From ab500cb73cf0e3b5ab636022f0ab3c04e97e453e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Jul 2020 17:09:10 +0200 Subject: [PATCH 001/488] tests: Improve the documentation of mbedtls_test_unhexify() Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 69d882ca4..0c516355a 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -55,10 +55,8 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); /** - * \brief This function translates an ASCII string encoding an - * hexadecimal number into the encoded hexadecimal number. The - * hexadecimal number is represented as an array of - * unsigned char. + * \brief This function decodes the hexadecimal representation of + * data. * * \note The output buffer can be the same as the input buffer. For * any other overlapping of the input and output buffers, the @@ -72,7 +70,7 @@ void mbedtls_test_platform_teardown( void ); * * \return \c 0 on success. * \return \c -1 if the output buffer is too small or the input string - * is not a valid ASCII encoding of an hexadecimal number. + * is not a valid hexadecimal representation. */ int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, const char *ibuf, size_t *len ); From ac6ae3515085d633523da3da90fd0c2202365212 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jun 2020 14:33:03 +0200 Subject: [PATCH 002/488] tests: suites: Remove `hex` in name of variables of type data_t Remove `hex` in name of variables of type data_t to reserve it for variables of type char* that are the hexadecimal representation of a data buffer. Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 48 ++++++++----------- tests/suites/test_suite_arc4.function | 11 ++--- tests/suites/test_suite_blowfish.function | 47 ++++++++---------- tests/suites/test_suite_camellia.function | 36 ++++++-------- tests/suites/test_suite_ccm.function | 4 +- tests/suites/test_suite_des.function | 51 ++++++++------------ tests/suites/test_suite_gcm.function | 13 +++-- tests/suites/test_suite_md.function | 56 +++++++++++----------- tests/suites/test_suite_mdx.function | 28 +++++------ tests/suites/test_suite_pkcs1_v15.function | 20 ++++---- tests/suites/test_suite_pkcs1_v21.function | 20 ++++---- tests/suites/test_suite_rsa.function | 54 ++++++++++----------- tests/suites/test_suite_shax.function | 25 ++++------ tests/suites/test_suite_ssl.function | 10 ++-- tests/suites/test_suite_x509parse.function | 14 +++--- tests/suites/test_suite_xtea.function | 25 ++++------ 16 files changed, 204 insertions(+), 258 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 1d453db19..bc2d53574 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -9,7 +9,7 @@ /* BEGIN_CASE */ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -23,8 +23,7 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -34,7 +33,7 @@ exit: /* BEGIN_CASE */ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -48,8 +47,7 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -59,7 +57,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -74,9 +72,8 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -86,7 +83,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -100,9 +97,8 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -236,7 +232,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -249,8 +245,7 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -259,7 +254,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -272,8 +267,7 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -282,7 +276,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -294,9 +288,8 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -305,7 +298,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_aes_context ctx; @@ -317,9 +310,8 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index 9aa491382..c1e238665 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -8,8 +8,7 @@ */ /* BEGIN_CASE */ -void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, - data_t * hex_dst_string ) +void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, data_t * dst ) { unsigned char dst_str[1000]; mbedtls_arc4_context ctx; @@ -19,11 +18,11 @@ void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, mbedtls_arc4_setup(&ctx, key_str->x, key_str->len); - TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 ); + TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, + src_str->x, dst_str ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( dst_str, dst->x, + src_str->len, dst->len ) == 0 ); exit: mbedtls_arc4_free( &ctx ); diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index eb6891cad..f89353ce9 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -167,7 +167,7 @@ exit: /* BEGIN_CASE */ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -181,8 +181,7 @@ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } exit: @@ -192,7 +191,7 @@ exit: /* BEGIN_CASE */ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -206,8 +205,7 @@ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } exit: @@ -217,7 +215,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -233,9 +231,8 @@ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -245,7 +242,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -260,9 +257,8 @@ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -272,8 +268,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string - ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -286,9 +281,8 @@ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -297,8 +291,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string - ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_blowfish_context ctx; @@ -311,9 +304,8 @@ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -322,7 +314,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char stream_str[100]; unsigned char output[100]; @@ -337,9 +329,8 @@ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 4949feb88..312495c9a 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -175,7 +175,7 @@ exit: /* BEGIN_CASE */ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -189,8 +189,7 @@ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -200,7 +199,7 @@ exit: /* BEGIN_CASE */ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string, int setkey_result ) + data_t * dst, int setkey_result ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -214,8 +213,7 @@ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); } exit: @@ -225,8 +223,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, - int cbc_result ) + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -240,9 +237,8 @@ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -252,7 +248,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -267,9 +263,8 @@ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -279,8 +274,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, - data_t * src_str, - data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -293,8 +287,7 @@ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); @@ -304,7 +297,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, data_t * src_str, - data_t * hex_dst_string ) + data_t * dst ) { unsigned char output[100]; mbedtls_camellia_context ctx; @@ -317,8 +310,7 @@ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 5724d8b26..9507b59fd 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -152,7 +152,7 @@ exit: void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, data_t * msg, data_t * iv, data_t * add, int tag_len, int result, - data_t * hex_msg ) + data_t * expected_msg ) { unsigned char tag[16]; mbedtls_ccm_context ctx; @@ -172,7 +172,7 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, if( result == 0 ) { - TEST_ASSERT( memcmp( msg->x, hex_msg->x, hex_msg->len ) == 0 ); + TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 ); } else { diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 625c87ab1..5b249355b 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -15,8 +15,7 @@ void des_check_weak( data_t * key, int ret ) /* END_CASE */ /* BEGIN_CASE */ -void des_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) +void des_encrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des_context ctx; @@ -28,8 +27,7 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_enc( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -37,8 +35,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void des_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) +void des_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des_context ctx; @@ -50,8 +47,7 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_dec( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -60,8 +56,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, - int cbc_result ) + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_des_context ctx; @@ -75,9 +70,8 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -87,7 +81,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string, + data_t * src_str, data_t * dst, int cbc_result ) { unsigned char output[100]; @@ -102,9 +96,8 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: @@ -114,7 +107,7 @@ exit: /* BEGIN_CASE */ void des3_encrypt_ecb( int key_count, data_t * key_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -132,8 +125,7 @@ void des3_encrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -142,7 +134,7 @@ exit: /* BEGIN_CASE */ void des3_decrypt_ecb( int key_count, data_t * key_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -160,8 +152,7 @@ void des3_decrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -171,7 +162,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des3_encrypt_cbc( int key_count, data_t * key_str, data_t * iv_str, data_t * src_str, - data_t * hex_dst_string, int cbc_result ) + data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -192,9 +183,8 @@ void des3_encrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } exit: @@ -205,7 +195,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void des3_decrypt_cbc( int key_count, data_t * key_str, data_t * iv_str, data_t * src_str, - data_t * hex_dst_string, int cbc_result ) + data_t * dst, int cbc_result ) { unsigned char output[100]; mbedtls_des3_context ctx; @@ -226,9 +216,8 @@ void des3_decrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, + dst->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index b28d918ba..9b7b0ee14 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -35,8 +35,8 @@ exit: /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, data_t * src_str, data_t * iv_str, - data_t * add_str, data_t * hex_dst_string, - int tag_len_bits, data_t * hex_tag_string, + data_t * add_str, data_t * dst, + int tag_len_bits, data_t * tag, int init_result ) { unsigned char output[128]; @@ -55,11 +55,10 @@ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, { TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, - tag_len, hex_tag_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( tag_output, tag->x, + tag_len, tag->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index be5782902..d918ce3b9 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -127,7 +127,7 @@ void md_info( int md_type, char * md_name, int md_size ) /* BEGIN_CASE */ void md_text( char * text_md_name, char * text_src_string, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char src_str[1000]; @@ -145,15 +145,14 @@ void md_text( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ -void md_hex( char * text_md_name, data_t * src_str, - data_t * hex_hash_string ) +void md_hex( char * text_md_name, data_t * src_str, data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -169,15 +168,15 @@ void md_hex( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ void md_text_multi( char * text_md_name, char * text_src_string, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char src_str[1000]; @@ -211,18 +210,18 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len) == 0 ); + hash->len) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -231,8 +230,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void md_hex_multi( char * text_md_name, data_t * src_str, - data_t * hex_hash_string ) +void md_hex_multi( char * text_md_name, data_t * src_str, data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -261,18 +259,18 @@ void md_hex_multi( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -283,7 +281,7 @@ exit: /* BEGIN_CASE */ void mbedtls_md_hmac( char * text_md_name, int trunc_size, data_t * key_str, data_t * src_str, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -299,14 +297,14 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + trunc_size, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, - data_t * src_str, data_t * hex_hash_string ) + data_t * src_str, data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -332,8 +330,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + trunc_size, hash->len ) == 0 ); /* Test again, for reset() */ memset( output, 0x00, 100 ); @@ -343,8 +341,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + trunc_size, hash->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -353,7 +351,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void mbedtls_md_file( char * text_md_name, char * filename, - data_t * hex_hash_string ) + data_t * hash ) { char md_name[100]; unsigned char output[100]; @@ -368,8 +366,8 @@ void mbedtls_md_file( char * text_md_name, char * filename, TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, mbedtls_md_get_size( md_info ), - hex_hash_string->len ) == 0 ); + hash->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index ed2ae58b4..aa35c583e 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -6,7 +6,7 @@ /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_MD2_C */ -void md2_text( char * text_src_string, data_t * hex_hash_string ) +void md2_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -20,14 +20,13 @@ void md2_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD4_C */ -void md4_text( char * text_src_string, data_t * hex_hash_string ) +void md4_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -41,14 +40,13 @@ void md4_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */ -void md5_text( char * text_src_string, data_t * hex_hash_string ) +void md5_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -62,14 +60,13 @@ void md5_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */ -void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) +void ripemd160_text( char * text_src_string, data_t * hash ) { int ret; unsigned char src_str[100]; @@ -83,9 +80,8 @@ void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - sizeof output, - hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, + sizeof output, hash->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 8a4218090..068027b0e 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -12,7 +12,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, int radix_E, char * input_E, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[128]; mbedtls_rsa_context ctx; @@ -42,8 +42,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -56,7 +56,7 @@ exit: void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - int hash, data_t * result_hex_str, + int hash, data_t * result_str, char * seed, data_t * message_str, int result ) { @@ -84,7 +84,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( result_hex_str->len == 0 ) + if( result_str->len == 0 ) { TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, @@ -102,9 +102,9 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, output, 1000 ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, output_len, - result_hex_str->len) == 0 ); + result_str->len) == 0 ); } } @@ -267,7 +267,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, int digest, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[128]; @@ -305,8 +305,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c9e91c87c..c28cf08e2 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -12,7 +12,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, int radix_E, char * input_E, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -41,8 +41,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, output ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -55,7 +55,7 @@ exit: void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - int hash, data_t * result_hex_str, + int hash, data_t * result_str, char * seed, data_t * message_str, int result ) { @@ -84,7 +84,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( result_hex_str->len == 0 ) + if( result_str->len == 0 ) { TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, @@ -104,9 +104,9 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, sizeof( output ) ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, output_len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } } @@ -122,7 +122,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, int digest, int hash, data_t * message_str, data_t * rnd_buf, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[256]; @@ -160,8 +160,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 90335dbc7..6c73e3947 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -471,7 +471,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, int digest, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[256]; @@ -507,8 +507,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -557,7 +557,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, int padding_mode, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, - char * input_E, data_t * result_hex_str ) + char * input_E, data_t * result_str ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -588,8 +588,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, hash_result->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); #if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ @@ -612,9 +612,9 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, if( res == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } } #endif /* MBEDTLS_PKCS1_V15 */ @@ -692,7 +692,7 @@ exit: void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, int mod, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -722,8 +722,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -736,7 +736,7 @@ exit: void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, int mod, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx; @@ -762,8 +762,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -777,7 +777,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, char * input_E, - int max_output, data_t * result_hex_str, + int max_output, data_t * result_str, int result ) { unsigned char output[32]; @@ -814,9 +814,9 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, output_len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } exit: @@ -829,7 +829,7 @@ exit: /* BEGIN_CASE */ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, char * input_N, int radix_E, char * input_E, - data_t * result_hex_str, int result ) + data_t * result_str, int result ) { unsigned char output[256]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ @@ -853,8 +853,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } /* And now with the copy */ @@ -869,8 +869,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + ctx.len, result_str->len ) == 0 ); } exit: @@ -884,7 +884,7 @@ exit: void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, char * input_P, int radix_Q, char * input_Q, int radix_N, char * input_N, int radix_E, - char * input_E, data_t * result_hex_str, + char * input_E, data_t * result_str, int result ) { unsigned char output[256]; @@ -921,9 +921,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx.len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } } @@ -941,9 +941,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, ctx2.len, - result_hex_str->len ) == 0 ); + result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 64280098c..f3477ec78 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -52,7 +52,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ -void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) +void mbedtls_sha1( data_t * src_str, data_t * hash ) { unsigned char output[41]; @@ -61,8 +61,7 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 20, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 ); } /* END_CASE */ @@ -123,7 +122,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ -void sha224( data_t * src_str, data_t * hex_hash_string ) +void sha224( data_t * src_str, data_t * hash ) { unsigned char output[57]; @@ -132,13 +131,12 @@ void sha224( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 28, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ -void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) +void mbedtls_sha256( data_t * src_str, data_t * hash ) { unsigned char output[65]; @@ -147,8 +145,7 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 32, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 ); } /* END_CASE */ @@ -209,7 +206,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ -void sha384( data_t * src_str, data_t * hex_hash_string ) +void sha384( data_t * src_str, data_t * hash ) { unsigned char output[97]; @@ -218,13 +215,12 @@ void sha384( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 48, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ -void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) +void mbedtls_sha512( data_t * src_str, data_t * hash ) { unsigned char output[129]; @@ -233,8 +229,7 @@ void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - 64, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 5cf6e8bd7..8e01dbc57 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3454,11 +3454,11 @@ exit: /* BEGIN_CASE */ void ssl_tls_prf( int type, data_t * secret, data_t * random, - char *label, data_t *result_hex_str, int exp_ret ) + char *label, data_t *result_str, int exp_ret ) { unsigned char *output; - output = mbedtls_calloc( 1, result_hex_str->len ); + output = mbedtls_calloc( 1, result_str->len ); if( output == NULL ) goto exit; @@ -3468,12 +3468,12 @@ void ssl_tls_prf( int type, data_t * secret, data_t * random, TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len, label, random->x, random->len, - output, result_hex_str->len ) == exp_ret ); + output, result_str->len ) == exp_ret ); if( exp_ret == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, - result_hex_str->len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_str->x, + result_str->len, result_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 9cac2ec54..2bba4e2f7 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1220,21 +1220,21 @@ void x509_get_time( int tag, char * time_str, int ret, int year, int mon, /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag, +void x509_parse_rsassa_pss_params( data_t * params, int params_tag, int ref_msg_md, int ref_mgf_md, int ref_salt_len, int ref_ret ) { int my_ret; - mbedtls_x509_buf params; + mbedtls_x509_buf buf; mbedtls_md_type_t my_msg_md, my_mgf_md; int my_salt_len; - params.p = hex_params->x; - params.len = hex_params->len; - params.tag = params_tag; + buf.p = params->x; + buf.len = params->len; + buf.tag = params_tag; - my_ret = mbedtls_x509_get_rsassa_pss_params( ¶ms, &my_msg_md, &my_mgf_md, - &my_salt_len ); + my_ret = mbedtls_x509_get_rsassa_pss_params( &buf, &my_msg_md, &my_mgf_md, + &my_salt_len ); TEST_ASSERT( my_ret == ref_ret ); diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index f286e6735..1d5b29b8a 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -9,7 +9,7 @@ /* BEGIN_CASE */ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) + data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -20,14 +20,12 @@ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE */ -void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * hex_dst_string ) +void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -38,14 +36,13 @@ void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -57,15 +54,14 @@ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * hex_dst_string ) + data_t * src_str, data_t * dst ) { unsigned char output[100]; mbedtls_xtea_context ctx; @@ -77,9 +73,8 @@ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, - src_str->len, - hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, + src_str->len, dst->len ) == 0 ); } /* END_CASE */ From 55d97f2ca8f068ef807ad1c9cf2ad8ffb87386b3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jun 2020 17:00:30 +0200 Subject: [PATCH 003/488] tests: Remove usage of mbedtls_test_hexify for comparison Do not hexify binary data to compare them, do compare them directly. That simplifies the check code and save memory. Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 10 ++-- tests/suites/test_suite_aria.function | 62 ++++++++--------------- tests/suites/test_suite_chacha20.function | 25 +++------ tests/suites/test_suite_hkdf.function | 16 +----- tests/suites/test_suite_poly1305.function | 18 +++---- 5 files changed, 36 insertions(+), 95 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index bc2d53574..754a16702 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -321,17 +321,15 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */ void aes_encrypt_ofb( int fragment_size, data_t *key_str, data_t *iv_str, data_t *src_str, - char *expected_output_string) + data_t *expected_output ) { unsigned char output[32]; - unsigned char output_string[65]; mbedtls_aes_context ctx; size_t iv_offset = 0; int in_buffer_len; unsigned char* src_str_next; memset( output, 0x00, sizeof( output ) ); - memset( output_string, 0x00, sizeof( output_string ) ); mbedtls_aes_init( &ctx ); TEST_ASSERT( (size_t)fragment_size < sizeof( output ) ); @@ -346,12 +344,10 @@ void aes_encrypt_ofb( int fragment_size, data_t *key_str, TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, iv_str->x, src_str_next, output ) == 0 ); - mbedtls_test_hexify( output_string, output, fragment_size ); - TEST_ASSERT( strncmp( (char *) output_string, expected_output_string, - ( 2 * fragment_size ) ) == 0 ); + TEST_ASSERT( memcmp( output, expected_output->x, fragment_size ) == 0 ); in_buffer_len -= fragment_size; - expected_output_string += ( fragment_size * 2 ); + expected_output->x += fragment_size; src_str_next += fragment_size; if( in_buffer_len < fragment_size ) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index d08c39dc6..3cc683bf0 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -207,14 +207,12 @@ exit: /* BEGIN_CASE */ void aria_encrypt_ecb( data_t *key_str, data_t *src_str, - char *hex_dst_string, int setkey_result ) + data_t *expected_output, int setkey_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t i; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -227,9 +225,9 @@ void aria_encrypt_ecb( data_t *key_str, data_t *src_str, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, + expected_output->x, expected_output->len) ); } exit: @@ -239,14 +237,12 @@ exit: /* BEGIN_CASE */ void aria_decrypt_ecb( data_t *key_str, data_t *src_str, - char *hex_dst_string, int setkey_result ) + data_t *expected_output, int setkey_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t i; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -259,9 +255,9 @@ void aria_decrypt_ecb( data_t *key_str, data_t *src_str, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, + expected_output->x, expected_output->len) ); } exit: @@ -271,14 +267,12 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aria_encrypt_cbc( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int cbc_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -288,9 +282,8 @@ void aria_encrypt_cbc( data_t *key_str, data_t *iv_str, output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, src_str->len ); - - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, + expected_output->x, expected_output->len) ); } exit: @@ -300,14 +293,12 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ void aria_decrypt_cbc( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int cbc_result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -317,9 +308,8 @@ void aria_decrypt_cbc( data_t *key_str, data_t *iv_str, output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, src_str->len ); - - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, + expected_output->x, expected_output->len) ); } exit: @@ -329,15 +319,13 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -346,9 +334,8 @@ void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); exit: mbedtls_aria_free( &ctx ); @@ -357,15 +344,13 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -374,9 +359,8 @@ void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); exit: mbedtls_aria_free( &ctx ); @@ -385,16 +369,14 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void aria_encrypt_ctr( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -402,9 +384,8 @@ void aria_encrypt_ctr( data_t *key_str, data_t *iv_str, TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, blk, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); exit: mbedtls_aria_free( &ctx ); @@ -413,16 +394,14 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ void aria_decrypt_ctr( data_t *key_str, data_t *iv_str, - data_t *src_str, char *hex_dst_string, + data_t *src_str, data_t *expected_output, int result ) { - unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); @@ -430,9 +409,8 @@ void aria_decrypt_ctr( data_t *key_str, data_t *iv_str, TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, blk, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str->len ); - TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); + TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); exit: mbedtls_aria_free( &ctx ); diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index afe24183a..968a9e9b9 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -17,13 +17,6 @@ void chacha20_crypt( data_t *key_str, unsigned char output[375]; mbedtls_chacha20_context ctx; - /* - * Buffers to store the ASCII string representation of output and - * expected_output_str. - */ - unsigned char output_string[751] = { '\0' }; - unsigned char expected_output_string[751] = { '\0' }; - memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( src_str->len == expected_output_str->len ); @@ -35,12 +28,8 @@ void chacha20_crypt( data_t *key_str, */ TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 ); - mbedtls_test_hexify( expected_output_string, - expected_output_str->x, - expected_output_str->len); - mbedtls_test_hexify( output_string, output, src_str->len ); - TEST_ASSERT( strcmp( (char *)output_string, - (char *)expected_output_string ) == 0 ); + TEST_ASSERT( !memcmp( output, expected_output_str->x, + expected_output_str->len ) ); /* * Test the streaming API @@ -54,9 +43,8 @@ void chacha20_crypt( data_t *key_str, memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 ); - mbedtls_test_hexify( output_string, output, src_str->len ); - TEST_ASSERT( strcmp( (char *)output_string, - (char *)expected_output_string ) == 0 ); + TEST_ASSERT( !memcmp( output, expected_output_str->x, + expected_output_str->len ) ); /* * Test the streaming API again, piecewise @@ -71,9 +59,8 @@ void chacha20_crypt( data_t *key_str, TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1, src_str->x + 1, output + 1 ) == 0 ); - mbedtls_test_hexify( output_string, output, src_str->len ); - TEST_ASSERT( strcmp( (char *)output_string, - (char *)expected_output_string ) == 0 ); + TEST_ASSERT( !memcmp( output, expected_output_str->x, + expected_output_str->len ) ); mbedtls_chacha20_free( &ctx ); } diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 967df3690..1e41f5002 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -14,13 +14,6 @@ void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, { int ret; unsigned char okm[128] = { '\0' }; - /* - * okm_string and expected_okm_string are the ASCII string representations - * of km and expected_okm, so their size should be twice the size of - * okm and expected_okm, and an extra null-termination. - */ - unsigned char okm_string[257] = { '\0' }; - unsigned char expected_okm_string[257] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); @@ -31,14 +24,7 @@ void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, info->x, info->len, okm, expected_okm->len ); TEST_ASSERT( ret == 0 ); - /* - * Run mbedtls_test_hexify on okm and expected_okm so that it looks nicer - * if the assertion fails. - */ - mbedtls_test_hexify( okm_string, okm, expected_okm->len ); - mbedtls_test_hexify( expected_okm_string, - expected_okm->x, expected_okm->len ); - TEST_ASSERT( !strcmp( (char *)okm_string, (char *)expected_okm_string ) ); + TEST_ASSERT( !memcmp( okm, expected_okm->x, expected_okm->len ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 44617d98e..0fc1f6058 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -9,14 +9,12 @@ */ /* BEGIN_CASE */ -void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) +void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str ) { unsigned char mac[16]; /* size set by the standard */ - unsigned char mac_str[33]; /* hex expansion of the above */ mbedtls_poly1305_context ctx; - memset( mac_str, 0x00, sizeof( mac_str ) ); - memset( mac, 0x00, sizeof( mac ) ); + memset( mac, 0x00, sizeof( mac ) ); /* * Test the integrated API @@ -24,8 +22,7 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x, src_str->len, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); /* * Test the streaming API @@ -38,8 +35,7 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); /* * Test the streaming API again, piecewise @@ -56,8 +52,7 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); } /* @@ -73,8 +68,7 @@ void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - mbedtls_test_hexify( mac_str, mac, 16 ); - TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); } mbedtls_poly1305_free( &ctx ); From 4e66587545c006849071c17284605c3750c49074 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Jun 2020 17:44:27 +0200 Subject: [PATCH 004/488] tests: Move mbedtls_param_failed() call location record In preparation of moving mbedtls_param_failed() to test common code, move mbedtls_param_failed() call location record into a context dedicated to mbedtls_param_failed(). Signed-off-by: Ronald Cron --- tests/suites/helpers.function | 39 ++++++++++++++++++++++++++++----- tests/suites/main_test.function | 6 +++++ 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index a5285a3a6..c80ffff75 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -370,6 +370,21 @@ test_info_t; static test_info_t test_info; #if defined(MBEDTLS_CHECK_PARAMS) +typedef struct +{ + const char *failure_condition; + const char *file; + int line; +} +mbedtls_test_param_failed_location_record_t; + +typedef struct +{ + mbedtls_test_param_failed_location_record_t location_record; +} +param_failed_ctx_t; +static param_failed_ctx_t param_failed_ctx; + jmp_buf param_fail_jmp; jmp_buf jmp_tmp; #endif @@ -422,10 +437,29 @@ void test_skip( const char *test, int line_no, const char* filename ) } #if defined(MBEDTLS_CHECK_PARAMS) +/** + * \brief Get the location record of the last call to + * mbedtls_test_param_failed(). + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed() that cancels it. + */ +void mbedtls_test_param_failed_get_location_record( + mbedtls_test_param_failed_location_record_t *location_record ) +{ + *location_record = param_failed_ctx.location_record; +} + void mbedtls_param_failed( const char *failure_condition, const char *file, int line ) { + /* Record the location of the failure */ + param_failed_ctx.location_record.failure_condition = failure_condition; + param_failed_ctx.location_record.file = file; + param_failed_ctx.location_record.line = line; + /* If we are testing the callback function... */ if( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) { @@ -435,11 +469,6 @@ void mbedtls_param_failed( const char *failure_condition, { /* ...else we treat this as an error */ - /* Record the location of the failure, but not as a failure yet, in case - * it was part of the test */ - test_fail( failure_condition, line, file ); - test_info.result = TEST_RESULT_SUCCESS; - longjmp( param_fail_jmp, 1 ); } } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 75656a81c..28c7aa8fb 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -167,6 +167,8 @@ $dispatch_code void execute_function_ptr(TestWrapper_t fp, void **params) { #if defined(MBEDTLS_CHECK_PARAMS) + mbedtls_test_param_failed_location_record_t location_record; + if ( setjmp( param_fail_jmp ) == 0 ) { fp( params ); @@ -174,6 +176,10 @@ void execute_function_ptr(TestWrapper_t fp, void **params) else { /* Unexpected parameter validation error */ + mbedtls_test_param_failed_get_location_record( &location_record ); + test_fail( location_record.failure_condition, + location_record.line, + location_record.file ); test_info.result = TEST_RESULT_FAILED; } From 76883ec85381173b12bd0cf10de2d0addce95362 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Jul 2020 15:05:21 +0200 Subject: [PATCH 005/488] tests: Isolate mbedtls_param_failed() call check In preparation of moving mbedtls_param_failed() to test common code, isolate mbedtls_param_failed() call check from unit test data. Signed-off-by: Ronald Cron --- tests/suites/helpers.function | 72 +++++++++++++++++++++++---------- tests/suites/host_test.function | 1 - 2 files changed, 50 insertions(+), 23 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index c80ffff75..2414057f7 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -74,16 +74,6 @@ typedef struct data_tag #define DISPATCH_UNSUPPORTED_SUITE -5 /* Test suite not supported by the build */ -typedef enum -{ - PARAMFAIL_TESTSTATE_IDLE = 0, /* No parameter failure call test */ - PARAMFAIL_TESTSTATE_PENDING, /* Test call to the parameter failure - * is pending */ - PARAMFAIL_TESTSTATE_CALLED /* The test call to the parameter - * failure function has been made */ -} paramfail_test_state_t; - - /*----------------------------------------------------------------------------*/ /* Macros */ @@ -237,15 +227,16 @@ typedef enum * * \param TEST The test expression to be tested. */ -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_PENDING; \ - if( (TEST) != (PARAM_ERR_VALUE) || \ - test_info.paramfail_test_state != PARAMFAIL_TESTSTATE_CALLED ) \ - { \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { \ + mbedtls_test_param_failed_expect_call( ); \ + if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \ + ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \ + { \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + mbedtls_test_param_failed_check_expected_call( ); \ } while( 0 ) /** @@ -359,7 +350,6 @@ typedef enum typedef struct { - paramfail_test_state_t paramfail_test_state; test_result_t result; const char *test; const char *filename; @@ -380,6 +370,9 @@ mbedtls_test_param_failed_location_record_t; typedef struct { + uint8_t expected_call; + uint8_t expected_call_happened; + mbedtls_test_param_failed_location_record_t location_record; } param_failed_ctx_t; @@ -451,6 +444,40 @@ void mbedtls_test_param_failed_get_location_record( *location_record = param_failed_ctx.location_record; } +/** + * \brief State that a call to mbedtls_param_failed() is expected. + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed that cancel it. + */ +void mbedtls_test_param_failed_expect_call( void ) +{ + param_failed_ctx.expected_call_happened = 0; + param_failed_ctx.expected_call = 1; +} + +/** + * \brief Check whether mbedtls_param_failed() has been called as expected. + * + * \note Check whether mbedtls_param_failed() has been called between the + * last call to mbedtls_test_param_failed_expect_call() and the call + * to this function. + * + * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(), + * mbedtls_param_failed() has been called. + * \c -1 Otherwise. + */ +int mbedtls_test_param_failed_check_expected_call( void ) +{ + param_failed_ctx.expected_call = 0; + + if( param_failed_ctx.expected_call_happened != 0 ) + return( 0 ); + + return( -1 ); +} + void mbedtls_param_failed( const char *failure_condition, const char *file, int line ) @@ -461,9 +488,10 @@ void mbedtls_param_failed( const char *failure_condition, param_failed_ctx.location_record.line = line; /* If we are testing the callback function... */ - if( test_info.paramfail_test_state == PARAMFAIL_TESTSTATE_PENDING ) + if( param_failed_ctx.expected_call != 0 ) { - test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_CALLED; + param_failed_ctx.expected_call = 0; + param_failed_ctx.expected_call_happened = 1; } else { diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index a459eed56..9e59b7052 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -683,7 +683,6 @@ int execute_tests( int argc , const char ** argv ) if( unmet_dep_count == 0 ) { test_info.result = TEST_RESULT_SUCCESS; - test_info.paramfail_test_state = PARAMFAIL_TESTSTATE_IDLE; test_info.step = (unsigned long)( -1 ); #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) From 579fd2852782a9b409c7fa04c98109d677052800 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Jul 2020 15:17:05 +0200 Subject: [PATCH 006/488] tests: Isolate mbedtls_param_failed() long jump In preparation of moving mbedtls_param_failed() to test common code, isolate mbedtls_param_failed() long jump data and set up from unit test data and code. Signed-off-by: Ronald Cron --- tests/suites/helpers.function | 73 +++++++++++++++++++++++++++------ tests/suites/main_test.function | 4 +- 2 files changed, 62 insertions(+), 15 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2414057f7..3180a27e6 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -259,16 +259,17 @@ typedef struct data_tag * * \param TEST The test expression to be tested. */ -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - memcpy(jmp_tmp, param_fail_jmp, sizeof(jmp_buf)); \ - if( setjmp( param_fail_jmp ) == 0 ) \ - { \ - TEST; \ - test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - memcpy(param_fail_jmp, jmp_tmp, sizeof(jmp_buf)); \ +#define TEST_INVALID_PARAM( TEST ) \ + do { \ + memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \ + sizeof( jmp_tmp ) ); \ + if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \ + { \ + TEST; \ + test_fail( #TEST, __LINE__, __FILE__ ); \ + goto exit; \ + } \ + mbedtls_test_param_failed_reset_state( ); \ } while( 0 ) #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ @@ -373,12 +374,13 @@ typedef struct uint8_t expected_call; uint8_t expected_call_happened; + jmp_buf state; + mbedtls_test_param_failed_location_record_t location_record; } param_failed_ctx_t; static param_failed_ctx_t param_failed_ctx; -jmp_buf param_fail_jmp; jmp_buf jmp_tmp; #endif @@ -478,6 +480,47 @@ int mbedtls_test_param_failed_check_expected_call( void ) return( -1 ); } +/** + * \brief Get a pointer to the object of type jmp_buf holding the execution + * state information used by mbedtls_param_failed() to do a long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution to the state stored in the jmp_buf object whose address + * is returned by the present function. + * + * \note The returned pointer is of type void* as its type is opaque, + * implementation dependent (jmp_buf is an array type not the type of + * one element of an array). + * + * \return Address of the object of type jmp_buf holding the execution state + * information used by mbedtls_param_failed() to do a long jump. + */ +void* mbedtls_test_param_failed_get_state_buf( void ) +{ + return ¶m_failed_ctx.state[0]; +} + +/** + * \brief Reset the execution state used by mbedtls_param_failed() to do a + * long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution state that this function reset. + * + * \note It is recommended to reset the execution state when the state + * is not relevant anymore. That way an unexpected call to + * mbedtls_param_failed() will not trigger a long jump with + * undefined behavior but rather a long jump that will rather fault. + */ +void mbedtls_test_param_failed_reset_state( void ) +{ + memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) ); +} + void mbedtls_param_failed( const char *failure_condition, const char *file, int line ) @@ -495,9 +538,13 @@ void mbedtls_param_failed( const char *failure_condition, } else { - /* ...else we treat this as an error */ + /* ...else try a long jump. If the execution state has not been set-up + * or reset then the long jump buffer is all zero's and the call will + * with high probability fault, emphasizing there is something to look + * at. + */ - longjmp( param_fail_jmp, 1 ); + longjmp( param_failed_ctx.state, 1 ); } } #endif diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 28c7aa8fb..9d4312906 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -169,7 +169,7 @@ void execute_function_ptr(TestWrapper_t fp, void **params) #if defined(MBEDTLS_CHECK_PARAMS) mbedtls_test_param_failed_location_record_t location_record; - if ( setjmp( param_fail_jmp ) == 0 ) + if ( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) { fp( params ); } @@ -183,7 +183,7 @@ void execute_function_ptr(TestWrapper_t fp, void **params) test_info.result = TEST_RESULT_FAILED; } - memset( param_fail_jmp, 0, sizeof(jmp_buf) ); + mbedtls_test_param_failed_reset_state( ); #else fp( params ); #endif From a123614699cae981a5be42693fed2d50ba116b15 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 1 Jul 2020 16:01:21 +0200 Subject: [PATCH 007/488] tests: Move mbedtls_param_failed() to test common code This makes the implementation of mbedtls_param_failed() for testing purpose available to programs. Thus removing the ad-hoc implementations in programs. Signed-off-by: Ronald Cron --- programs/psa/crypto_examples.c | 12 --- programs/psa/key_ladder_demo.c | 12 --- tests/include/test/helpers.h | 79 +++++++++++++++++++ tests/scripts/all.sh | 4 +- tests/src/helpers.c | 85 ++++++++++++++++++++ tests/suites/helpers.function | 138 --------------------------------- 6 files changed, 165 insertions(+), 165 deletions(-) diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 97beb0eb4..8160789ae 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -319,18 +319,6 @@ static void cipher_examples( void ) printf( "\tsuccess!\r\n" ); } -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - exit( EXIT_FAILURE ); -} -#endif - int main( void ) { ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index b633f7578..17843e1b7 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -605,18 +605,6 @@ static void usage( void ) printf( " and the same sequence of labels.\n" ); } -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - printf( "%s:%i: Input param failed - %s\n", - file, line, failure_condition ); - exit( EXIT_FAILURE ); -} -#endif - int main( int argc, char *argv[] ) { const char *key_file_name = "master.key"; diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 0c516355a..79a63fbd3 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -103,4 +103,83 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); +#if defined(MBEDTLS_CHECK_PARAMS) + +typedef struct +{ + const char *failure_condition; + const char *file; + int line; +} +mbedtls_test_param_failed_location_record_t; + +/** + * \brief Get the location record of the last call to + * mbedtls_test_param_failed(). + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed() that cancels it. + */ +void mbedtls_test_param_failed_get_location_record( + mbedtls_test_param_failed_location_record_t *location_record ); + +/** + * \brief State that a call to mbedtls_param_failed() is expected. + * + * \note The call expectation is set up and active until the next call to + * mbedtls_test_param_failed_check_expected_call() or + * mbedtls_param_failed that cancel it. + */ +void mbedtls_test_param_failed_expect_call( void ); + +/** + * \brief Check whether mbedtls_param_failed() has been called as expected. + * + * \note Check whether mbedtls_param_failed() has been called between the + * last call to mbedtls_test_param_failed_expect_call() and the call + * to this function. + * + * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(), + * mbedtls_param_failed() has been called. + * \c -1 Otherwise. + */ +int mbedtls_test_param_failed_check_expected_call( void ); + +/** + * \brief Get a pointer to the object of type jmp_buf holding the execution + * state information used by mbedtls_param_failed() to do a long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution to the state stored in the jmp_buf object whose address + * is returned by the present function. + * + * \note The returned pointer is of type void* as its type is opaque, + * implementation dependent (jmp_buf is an array type not the type of + * one element of an array). + * + * \return Address of the object of type jmp_buf holding the execution state + * information used by mbedtls_param_failed() to do a long jump. + */ +void* mbedtls_test_param_failed_get_state_buf( void ); + +/** + * \brief Reset the execution state used by mbedtls_param_failed() to do a + * long jump. + * + * \note If a call to mbedtls_param_failed() is not expected in the sense + * that there is no call to mbedtls_test_param_failed_expect_call() + * preceding it, then mbedtls_param_failed() will try to restore the + * execution state that this function reset. + * + * \note It is recommended to reset the execution state when the state + * is not relevant anymore. That way an unexpected call to + * mbedtls_param_failed() will not trigger a long jump with + * undefined behavior but rather a long jump that will rather fault. + */ +void mbedtls_test_param_failed_reset_state( void ); +#endif /* MBEDTLS_CHECK_PARAMS */ + #endif /* TEST_HELPERS_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 01f5910ff..60e530266 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1183,9 +1183,7 @@ component_test_check_params_functionality () { scripts/config.py full # includes CHECK_PARAMS # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT - # Only build and run tests. Do not build sample programs, because - # they don't have a mbedtls_param_failed() function. - make CC=gcc CFLAGS='-Werror -O1' lib test + make CC=gcc CFLAGS='-Werror -O1' all test } component_test_check_params_without_platform () { diff --git a/tests/src/helpers.c b/tests/src/helpers.c index b9abf19aa..a963da974 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -21,10 +21,34 @@ #include #include +#if defined(MBEDTLS_CHECK_PARAMS) +#include +#endif + +/*----------------------------------------------------------------------------*/ +/* Static global variables */ + +#if defined(MBEDTLS_CHECK_PARAMS) +typedef struct +{ + uint8_t expected_call; + uint8_t expected_call_happened; + + jmp_buf state; + + mbedtls_test_param_failed_location_record_t location_record; +} +param_failed_ctx_t; +static param_failed_ctx_t param_failed_ctx; +#endif + #if defined(MBEDTLS_PLATFORM_C) static mbedtls_platform_context platform_ctx; #endif +/*----------------------------------------------------------------------------*/ +/* Helper Functions */ + int mbedtls_test_platform_setup( void ) { int ret = 0; @@ -161,3 +185,64 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, } return ret; } + +#if defined(MBEDTLS_CHECK_PARAMS) +void mbedtls_test_param_failed_get_location_record( + mbedtls_test_param_failed_location_record_t *location_record ) +{ + *location_record = param_failed_ctx.location_record; +} + +void mbedtls_test_param_failed_expect_call( void ) +{ + param_failed_ctx.expected_call_happened = 0; + param_failed_ctx.expected_call = 1; +} + +int mbedtls_test_param_failed_check_expected_call( void ) +{ + param_failed_ctx.expected_call = 0; + + if( param_failed_ctx.expected_call_happened != 0 ) + return( 0 ); + + return( -1 ); +} + +void* mbedtls_test_param_failed_get_state_buf( void ) +{ + return ¶m_failed_ctx.state[0]; +} + +void mbedtls_test_param_failed_reset_state( void ) +{ + memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) ); +} + +void mbedtls_param_failed( const char *failure_condition, + const char *file, + int line ) +{ + /* Record the location of the failure */ + param_failed_ctx.location_record.failure_condition = failure_condition; + param_failed_ctx.location_record.file = file; + param_failed_ctx.location_record.line = line; + + /* If we are testing the callback function... */ + if( param_failed_ctx.expected_call != 0 ) + { + param_failed_ctx.expected_call = 0; + param_failed_ctx.expected_call_happened = 1; + } + else + { + /* ...else try a long jump. If the execution state has not been set-up + * or reset then the long jump buffer is all zero's and the call will + * with high probability fault, emphasizing there is something to look + * at. + */ + + longjmp( param_failed_ctx.state, 1 ); + } +} +#endif /* MBEDTLS_CHECK_PARAMS */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 3180a27e6..a3bfae3f0 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -361,26 +361,6 @@ test_info_t; static test_info_t test_info; #if defined(MBEDTLS_CHECK_PARAMS) -typedef struct -{ - const char *failure_condition; - const char *file; - int line; -} -mbedtls_test_param_failed_location_record_t; - -typedef struct -{ - uint8_t expected_call; - uint8_t expected_call_happened; - - jmp_buf state; - - mbedtls_test_param_failed_location_record_t location_record; -} -param_failed_ctx_t; -static param_failed_ctx_t param_failed_ctx; - jmp_buf jmp_tmp; #endif @@ -431,124 +411,6 @@ void test_skip( const char *test, int line_no, const char* filename ) test_info.filename = filename; } -#if defined(MBEDTLS_CHECK_PARAMS) -/** - * \brief Get the location record of the last call to - * mbedtls_test_param_failed(). - * - * \note The call expectation is set up and active until the next call to - * mbedtls_test_param_failed_check_expected_call() or - * mbedtls_param_failed() that cancels it. - */ -void mbedtls_test_param_failed_get_location_record( - mbedtls_test_param_failed_location_record_t *location_record ) -{ - *location_record = param_failed_ctx.location_record; -} - -/** - * \brief State that a call to mbedtls_param_failed() is expected. - * - * \note The call expectation is set up and active until the next call to - * mbedtls_test_param_failed_check_expected_call() or - * mbedtls_param_failed that cancel it. - */ -void mbedtls_test_param_failed_expect_call( void ) -{ - param_failed_ctx.expected_call_happened = 0; - param_failed_ctx.expected_call = 1; -} - -/** - * \brief Check whether mbedtls_param_failed() has been called as expected. - * - * \note Check whether mbedtls_param_failed() has been called between the - * last call to mbedtls_test_param_failed_expect_call() and the call - * to this function. - * - * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(), - * mbedtls_param_failed() has been called. - * \c -1 Otherwise. - */ -int mbedtls_test_param_failed_check_expected_call( void ) -{ - param_failed_ctx.expected_call = 0; - - if( param_failed_ctx.expected_call_happened != 0 ) - return( 0 ); - - return( -1 ); -} - -/** - * \brief Get a pointer to the object of type jmp_buf holding the execution - * state information used by mbedtls_param_failed() to do a long jump. - * - * \note If a call to mbedtls_param_failed() is not expected in the sense - * that there is no call to mbedtls_test_param_failed_expect_call() - * preceding it, then mbedtls_param_failed() will try to restore the - * execution to the state stored in the jmp_buf object whose address - * is returned by the present function. - * - * \note The returned pointer is of type void* as its type is opaque, - * implementation dependent (jmp_buf is an array type not the type of - * one element of an array). - * - * \return Address of the object of type jmp_buf holding the execution state - * information used by mbedtls_param_failed() to do a long jump. - */ -void* mbedtls_test_param_failed_get_state_buf( void ) -{ - return ¶m_failed_ctx.state[0]; -} - -/** - * \brief Reset the execution state used by mbedtls_param_failed() to do a - * long jump. - * - * \note If a call to mbedtls_param_failed() is not expected in the sense - * that there is no call to mbedtls_test_param_failed_expect_call() - * preceding it, then mbedtls_param_failed() will try to restore the - * execution state that this function reset. - * - * \note It is recommended to reset the execution state when the state - * is not relevant anymore. That way an unexpected call to - * mbedtls_param_failed() will not trigger a long jump with - * undefined behavior but rather a long jump that will rather fault. - */ -void mbedtls_test_param_failed_reset_state( void ) -{ - memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) ); -} - -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - /* Record the location of the failure */ - param_failed_ctx.location_record.failure_condition = failure_condition; - param_failed_ctx.location_record.file = file; - param_failed_ctx.location_record.line = line; - - /* If we are testing the callback function... */ - if( param_failed_ctx.expected_call != 0 ) - { - param_failed_ctx.expected_call = 0; - param_failed_ctx.expected_call_happened = 1; - } - else - { - /* ...else try a long jump. If the execution state has not been set-up - * or reset then the long jump buffer is all zero's and the call will - * with high probability fault, emphasizing there is something to look - * at. - */ - - longjmp( param_failed_ctx.state, 1 ); - } -} -#endif - #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) static int redirect_output( FILE** out_stream, const char* path ) { From ed3c9ec71ad14e531fe688b53027490c6fda58aa Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 6 Jul 2020 14:08:59 +0200 Subject: [PATCH 008/488] Added support for AES-ECB to the PSA Crypto implementation PSA_ALG_ECB_NO_PADDING came in to the PSA Crypto API spec v1.0.0, but was not implemented yet in the mbed TLS implementation. Signed-off-by: Steven Cooreman --- include/mbedtls/psa_util.h | 2 + include/psa/crypto_values.h | 9 ++++ library/psa_crypto.c | 19 +++++-- tests/suites/test_suite_psa_crypto.data | 26 +++++++++- tests/suites/test_suite_psa_crypto.function | 50 +++++++++++++------ .../test_suite_psa_crypto_metadata.data | 4 ++ 6 files changed, 90 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 513bc5feb..a8c15a03c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -85,6 +85,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( { switch( mode ) { + case MBEDTLS_MODE_ECB: + return ( PSA_ALG_ECB_NO_PADDING ); case MBEDTLS_MODE_GCM: return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) ); case MBEDTLS_MODE_CCM: diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index f33946ab9..786a3bb17 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -980,6 +980,15 @@ */ #define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff) +/** The Electronic Code Book (ECB) mode of a block cipher, with no padding. + * + * The underlying block cipher is determined by the key type. + * + * This symmetric cipher mode can only be used with messages whose lengths + * are whole number of blocks for the chosen block cipher. + */ +#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400) + /** The CBC block cipher chaining mode, with no padding. * * The underlying block cipher is determined by the key type. