanno Becker
12bd57b8c8 Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh 2018-11-22 16:27:57 +00:00
Hanno Becker
fc359fd837 Remove double white space 2018-11-22 16:27:57 +00:00
Hanno Becker
47a6291445 Use MBEDTLS_PSA_UTIL_H instead of MBEDTLS_PSA_COMPAT_H in psa_util.h
This is still an artifact from when psa_util.h was called psa_compat.h.
2018-11-22 16:27:57 +00:00
Hanno Becker
56a78dd4ad State explicitly that any API depending on PSA is unstable 2018-11-22 16:27:57 +00:00
Hanno Becker
77030426a0 Update VisualC files 2018-11-22 16:27:57 +00:00
Hanno Becker
4d9e1e0ac4 Improve documentation of mbedtls_psa_err_translate_pk() 2018-11-22 16:27:57 +00:00
Hanno Becker
dec64735e2 Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode()
In case of AEAD ciphers, the cipher mode (and not even the entire content
of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t
because it doesn't specify the AEAD tag length, which however is included
in psa_algorithm_t identifiers.

This commit adds a tag length value to mbedtls_psa_translate_cipher_mode()
to account for that ambiguity.
2018-11-22 16:27:57 +00:00
Hanno Becker
14f78b03bb Add function to translate PSA errors to PK module errors 2018-11-22 16:27:57 +00:00
Hanno Becker
639a4320ca Fix Doxygen annotation in psa_util.h 2018-11-22 16:27:57 +00:00
Hanno Becker
06b6f34e9f Initialize PSA Crypto implementation in ssl_server2 2018-11-22 16:27:57 +00:00
Hanno Becker
50955d1c18 Initialize PSA Crypto implementation in ssl_client2.c 2018-11-22 16:27:56 +00:00
Hanno Becker
eba9993171 Initialize PSA Crypto implementation at the start of each test suite 2018-11-22 16:27:56 +00:00
Hanno Becker
5f48818712 Make PSA utility functions static inline
Compilers warn about unused static functions.
2018-11-22 16:27:56 +00:00
Hanno Becker
28b9d35904 Add PSA-to-Mbed TLS translations for cipher module 2018-11-22 16:27:56 +00:00
Hanno Becker
560aeaf26b Add internal header for PSA utility functions
This commit adds the header file mbedtls/psa_util.h which contains
static utility functions `mbedtls_psa_xxx()` used in the integration
of PSA Crypto into Mbed TLS.

Warning: These functions are internal only and may change at any time.
2018-11-22 16:27:56 +00:00
Manuel Pégourié-Gonnard
dde4442581 Add build using PSA to all.sh 2018-11-22 16:27:52 +00:00
Manuel Pégourié-Gonnard
26fd730876 Add config option for X.509/TLS to use PSA 2018-11-22 16:25:36 +00:00
Hanno Becker
c0c882cd67 Add missing dependencies in test_suite_cipher.gcm 2018-11-22 13:41:53 +00:00