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4c3966ca7..9362ef0ba 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2518,6 +2518,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_ALG_OFB: mode = MBEDTLS_MODE_OFB; break; + case PSA_ALG_ECB_NO_PADDING: + mode = MBEDTLS_MODE_ECB; + break; case PSA_ALG_CBC_NO_PADDING: mode = MBEDTLS_MODE_CBC; break; @@ -3746,7 +3749,11 @@ static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, operation->alg = alg; operation->key_set = 0; operation->iv_set = 0; - operation->iv_required = 1; + if( alg == PSA_ALG_ECB_NO_PADDING ) { + operation->iv_required = 0; + } else { + operation->iv_required = 1; + } operation->iv_size = 0; operation->block_size = 0; mbedtls_cipher_init( &operation->ctx.cipher ); @@ -3837,7 +3844,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->key_set = 1; operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) ); - if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) + if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG && alg != PSA_ALG_ECB_NO_PADDING ) { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ); } @@ -3991,12 +3998,14 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT && - operation->alg == PSA_ALG_CBC_NO_PADDING && - operation->ctx.cipher.unprocessed_len != 0 ) + if( operation->ctx.cipher.unprocessed_len != 0 ) { + if( operation->alg == PSA_ALG_ECB_NO_PADDING || + ( operation->alg == PSA_ALG_CBC_NO_PADDING && + operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) { status = PSA_ERROR_INVALID_ARGUMENT; goto error; + } } cipher_ret = mbedtls_cipher_finish( &operation->ctx.cipher, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2a0573d8b..61338e92c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -346,7 +346,11 @@ PSA import RSA public key: maximum size exceeded depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED -PSA key policy: AES +PSA key policy: AES ECB +depends_on:MBEDTLS_AES_C +check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECB_NO_PADDING + +PSA key policy: AES CBC depends_on:MBEDTLS_AES_C check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING @@ -1122,6 +1126,10 @@ PSA cipher: bad order function calls depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_bad_order: +PSA symmetric encrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS + PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS @@ -1158,6 +1166,10 @@ PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS +PSA symmetric decrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS + PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS @@ -1194,6 +1206,10 @@ PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS +PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" + PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_verify_output:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -1210,6 +1226,10 @@ PSA symmetric encrypt/decrypt: AES-CTR depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" +PSA symmetric encryption multipart: AES-ECB, 16+16 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b" @@ -1274,6 +1294,10 @@ PSA symmetric encryption multipart: AES-CTR, 16+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" +PSA symmetric decryption multipart: AES-ECB, 16+16 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ae4045c74..e392ecc66 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3347,7 +3347,11 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } + output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -3410,7 +3414,11 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } + output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -3479,7 +3487,9 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3546,7 +3556,9 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3613,9 +3625,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + if( alg != PSA_ALG_ECB_NO_PADDING ) { + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); + } output1_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output1, output1_size ); @@ -3635,8 +3649,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg, output2_size = output1_length; ASSERT_ALLOC( output2, output2_size ); - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + if( iv_length > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); + } + PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length, output2, output2_size, &output2_length ) ); @@ -3698,9 +3715,12 @@ void cipher_verify_output_multipart( int alg_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + if( alg != PSA_ALG_ECB_NO_PADDING ) { + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); + } + output1_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output1, output1_buffer_size ); @@ -3730,8 +3750,10 @@ void cipher_verify_output_multipart( int alg_arg, output2_buffer_size = output1_length; ASSERT_ALLOC( output2, output2_buffer_size ); - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + if( iv_length > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); + } PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, output2, output2_buffer_size, diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index f8889833b..e36ddb9a1 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -122,6 +122,10 @@ Cipher: OFB depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_OFB cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER +Cipher: ECB-nopad +depends_on:MBEDTLS_CIPHER_C +cipher_algorithm:PSA_ALG_ECB_NO_PADDING:0 + Cipher: CBC-nopad depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0 From 2a48b53ee761c31441b69a121b8e19da474074e4 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 6 Jul 2020 14:42:39 +0200 Subject: [PATCH 009/488] Added changelog entry for AES-ECB in PSA Signed-off-by: Steven Cooreman --- ChangeLog.d/add-aes-ecb-to-psa.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add-aes-ecb-to-psa.txt diff --git a/ChangeLog.d/add-aes-ecb-to-psa.txt b/ChangeLog.d/add-aes-ecb-to-psa.txt new file mode 100644 index 000000000..2fa57ad8e --- /dev/null +++ b/ChangeLog.d/add-aes-ecb-to-psa.txt @@ -0,0 +1,2 @@ +Features + * Added support for AES-ECB to the PSA Crypto cipher API. From d8902b6e3da02c6b0274ecb6f1160235097a81c0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 30 Jul 2020 14:18:02 +0200 Subject: [PATCH 010/488] tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE The usage of "!memcmp()" is at least not recommended and better to use the macro dedicated for buffer comparisons. Signed-off-by: Ronald Cron --- tests/suites/test_suite_aria.function | 28 +++++++++++++---------- tests/suites/test_suite_chacha20.function | 12 +++++----- tests/suites/test_suite_hkdf.function | 8 +++---- tests/suites/test_suite_poly1305.function | 12 ++++++---- 4 files changed, 34 insertions(+), 26 deletions(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 3cc683bf0..6d6a20335 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -226,8 +226,8 @@ void aria_encrypt_ecb( data_t *key_str, data_t *src_str, output + i ) == 0 ); } - TEST_ASSERT( !memcmp( output, - expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -256,8 +256,8 @@ void aria_decrypt_ecb( data_t *key_str, data_t *src_str, output + i ) == 0 ); } - TEST_ASSERT( !memcmp( output, - expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -282,8 +282,8 @@ void aria_encrypt_cbc( data_t *key_str, data_t *iv_str, output ) == cbc_result ); if( cbc_result == 0 ) { - TEST_ASSERT( !memcmp( output, - expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -308,8 +308,8 @@ void aria_decrypt_cbc( data_t *key_str, data_t *iv_str, output ) == cbc_result ); if( cbc_result == 0 ) { - TEST_ASSERT( !memcmp( output, - expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); } exit: @@ -335,7 +335,8 @@ void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str, iv_str->x, src_str->x, output ) == result ); - TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); @@ -360,7 +361,8 @@ void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str, iv_str->x, src_str->x, output ) == result ); - TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); @@ -385,7 +387,8 @@ void aria_encrypt_ctr( data_t *key_str, data_t *iv_str, iv_str->x, blk, src_str->x, output ) == result ); - TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); @@ -410,7 +413,8 @@ void aria_decrypt_ctr( data_t *key_str, data_t *iv_str, iv_str->x, blk, src_str->x, output ) == result ); - TEST_ASSERT( !memcmp( output, expected_output->x, expected_output->len) ); + ASSERT_COMPARE( output, expected_output->len, + expected_output->x, expected_output->len ); exit: mbedtls_aria_free( &ctx ); diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 968a9e9b9..67c8de2ec 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -28,8 +28,8 @@ void chacha20_crypt( data_t *key_str, */ TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 ); - TEST_ASSERT( !memcmp( output, expected_output_str->x, - expected_output_str->len ) ); + ASSERT_COMPARE( output, expected_output_str->len, + expected_output_str->x, expected_output_str->len ); /* * Test the streaming API @@ -43,8 +43,8 @@ void chacha20_crypt( data_t *key_str, memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 ); - TEST_ASSERT( !memcmp( output, expected_output_str->x, - expected_output_str->len ) ); + ASSERT_COMPARE( output, expected_output_str->len, + expected_output_str->x, expected_output_str->len ); /* * Test the streaming API again, piecewise @@ -59,8 +59,8 @@ void chacha20_crypt( data_t *key_str, TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1, src_str->x + 1, output + 1 ) == 0 ); - TEST_ASSERT( !memcmp( output, expected_output_str->x, - expected_output_str->len ) ); + ASSERT_COMPARE( output, expected_output_str->len, + expected_output_str->x, expected_output_str->len ); mbedtls_chacha20_free( &ctx ); } diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 1e41f5002..4c597c3f9 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -24,7 +24,8 @@ void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, info->x, info->len, okm, expected_okm->len ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( !memcmp( okm, expected_okm->x, expected_okm->len ) ); + ASSERT_COMPARE( okm , expected_okm->len, + expected_okm->x, expected_okm->len ); } /* END_CASE */ @@ -48,12 +49,11 @@ void test_hkdf_extract( int md_alg, char *hex_ikm_string, ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len ); salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len ); prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len ); - TEST_ASSERT( prk_len == output_prk_len ); ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( !memcmp( output_prk, prk, prk_len ) ); + ASSERT_COMPARE( output_prk, output_prk_len, prk, prk_len ); exit: mbedtls_free(ikm); @@ -89,7 +89,7 @@ void test_hkdf_expand( int md_alg, char *hex_info_string, ret = mbedtls_hkdf_expand( md, prk, prk_len, info, info_len, output_okm, OKM_LEN ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( !memcmp( output_okm, okm, okm_len ) ); + ASSERT_COMPARE( output_okm, okm_len, okm, okm_len ); exit: mbedtls_free(info); diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 0fc1f6058..4b8995b60 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -22,7 +22,8 @@ void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x, src_str->len, mac ) == 0 ); - TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); /* * Test the streaming API @@ -35,7 +36,8 @@ void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); /* * Test the streaming API again, piecewise @@ -52,7 +54,8 @@ void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); } /* @@ -68,7 +71,8 @@ void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str ) TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - TEST_ASSERT( !memcmp( mac, expected_mac->x, expected_mac->len ) ); + ASSERT_COMPARE( mac, expected_mac->len, + expected_mac->x, expected_mac->len ); } mbedtls_poly1305_free( &ctx ); From 7a1e4f926a30a55a8903b22404d2bba738660df3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 20:54:56 +0200 Subject: [PATCH 011/488] Minor wording improvements Clarify some sentences. There is no change in intended meaning. Fix typos. Change British spelling to American spelling. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 8ef972a1f..563bd97ca 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/05 20:37:24 GMT" +Time-stamp: "2020/08/06 18:52:00 GMT" ## Introduction @@ -26,7 +26,7 @@ The PSA Cryptography driver interface supports two types of cryptoprocessors, an ### Requirements -The present specification was designed to fulfil the following high-level requirements. +The present specification was designed to fulfill the following high-level requirements. [Req.plugins] It is possible to combine multiple drivers from different providers into the same implementation, without any prior arrangement other than choosing certain names and values from disjoint namespaces. @@ -34,7 +34,7 @@ The present specification was designed to fulfil the following high-level requir [Req.types] Support drivers for the following types of hardware: accelerators that operate on keys in cleartext; cryptoprocessors that can wrap keys with a built-in keys but not store user keys; and cryptoprocessors that store key material. -[Req.portable] The interface between drivers and the core does not involve any platform-specific consideration. Driver calls are simple C functions. Interactions between driver code and hardware happen inside the driver (and in fact a driver need not involve any hardware at all). +[Req.portable] The interface between drivers and the core does not involve any platform-specific consideration. Driver calls are simple C function calls. Interactions between driver code and hardware happen only inside the driver (and in fact a driver need not involve any hardware at all). [Req.location] Applications can tell which location values correspond to which secure element drivers. @@ -53,8 +53,8 @@ The concrete syntax for a driver description file is JSON. The structure of this A driver therefore consists of: * A driver description file (in JSON format). -* C header files defining the types required by the driver description. The names of these header files is declared in the driver description file. -* An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled. +* C header files defining the types required by the driver description. The names of these header files are declared in the driver description file. +* An object file compiled for the target platform defining the entry point functions specified by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled. How to provide the driver description file, the C header files and the object code is implementation-dependent. @@ -148,15 +148,15 @@ The signature of a driver entry point generally looks like the signature of the * For entry points that involve a multi-part operation, the operation state type (`psa_XXX_operation_t`) is replaced by a driver-specific operation state type (*prefix*`_XXX_operation_t`). -Some entry points are grouped in families that must be implemented as a whole. If a driver supports a entry point family, it must provide all the entry points in the family. +Some entry points are grouped in families that must be implemented as a whole. If a driver supports an entry point family, it must provide all the entry points in the family. #### General considerations on driver entry point parameters Buffer parameters for driver entry points obey the following conventions: * An input buffer has the type `const uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. -* An output buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. A third parameter of type `size_t *` is provided to report the actual buffer size if the function succeeds. -* An in-out buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. Note that the buffer size does not change. +* An output buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. A third parameter of type `size_t *` is provided to report the actual length of the data written in the buffer if the function succeeds. +* An in-out buffer has the type `uint8_t *` and is immediately followed by a parameter of type `size_t` that indicates the buffer size. In-out buffers are only used when the input and the output have the same length. Buffers of size 0 may be represented with either a null pointer or a non-null pointer. @@ -209,7 +209,7 @@ This family requires the following type and functions: * `"hash_finish"`: called by `psa_hash_finish()` and `psa_hash_verify()`. * `"hash_abort"`: called by all multi-part hash functions. -To verify a hash with `psa_hash_verify()`, the core calls the driver's *prefix`_hash_finish` entry point and compares the result with the reference hash value. +To verify a hash with `psa_hash_verify()`, the core calls the driver's *prefix*`_hash_finish` entry point and compares the result with the reference hash value. For example, a driver with the prefix `"acme"` that implements the `"hash_multipart"` entry point family must define the following type and entry points (assuming that the capability does not use the `"names"` property to declare different type and entry point names): @@ -275,7 +275,7 @@ The driver entry points for key management differs significantly between [transp #### Driver initialization -A driver may declare an `"init"` entry point in a capability with no algorithm, key type or key size. If so, the driver calls this entry point once during the initialization of the PSA Crypto subsystem. If the init entry point of any driver fails, the initialization of the PSA Crypto subsystem fails. +A driver may declare an `"init"` entry point in a capability with no algorithm, key type or key size. If so, the core calls this entry point once during the initialization of the PSA Crypto subsystem. If the init entry point of any driver fails, the initialization of the PSA Crypto subsystem fails. When multiple drivers have an init entry point, the order in which they are called is unspecified. It is also unspecified whether other drivers' init functions are called if one or more init function fails. @@ -285,7 +285,7 @@ The init function does not take any parameter. ### Combining multiple drivers -To declare a cryptoprocessor can handle both cleartext and plaintext keys, you need to provide two driver descriptions, one for a transparent driver and one for an opaque driver. You can use the mapping in capabilities' `"names"` property to arrange for multiple driver entry points to map to the same C function. +To declare a cryptoprocessor can handle both cleartext and wrapped keys, you need to provide two driver descriptions, one for a transparent driver and one for an opaque driver. You can use the mapping in capabilities' `"names"` property to arrange for multiple driver entry points to map to the same C function. ## Transparent drivers @@ -379,7 +379,7 @@ If the key is stored in wrapped form outside the secure element, and the wrapped ### Key management with opaque drivers -Transparent drivers may provide the following key management entry points: +Opaque drivers may provide the following key management entry points: * `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this entry point at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. @@ -439,7 +439,7 @@ If a failure occurs after the `"allocate_key"` step but before the call to the s To destroy a key, the core calls the driver's `"destroy_key"` entry point. -Note that the key allocation and destruction entry point must not rely solely on the key identifier in the key attributes to identify a key. Some implementations of the PSA Crypto API store keys on behalf of multiple clients, and different clients may use the same key identifier to designate different keys. The manner in which the core distinguishes keys that have the same identifier but are part of the key namespace for different clients is implementation-dependent and is not accessible to drivers. Some typical strategies to allocate an internal key identifier are: +Note that the key allocation and destruction entry points must not rely solely on the key identifier in the key attributes to identify a key. Some implementations of the PSA Crypto API store keys on behalf of multiple clients, and different clients may use the same key identifier to designate different keys. The manner in which the core distinguishes keys that have the same identifier but are part of the key namespace for different clients is implementation-dependent and is not accessible to drivers. Some typical strategies to allocate an internal key identifier are: * Maintain a set of free slot numbers which is stored either in the secure element or in the driver's persistent storage. To allocate a key slot, find a free slot number, mark it as occupied and store the number in the key context. When the key is destroyed, mark the slot number as free. * Maintain a monotonic counter with a practically unbounded range in the secure element or in the driver's persistent storage. To allocate a key slot, increment the counter and store the current value in the key context. Destroying a key does not change the counter. From e72e4de07081f4fa336fe4df7529e9d84330f5f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 20:56:45 +0200 Subject: [PATCH 012/488] Clarify what the headers do Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 563bd97ca..de336147a 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/06 18:52:00 GMT" +Time-stamp: "2020/08/06 18:56:39 GMT" ## Introduction @@ -46,7 +46,7 @@ The present specification was designed to fulfill the following high-level requi ### Deliverables for a driver -To write a driver, you need to implement some functions with C linkage, and to declare these functions in a **driver description file**. The driver description file declares which functions the driver implements and what cryptographic mechanisms they support. Depending on the driver type, you may also need to define some C types and macros in a header file. +To write a driver, you need to implement some functions with C linkage, and to declare these functions in a **driver description file**. The driver description file declares which functions the driver implements and what cryptographic mechanisms they support. If the driver description references custom types, macros or constants, you also need to provide C header files defining those elements. The concrete syntax for a driver description file is JSON. The structure of this JSON file is specified in the section [“Driver description syntax”](#driver-description-syntax). @@ -70,7 +70,7 @@ A driver description is a JSON object containing the following properties: * `"prefix"` (mandatory, string). This must be a valid prefix for a C identifier. All the types and functions provided by the driver have a name that starts with this prefix unless overridden with a `"name"` element in the applicable capability as described below. * `"type"` (mandatory, string). One of `"transparent"` or `"opaque"`. -* `"headers"` (optional, array of strings). A list of header files. These header files must define the types provided by the driver and may declare the functions provided by the driver. They may include other PSA headers and standard headers of the platform. Whether they may include other headers is implementation-specific. If omitted, the list of headers is empty. +* `"headers"` (optional, array of strings). A list of header files. These header files must define the types, macros and constants referenced by the driver description. They may declare the entry point functions, but this is not required. They may include other PSA headers and standard headers of the platform. Whether they may include other headers is implementation-specific. If omitted, the list of headers is empty. * `"capabilities"` (mandatory, array of [capabilities](#driver-description-capability)). A list of **capabilities**. Each capability describes a family of functions that the driver implements for a certain class of cryptographic mechanisms. * `"key_context"` (not permitted for transparent drivers, mandatory for opaque drivers): information about the [representation of keys](#key-format-for-opaque-drivers). From 53ba94c96840099e349ce49e7e1fc28fa97cd860 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 20:58:54 +0200 Subject: [PATCH 013/488] Clarify how the headers are used Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index de336147a..7eba8e68c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/06 18:56:39 GMT" +Time-stamp: "2020/08/06 18:58:29 GMT" ## Introduction @@ -70,7 +70,7 @@ A driver description is a JSON object containing the following properties: * `"prefix"` (mandatory, string). This must be a valid prefix for a C identifier. All the types and functions provided by the driver have a name that starts with this prefix unless overridden with a `"name"` element in the applicable capability as described below. * `"type"` (mandatory, string). One of `"transparent"` or `"opaque"`. -* `"headers"` (optional, array of strings). A list of header files. These header files must define the types, macros and constants referenced by the driver description. They may declare the entry point functions, but this is not required. They may include other PSA headers and standard headers of the platform. Whether they may include other headers is implementation-specific. If omitted, the list of headers is empty. +* `"headers"` (optional, array of strings). A list of header files. These header files must define the types, macros and constants referenced by the driver description. They may declare the entry point functions, but this is not required. They may include other PSA headers and standard headers of the platform. Whether they may include other headers is implementation-specific. If omitted, the list of headers is empty. The header files must be present at the specified location relative to a directory on the compiler's include path when compiling glue code between the core and the drivers. * `"capabilities"` (mandatory, array of [capabilities](#driver-description-capability)). A list of **capabilities**. Each capability describes a family of functions that the driver implements for a certain class of cryptographic mechanisms. * `"key_context"` (not permitted for transparent drivers, mandatory for opaque drivers): information about the [representation of keys](#key-format-for-opaque-drivers). From d4e692761461a065976e998ef554a976bfcd9875 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 21:10:20 +0200 Subject: [PATCH 014/488] Change "function" to "entry point" in more places Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 7eba8e68c..559fd9fce 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/06 18:58:29 GMT" +Time-stamp: "2020/08/06 19:10:09 GMT" ## Introduction @@ -83,7 +83,7 @@ A capability declares a family of functions that the driver implements for a cer A capability is a JSON object containing the following properties: -* `"functions"` (optional, list of strings). Each element is the name of a [driver function](#driver-functions) or driver function family. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. If omitted, the `"algorithms"` property is mandatory and the core will invoke this capability of the driver for all operations that are applicable to the specified algorithms. The driver must implement all the specified or implied functions, as well as the types if applicable. +* `"functions"` (optional, list of strings). Each element is the name of a [driver entry point](#driver-entry-point) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. If omitted, the `"algorithms"` property is mandatory and the core will invoke this capability of the driver for all operations that are applicable to the specified algorithms. The driver must implement all the specified or implied entry points, as well as the types if applicable. * `"algorithms"` (optional, list of strings). Each element is an [algorithm specification](#algorithm-specifications). If specified, the core will invoke this capability of the driver only when performing one of the specified algorithms. If omitted, the core will invoke this capability for all applicable algorithms. * `"key_types"` (optional, list of strings). Each element is a [key type specification](#key-type-specifications). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key types. If omitted, the core will invoke this capability of the driver for all applicable key types. * `"key_sizes"` (optional, list of integers). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key sizes. If omitted, the core will invoke this capability of the driver for all applicable key sizes. Key sizes are expressed in bits. @@ -201,13 +201,13 @@ This family corresponds to the calculation of a hash in multiple steps. This family applies to transparent drivers only. -This family requires the following type and functions: +This family requires the following type and entry points: * Type `"hash_operation_t"`: the type of a hash operation context. It must be possible to copy a hash operation context byte by byte, therefore hash operation contexts must not contain any embedded pointers (except pointers to global data that do not change after the setup step). * `"hash_setup"`: called by `psa_hash_setup()`. * `"hash_update"`: called by `psa_hash_update()`. * `"hash_finish"`: called by `psa_hash_finish()` and `psa_hash_verify()`. -* `"hash_abort"`: called by all multi-part hash functions. +* `"hash_abort"`: called by all multi-part hash functions of the PSA Cryptography API. To verify a hash with `psa_hash_verify()`, the core calls the driver's *prefix*`_hash_finish` entry point and compares the result with the reference hash value. @@ -261,7 +261,7 @@ This family requires the following type and entry points: * `"key_derivation_input_bytes"`: called by `psa_key_derivation_input_bytes()` and `psa_key_derivation_input_key()`. For transparent drivers, when processing a call to `psa_key_derivation_input_key()`, the core always calls the applicable driver's `"key_derivation_input_bytes"` entry point. * `"key_derivation_input_key"` (opaque drivers only) * `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. -* `"key_derivation_abort"`: called by all key derivation functions. +* `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers @@ -277,11 +277,11 @@ The driver entry points for key management differs significantly between [transp A driver may declare an `"init"` entry point in a capability with no algorithm, key type or key size. If so, the core calls this entry point once during the initialization of the PSA Crypto subsystem. If the init entry point of any driver fails, the initialization of the PSA Crypto subsystem fails. -When multiple drivers have an init entry point, the order in which they are called is unspecified. It is also unspecified whether other drivers' init functions are called if one or more init function fails. +When multiple drivers have an init entry point, the order in which they are called is unspecified. It is also unspecified whether other drivers' `"init"` entry points are called if one or more init entry point fails. On platforms where the PSA Crypto implementation is a subsystem of a single application, the initialization of the PSA Crypto subsystem takes place during the call to `psa_crypto_init()`. On platforms where the PSA Crypto implementation is separate from the application or applications, the initialization the initialization of the PSA Crypto subsystem takes place before or during the first time an application calls `psa_crypto_init()`. -The init function does not take any parameter. +The init entry point does not take any parameter. ### Combining multiple drivers @@ -400,7 +400,7 @@ This section describes the key creation process for secure elements that do not When creating a key with an opaque driver which does not have an `"allocate_key"` or `"destroy_key"` entry point: 1. The core allocates memory for the key context. -2. The core calls the driver's import, generate, derive or copy function. +2. The core calls the driver's import, generate, derive or copy entry point. 3. The core saves the resulting wrapped key material and any other data that the key context may contain. To destroy a key, the core simply destroys the wrapped key material, without invoking driver code. @@ -463,7 +463,7 @@ psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, size_t key_buffer_size); ``` -If the driver has an [`"allocate_key"` entry point](#key-management-in-a-secure-element-with-storage), the core calls the `"allocate_key"` entry point with the same attributes on the same key buffer before calling the key creation function. +If the driver has an [`"allocate_key"` entry point](#key-management-in-a-secure-element-with-storage), the core calls the `"allocate_key"` entry point with the same attributes on the same key buffer before calling the key creation entry point. TODO: derivation, copy From a58d225d623432a478701b127e054554f7c1c363 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 21:24:03 +0200 Subject: [PATCH 015/488] Add deep links to the API specification in a few places Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 559fd9fce..34bdb194d 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/06 19:10:09 GMT" +Time-stamp: "2020/08/06 19:22:52 GMT" ## Introduction @@ -291,7 +291,7 @@ To declare a cryptoprocessor can handle both cleartext and wrapped keys, you nee ### Key format for transparent drivers -The format of a key for transparent drivers is the same as in applications. Refer to the documentation of `psa_export_key()` and `psa_export_public_key()`. +The format of a key for transparent drivers is the same as in applications. Refer to the documentation of [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) and [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key) in the PSA Cryptography API specification. For custom key types defined by an implementation, refer to the documentation of that implementation. ### Key management with transparent drivers From daf9d82b75a4a8d894dd86ac77605479c2a93169 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 22:11:30 +0200 Subject: [PATCH 016/488] Correct usage of key_derivation_output_key Add the mention of key_derivation_output_key in the section about the key derivation entry point family. Rename "derive_key" to "key_derivation_output_key". At this point, there's no reason to deviate from the naming convention. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 34bdb194d..cc8200f0c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/06 19:22:52 GMT" +Time-stamp: "2020/08/06 20:13:43 GMT" ## Introduction @@ -261,6 +261,7 @@ This family requires the following type and entry points: * `"key_derivation_input_bytes"`: called by `psa_key_derivation_input_bytes()` and `psa_key_derivation_input_key()`. For transparent drivers, when processing a call to `psa_key_derivation_input_key()`, the core always calls the applicable driver's `"key_derivation_input_bytes"` entry point. * `"key_derivation_input_key"` (opaque drivers only) * `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. +* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers. * `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers @@ -298,7 +299,7 @@ The format of a key for transparent drivers is the same as in applications. Refe Transparent drivers may provide the following key management entry points: * `"generate_key"`: called by `psa_generate_key()`, only when generating a key pair (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). -* `"derive_key"`: called by `psa_key_derivation_output_key()`, only when deriving a key pair (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). +* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()`, only when deriving a key pair (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this function at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. Transparent drivers are not involved when importing, exporting, copying or destroying keys, or when generating or deriving symmetric keys. @@ -385,7 +386,7 @@ Opaque drivers may provide the following key management entry points: * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this entry point at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. * `"import_key"`: called by `psa_import_key()`, or by `psa_copy_key()` when copying a key from another location. * `"generate_key"`: called by `psa_generate_key()`. -* `"derive_key"`: called by `psa_key_derivation_output_key()`. +* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()`. * `"copy_key"`: called by `psa_copy_key()` when copying a key within the same [location](#lifetimes-and-locations). In addition, secure elements that store the key material internally must provide the following two entry points: From 85b3e13cd0ccb6d2bf5fbfe47a7e3616f60ff08e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 22:20:07 +0200 Subject: [PATCH 017/488] Introduce "acme" as the prefix each time it's used Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index cc8200f0c..12d26b42a 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -413,7 +413,7 @@ This section describes the key creation and key destruction processes for secure * `"allocate_key"`: this function obtains an internal identifier for the key. This may be, for example, a unique label or a slot number. * `"destroy_key"`: this function invalidates the internal identifier and destroys the associated key material. -These functions have the following prototypes: +These functions have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_allocate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, @@ -451,7 +451,7 @@ TODO: some of the above doesn't apply to volatile keys #### Key creation entry points in opaque drivers -The key creation entry points have the following prototypes: +The key creation entry points have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_import_key(const psa_key_attributes_t *attributes, @@ -470,7 +470,7 @@ TODO: derivation, copy #### Key export entry points in opaque drivers -The key export entry points have the following prototypes: +The key export entry points have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_export_key(const psa_key_attributes_t *attributes, @@ -525,7 +525,7 @@ Transparent drivers linked into the library are automatically used for the mecha Each opaque driver is assigned a [location](#lifetimes-and-locations). The driver is invoked for all actions that use a key in that location. A key's location is indicated by its lifetime. The application chooses the key's lifetime when it creates the key. -For example, the following snippet creates an AES-GCM key which is only accessible inside a secure element. +For example, the following snippet creates an AES-GCM key which is only accessible inside the secure element designated by the location `PSA_KEY_LOCATION_acme`. ``` psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( From 15319454e689414a07ac0a9d98890d391dbbb340 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Aug 2020 22:47:39 +0200 Subject: [PATCH 018/488] Reword the explanation of fallback Add the rationale which I'd accidentally omitted. No intended meaning change. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 12d26b42a..af07448e3 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/06 20:13:43 GMT" +Time-stamp: "2020/08/06 20:48:44 GMT" ## Introduction @@ -88,7 +88,7 @@ A capability is a JSON object containing the following properties: * `"key_types"` (optional, list of strings). Each element is a [key type specification](#key-type-specifications). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key types. If omitted, the core will invoke this capability of the driver for all applicable key types. * `"key_sizes"` (optional, list of integers). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key sizes. If omitted, the core will invoke this capability of the driver for all applicable key sizes. Key sizes are expressed in bits. * `"names"` (optional, object). A mapping from entry point names described by the `"functions"` property, to the name of the C function in the driver that implements the corresponding function. If a function is not listed here, name of the driver function that implements it is the driver's prefix followed by an underscore (`_`) followed by the function name. If this property is omitted, it is equivalent to an empty object (so each entry point *suffix* is implemented by a function called *prefix*`_`*suffix*). -* `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the core should not include built-in code to perform this particular cryptographic mechanism. See the section “[Fallback](#fallback)” for more information. +* `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the driver is expected to fully support the mechanisms described by this capabilit. See the section “[Fallback](#fallback)” for more information. Example: the following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. ``` @@ -306,9 +306,14 @@ Transparent drivers are not involved when importing, exporting, copying or destr ### Fallback -If a transparent driver entry point is part of a capability which has a true `"fallback"` property and returns `PSA_ERROR_NOT_SUPPORTED`, the built-in software implementation will be called instead. Any other value (`PSA_SUCCESS` or a different error code) is returned to the application. +Sometimes cryptographic accelerators only support certain cryptographic mechanisms partially. The capability description language allows specifying some restrictions, including restrictions on key sizes, but it cannot cover all the possibilities that may arise in practice. Furthermore, it may be desirable to deploy the same binary image on different devices, only some of which have a cryptographic accelerators. +For these purposes, a transparent driver can declare that it only supports a [capability](#driver-description-capability) partially, by setting the capability's `"fallback"` property to true. -If there are multiple available transparent drivers, the core tries them in turn until one is declared without a true `"fallback"` property or returns a status other than `PSA_ERROR_NOT_SUPPORTED`. The order in which the drivers are called is unspecified and may be different for different entry points. +If a transparent driver entry point is part of a capability which has a true `"fallback"` property and returns `PSA_ERROR_NOT_SUPPORTED`, the core will call the next transparent driver that supports the mechanism, if there is one. If all the available driver have fallback enabled and return `PSA_ERROR_NOT_SUPPORTED`, the core will perform the operation using built-in code. + +As soon as a driver returns any value other than `PSA_ERROR_NOT_SUPPORTED` (`PSA_SUCCESS` or a different error code), this value is returned to the application, without attempting to call any other driver or built-in code. + +The order in which the drivers are called is unspecified and may be different for different entry points. If a transparent driver entry point is part of a capability where the `"fallback"` property is false or omitted, the core should not include any other code for this capability, whether built in or in another transparent driver. @@ -587,6 +592,10 @@ How does a driver author decide which location values to use? It should be possi Can the driver assembly process generate distinct location values as needed? This can be convenient, but it's also risky: if you upgrade a device, you need the location values to be the same between builds. +#### Multiple transparent drivers + +When multiple transparent drivers implement the same mechanism, which one is called? The first one? The last one? Unspecified? Or is this an error (excluding capabilities with fallback enabled)? + ### Driver function interfaces #### Driver function parameter conventions From c259213a0161c2ba2ac9f5b71b955a668bbf4274 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 13:52:43 +0200 Subject: [PATCH 019/488] More editorial corrections Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index af07448e3..24cb58144 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,15 +5,15 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/06 20:48:44 GMT" +Time-stamp: "2020/08/07 11:51:18 GMT" ## Introduction ### Purpose of the driver interface -The PSA Cryptography API defines an interface that allows applications to perform cryptographic operations in a uniform way regardless of how the operations are performed. Under the hood, different keys may be processed in different hardware or in different logical partitions, and different algorithms may involve different hardware or software components. +The PSA Cryptography API defines an interface that allows applications to perform cryptographic operations in a uniform way regardless of how the operations are performed. Under the hood, different keys may be stored and used in different hardware or in different logical partitions, and different algorithms may involve different hardware or software components. -The driver interface allows implementations of the PSA Crypytography API to be built compositionally. An implementation of the PSA Cryptography API is composed of a **core** and zero or more **drivers**. The core handles key management, enforces key usage policies, and dispatches cryptographic operations either to the applicable driver or to built-in code. +The driver interface allows implementations of the PSA Cryptography API to be built compositionally. An implementation of the PSA Cryptography API is composed of a **core** and zero or more **drivers**. The core handles key management, enforces key usage policies, and dispatches cryptographic operations either to the applicable driver or to built-in code. Functions in the PSA Cryptography API invoke functions in the core. Code from the core calls drivers as described in the present document. @@ -21,7 +21,7 @@ Functions in the PSA Cryptography API invoke functions in the core. Code from th The PSA Cryptography driver interface supports two types of cryptoprocessors, and accordingly two types of drivers. -* **Transparent** drivers implement cryptographic operations on keys that are provided in cleartext at the beginning of each operation. They are typically used for hardware **accelerators**. When a transparent driver is available for a particular combination of parameters (cryptographic algorithm, key type and size, etc.), it is used instead of the default software implementation. Transparent drivers can also be pure software implementations that are distributed as plug-ins to a PSA Crypto implementation (for example, an alternative implementation with different performance characteristics, or a certified implementation). +* **Transparent** drivers implement cryptographic operations on keys that are provided in cleartext at the beginning of each operation. They are typically used for hardware **accelerators**. When a transparent driver is available for a particular combination of parameters (cryptographic algorithm, key type and size, etc.), it is used instead of the default software implementation. Transparent drivers can also be pure software implementations that are distributed as plug-ins to a PSA Cryptography implementation (for example, an alternative implementation with different performance characteristics, or a certified implementation). * **Opaque** drivers implement cryptographic operations on keys that can only be used inside a protected environment such as a **secure element**, a hardware security module, a smartcard, a secure enclave, etc. An opaque driver is invoked for the specific [key location](#lifetimes-and-locations) that the driver is registered for: the dispatch is based on the key's lifetime. ### Requirements @@ -135,9 +135,9 @@ PSA_KEY_TYPE_ECC_KEY_PAIR(_) Drivers define functions, each of which implements an aspect of a capability of a driver, such as a cryptographic operation, a part of a cryptographic operation, or a key management action. These functions are called the **entry points** of the driver. Most driver entry points correspond to a particular function in the PSA Cryptography API. For example, if a call to `psa_sign_hash()` is dispatched to a driver, it invokes the driver's `sign_hash` function. -All driver entry points return a status of type `psa_status_t` which should use the status codes documented for PSA services in general and for PSA Crypto in particular: `PSA_SUCCESS` indicates that the function succeeded, and `PSA_ERROR_xxx` values indicate that an error occurred. +All driver entry points return a status of type `psa_status_t` which should use the status codes documented for PSA services in general and for PSA Cryptography in particular: `PSA_SUCCESS` indicates that the function succeeded, and `PSA_ERROR_xxx` values indicate that an error occurred. -The signature of a driver entry point generally looks like the signature of the PSA Crypto API that it implements, with some modifications. This section gives an overview of modifications that apply to whole classes of entry points. Refer to the reference section for each entry point or entry point family for details. +The signature of a driver entry point generally looks like the signature of the PSA Cryptography API that it implements, with some modifications. This section gives an overview of modifications that apply to whole classes of entry points. Refer to the reference section for each entry point or entry point family for details. * For entry points that operate on an existing key, the `psa_key_id_t` parameter is replaced by a sequence of three parameters that describe the key: 1. `const psa_key_attributes_t *attributes`: the key attributes. @@ -276,11 +276,11 @@ The driver entry points for key management differs significantly between [transp #### Driver initialization -A driver may declare an `"init"` entry point in a capability with no algorithm, key type or key size. If so, the core calls this entry point once during the initialization of the PSA Crypto subsystem. If the init entry point of any driver fails, the initialization of the PSA Crypto subsystem fails. +A driver may declare an `"init"` entry point in a capability with no algorithm, key type or key size. If so, the core calls this entry point once during the initialization of the PSA Cryptography subsystem. If the init entry point of any driver fails, the initialization of the PSA Cryptography subsystem fails. When multiple drivers have an init entry point, the order in which they are called is unspecified. It is also unspecified whether other drivers' `"init"` entry points are called if one or more init entry point fails. -On platforms where the PSA Crypto implementation is a subsystem of a single application, the initialization of the PSA Crypto subsystem takes place during the call to `psa_crypto_init()`. On platforms where the PSA Crypto implementation is separate from the application or applications, the initialization the initialization of the PSA Crypto subsystem takes place before or during the first time an application calls `psa_crypto_init()`. +On platforms where the PSA Cryptography implementation is a subsystem of a single application, the initialization of the PSA Cryptography subsystem takes place during the call to `psa_crypto_init()`. On platforms where the PSA Cryptography implementation is separate from the application or applications, the initialization the initialization of the PSA Cryptography subsystem takes place before or during the first time an application calls `psa_crypto_init()`. The init entry point does not take any parameter. @@ -445,7 +445,7 @@ If a failure occurs after the `"allocate_key"` step but before the call to the s To destroy a key, the core calls the driver's `"destroy_key"` entry point. -Note that the key allocation and destruction entry points must not rely solely on the key identifier in the key attributes to identify a key. Some implementations of the PSA Crypto API store keys on behalf of multiple clients, and different clients may use the same key identifier to designate different keys. The manner in which the core distinguishes keys that have the same identifier but are part of the key namespace for different clients is implementation-dependent and is not accessible to drivers. Some typical strategies to allocate an internal key identifier are: +Note that the key allocation and destruction entry points must not rely solely on the key identifier in the key attributes to identify a key. Some implementations of the PSA Cryptography API store keys on behalf of multiple clients, and different clients may use the same key identifier to designate different keys. The manner in which the core distinguishes keys that have the same identifier but are part of the key namespace for different clients is implementation-dependent and is not accessible to drivers. Some typical strategies to allocate an internal key identifier are: * Maintain a set of free slot numbers which is stored either in the secure element or in the driver's persistent storage. To allocate a key slot, find a free slot number, mark it as occupied and store the number in the key context. When the key is destroyed, mark the slot number as free. * Maintain a monotonic counter with a practically unbounded range in the secure element or in the driver's persistent storage. To allocate a key slot, increment the counter and store the current value in the key context. Destroying a key does not change the counter. From 924e273b069586b623df399fdfc580426c6ba259 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 13:53:16 +0200 Subject: [PATCH 020/488] Change "functions" property to "entry_points" Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 24cb58144..cc760d44c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/07 11:51:18 GMT" +Time-stamp: "2020/08/07 11:53:09 GMT" ## Introduction @@ -83,17 +83,17 @@ A capability declares a family of functions that the driver implements for a cer A capability is a JSON object containing the following properties: -* `"functions"` (optional, list of strings). Each element is the name of a [driver entry point](#driver-entry-point) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. If omitted, the `"algorithms"` property is mandatory and the core will invoke this capability of the driver for all operations that are applicable to the specified algorithms. The driver must implement all the specified or implied entry points, as well as the types if applicable. +* `"entry_points"` (optional, list of strings). Each element is the name of a [driver entry point](#driver-entry-point) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. If omitted, the `"algorithms"` property is mandatory and the core will invoke this capability of the driver for all operations that are applicable to the specified algorithms. The driver must implement all the specified or implied entry points, as well as the types if applicable. * `"algorithms"` (optional, list of strings). Each element is an [algorithm specification](#algorithm-specifications). If specified, the core will invoke this capability of the driver only when performing one of the specified algorithms. If omitted, the core will invoke this capability for all applicable algorithms. * `"key_types"` (optional, list of strings). Each element is a [key type specification](#key-type-specifications). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key types. If omitted, the core will invoke this capability of the driver for all applicable key types. * `"key_sizes"` (optional, list of integers). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key sizes. If omitted, the core will invoke this capability of the driver for all applicable key sizes. Key sizes are expressed in bits. -* `"names"` (optional, object). A mapping from entry point names described by the `"functions"` property, to the name of the C function in the driver that implements the corresponding function. If a function is not listed here, name of the driver function that implements it is the driver's prefix followed by an underscore (`_`) followed by the function name. If this property is omitted, it is equivalent to an empty object (so each entry point *suffix* is implemented by a function called *prefix*`_`*suffix*). +* `"names"` (optional, object). A mapping from entry point names described by the `"entry_points"` property, to the name of the C function in the driver that implements the corresponding function. If a function is not listed here, name of the driver function that implements it is the driver's prefix followed by an underscore (`_`) followed by the function name. If this property is omitted, it is equivalent to an empty object (so each entry point *suffix* is implemented by a function called *prefix*`_`*suffix*). * `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the driver is expected to fully support the mechanisms described by this capabilit. See the section “[Fallback](#fallback)” for more information. Example: the following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. ``` { - "functions": ["sign_hash"], + "entry_points": ["sign_hash"], "algorithms": ["PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)", "PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384)"], "key_types": ["PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1)"], From 1bc9c4c8c803b40fe01bdb3ab827669896c4c150 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 22:47:15 +0200 Subject: [PATCH 021/488] Make entry points mandatory in capabilities Inferring entry points from algorithms is nice in that it makes capability specifications shorter and less redundant, but that's not really important. It also makes capabilities more fragile: if the core starts supporting new mechanisms based on the same algorithm (for example, adding hash-and-sign when only sign-the-hash existed before), a driver only supporting the old mechanisms would fail at build time. So make entry points mandatory. This has the benefit of making the semantics of capabilities easier to describe. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index cc760d44c..32427ae68 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -83,7 +83,7 @@ A capability declares a family of functions that the driver implements for a cer A capability is a JSON object containing the following properties: -* `"entry_points"` (optional, list of strings). Each element is the name of a [driver entry point](#driver-entry-point) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. If omitted, the `"algorithms"` property is mandatory and the core will invoke this capability of the driver for all operations that are applicable to the specified algorithms. The driver must implement all the specified or implied entry points, as well as the types if applicable. +* `"entry_points"` (mandatory, list of strings). Each element is the name of a [driver entry point](#driver-entry-point) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. The driver must implement all the specified entry points, as well as the types if applicable. * `"algorithms"` (optional, list of strings). Each element is an [algorithm specification](#algorithm-specifications). If specified, the core will invoke this capability of the driver only when performing one of the specified algorithms. If omitted, the core will invoke this capability for all applicable algorithms. * `"key_types"` (optional, list of strings). Each element is a [key type specification](#key-type-specifications). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key types. If omitted, the core will invoke this capability of the driver for all applicable key types. * `"key_sizes"` (optional, list of integers). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key sizes. If omitted, the core will invoke this capability of the driver for all applicable key sizes. Key sizes are expressed in bits. From c7cf13356c3fb8386ff519ad9e4752712bb1c6b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 23:24:00 +0200 Subject: [PATCH 022/488] Define the semantics of capabilities The existing description of the syntax of capabilities also describes the semantics of each property, but the semantics of the capability as a whole is not immediately clear. Add a subsection that explains precisely when a capability is applicable. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 30 ++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 32427ae68..823311022 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/07 11:53:09 GMT" +Time-stamp: "2020/08/07 21:22:01 GMT" ## Introduction @@ -77,7 +77,9 @@ A list of **capabilities**. Each capability describes a family of functions that * `"persistent_state_size"` (not permitted for transparent drivers, optional for opaque drivers, integer or string). The size in bytes of the [persistent state of the driver](#opaque-driver-persistent-state). This may be either a non-negative integer or a C constant expression of type `size_t`. * `"location"` (not permitted for transparent drivers, optional for opaque drivers, integer or string). The [location value](#lifetimes-and-locations) for which this driver is invoked. In other words, this determines the lifetimes for which the driver is invoked. This may be either a non-negative integer or a C constant expression of type `psa_key_location_t`. -#### Driver description capability +### Driver description capability + +#### Capability syntax A capability declares a family of functions that the driver implements for a certain class of cryptographic mechanisms. The capability specifies which key types and algorithms are covered and the names of the types and functions that implement it. @@ -90,7 +92,29 @@ A capability is a JSON object containing the following properties: * `"names"` (optional, object). A mapping from entry point names described by the `"entry_points"` property, to the name of the C function in the driver that implements the corresponding function. If a function is not listed here, name of the driver function that implements it is the driver's prefix followed by an underscore (`_`) followed by the function name. If this property is omitted, it is equivalent to an empty object (so each entry point *suffix* is implemented by a function called *prefix*`_`*suffix*). * `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the driver is expected to fully support the mechanisms described by this capabilit. See the section “[Fallback](#fallback)” for more information. -Example: the following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. +#### Capability semantics + +When the PSA Cryptography implementation performs a cryptographic mechanism, it invokes available driver entry points as described in the section [“Driver entry points”](#driver-entry-point). + +A driver is considered available for a cryptographic mechanism that invokes a given entry point if all of the following conditions are met: + +* The driver specification includes a capability whose `"entry_points"` list either includes the entry point or includes an entry point family that includes the entry point. +* If the mechanism involves an algorithm: + * either the capability does not have an `"algorithms"` property; + * or the value of the capability's `"algorithms"` property includes an [algorithm specification](#algorithm-specifications) that matches this algorithm. +* If the mechanism involves a key: + * either the key is transparent (its location is `PSA_KEY_LOCATION_LOCAL_STORAGE`), and the driver is transparent; + * or the key is opaque (its location is not `PSA_KEY_LOCATION_LOCAL_STORAGE`) and the driver is an opaque driver whose location is the key's location. +* If the mechanism involves a key: + * either the capability does not have a `"key_types"` property; + * or the value of the capability's `"key_types"` property includes a [key type specification](#key-type-specifications) that matches this algorithm. +* If the mechanism involves a key: + * either the capability does not have a `"key_sizes"` property; + * or the value of the capability's `"key_sizes"` property includes the key's size. + +#### Capability examples + +The following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. ``` { "entry_points": ["sign_hash"], From 91cbf56d4c5b928efd5e9094dddc64735c464c0a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 23:25:33 +0200 Subject: [PATCH 023/488] Specify what happens if multiple capabilities apply It's ok if they map to the same function names and an error otherwise. It's an error to have multiple opaque drivers for the same location. If multiple transparent drivers apply, which one applies is unspecified. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 823311022..af53f985c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/07 21:22:01 GMT" +Time-stamp: "2020/08/07 21:30:02 GMT" ## Introduction @@ -112,6 +112,10 @@ A driver is considered available for a cryptographic mechanism that invokes a gi * either the capability does not have a `"key_sizes"` property; * or the value of the capability's `"key_sizes"` property includes the key's size. +If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and all the capabilities map the entry point to the same function name, the driver is considered available for this cryptographic mechanism. If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and at least two of these capabilities map the entry point to the different function names, the driver specification is invalid. + +If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, which driver is invoked (or which drivers are invoked, if some of those capabilities have [fallback](#fallback) enabled) is unspecified. If multiple opaque driver have the same location, the list of driver specifications is invalid. + #### Capability examples The following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. From d89cd742ebc585bdfa1c9eb66e338dabbae3216d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 23:37:55 +0200 Subject: [PATCH 024/488] Specify that transparent drivers are considered in order There is little point in leaving the order in which drivers are considered unspecified. This gives flexibility to the implementation for a process that is generally performed at build time, not in a constrained environment. Having a well-defined order is especially useful with fallback. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index af53f985c..4f6e52384 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -58,12 +58,14 @@ A driver therefore consists of: How to provide the driver description file, the C header files and the object code is implementation-dependent. -Implementations should support multiple drivers. - ### Driver description syntax The concrete syntax for a driver description file is JSON. +#### Driver specification list + +PSA Cryptography core implementations should support multiple drivers. The driver description files are passed to the implementation as an ordered list in an unspecified manner. This may be, for example, a list of file names passed on a command line, or a JSON list whose elements are individual driver specifications. + #### Driver description top-level element A driver description is a JSON object containing the following properties: @@ -114,7 +116,9 @@ A driver is considered available for a cryptographic mechanism that invokes a gi If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and all the capabilities map the entry point to the same function name, the driver is considered available for this cryptographic mechanism. If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and at least two of these capabilities map the entry point to the different function names, the driver specification is invalid. -If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, which driver is invoked (or which drivers are invoked, if some of those capabilities have [fallback](#fallback) enabled) is unspecified. If multiple opaque driver have the same location, the list of driver specifications is invalid. +If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, the first matching driver in the [specification list](#Driver specification list) is invoked. If the capability has [fallback](#fallback) enabled and the first driver returns `PSA_ERROR_NOT_SUPPORTED`, the next matching driver is invoked, and so on. + +If multiple opaque driver have the same location, the list of driver specifications is invalid. #### Capability examples @@ -337,12 +341,11 @@ Transparent drivers are not involved when importing, exporting, copying or destr Sometimes cryptographic accelerators only support certain cryptographic mechanisms partially. The capability description language allows specifying some restrictions, including restrictions on key sizes, but it cannot cover all the possibilities that may arise in practice. Furthermore, it may be desirable to deploy the same binary image on different devices, only some of which have a cryptographic accelerators. For these purposes, a transparent driver can declare that it only supports a [capability](#driver-description-capability) partially, by setting the capability's `"fallback"` property to true. -If a transparent driver entry point is part of a capability which has a true `"fallback"` property and returns `PSA_ERROR_NOT_SUPPORTED`, the core will call the next transparent driver that supports the mechanism, if there is one. If all the available driver have fallback enabled and return `PSA_ERROR_NOT_SUPPORTED`, the core will perform the operation using built-in code. +If a transparent driver entry point is part of a capability which has a true `"fallback"` property and returns `PSA_ERROR_NOT_SUPPORTED`, the core will call the next transparent driver that supports the mechanism, if there is one. The core considers drivers in the order given by the [driver description list](#driver-description-list). +If all the available driver have fallback enabled and return `PSA_ERROR_NOT_SUPPORTED`, the core will perform the operation using built-in code. As soon as a driver returns any value other than `PSA_ERROR_NOT_SUPPORTED` (`PSA_SUCCESS` or a different error code), this value is returned to the application, without attempting to call any other driver or built-in code. -The order in which the drivers are called is unspecified and may be different for different entry points. - If a transparent driver entry point is part of a capability where the `"fallback"` property is false or omitted, the core should not include any other code for this capability, whether built in or in another transparent driver. ## Opaque drivers From daf017c8a20a8ea414cc857579d783f549081a12 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 7 Aug 2020 23:40:53 +0200 Subject: [PATCH 025/488] Allow algorithm policy wildcards as algorithm specifications I'd intended this all along but never made it explicit. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 4f6e52384..ae4f7c6a5 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/07 21:30:02 GMT" +Time-stamp: "2020/08/07 21:40:41 GMT" ## Introduction @@ -122,7 +122,15 @@ If multiple opaque driver have the same location, the list of driver specificati #### Capability examples -The following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. +Example 1: the following capability declares that the driver can perform deterministic ECDSA signatures (but not signature verification) using any hash algorithm and any curve that the core supports. If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. +``` +{ + "entry_points": ["sign_hash"], + "algorithms": ["PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)"], +} +``` + +Example 2: the following capability declares that the driver can perform deterministic ECDSA signatures using SHA-256 or SHA-384 with a SECP256R1 or SECP384R1 private key (with either hash being possible in combination with either curve). If the prefix of this driver is `"acme"`, the function that performs the signature is called `acme_sign_hash`. ``` { "entry_points": ["sign_hash"], @@ -137,7 +145,7 @@ The following capability declares that the driver can perform deterministic ECDS #### Algorithm specifications -An algorithm specification is a string consisting of a `PSA_ALG_xxx` macro that specifies a cryptographic algorithm defined by the PSA Cryptography API. If the macro takes arguments, the string must have the syntax of a C macro call and each argument must be an algorithm specification or a decimal or hexadecimal literal with no suffix, depending on the expected type of argument. +An algorithm specification is a string consisting of a `PSA_ALG_xxx` macro that specifies a cryptographic algorithm or an algorithm wildcard policy defined by the PSA Cryptography API. If the macro takes arguments, the string must have the syntax of a C macro call and each argument must be an algorithm specification or a decimal or hexadecimal literal with no suffix, depending on the expected type of argument. Spaces are optional after commas. Whether other whitespace is permitted is implementation-specific. @@ -146,6 +154,7 @@ Valid examples: PSA_ALG_SHA_256 PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH) ``` #### Key type specifications From e58a630cb04d1e5117ce7b9801e465b16f79a8ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Nov 2018 16:20:16 +0000 Subject: [PATCH 026/488] Add support for password protected key file to ssl_server2 The example application programs/ssl/ssl_server2 allows the configuration of up to two CRTs through the command line parameters - crt_file, key_file - crt_file2, key_file2. However, password protected key files are not supported. This commit adds command line options - key_pwd - key_pwd2 which allow to specify passwords for the key files specified in key_file and key_file2, respectively. --- programs/ssl/ssl_server2.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 15346070c..ee7ec7958 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -124,8 +124,10 @@ int main( void ) #define DFL_CA_PATH "" #define DFL_CRT_FILE "" #define DFL_KEY_FILE "" +#define DFL_KEY_PWD "" #define DFL_CRT_FILE2 "" #define DFL_KEY_FILE2 "" +#define DFL_KEY_PWD2 "" #define DFL_ASYNC_OPERATIONS "-" #define DFL_ASYNC_PRIVATE_DELAY1 ( -1 ) #define DFL_ASYNC_PRIVATE_DELAY2 ( -1 ) @@ -218,11 +220,15 @@ int main( void ) " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ " default: see note after key_file2\n" \ " key_file=%%s default: see note after key_file2\n" \ + " key_pwd=%%s Password for key specified by key_file argument\n"\ + " default: none\n" \ " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \ " default: see note after key_file2\n" \ " key_file2=%%s default: see note below\n" \ " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \ " preloaded certificate(s) and key(s) are used if available\n" \ + " key_pwd2=%%s Password for key specified by key_file2 argument\n"\ + " default: none\n" \ " dhm_file=%%s File containing Diffie-Hellman parameters\n" \ " default: preloaded parameters\n" #else @@ -572,8 +578,10 @@ struct options const char *ca_path; /* the path with the CA certificate(s) reside */ const char *crt_file; /* the file with the server certificate */ const char *key_file; /* the file with the server key */ + const char *key_pwd; /* the password for the server key */ const char *crt_file2; /* the file with the 2nd server certificate */ const char *key_file2; /* the file with the 2nd server key */ + const char *key_pwd2; /* the password for the 2nd server key */ const char *async_operations; /* supported SSL asynchronous operations */ int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */ @@ -1907,8 +1915,10 @@ int main( int argc, char *argv[] ) opt.ca_path = DFL_CA_PATH; opt.crt_file = DFL_CRT_FILE; opt.key_file = DFL_KEY_FILE; + opt.key_pwd = DFL_KEY_PWD; opt.crt_file2 = DFL_CRT_FILE2; opt.key_file2 = DFL_KEY_FILE2; + opt.key_pwd2 = DFL_KEY_PWD2; opt.async_operations = DFL_ASYNC_OPERATIONS; opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1; opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2; @@ -2028,10 +2038,14 @@ int main( int argc, char *argv[] ) opt.crt_file = q; else if( strcmp( p, "key_file" ) == 0 ) opt.key_file = q; + else if( strcmp( p, "key_pwd" ) == 0 ) + opt.key_pwd = q; else if( strcmp( p, "crt_file2" ) == 0 ) opt.crt_file2 = q; else if( strcmp( p, "key_file2" ) == 0 ) opt.key_file2 = q; + else if( strcmp( p, "key_pwd2" ) == 0 ) + opt.key_pwd2 = q; else if( strcmp( p, "dhm_file" ) == 0 ) opt.dhm_file = q; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -2817,7 +2831,8 @@ int main( int argc, char *argv[] ) if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 ) { key_cert_init++; - if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 ) + if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, + opt.key_pwd ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret ); goto exit; @@ -2842,7 +2857,8 @@ int main( int argc, char *argv[] ) if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 ) { key_cert_init2++; - if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) + if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, + opt.key_pwd2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", (unsigned int) -ret ); From ca04fdc2cc14c5399144cf5bc27f328eb5646c20 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Nov 2018 16:22:14 +0000 Subject: [PATCH 027/488] Add support for password protected key file to ssl_client2 The example application programs/ssl/ssl_client2 allows the configuration of a client CRT through the parameters - crt_file, key_file However, password protected key files are not supported. This commit adds a new command line option - key_pwd which allow to specify a password for the key file specified in the key_file parameter. --- programs/ssl/ssl_client2.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2e8e105b7..62ca1cbcb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -103,6 +103,7 @@ int main( void ) #define DFL_CRT_FILE "" #define DFL_KEY_FILE "" #define DFL_KEY_OPAQUE 0 +#define DFL_KEY_PWD "" #define DFL_PSK "" #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" @@ -487,6 +488,7 @@ struct options #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback; /* Use callback for trusted certificate list */ #endif + const char *key_pwd; /* the password for the client key */ const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ const char *ecjpake_pw; /* the EC J-PAKE password */ @@ -1251,6 +1253,7 @@ int main( int argc, char *argv[] ) opt.crt_file = DFL_CRT_FILE; opt.key_file = DFL_KEY_FILE; opt.key_opaque = DFL_KEY_OPAQUE; + opt.key_pwd = DFL_KEY_PWD; opt.psk = DFL_PSK; #if defined(MBEDTLS_USE_PSA_CRYPTO) opt.psk_opaque = DFL_PSK_OPAQUE; @@ -1396,6 +1399,8 @@ int main( int argc, char *argv[] ) opt.cid_val_renego = q; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + else if( strcmp( p, "key_pwd" ) == 0 ) + opt.key_pwd = q; else if( strcmp( p, "psk" ) == 0 ) opt.psk = q; #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -2079,7 +2084,7 @@ int main( int argc, char *argv[] ) else #if defined(MBEDTLS_FS_IO) if( strlen( opt.key_file ) ) - ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); + ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd ); else #endif #if defined(MBEDTLS_CERTS_C) From ecea07d6c30a8c7819637e4297b292542e10598a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 7 Nov 2018 16:24:35 +0000 Subject: [PATCH 028/488] Unify ciphersuite related debug output on client and server The client previously reproted the offered ciphersuites through their numerical identifier only, while the server reported them through their name. This commit modifies the debug output on client and server to both use the format `ID (NAME)` for the ciphersuites. --- library/ssl_cli.c | 4 ++-- library/ssl_srv.c | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 361e6e6d2..395303e33 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1063,8 +1063,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->conf->max_minor_ver ) != 0 ) continue; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x", - ciphersuites[i] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x (%s)", + ciphersuites[i], ciphersuite_info->name ) ); #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 91bd83aa2..bc25b39b8 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -929,7 +929,8 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %04x (%s)", + suite_id, suite_info->name ) ); if( suite_info->min_minor_ver > ssl->minor_ver || suite_info->max_minor_ver < ssl->minor_ver ) From 3c88c654265d7f2f6f0b63113192669305a69533 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 2 Jan 2019 11:17:25 +0000 Subject: [PATCH 029/488] Fix debug format specifier in ClientHello ciphersuite log --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 395303e33..e94fd7208 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1063,7 +1063,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->conf->max_minor_ver ) != 0 ) continue; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x (%s)", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)", ciphersuites[i], ciphersuite_info->name ) ); #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ From 5c5efdfcf9fbee70093b72cc1db2620866440d0f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 28 Jan 2019 14:59:35 +0000 Subject: [PATCH 030/488] Fix format specifier in ssl_ciphersuite_match() --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index bc25b39b8..4a3f4a17c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -929,7 +929,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %04x (%s)", + MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", suite_id, suite_info->name ) ); if( suite_info->min_minor_ver > ssl->minor_ver || From 063f3bba90b515a122feb02eeb231c9a3ab274b8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Aug 2020 10:02:36 +0100 Subject: [PATCH 031/488] Add ChangeLog entry Signed-off-by: Hanno Becker --- ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt diff --git a/ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt b/ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt new file mode 100644 index 000000000..ad1ad3038 --- /dev/null +++ b/ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt @@ -0,0 +1,8 @@ +Changes + * Add the command line parameter key_pwd to the ssl_client2 and ssl_server2 + example applications which allows to provide a password for the key file + specified through the existing key_file argument. This allows the use of + these applications with password-protected key files. Analogously but for + ssl_server2 only, add the command line parameter key_pwd2 which allows to + set a password for the key file provided through the existing key_file2 + argument. From ee63af6f8f1af2ab4ea7d6f9e1b18cf4dc87aae5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Aug 2020 15:41:23 +0100 Subject: [PATCH 032/488] Adapt ssl-opt.sh to modified ciphersuite log format The debug output for supported ciphersuites has been changed from `deadbeef` to `0xdeadbeef` in a previous commit, but the test script `ssl-opt.sh` grepping for lines in the debug log to determine test success/failure hadn't been adjusted accordingly. This commit fixes this. Signed-off-by: Hanno Becker --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5864a87a7..e7849cdd3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5745,7 +5745,7 @@ run_test "ECJPAKE: client not configured" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ - -C "add ciphersuite: c0ff" \ + -C "add ciphersuite: 0xc0ff" \ -C "adding ecjpake_kkpp extension" \ -S "found ecjpake kkpp extension" \ -S "skip ecjpake kkpp extension" \ @@ -5760,7 +5760,7 @@ run_test "ECJPAKE: server not configured" \ "$P_CLI debug_level=3 ecjpake_pw=bla \ force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 1 \ - -c "add ciphersuite: c0ff" \ + -c "add ciphersuite: 0xc0ff" \ -c "adding ecjpake_kkpp extension" \ -s "found ecjpake kkpp extension" \ -s "skip ecjpake kkpp extension" \ @@ -5775,7 +5775,7 @@ run_test "ECJPAKE: working, TLS" \ "$P_CLI debug_level=3 ecjpake_pw=bla \ force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 0 \ - -c "add ciphersuite: c0ff" \ + -c "add ciphersuite: 0xc0ff" \ -c "adding ecjpake_kkpp extension" \ -C "re-using cached ecjpake parameters" \ -s "found ecjpake kkpp extension" \ From fa452c4566745721add9e305ada68c6d9801e284 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Aug 2020 15:42:49 +0100 Subject: [PATCH 033/488] Fix guard in ECJPAKE tests in ssl-opt.sh Three tests were guarded by `MBEDTLS_KEY_EXCHANGE_ECJPAKE`, not `MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED`, as it should be. Curiously, the guard still functioned as intended, perhaps because `MBEDTLS_KEY_EXCHANGE_ECJPAKE` is a prefix of `MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED`. Signed-off-by: Hanno Becker --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e7849cdd3..1ebab3edd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5740,7 +5740,7 @@ run_test "PSK callback: wrong key" \ # Tests for EC J-PAKE -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: client not configured" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ @@ -5754,7 +5754,7 @@ run_test "ECJPAKE: client not configured" \ -C "found ecjpake_kkpp extension" \ -S "None of the common ciphersuites is usable" -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: server not configured" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 ecjpake_pw=bla \ @@ -5769,7 +5769,7 @@ run_test "ECJPAKE: server not configured" \ -C "found ecjpake_kkpp extension" \ -s "None of the common ciphersuites is usable" -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: working, TLS" \ "$P_SRV debug_level=3 ecjpake_pw=bla" \ "$P_CLI debug_level=3 ecjpake_pw=bla \ From 74e2534a1064f3f653504fb13f955c050452de4d Mon Sep 17 00:00:00 2001 From: Christopher Moynihan Date: Fri, 14 Aug 2020 12:27:21 -0700 Subject: [PATCH 034/488] Fix typo in mbedtls_ssl_set_bio description. Description referred to mbedtls_ssl_sent_t callback, but the callback is named mbedtls_ssl_send_t. Signed-off-by: Christopher Moynihan --- ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt | 3 +++ include/mbedtls/ssl.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt diff --git a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt b/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt new file mode 100644 index 000000000..c49bdc7b0 --- /dev/null +++ b/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt @@ -0,0 +1,3 @@ +Changes + * Fix comment typo in mbedtls_ssl_set_bio_description. + diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 98264f9c2..8e8925751 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1561,7 +1561,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \note For DTLS, you need to provide either a non-NULL * f_recv_timeout callback, or a f_recv that doesn't block. * - * \note See the documentations of \c mbedtls_ssl_sent_t, + * \note See the documentations of \c mbedtls_ssl_send_t, * \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for * the conventions those callbacks must follow. * From a4e86141f1451e8097f85a823a4426e1c1cfdf7c Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Mon, 15 Jun 2020 17:03:13 +0200 Subject: [PATCH 035/488] Always revoke certificate on CRL RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx --- ChangeLog.d/crl-revocationDate.txt | 11 +++++++++++ library/x509_crt.c | 3 +-- tests/data_files/Makefile | 5 ++++- tests/data_files/Readme-x509.txt | 2 +- tests/data_files/crl-futureRevocationDate.pem | 11 +++++++++++ tests/data_files/test-ca.server1.future-crl.db | 2 ++ .../test-ca.server1.future-crl.opensslconf | 18 ++++++++++++++++++ tests/scripts/all.sh | 10 ++++++++++ tests/suites/test_suite_x509parse.data | 8 ++++++++ 9 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/crl-revocationDate.txt create mode 100644 tests/data_files/crl-futureRevocationDate.pem create mode 100644 tests/data_files/test-ca.server1.future-crl.db create mode 100644 tests/data_files/test-ca.server1.future-crl.opensslconf diff --git a/ChangeLog.d/crl-revocationDate.txt b/ChangeLog.d/crl-revocationDate.txt new file mode 100644 index 000000000..a8ad53216 --- /dev/null +++ b/ChangeLog.d/crl-revocationDate.txt @@ -0,0 +1,11 @@ +Security + * When checking X.509 CRLs, a certificate was only considered as revoked if + its revocationDate was in the past according to the local clock if + available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, + certificates were never considered as revoked. On builds with + MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for + example, an untrusted OS attacking a secure enclave) could prevent + revocation of certificates via CRLs. Fixed by no longer checking the + revocationDate field, in accordance with RFC 5280. Reported by + yuemonangong in #3340. Reported independently and fixed by + Raoul Strackx and Jethro Beekman in #3433. diff --git a/library/x509_crt.c b/library/x509_crt.c index 26272244b..e16ef0b7d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2324,8 +2324,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 if( crt->serial.len == cur->serial.len && memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) { - if( mbedtls_x509_time_is_past( &cur->revocation_date ) ) - return( 1 ); + return( 1 ); } cur = cur->next; diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 40c22f53b..07c05c007 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1058,7 +1058,10 @@ server1.v1.der.openssl: server1.v1.crt.openssl crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ -server1_all: crl.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl +crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf + $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ + +server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl # server2* diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index 6f54ed0c1..d07241a2c 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -111,7 +111,7 @@ Signing CA in parentheses (same meaning as certificates). - crl-ec-sha*.pem: (2) server6.crt - crl-future.pem: (2) server6.crt + unknown - crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown -- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown +- crl.pem, crl-futureRevocationDate.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown - crl_md*.pem: crl_sha*.pem: (1) same as crl.pem - crt_cat_*.pem: (1+2) concatenations in various orders: ec = crl-ec-sha256.pem, ecfut = crl-future.pem diff --git a/tests/data_files/crl-futureRevocationDate.pem b/tests/data_files/crl-futureRevocationDate.pem new file mode 100644 index 000000000..f147a8f80 --- /dev/null +++ b/tests/data_files/crl-futureRevocationDate.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTI4MTIzMDIzMDAw +MFoXDTI5MTIzMDIzMDAwMFowKDASAgEBFw0yOTAxMDExMjQ0MDdaMBICAQMXDTI5 +MDEwMTEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKbL1mDpzCbLJmRZKM2KHPvK +ijS4UMnanzzYpLAwom1NI69v2fE1/EfiXv0empE6mFqnLwOG4ZP8fECfxjMXO2Ee +VhxYiRjly6q9hfIUk1e+N9ct8unNnLEBvf6Syfy9+FSO3Q/ahljpYlXsXxg62WXl +9xp5b5Ok+/0sCv0eL5uFQKXQa8hS9dZo6py7jvFDQC+wVau1mXjQW85iXMLm7vik +4lR+kfZloeq1jIbsx8cdMi32YVt7uccaqoFcjtrdrWfGmi0wvlDc8K5J0l4tIxZY +9P+T4fzSgQLdqGZ3xADheEaGTRVL/5oe5L4zRH32BZONMFCijv+j1SpWLxHE8cM= +-----END X509 CRL----- diff --git a/tests/data_files/test-ca.server1.future-crl.db b/tests/data_files/test-ca.server1.future-crl.db new file mode 100644 index 000000000..763aa1219 --- /dev/null +++ b/tests/data_files/test-ca.server1.future-crl.db @@ -0,0 +1,2 @@ +R 210212144406Z 290101124407Z 01 unknown /C=NL/O=PolarSSL/CN=PolarSSL Server 1 +R 210212144400Z 290101124407Z 03 unknown /C=NL/O=PolarSSL/CN=PolarSSL Test CA diff --git a/tests/data_files/test-ca.server1.future-crl.opensslconf b/tests/data_files/test-ca.server1.future-crl.opensslconf new file mode 100644 index 000000000..e9ce7543a --- /dev/null +++ b/tests/data_files/test-ca.server1.future-crl.opensslconf @@ -0,0 +1,18 @@ + [ ca ] + default_ca = test-ca + + [ test-ca ] + certificate = test-ca.crt + private_key = test-ca.key + serial = test-ca.server1.serial + default_md = sha1 + default_startdate = 110212144406Z + default_enddate = 210212144406Z + new_certs_dir = ./ + database = ./test-ca.server1.future-crl.db + policy = policy_match + + [policy_match] + countryName = supplied + organizationName = supplied + commonName = supplied diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 558016d04..746233ef9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1500,6 +1500,16 @@ component_test_null_entropy () { make test } +component_test_no_date_time () { + msg "build: default config without MBEDTLS_HAVE_TIME_DATE" + scripts/config.py unset MBEDTLS_HAVE_TIME_DATE + CC=gcc cmake + make + + msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites" + make test +} + component_test_platform_calloc_macro () { msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" scripts/config.py set MBEDTLS_PLATFORM_MEMORY diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f8e3891a2..275afb722 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -911,6 +911,14 @@ X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" +X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" + +X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE +x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" + X509 CRT verification: domain identical to IPv4 in SubjectAltName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" From 34ce81f896be0b42558e16397cf8ab7282b4a67b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Aug 2020 09:40:54 +0100 Subject: [PATCH 036/488] Avoid overly long usage string literal in ssl_server2 program Signed-off-by: Hanno Becker --- programs/ssl/ssl_server2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ee7ec7958..88095c612 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -501,8 +501,6 @@ int main( void ) " cert_req_ca_list=%%d default: 1 (send ca list)\n" \ " options: 1 (send ca list), 0 (don't send)\n" \ USAGE_IO \ - USAGE_SSL_ASYNC \ - USAGE_SNI \ "\n" \ USAGE_PSK \ USAGE_CA_CALLBACK \ @@ -527,6 +525,8 @@ int main( void ) USAGE_CURVES \ "\n" #define USAGE4 \ + USAGE_SSL_ASYNC \ + USAGE_SNI \ " arc4=%%d default: (library default: 0)\n" \ " allow_sha1=%%d default: 0\n" \ " min_version=%%s default: (library default: tls1)\n" \ From bffa54f4eb5ba7241e59b7a2c93ba847b1545e78 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Aug 2020 09:42:19 +0100 Subject: [PATCH 037/488] Add usage string for `key_pwd` argument in ssl_client2 program Signed-off-by: Hanno Becker --- programs/ssl/ssl_client2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 62ca1cbcb..ebe71ce50 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -176,7 +176,9 @@ int main( void ) " use \"none\" to skip loading any top-level CAs.\n" \ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ " default: \"\" (pre-loaded)\n" \ - " key_file=%%s default: \"\" (pre-loaded)\n" + " key_file=%%s default: \"\" (pre-loaded)\n"\ + " key_pwd=%%s Password for key specified by key_file argument\n"\ + " default: none\n" #else #define USAGE_IO \ " No file operations available (MBEDTLS_FS_IO not defined)\n" From 2d3ac68336f36af3dbb94be6596059d6c0a925f0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Aug 2020 09:42:37 +0100 Subject: [PATCH 038/488] Parse key-file and -password parameters in same place in ssl_client2 Signed-off-by: Hanno Becker --- programs/ssl/ssl_client2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index ebe71ce50..553598c55 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1375,6 +1375,8 @@ int main( int argc, char *argv[] ) opt.crt_file = q; else if( strcmp( p, "key_file" ) == 0 ) opt.key_file = q; + else if( strcmp( p, "key_pwd" ) == 0 ) + opt.key_pwd = q; #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C) else if( strcmp( p, "key_opaque" ) == 0 ) opt.key_opaque = atoi( q ); @@ -1401,8 +1403,6 @@ int main( int argc, char *argv[] ) opt.cid_val_renego = q; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - else if( strcmp( p, "key_pwd" ) == 0 ) - opt.key_pwd = q; else if( strcmp( p, "psk" ) == 0 ) opt.psk = q; #if defined(MBEDTLS_USE_PSA_CRYPTO) From 226eedb5f352a85f76ebea33a585f1a4350951b2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Aug 2020 12:14:00 +0100 Subject: [PATCH 039/488] Add password protected version of key for data_files/server{2,5}.key Signed-off-by: Hanno Becker --- tests/data_files/Makefile | 12 ++++++++++++ tests/data_files/server2.key.enc | 30 ++++++++++++++++++++++++++++++ tests/data_files/server5.key.enc | 8 ++++++++ 3 files changed, 50 insertions(+) create mode 100644 tests/data_files/server2.key.enc create mode 100644 tests/data_files/server5.key.enc diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 99d64eb3a..436b4a90a 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -244,6 +244,8 @@ cli2.key.der: cli2.key $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += cli2.key.der +server5_pwd_ec = PolarSSLTest + server5.crt.der: server5.crt $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER all_final += server5.crt.der @@ -252,6 +254,10 @@ server5.key.der: server5.key $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += server5.key.der +server5.key.enc: server5.key + $(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)" +all_final += server5.key.enc + server5-ss-expired.crt: server5.key $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ all_final += server5-ss-expired.crt @@ -923,6 +929,8 @@ all_final += server1.req.cert_type_empty # server2* +server2_pwd_ec = PolarSSLTest + server2.req.sha256: server2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 all_intermediate += server2.req.sha256 @@ -939,6 +947,10 @@ server2.key.der: server2.key $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER all_final += server2.key.der +server2.key.enc: server2.key + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)" +all_final += server2.key.enc + # server5* # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' diff --git a/tests/data_files/server2.key.enc b/tests/data_files/server2.key.enc new file mode 100644 index 000000000..773aaad40 --- /dev/null +++ b/tests/data_files/server2.key.enc @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,3DDADF5AEA525DD282D9D5E0B978AEE2 + +thP0fyNhHEWvVWHpBSGAA4C6wlqWwuCbYTGVs6GW07YNiyvInE/XxtKCrEJ6ORpR +tPZ0sTtmRFQgiAW4nSjol6AhnMAYCkt+bl2opihuKHr2IBKpGIytCwYwDB/soMw5 +/vYuZU3osENnWcv+R1+0PohU6eqo1bVBrk+Mrm+ZSX886uDNxAaqAW9dtsC7fZYV +w/uCOlk78rtrJUOTKfh3VEXG1fb/rYAP7bZYwzkmJZRozFPzjhnZZSOssz4xwCwY +04oHHrMDFCpbBmlZRLg60c5u0nduQx3SKig9o6gHCDoOYT0Bq64lvZLiPcwN7axV +L7+7TJ9u/kALO0CqAltiuz18msaErXIE3pHEGDt5zxgUcLxT4IhhixWfOL09nqjl +IltEBn0JAVC3qYsEzFGnr3C2NXLTYIFU8m1qtIyEc8vuhKw7HCgp3W/xw9f2jKZF +JivFX80URuBTs2/TWuGBKTmIGLQFWYPKwhyl9HNbbI8q5XdxKNiVxDnZfPU/icef +nJ+nM7msrkvXj4SdHO/if+rxQ07T/MHfU8PeqUL2LQAxY4gfBvkKJ/UAjfsHv0B2 +1WcZAt0yqrJu/ydOkQpwmQ/XCh/dITNYnxXZ0bjtY5fG+QGxA3RvqyfKbQFTi8qg +Nx8cxOUD1dZwZ6KrosdSFGkNkZwgIWAbIK4O3TLN5lD42031kx4iiKlxdjw6Q2df +MEVL6FqYXf4n5MhGQ5mu5MkEO9IDaz/iBdm2jkkjWaxozNC51r/i+STtsVQnY2f2 +pubekEnCOoqXN6BjuVLN28XSTLLTlJ5i9tdIMlIFUKfiNpJjOTjYBopZEf5hm3h4 +ollq6QhW9DIIsVuYgSpvoyLYLl57kvYgk1oGhV0KZyh7IPzRXTjEBiMTO+MZEoH0 +f3x2RU3LvMagb36zWs6CShV/TwAE08Mwbi7UDWYRHHaeO2bcKoEDGOXiOfsXE9HW +OVmAlIheR/W1eVAcszHcSVtXOjlsJ02CeVEcATnJCk6Ug0vc0TspCnwOCvM8+RmE +jQ0E6GeT6R/DVHW9XBNFxFxiS6ySd3yo9rKVLdGGPHns+qmlSMTAfYROoR1V8UiQ +0Tvd1CfVVBeYCm9UrWUXvGzoC3rstbD7SinGbdSU4wATIPeb+v1Tz/vVhr8AoRLJ +JK3jHMKCHH59Wx+tk8JdqAm8fgUK/69A5+gitZlM6sAmnfBJ6Vm8hqACLpjPXDWy +LjNDwWGqgWgqDOubY+ZJQwjUGQdPdGbEUF0ABZ6si9wW+RVVGSPAfiFqE4b/QwA/ +RZh1nm7dc/3elXxwXP60MyEsVddAP691xlDdL9mRpbDMx/JSp/hABFmdPOEtu5EB +02DS37+pOdI1kWkFiI4kkccZL04CTWLWh2lxb0RqUqQMeOf6j/WSTJ2In5etbHSB +R8IQOsfRINm3fD11SXXKUM7IzMi9VBD7TblN2HR9iXbW7twa8O0MRH805eY+vjsM +kcYoOtWSh+OFP9txcwjiXUBmVQDPtb+myGXmchSpMIFNV2tHVvVmUFBSipyAKr98 +3YI7mvWO0AVWXAqRHYmM3DLjlEXCauXCjgVicC/EUdA5CAO95X/ZQTNwBk8kYjy+ +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/server5.key.enc b/tests/data_files/server5.key.enc new file mode 100644 index 000000000..8e622c0e9 --- /dev/null +++ b/tests/data_files/server5.key.enc @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,69FEA263918128D4DD673B2732E2D7EC + ++Q4P1nVcfGoittxagWHvyBLVPbhjmTA/SZ6W5TB+5scOzgfRlcse4jIII899EQxx +HrfhgQwzQ12TgTZ2Y8neI+RsUqFLTLinvd8c/luBKLeDECjjhyBXOJic2dRPUaLQ +Nyg3bI0Srr6aq6nETjh8i+dSzE/wjyNzXBMdN3KhOjE= +-----END EC PRIVATE KEY----- From 2f54a3c2e4f181cd97e204ad6e7f00345d354505 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Aug 2020 12:14:06 +0100 Subject: [PATCH 040/488] Add tests to ssl-opt.sh exercising new `key_pwd[2]` parameters Signed-off-by: Hanno Becker --- tests/ssl-opt.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1ebab3edd..80943bd6e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1121,6 +1121,33 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS: password protected client key" \ + "$P_SRV auth_mode=required" \ + "$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ + 0 + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS: password protected server key" \ + "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ + "$P_CLI" \ + 0 + +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS: password protected server key, two certificates" \ + "$P_SRV \ + key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \ + key_file2=data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=data_files/server2.crt" \ + "$P_CLI" \ + 0 + requires_config_enabled MBEDTLS_ZLIB_SUPPORT run_test "Default (compression enabled)" \ "$P_SRV debug_level=3" \ From 721f7c1e644462a2849a2d85ccba69a32a224ada Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Aug 2020 12:17:32 +0100 Subject: [PATCH 041/488] Add minimal client authentication test to ssl-opt.sh Signed-off-by: Hanno Becker --- tests/ssl-opt.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 80943bd6e..3b576e65b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1121,6 +1121,12 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" +run_test "TLS client auth: required" \ + "$P_SRV auth_mode=required" \ + "$P_CLI" \ + 0 \ + -s "Verifying peer X.509 certificate... ok" + requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C From ac2fd6524afdbaa42266b2c8c198eac7a7ca0a18 Mon Sep 17 00:00:00 2001 From: makise-homura Date: Tue, 18 Aug 2020 21:59:46 +0300 Subject: [PATCH 042/488] Support building on e2k (Elbrus) architecture Signed-off-by: makise-homura --- CMakeLists.txt | 15 ++++++++++++++- ChangeLog.d/e2k-support.txt | 5 +++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/e2k-support.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index f8df14007..3fb4d364d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -152,6 +152,8 @@ endfunction(link_to_source) string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") +include(CheckCCompilerFlag) + if(CMAKE_COMPILER_IS_GNU) # some warnings we want are not available with old GCC versions # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION @@ -168,7 +170,18 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") endif() if (GCC_VERSION VERSION_GREATER 5.0) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") + CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) + if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") + endif() + endif() + CHECK_C_COMPILER_FLAG("-Wno-signed-one-bit-field" C_COMPILER_SUPPORTS_WSIGNED_ONE_BIT_FIELD) + if(C_COMPILER_SUPPORTS_WSIGNED_ONE_BIT_FIELD) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-signed-one-bit-field") + endif() + CHECK_C_COMPILER_FLAG("-Wno-sign-compare" C_COMPILER_SUPPORTS_WSIGN_COMPARE) + if(C_COMPILER_SUPPORTS_WSIGN_COMPARE) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-sign-compare") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") diff --git a/ChangeLog.d/e2k-support.txt b/ChangeLog.d/e2k-support.txt new file mode 100644 index 000000000..19cc3ad68 --- /dev/null +++ b/ChangeLog.d/e2k-support.txt @@ -0,0 +1,5 @@ +Features + * Support building on e2k (Elbrus) architecture: correctly enable + -Wformat-signedness, and pass -Wno-signed-one-bit-field and + -Wno-sign-compare to get rid of excess warnings. Contributed by + makise-homura (Igor Molchanov) . From 0be6aa9957e6b27f6256660f3bd032969f2c56f4 Mon Sep 17 00:00:00 2001 From: makise-homura Date: Tue, 18 Aug 2020 23:52:53 +0300 Subject: [PATCH 043/488] Get back -Wsign-compare and fix sources according to it Signed-off-by: makise-homura --- CMakeLists.txt | 4 ---- library/ssl_msg.c | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3fb4d364d..d2cf44629 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -179,10 +179,6 @@ if(CMAKE_COMPILER_IS_GNU) if(C_COMPILER_SUPPORTS_WSIGNED_ONE_BIT_FIELD) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-signed-one-bit-field") endif() - CHECK_C_COMPILER_FLAG("-Wno-sign-compare" C_COMPILER_SUPPORTS_WSIGN_COMPARE) - if(C_COMPILER_SUPPORTS_WSIGN_COMPARE) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-sign-compare") - endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d32afac56..259a71d2f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2048,7 +2048,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && (size_t)ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_recv returned %d bytes but only %lu were requested", @@ -2102,7 +2102,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); - if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > SIZE_MAX ) ) + if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && (size_t)ret > SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned %d bytes but only %lu bytes were sent", From e74f372330549bf4cbd8f4d880aceb87d7516005 Mon Sep 17 00:00:00 2001 From: makise-homura Date: Tue, 18 Aug 2020 23:57:48 +0300 Subject: [PATCH 044/488] Get back -Wsigned-one-bit-field and fix sources according to it Signed-off-by: makise-homura --- CMakeLists.txt | 4 ---- tests/include/test/macros.h | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d2cf44629..88332464b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -175,10 +175,6 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") endif() endif() - CHECK_C_COMPILER_FLAG("-Wno-signed-one-bit-field" C_COMPILER_SUPPORTS_WSIGNED_ONE_BIT_FIELD) - if(C_COMPILER_SUPPORTS_WSIGNED_ONE_BIT_FIELD) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-signed-one-bit-field") - endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index aaf13add0..21552e760 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -75,7 +75,7 @@ /* A compile-time constant with the value 0. If `const_expr` is not a * compile-time constant with a nonzero value, cause a compile-time error. */ #define STATIC_ASSERT_EXPR( const_expr ) \ - ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) + ( 0 && sizeof( struct { unsigned int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) /* Return the scalar value `value` (possibly promoted). This is a compile-time * constant if `value` is. `condition` must be a compile-time constant. * If `condition` is false, arrange to cause a compile-time error. */ From e5595501cea24260ed491700caee80d7c710a433 Mon Sep 17 00:00:00 2001 From: makise-homura Date: Wed, 19 Aug 2020 01:33:15 +0300 Subject: [PATCH 045/488] Fix e2k support changelog snippet Signed-off-by: makise-homura --- ChangeLog.d/e2k-support.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/e2k-support.txt b/ChangeLog.d/e2k-support.txt index 19cc3ad68..023b1888e 100644 --- a/ChangeLog.d/e2k-support.txt +++ b/ChangeLog.d/e2k-support.txt @@ -1,5 +1,5 @@ Features * Support building on e2k (Elbrus) architecture: correctly enable - -Wformat-signedness, and pass -Wno-signed-one-bit-field and - -Wno-sign-compare to get rid of excess warnings. Contributed by - makise-homura (Igor Molchanov) . + -Wformat-signedness, and fix the code that causes signed-one-bit-field + and sign-compare warnings. Contributed by makise-homura (Igor Molchanov) + . From d15c740df6e26b3dbe459c87ca59fa1d0d999d15 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Aug 2020 12:03:11 +0200 Subject: [PATCH 046/488] Fix memory leak in mbedtls_md_setup with HMAC mbedtls_md_setup() allocates a hash-specific context and then, if requested, an extra HMAC context. If the second allocation failed, the hash context was not freed. Fix this by ensuring that the mbedtls_md_context_t object is always in a consistent state, in particular, that the md_info field is always set. For robustness, ensure that the object is in a consistent state even on errors (other than BAD_INPUT_DATA if the object was not in a consistent state on entry). Fix #3486 Signed-off-by: Gilles Peskine --- ChangeLog.d/md_setup-leak.txt | 3 +++ library/md.c | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/md_setup-leak.txt diff --git a/ChangeLog.d/md_setup-leak.txt b/ChangeLog.d/md_setup-leak.txt new file mode 100644 index 000000000..5111d8ef8 --- /dev/null +++ b/ChangeLog.d/md_setup-leak.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory + conditions. Reported and fix suggested by Guido Vranken in #3486. diff --git a/library/md.c b/library/md.c index 3eb0fe389..0b9f3daa3 100644 --- a/library/md.c +++ b/library/md.c @@ -413,6 +413,10 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf if( md_info == NULL || ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + ctx->md_info = md_info; + ctx->md_ctx = NULL; + ctx->hmac_ctx = NULL; + switch( md_info->type ) { #if defined(MBEDTLS_MD2_C) @@ -468,8 +472,6 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf } } - ctx->md_info = md_info; - return( 0 ); } #undef ALLOC From 0dfd10d2a2148dc1a199253d49701fbd48ea3719 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Aug 2020 21:41:27 +0200 Subject: [PATCH 047/488] Copyediting Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index ae4f7c6a5..0dc5ff34b 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/07 21:40:41 GMT" +Time-stamp: "2020/08/19 19:40:40 GMT" ## Introduction @@ -34,7 +34,7 @@ The present specification was designed to fulfill the following high-level requi [Req.types] Support drivers for the following types of hardware: accelerators that operate on keys in cleartext; cryptoprocessors that can wrap keys with a built-in keys but not store user keys; and cryptoprocessors that store key material. -[Req.portable] The interface between drivers and the core does not involve any platform-specific consideration. Driver calls are simple C function calls. Interactions between driver code and hardware happen only inside the driver (and in fact a driver need not involve any hardware at all). +[Req.portable] The interface between drivers and the core does not involve any platform-specific consideration. Driver calls are simple C function calls. Interactions with platform-specific hardware happen only inside the driver (and in fact a driver need not involve any hardware at all). [Req.location] Applications can tell which location values correspond to which secure element drivers. @@ -92,7 +92,7 @@ A capability is a JSON object containing the following properties: * `"key_types"` (optional, list of strings). Each element is a [key type specification](#key-type-specifications). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key types. If omitted, the core will invoke this capability of the driver for all applicable key types. * `"key_sizes"` (optional, list of integers). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key sizes. If omitted, the core will invoke this capability of the driver for all applicable key sizes. Key sizes are expressed in bits. * `"names"` (optional, object). A mapping from entry point names described by the `"entry_points"` property, to the name of the C function in the driver that implements the corresponding function. If a function is not listed here, name of the driver function that implements it is the driver's prefix followed by an underscore (`_`) followed by the function name. If this property is omitted, it is equivalent to an empty object (so each entry point *suffix* is implemented by a function called *prefix*`_`*suffix*). -* `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the driver is expected to fully support the mechanisms described by this capabilit. See the section “[Fallback](#fallback)” for more information. +* `"fallback"` (optional for transparent drivers, not permitted for opaque drivers, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED`, in which case the core should call another driver or use built-in code to perform this operation. If absent or false, the driver is expected to fully support the mechanisms described by this capability. See the section “[Fallback](#fallback)” for more information. #### Capability semantics @@ -105,7 +105,7 @@ A driver is considered available for a cryptographic mechanism that invokes a gi * either the capability does not have an `"algorithms"` property; * or the value of the capability's `"algorithms"` property includes an [algorithm specification](#algorithm-specifications) that matches this algorithm. * If the mechanism involves a key: - * either the key is transparent (its location is `PSA_KEY_LOCATION_LOCAL_STORAGE`), and the driver is transparent; + * either the key is transparent (its location is `PSA_KEY_LOCATION_LOCAL_STORAGE`) and the driver is transparent; * or the key is opaque (its location is not `PSA_KEY_LOCATION_LOCAL_STORAGE`) and the driver is an opaque driver whose location is the key's location. * If the mechanism involves a key: * either the capability does not have a `"key_types"` property; @@ -118,7 +118,7 @@ If a driver includes multiple applicable capabilities for a given combination of If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, the first matching driver in the [specification list](#Driver specification list) is invoked. If the capability has [fallback](#fallback) enabled and the first driver returns `PSA_ERROR_NOT_SUPPORTED`, the next matching driver is invoked, and so on. -If multiple opaque driver have the same location, the list of driver specifications is invalid. +If multiple opaque drivers have the same location, the list of driver specifications is invalid. #### Capability examples @@ -321,7 +321,7 @@ A driver may declare an `"init"` entry point in a capability with no algorithm, When multiple drivers have an init entry point, the order in which they are called is unspecified. It is also unspecified whether other drivers' `"init"` entry points are called if one or more init entry point fails. -On platforms where the PSA Cryptography implementation is a subsystem of a single application, the initialization of the PSA Cryptography subsystem takes place during the call to `psa_crypto_init()`. On platforms where the PSA Cryptography implementation is separate from the application or applications, the initialization the initialization of the PSA Cryptography subsystem takes place before or during the first time an application calls `psa_crypto_init()`. +On platforms where the PSA Cryptography implementation is a subsystem of a single application, the initialization of the PSA Cryptography subsystem takes place during the call to `psa_crypto_init()`. On platforms where the PSA Cryptography implementation is separate from the application or applications, the initialization of the PSA Cryptography subsystem takes place before or during the first time an application calls `psa_crypto_init()`. The init entry point does not take any parameter. @@ -352,7 +352,7 @@ For these purposes, a transparent driver can declare that it only supports a [ca If a transparent driver entry point is part of a capability which has a true `"fallback"` property and returns `PSA_ERROR_NOT_SUPPORTED`, the core will call the next transparent driver that supports the mechanism, if there is one. The core considers drivers in the order given by the [driver description list](#driver-description-list). -If all the available driver have fallback enabled and return `PSA_ERROR_NOT_SUPPORTED`, the core will perform the operation using built-in code. +If all the available drivers have fallback enabled and return `PSA_ERROR_NOT_SUPPORTED`, the core will perform the operation using built-in code. As soon as a driver returns any value other than `PSA_ERROR_NOT_SUPPORTED` (`PSA_SUCCESS` or a different error code), this value is returned to the application, without attempting to call any other driver or built-in code. If a transparent driver entry point is part of a capability where the `"fallback"` property is false or omitted, the core should not include any other code for this capability, whether built in or in another transparent driver. From 2e843aeb3e8eb89e6841676515ef75d44f34615d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Aug 2020 21:43:59 +0200 Subject: [PATCH 048/488] Update some open questions Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 0dc5ff34b..db84c6def 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/19 19:40:40 GMT" +Time-stamp: "2020/08/19 19:43:30 GMT" ## Introduction @@ -620,9 +620,9 @@ psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION ### Driver declarations -#### Declaring driver functions +#### Declaring driver entry points -The core may want to provide declarations for the driver functions so that it can compile code using them. At the time of writing this paragraph, the driver headers must define types but there is no obligation for them to declare functions. The core knows what the function names and argument types are, so it can generate prototypes. +The core may want to provide declarations for the driver entry points so that it can compile code using them. At the time of writing this paragraph, the driver headers must define types but there is no obligation for them to declare functions. The core knows what the function names and argument types are, so it can generate prototypes. It should be ok for driver functions to be function-like macros or function pointers. @@ -632,10 +632,14 @@ How does a driver author decide which location values to use? It should be possi Can the driver assembly process generate distinct location values as needed? This can be convenient, but it's also risky: if you upgrade a device, you need the location values to be the same between builds. +The current plan is for Arm to maintain a registry of vendors and assign a location namespace to each vendor. Parts of the namespace would be reserved for implementations and integrators. + #### Multiple transparent drivers When multiple transparent drivers implement the same mechanism, which one is called? The first one? The last one? Unspecified? Or is this an error (excluding capabilities with fallback enabled)? +The current choice is that the first one is used, which allows having a preference order on drivers, but may mask integration errors. + ### Driver function interfaces #### Driver function parameter conventions From 5298f684bda9f1b47f92e45f79b16b7bf3c27853 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Aug 2020 21:53:59 +0200 Subject: [PATCH 049/488] Fix hyperlinks Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-developer-guide.md | 6 +++--- docs/proposed/psa-driver-interface.md | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md index ca24441d5..0f4edf771 100644 --- a/docs/proposed/psa-driver-developer-guide.md +++ b/docs/proposed/psa-driver-developer-guide.md @@ -5,7 +5,7 @@ PSA Cryptoprocessor driver developer's guide This document describes how to write drivers of cryptoprocessors such as accelerators and secure elements for the PSA cryptography subsystem of Mbed TLS. -This document focuses on behavior that is specific to Mbed TLS. For a reference of the interface between Mbed TLS and drivers, refer to the [PSA Cryptoprocessor Driver Interface specification](architecture/psa-driver-interface.md). +This document focuses on behavior that is specific to Mbed TLS. For a reference of the interface between Mbed TLS and drivers, refer to the [PSA Cryptoprocessor Driver Interface specification](psa-driver-interface.html). The interface is not fully implemented in Mbed TLS yet and is disabled by default. You can enable the experimental work in progress by setting `MBEDTLS_PSA_CRYPTO_DRIVERS` in the compile-time configuration. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code when `MBEDTLS_PSA_CRYPTO_DRIVERS` is enabled. @@ -24,7 +24,7 @@ There are two types of drivers: To write a driver, you need to implement some functions with C linkage, and to declare these functions in a **driver description file**. The driver description file declares which functions the driver implements and what cryptographic mechanisms they support. Depending on the driver type, you may also need to define some C types and macros in a header file. -The concrete syntax for a driver description file is JSON. The structure of this JSON file is specified in the section [“Driver description syntax”](architecture/psa-driver-interface.md#driver-description-syntax) of the PSA cryptography driver interface specification. +The concrete syntax for a driver description file is JSON. The structure of this JSON file is specified in the section [“Driver description syntax”](psa-driver-interface.html#driver-description-syntax) of the PSA cryptography driver interface specification. A driver therefore consists of: @@ -34,7 +34,7 @@ A driver therefore consists of: ## Driver C interfaces -Mbed TLS calls [driver functions as specified in the PSA Cryptography Driver Interface specification](architecture/psa-driver-interface.md#) except as otherwise indicated in this section. +Mbed TLS calls [driver functions as specified in the PSA Cryptography Driver Interface specification](psa-driver-interface.html#driver-entry-points) except as otherwise indicated in this section. ### Key handles diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index db84c6def..56e2b29e9 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/19 19:43:30 GMT" +Time-stamp: "2020/08/19 19:47:39 GMT" ## Introduction @@ -62,9 +62,9 @@ How to provide the driver description file, the C header files and the object co The concrete syntax for a driver description file is JSON. -#### Driver specification list +#### Driver description list -PSA Cryptography core implementations should support multiple drivers. The driver description files are passed to the implementation as an ordered list in an unspecified manner. This may be, for example, a list of file names passed on a command line, or a JSON list whose elements are individual driver specifications. +PSA Cryptography core implementations should support multiple drivers. The driver description files are passed to the implementation as an ordered list in an unspecified manner. This may be, for example, a list of file names passed on a command line, or a JSON list whose elements are individual driver descriptions. #### Driver description top-level element @@ -87,7 +87,7 @@ A capability declares a family of functions that the driver implements for a cer A capability is a JSON object containing the following properties: -* `"entry_points"` (mandatory, list of strings). Each element is the name of a [driver entry point](#driver-entry-point) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. The driver must implement all the specified entry points, as well as the types if applicable. +* `"entry_points"` (mandatory, list of strings). Each element is the name of a [driver entry point](#driver-entry-points) or driver entry point family. An entry point is a function defined by the driver. If specified, the core will invoke this capability of the driver only when performing one of the specified operations. The driver must implement all the specified entry points, as well as the types if applicable. * `"algorithms"` (optional, list of strings). Each element is an [algorithm specification](#algorithm-specifications). If specified, the core will invoke this capability of the driver only when performing one of the specified algorithms. If omitted, the core will invoke this capability for all applicable algorithms. * `"key_types"` (optional, list of strings). Each element is a [key type specification](#key-type-specifications). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key types. If omitted, the core will invoke this capability of the driver for all applicable key types. * `"key_sizes"` (optional, list of integers). If specified, the core will invoke this capability of the driver only for operations involving a key with one of the specified key sizes. If omitted, the core will invoke this capability of the driver for all applicable key sizes. Key sizes are expressed in bits. @@ -96,7 +96,7 @@ A capability is a JSON object containing the following properties: #### Capability semantics -When the PSA Cryptography implementation performs a cryptographic mechanism, it invokes available driver entry points as described in the section [“Driver entry points”](#driver-entry-point). +When the PSA Cryptography implementation performs a cryptographic mechanism, it invokes available driver entry points as described in the section [“Driver entry points”](#driver-entry-points). A driver is considered available for a cryptographic mechanism that invokes a given entry point if all of the following conditions are met: @@ -116,7 +116,7 @@ A driver is considered available for a cryptographic mechanism that invokes a gi If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and all the capabilities map the entry point to the same function name, the driver is considered available for this cryptographic mechanism. If a driver includes multiple applicable capabilities for a given combination of entry point, algorithm, key type and key size, and at least two of these capabilities map the entry point to the different function names, the driver specification is invalid. -If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, the first matching driver in the [specification list](#Driver specification list) is invoked. If the capability has [fallback](#fallback) enabled and the first driver returns `PSA_ERROR_NOT_SUPPORTED`, the next matching driver is invoked, and so on. +If multiple transparent drivers have applicable capabilities for a given combination of entry point, algorithm, key type and key size, the first matching driver in the [specification list](#driver-description-list) is invoked. If the capability has [fallback](#fallback) enabled and the first driver returns `PSA_ERROR_NOT_SUPPORTED`, the next matching driver is invoked, and so on. If multiple opaque drivers have the same location, the list of driver specifications is invalid. From ef9874d11a2978a6da512d524dd881d900640d27 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Aug 2020 21:55:27 +0200 Subject: [PATCH 050/488] Update terminology Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-developer-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md index 0f4edf771..c221bb247 100644 --- a/docs/proposed/psa-driver-developer-guide.md +++ b/docs/proposed/psa-driver-developer-guide.md @@ -34,7 +34,7 @@ A driver therefore consists of: ## Driver C interfaces -Mbed TLS calls [driver functions as specified in the PSA Cryptography Driver Interface specification](psa-driver-interface.html#driver-entry-points) except as otherwise indicated in this section. +Mbed TLS calls driver entry points [as specified in the PSA Cryptography Driver Interface specification](psa-driver-interface.html#driver-entry-points) except as otherwise indicated in this section. ### Key handles From eb528eef57b5522ab6d36880b8fde7971f9cd8a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 20 Aug 2020 10:35:26 +0200 Subject: [PATCH 051/488] Fix location of a ChangeLog entry file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../undef_assert_before_defining_it.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename undef_assert_before_defining_it.txt => ChangeLog.d/undef_assert_before_defining_it.txt (100%) diff --git a/undef_assert_before_defining_it.txt b/ChangeLog.d/undef_assert_before_defining_it.txt similarity index 100% rename from undef_assert_before_defining_it.txt rename to ChangeLog.d/undef_assert_before_defining_it.txt From 8043eb0b5d976ce3b9e44885f8e7d9ed97e4b927 Mon Sep 17 00:00:00 2001 From: Christopher <33333534+cm6n@users.noreply.github.com> Date: Thu, 20 Aug 2020 14:25:44 -0700 Subject: [PATCH 052/488] Update ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt Co-authored-by: Hanno Becker Signed-off-by: Christopher Moynihan --- ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt b/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt index c49bdc7b0..2f94c1633 100644 --- a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt +++ b/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt @@ -1,3 +1,2 @@ Changes - * Fix comment typo in mbedtls_ssl_set_bio_description. - + * Fix comment typo in documentation of mbedtls_ssl_set_bio. From 067f6e01f1a82041b6f9fa34e0de8149b211c64e Mon Sep 17 00:00:00 2001 From: gufe44 <56860520+gufe44@users.noreply.github.com> Date: Thu, 30 Jul 2020 09:02:27 +0200 Subject: [PATCH 053/488] Fix bug in redirection of unit test outputs Avoid replacing handle. stdout is defined as a macro on several platforms. Signed-off-by: gufe44 --- ChangeLog.d/stdout-macro.txt | 3 ++ tests/suites/helpers.function | 55 +++++++++++++++++++-------------- tests/suites/host_test.function | 9 ++---- 3 files changed, 36 insertions(+), 31 deletions(-) create mode 100644 ChangeLog.d/stdout-macro.txt diff --git a/ChangeLog.d/stdout-macro.txt b/ChangeLog.d/stdout-macro.txt new file mode 100644 index 000000000..94562404a --- /dev/null +++ b/ChangeLog.d/stdout-macro.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix bug in redirection of unit test outputs on platforms where stdout is + defined as a macro. First reported in #2311 and fix contributed in #3528. diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index a5285a3a6..7425a359c 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -446,44 +446,51 @@ void mbedtls_param_failed( const char *failure_condition, #endif #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) -static int redirect_output( FILE** out_stream, const char* path ) +static int redirect_output( FILE* out_stream, const char* path ) { - int stdout_fd = dup( fileno( *out_stream ) ); + int out_fd, dup_fd; + FILE* path_stream; - if( stdout_fd == -1 ) + out_fd = fileno( out_stream ); + dup_fd = dup( out_fd ); + + if( dup_fd == -1 ) { - return -1; + return( -1 ); } - fflush( *out_stream ); - fclose( *out_stream ); - *out_stream = fopen( path, "w" ); - - if( *out_stream == NULL ) + path_stream = fopen( path, "w" ); + if( path_stream == NULL ) { - close( stdout_fd ); - return -1; + close( dup_fd ); + return( -1 ); } - return stdout_fd; + fflush( out_stream ); + if( dup2( fileno( path_stream ), out_fd ) == -1 ) + { + close( dup_fd ); + fclose( path_stream ); + return( -1 ); + } + + fclose( path_stream ); + return( dup_fd ); } -static int restore_output( FILE** out_stream, int old_fd ) +static int restore_output( FILE* out_stream, int dup_fd ) { - fflush( *out_stream ); - fclose( *out_stream ); + int out_fd = fileno( out_stream ); - *out_stream = fdopen( old_fd, "w" ); - if( *out_stream == NULL ) + fflush( out_stream ); + if( dup2( dup_fd, out_fd ) == -1 ) { - return -1; + close( out_fd ); + close( dup_fd ); + return( -1 ); } - return 0; -} - -static void close_output( FILE* out_stream ) -{ - fclose( out_stream ); + close( dup_fd ); + return( 0 ); } #endif /* __unix__ || __APPLE__ __MACH__ */ diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index a459eed56..cce2899f4 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -692,7 +692,7 @@ int execute_tests( int argc , const char ** argv ) */ if( !option_verbose ) { - stdout_fd = redirect_output( &stdout, "/dev/null" ); + stdout_fd = redirect_output( stdout, "/dev/null" ); if( stdout_fd == -1 ) { /* Redirection has failed with no stdout so exit */ @@ -712,7 +712,7 @@ int execute_tests( int argc , const char ** argv ) } #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) - if( !option_verbose && restore_output( &stdout, stdout_fd ) ) + if( !option_verbose && restore_output( stdout, stdout_fd ) ) { /* Redirection has failed with no stdout so exit */ exit( 1 ); @@ -817,10 +817,5 @@ int execute_tests( int argc , const char ** argv ) mbedtls_memory_buffer_alloc_free(); #endif -#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) - if( stdout_fd != -1 ) - close_output( stdout ); -#endif /* __unix__ || __APPLE__ __MACH__ */ - return( total_errors != 0 ); } From 027fe00d2e32f65815202ed1f2115b32a3a0c0d8 Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Fri, 21 Aug 2020 10:05:52 +0200 Subject: [PATCH 054/488] Prevent triggering Clang 12 -Wstring-concatenation warning Wrap multi-line string literals in parentheses to prevent a Clang 12 -Wstring-concatenation warning (activated by -Wall), which caused the build to fail. Fixes https://github.com/ARMmbed/mbedtls/issues/3586 Signed-off-by: Guido Vranken --- library/md2.c | 4 ++-- library/md4.c | 4 ++-- library/md5.c | 4 ++-- library/ripemd160.c | 4 ++-- library/sha512.c | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/md2.c b/library/md2.c index 5ebf07232..e6e39c0ac 100644 --- a/library/md2.c +++ b/library/md2.c @@ -287,8 +287,8 @@ static const unsigned char md2_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" } + { ("12345678901234567890123456789012345678901234567890123456789012" + "345678901234567890") } }; static const size_t md2_test_strlen[7] = diff --git a/library/md4.c b/library/md4.c index ac9507454..7fadfca64 100644 --- a/library/md4.c +++ b/library/md4.c @@ -408,8 +408,8 @@ static const unsigned char md4_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" } + { ("12345678901234567890123456789012345678901234567890123456789012" + "345678901234567890") } }; static const size_t md4_test_strlen[7] = diff --git a/library/md5.c b/library/md5.c index 8cea902ae..147e94b4b 100644 --- a/library/md5.c +++ b/library/md5.c @@ -422,8 +422,8 @@ static const unsigned char md5_test_buf[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" } + { ("12345678901234567890123456789012345678901234567890123456789012" + "345678901234567890") } }; static const size_t md5_test_buflen[7] = diff --git a/library/ripemd160.c b/library/ripemd160.c index 830f61b3c..abb92b7a2 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -478,8 +478,8 @@ static const unsigned char ripemd160_test_str[TESTS][81] = { "abcdefghijklmnopqrstuvwxyz" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890" }, + { ("12345678901234567890123456789012345678901234567890123456789012" + "345678901234567890") }, }; static const size_t ripemd160_test_strlen[TESTS] = diff --git a/library/sha512.c b/library/sha512.c index 80219d428..a3a28525c 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -516,8 +516,8 @@ void mbedtls_sha512( const unsigned char *input, static const unsigned char sha512_test_buf[3][113] = { { "abc" }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, + { ("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu") }, { "" } }; From 244d06637f4b598b2c0b2167a504d1fafb091a4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Aug 2020 12:06:47 +0200 Subject: [PATCH 055/488] compat.sh: enable CBC-SHA-2 suites for GnuTLS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recent GnuTLS packages on Ubuntu 16.04 have them disabled. From /usr/share/doc/libgnutls30/changelog.Debian.gz: gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium * SECURITY UPDATE: Lucky-13 issues [...] - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256 ciphersuites were removed from defaults in lib/gnutls_priority.c, tests/priorities.c. Since we do want to test the ciphersuites, explicitly re-enable them in the server's priority string. (This is a no-op with versions of GnuTLS where those are already enabled by default.) Signed-off-by: Manuel Pégourié-Gonnard --- tests/compat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index 9f2798ee7..40c8856a4 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -907,7 +907,7 @@ setup_arguments() M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" G_SERVER_ARGS="-p $PORT --http $G_MODE" - G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" + G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes if is_dtls "$MODE"; then From 499bf4c0c836de896eac1104971736497abf09eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Aug 2020 12:24:32 +0200 Subject: [PATCH 056/488] compat.sh: quit using SHA-1 certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace server2.crt with server2-sha256.crt which, as the name implies, is just the SHA-256 version of the same certificate. Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is associated with the same key and just have a slightly different Subject Name, which doesn't matter in this instance. The other certificates used in this script (server5.crt and server6.crt) are already signed with SHA-256. This change is motivated by the fact that recent versions of GnuTLS (or older versions with the Debian patches) reject SHA-1 in certificates by default, as they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1) but: - they're not available in all versions that reject SHA-1-signed certs; - moving to SHA-2 just seems cleaner anyway. Signed-off-by: Manuel Pégourié-Gonnard --- tests/compat.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 40c8856a4..3ee084401 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -956,14 +956,14 @@ setup_arguments() ;; "RSA") - M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" - O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" + O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key" if [ "X$VERIFY" = "XYES" ]; then - M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key" - G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key" + M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key" + O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key" + G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key" else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi @@ -977,9 +977,9 @@ setup_arguments() "PSK") # give RSA-PSK-capable server a RSA cert # (should be a separate type, but harder to close with openssl) - M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key" + M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" - G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" + G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" From 6c77bc6de20336f93459172553c254d818a4a32a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 21 Aug 2020 12:34:05 +0200 Subject: [PATCH 057/488] compat.sh: stop using allow_sha1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After the changes of certificates, it's no longer needed. Signed-off-by: Manuel Pégourié-Gonnard --- tests/compat.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 3ee084401..68b9f740e 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -967,11 +967,6 @@ setup_arguments() else M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" fi - - # Allow SHA-1. It's disabled by default for security reasons but - # our tests still use certificates signed with it. - M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" - M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; "PSK") @@ -984,11 +979,6 @@ setup_arguments() M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" - - # Allow SHA-1. It's disabled by default for security reasons but - # our tests still use certificates signed with it. - M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" - M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; esac } From 388f9b2d0ff843fa7dbb59251d9ce29ffc0568ee Mon Sep 17 00:00:00 2001 From: Daniel Otte Date: Fri, 21 Aug 2020 12:34:29 +0200 Subject: [PATCH 058/488] adjusting size of sliding window array to correct size. Probably the `W[2 << MBEDTLS_MPI_WINDOW_SIZE]` notation is based on a transcription of 2**MBEDTLS_MPI_WINDOW_SIZE. Signed-off-by: Daniel Otte --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 9325632b4..fa97d19f7 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2101,7 +2101,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, size_t i, j, nblimbs; size_t bufsize, nbits; mbedtls_mpi_uint ei, mm, state; - mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; + mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; int neg; MPI_VALIDATE_RET( X != NULL ); From 18292fe205a152f1a412bb7ee88152db65da731b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 21 Aug 2020 20:42:32 +0200 Subject: [PATCH 059/488] cert_write: discover hash algorithms automatically Discover hash algorithms automatically rather than hard-coding a list. Signed-off-by: Gilles Peskine --- programs/x509/cert_write.c | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 1eeb861e8..18174d804 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -118,8 +118,9 @@ int main( void ) " is_ca=%%d default: 0 (disabled)\n" \ " max_pathlen=%%d default: -1 (none)\n" \ " md=%%s default: SHA256\n" \ - " Supported values:\n" \ - " MD2, MD4, MD5, SHA1, SHA256, SHA512\n"\ + " Supported values (if enabled):\n" \ + " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \ + " SHA224, SHA256, SHA384, SHA512\n" \ " version=%%d default: 3\n" \ " Possible values: 1, 2, 3\n"\ " subject_identifier=%%s default: 1\n" \ @@ -353,27 +354,14 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "md" ) == 0 ) { - if( strcmp( q, "SHA1" ) == 0 ) - opt.md = MBEDTLS_MD_SHA1; - else if( strcmp( q, "SHA224" ) == 0 ) - opt.md = MBEDTLS_MD_SHA224; - else if( strcmp( q, "SHA256" ) == 0 ) - opt.md = MBEDTLS_MD_SHA256; - else if( strcmp( q, "SHA384" ) == 0 ) - opt.md = MBEDTLS_MD_SHA384; - else if( strcmp( q, "SHA512" ) == 0 ) - opt.md = MBEDTLS_MD_SHA512; - else if( strcmp( q, "MD2" ) == 0 ) - opt.md = MBEDTLS_MD_MD2; - else if( strcmp( q, "MD4" ) == 0 ) - opt.md = MBEDTLS_MD_MD4; - else if( strcmp( q, "MD5" ) == 0 ) - opt.md = MBEDTLS_MD_MD5; - else + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_string( q ); + if( md_info == NULL ) { mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } + opt.md = mbedtls_md_get_type( md_info ); } else if( strcmp( p, "version" ) == 0 ) { From 384e274670c2c2f50b05f8ca6705628f5beda990 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 21 Aug 2020 19:51:13 +0200 Subject: [PATCH 060/488] cert_req: discover hash algorithms automatically Discover hash algorithms automatically rather than hard-coding a list, as was previously done in cert_write. Signed-off-by: Gilles Peskine --- programs/x509/cert_req.c | 59 +++++----------------------------------- 1 file changed, 7 insertions(+), 52 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index ade67e20b..e8241a320 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -100,9 +100,8 @@ int main( void ) " Add NsCertType even if it is empty\n" \ " md=%%s default: SHA256\n" \ " possible values:\n" \ - " MD2, MD4, MD5, SHA1\n" \ - " SHA224, SHA256\n" \ - " SHA384, SHA512\n" \ + " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \ + " SHA224, SHA256, SHA384, SHA512\n" \ "\n" @@ -217,58 +216,14 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "md" ) == 0 ) { - if( strcmp( q, "SHA256" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA256; - } - else if( strcmp( q, "SHA224" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA224; - } - else -#if defined(MBEDTLS_MD5_C) - if( strcmp( q, "MD5" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_MD5; - } - else -#endif /* MBEDTLS_MD5_C */ -#if defined(MBEDTLS_MD4_C) - if( strcmp( q, "MD4" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_MD4; - } - else -#endif /* MBEDTLS_MD5_C */ -#if defined(MBEDTLS_MD2_C) - if( strcmp( q, "MD2" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_MD2; - } - else -#endif /* MBEDTLS_MD2_C */ -#if defined(MBEDTLS_SHA1_C) - if( strcmp( q, "SHA1" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA1; - } - else -#endif /* MBEDTLS_SHA1_C */ -#if defined(MBEDTLS_SHA512_C) - if( strcmp( q, "SHA384" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA384; - } - else - if( strcmp( q, "SHA512" ) == 0 ) - { - opt.md_alg = MBEDTLS_MD_SHA512; - } - else -#endif /* MBEDTLS_SHA512_C */ + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_string( q ); + if( md_info == NULL ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } + opt.md_alg = mbedtls_md_get_type( md_info ); } else if( strcmp( p, "key_usage" ) == 0 ) { From d1ff7579c866c63eb489516493dba53270133ecb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 21 Aug 2020 19:47:22 +0200 Subject: [PATCH 061/488] Fix "make -C tests/data_files" It wasn't working when invoking programs/x509/cert_write or programs/x509/cert_req due to relying on the current directory rather than the location of the makefile. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 40c22f53b..9d4cca208 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -13,8 +13,10 @@ ## Tools OPENSSL ?= openssl FAKETIME ?= faketime -MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write -MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req + +TOP_DIR = $(dir $(firstword $(MAKEFILE_LIST)))/../.. +MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write +MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req ## Build the generated test data. Note that since the final outputs From 0f38590edfa8da39a477aed36a14d9f125dee09d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 21 Aug 2020 20:32:21 +0200 Subject: [PATCH 062/488] Commit the intermediate files cert_md*.csr They are used to generate cert_md*.crt. Signed-off-by: Gilles Peskine --- tests/data_files/cert_md2.csr | 16 ++++++++++++++++ tests/data_files/cert_md4.csr | 16 ++++++++++++++++ tests/data_files/cert_md5.csr | 16 ++++++++++++++++ 3 files changed, 48 insertions(+) create mode 100644 tests/data_files/cert_md2.csr create mode 100644 tests/data_files/cert_md4.csr create mode 100644 tests/data_files/cert_md5.csr diff --git a/tests/data_files/cert_md2.csr b/tests/data_files/cert_md2.csr new file mode 100644 index 000000000..a8c39bdb3 --- /dev/null +++ b/tests/data_files/cert_md2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1EMjCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV ++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N +stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR +iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 +Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag +aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAgUA +A4IBAQBPUqodRcH2ZUa8A3fQX/nxrIwWiLmQ9BaOI6G7vzEWVE1sxmkrHP+pXgi9 +1eFceN9xUBKEd+LmUPmHpObZ4nwRSprFj3DeIXpn9aSBr+jGY8RaaC9cMkaSq5Mb +q65THEJ1xemIfZvbhjvNi/ycXXu/v1Gpj62dpIFGbm+o4AXQF2ocYGEM+X1u2eVn +mnuuvPAHTllGjB0daTSYoQtMy3luPUEj0Yct3iVR1pUeTrHchOs9p5ACDZcf6D3x +sm9atH2ZIaXo1c9SqHzdk/uLt/CwxQrn1WU1inwOkzjim2Yq9vWgpQypfGZdScXV +oHOmuGG901WMMemzZXjoLi+8ZpVL +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/cert_md4.csr b/tests/data_files/cert_md4.csr new file mode 100644 index 000000000..d8a3dbf20 --- /dev/null +++ b/tests/data_files/cert_md4.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV ++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N +stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR +iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 +Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag +aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAwUA +A4IBAQAztRb+vAecvhelhszzCctzmhGs4TGmr9h4zddZoQ8dTdy1OCsnmU+yz3oh +oiQjy7UPLt8DS2ZKhGhvwPvtwFh5icMWQVnv2kE4Evz8xJT12VRw+U6L5rfKmf/L +mVNxsuk17MDyBcMlwuNk+CHrYVdrXhSWUH3UCQQUH1iqqBMKmNiPa1UGU0budZ9X +HZjn9uqyyOGy8l3hffqjDxsDjZyBDf5aqKIdnvukdrUiacPdUYVF0fwK8d1/1PA9 +dA4JjTvz+tTK6mL9Ic9Pv+64v1vwMU4Qu8IJHk5x3I0e7KuK2A/lK6az2Vb6FAh6 +MkGpWB68T8FRBoVrWLOh+a9yNwyp +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/cert_md5.csr b/tests/data_files/cert_md5.csr new file mode 100644 index 000000000..dc6792d38 --- /dev/null +++ b/tests/data_files/cert_md5.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV ++CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N +stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR +iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 +Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag +aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBBAUA +A4IBAQBNEvxgn3Pc62hsMgMz33IdeNpazeK3ae2gwQQFgL7qMp/kskfpIKF4m8eB +YrmjKn9cqszRD606/ZtWYDwINUUc6O7bQGmpGIFd7bSPm/pbsajc6R7kzA/tD/bk +G5zqu9Bj0x92hEwdku0zY+Hx9PgT2dK8M72iFylHBwT3X1tNyXhh7xWJ9RlAfSvN +KdS6s3kRjK4qcir0MnflV5f2HD6r1v9cSVyme6eVLvOmup89z0cihH7NDwDJaYbi +oqcKXFbro8/2ruEzPUS6U8NA9cjlX9DW8buIu4cQACVx5YevlwKoayYfXcRRvIFo +OLiPq14TuZj3c0+HFOxWj4UBAjvI +-----END CERTIFICATE REQUEST----- From 962e4ee4a6b3bc2f9a116358973fa7f991f60c65 Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Fri, 21 Aug 2020 21:08:56 +0200 Subject: [PATCH 063/488] Use single-line string literals. Signed-off-by: Guido Vranken --- library/md2.c | 3 +-- library/md4.c | 3 +-- library/md5.c | 3 +-- library/ripemd160.c | 3 +-- library/sha512.c | 3 +-- 5 files changed, 5 insertions(+), 10 deletions(-) diff --git a/library/md2.c b/library/md2.c index e6e39c0ac..b4f7cc6be 100644 --- a/library/md2.c +++ b/library/md2.c @@ -287,8 +287,7 @@ static const unsigned char md2_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { ("12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890") } + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; static const size_t md2_test_strlen[7] = diff --git a/library/md4.c b/library/md4.c index 7fadfca64..1cac0a44a 100644 --- a/library/md4.c +++ b/library/md4.c @@ -408,8 +408,7 @@ static const unsigned char md4_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { ("12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890") } + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; static const size_t md4_test_strlen[7] = diff --git a/library/md5.c b/library/md5.c index 147e94b4b..1e702b4bb 100644 --- a/library/md5.c +++ b/library/md5.c @@ -422,8 +422,7 @@ static const unsigned char md5_test_buf[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { ("12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890") } + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; static const size_t md5_test_buflen[7] = diff --git a/library/ripemd160.c b/library/ripemd160.c index abb92b7a2..603b6ba86 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -478,8 +478,7 @@ static const unsigned char ripemd160_test_str[TESTS][81] = { "abcdefghijklmnopqrstuvwxyz" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { ("12345678901234567890123456789012345678901234567890123456789012" - "345678901234567890") }, + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }, }; static const size_t ripemd160_test_strlen[TESTS] = diff --git a/library/sha512.c b/library/sha512.c index a3a28525c..e88119853 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -516,8 +516,7 @@ void mbedtls_sha512( const unsigned char *input, static const unsigned char sha512_test_buf[3][113] = { { "abc" }, - { ("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu") }, + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, { "" } }; From e014fece509a5c486c685f384e1286fba2653ab7 Mon Sep 17 00:00:00 2001 From: makise-homura Date: Sat, 22 Aug 2020 23:56:46 +0300 Subject: [PATCH 064/488] Don't forget to free G, P, Q, ctr_drbg, and entropy I might be wrong, but lcc's optimizer is curious about this, and I am too: shouldn't we free allocated stuff correctly before exiting `dh_genprime` in this certain point of code? Signed-off-by: makise-homura --- programs/pkey/dh_genprime.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 5293f899c..81876b3cf 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -91,7 +91,7 @@ int main( int argc, char **argv ) { usage: mbedtls_printf( USAGE ); - mbedtls_exit( exit_code ); + goto exit; } for( i = 1; i < argc; i++ ) From f35069a82df6080b02eea3d8b278d85675f2a83a Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 17 Aug 2020 22:05:14 -0700 Subject: [PATCH 065/488] Fix undefined ref error when ECDSA not defined Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors are returned. Remove warnings in pk.c for unused variables. Add new test (test_depends_pkalgs_psa) to all.sh to confirm when USE_PSA_CRYPTO is defined that features are working properly. Fix #3294 Signed-off-by: John Durkop --- library/pk.c | 3 +++ library/pk_wrap.c | 18 +++++++++++++++++- tests/scripts/all.sh | 6 ++++++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 631415cca..6706344cc 100644 --- a/library/pk.c +++ b/library/pk.c @@ -593,6 +593,9 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_algorithm_t hash_alg ) { #if !defined(MBEDTLS_ECP_C) + ((void) pk); + ((void) handle); + ((void) hash_alg); return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); #else const mbedtls_ecp_keypair *ec; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0c6d5a590..fd4a87509 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -34,7 +34,7 @@ #include "mbedtls/ecp.h" #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/ecdsa.h" #endif @@ -912,6 +912,8 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type ) type == MBEDTLS_PK_ECDSA ); } +#if defined(MBEDTLS_ECDSA_C) + /* * Simultaneously convert and move raw MPI from the beginning of a buffer * to an ASN.1 MPI at the end of the buffer. @@ -994,11 +996,24 @@ static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len, return( 0 ); } +#endif + static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { +#if !defined(MBEDTLS_ECDSA_C) + ((void) ctx); + ((void) md_alg); + ((void) hash); + ((void) hash_len); + ((void) sig); + ((void) sig_len); + ((void) f_rng); + ((void) p_rng); + return( PSA_ERROR_NOT_SUPPORTED ); +#else const psa_key_handle_t *key = (const psa_key_handle_t *) ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); @@ -1029,6 +1044,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, /* transcode it to ASN.1 sequence */ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) ); +#endif } const mbedtls_pk_info_t mbedtls_pk_opaque_info = { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 558016d04..f95d8cf91 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1184,6 +1184,12 @@ component_test_depends_hashes () { record_status tests/scripts/depends-hashes.pl } +component_test_depends_pkalgs_psa () { + msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + record_status tests/scripts/depends-pkalgs.pl +} + component_test_depends_pkalgs () { msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min record_status tests/scripts/depends-pkalgs.pl From bc5a754f28381a2a6ccb07cb4f840a8cdf0e548b Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 18 Aug 2020 05:23:36 -0700 Subject: [PATCH 066/488] Add change log description for Fix #3294 Signed-off-by: John Durkop --- ChangeLog.d/bugfix_PR3294.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/bugfix_PR3294.txt diff --git a/ChangeLog.d/bugfix_PR3294.txt b/ChangeLog.d/bugfix_PR3294.txt new file mode 100644 index 000000000..9a5bbc445 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3294.txt @@ -0,0 +1,8 @@ +Bugfix + * Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors are + returned. Remove warnings in pk.c for unused variables. Add new test + (test_depends_pkalgs_psa) to all.sh to confirm when USE_PSA_CRYPTO + is defined that features are working properly. Fixes issue reported in + #3294 where undefined reference errors occur when using USE_PSA_CRYPTO + and removing ECDSA support. + From c14be901eb1bc0c065690b2d6bc458e8530bf90f Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 20 Aug 2020 06:16:41 -0700 Subject: [PATCH 067/488] Add new test_depends_curves_psa to all.sh Add new test (test_depends_curves_psa) to all.sh to confirm that test is passing when MBEDTLS_USE_PSA_CRYPTO is defined. Fix #3294 Signed-off-by: John Durkop --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f95d8cf91..1c67a9ac9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1179,6 +1179,12 @@ component_test_depends_curves () { record_status tests/scripts/curves.pl } +component_test_depends_curves_psa () { + msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + record_status tests/scripts/curves.pl +} + component_test_depends_hashes () { msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min record_status tests/scripts/depends-hashes.pl From af5363c24e822960f1c8ff7af66f76d05ddc29eb Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 24 Aug 2020 08:29:39 -0700 Subject: [PATCH 068/488] Updates to cleanup fixes for #3294 Minor updates to changelog for more concise wording and fixed styling in other files as needed. Signed-off-by: John Durkop --- ChangeLog.d/bugfix_PR3294.txt | 8 ++------ library/pk_wrap.c | 8 ++++---- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/ChangeLog.d/bugfix_PR3294.txt b/ChangeLog.d/bugfix_PR3294.txt index 9a5bbc445..a6ea75e05 100644 --- a/ChangeLog.d/bugfix_PR3294.txt +++ b/ChangeLog.d/bugfix_PR3294.txt @@ -1,8 +1,4 @@ Bugfix - * Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors are - returned. Remove warnings in pk.c for unused variables. Add new test - (test_depends_pkalgs_psa) to all.sh to confirm when USE_PSA_CRYPTO - is defined that features are working properly. Fixes issue reported in - #3294 where undefined reference errors occur when using USE_PSA_CRYPTO - and removing ECDSA support. + * Fix build failure in configurations where MBEDTLS_USE_PSA_CRYPTO is + enabled but ECDSA is disabled. Contributed by jdurkop. Fixes #3294. diff --git a/library/pk_wrap.c b/library/pk_wrap.c index fd4a87509..33253a4d2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -34,7 +34,7 @@ #include "mbedtls/ecp.h" #endif -#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_ECDSA_C) #include "mbedtls/ecdsa.h" #endif @@ -1012,8 +1012,8 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ((void) sig_len); ((void) f_rng); ((void) p_rng); - return( PSA_ERROR_NOT_SUPPORTED ); -#else + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); +#else /* !MBEDTLS_ECDSA_C */ const psa_key_handle_t *key = (const psa_key_handle_t *) ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); @@ -1044,7 +1044,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, /* transcode it to ASN.1 sequence */ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) ); -#endif +#endif /* !MBEDTLS_ECDSA_C */ } const mbedtls_pk_info_t mbedtls_pk_opaque_info = { From d46ede0d37cbe9148fadf782e2ca85f067bdc08a Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 24 Aug 2020 09:51:00 -0700 Subject: [PATCH 069/488] Fix missing label for guard Fixes #3294 Signed-off-by: John Durkop --- library/pk_wrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 33253a4d2..6983d1475 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -996,7 +996,7 @@ static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len, return( 0 ); } -#endif +#endif /* MBEDTLS_ECDSA_C */ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, From af9513bb48407544c301fe2a06b69793c38e7a8a Mon Sep 17 00:00:00 2001 From: makise-homura Date: Mon, 24 Aug 2020 18:26:27 +0300 Subject: [PATCH 070/488] A different approach of signed-to-unsigned comparison Suggsted by @hanno-arm Signed-off-by: makise-homura --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 259a71d2f..0d74e6d82 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2048,7 +2048,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) if( ret < 0 ) return( ret ); - if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && (size_t)ret > SIZE_MAX ) ) + if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_recv returned %d bytes but only %lu were requested", @@ -2102,7 +2102,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) if( ret <= 0 ) return( ret ); - if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && (size_t)ret > SIZE_MAX ) ) + if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "f_send returned %d bytes but only %lu bytes were sent", From a6033e92af97504c1f69a8ec0e0263281420268d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 25 Aug 2020 11:47:50 +0200 Subject: [PATCH 071/488] Style and language fixes Signed-off-by: Steven Cooreman --- ChangeLog.d/add-aes-ecb-to-psa.txt | 2 +- include/mbedtls/psa_util.h | 2 +- include/psa/crypto_values.h | 15 +++++++++-- library/psa_crypto.c | 13 +++++++--- tests/suites/test_suite_psa_crypto.function | 28 ++++++++++----------- 5 files changed, 38 insertions(+), 22 deletions(-) diff --git a/ChangeLog.d/add-aes-ecb-to-psa.txt b/ChangeLog.d/add-aes-ecb-to-psa.txt index 2fa57ad8e..b0de67c4e 100644 --- a/ChangeLog.d/add-aes-ecb-to-psa.txt +++ b/ChangeLog.d/add-aes-ecb-to-psa.txt @@ -1,2 +1,2 @@ Features - * Added support for AES-ECB to the PSA Crypto cipher API. + * Add support for ECB to the PSA cipher API. diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a8c15a03c..aa944b63b 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -86,7 +86,7 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( switch( mode ) { case MBEDTLS_MODE_ECB: - return ( PSA_ALG_ECB_NO_PADDING ); + return( PSA_ALG_ECB_NO_PADDING ); case MBEDTLS_MODE_GCM: return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) ); case MBEDTLS_MODE_CCM: diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 786a3bb17..db5188743 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -981,11 +981,22 @@ #define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff) /** The Electronic Code Book (ECB) mode of a block cipher, with no padding. + * + * \warning ECB mode does not protect the confidentiality of the encrypted data + * except in extremely narrow circumstances. It is recommended that applications + * only use ECB if they need to construct an operating mode that the + * implementation does not provide. Implementations are encouraged to provide + * the modes that applications need in preference to supporting direct access + * to ECB. * * The underlying block cipher is determined by the key type. * - * This symmetric cipher mode can only be used with messages whose lengths - * are whole number of blocks for the chosen block cipher. + * This symmetric cipher mode can only be used with messages whose lengths are a + * multiple of the block size of the chosen block cipher. + * + * ECB mode does not accept an initialization vector (IV). When using a + * multi-part cipher operation with this algorithm, psa_cipher_generate_iv() + * and psa_cipher_set_iv() must not be called. */ #define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9362ef0ba..f3bd87693 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3749,9 +3749,12 @@ static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, operation->alg = alg; operation->key_set = 0; operation->iv_set = 0; - if( alg == PSA_ALG_ECB_NO_PADDING ) { + if( alg == PSA_ALG_ECB_NO_PADDING ) + { operation->iv_required = 0; - } else { + } + else + { operation->iv_required = 1; } operation->iv_size = 0; @@ -3844,7 +3847,8 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->key_set = 1; operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) ); - if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG && alg != PSA_ALG_ECB_NO_PADDING ) + if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && + alg != PSA_ALG_ECB_NO_PADDING ) { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ); } @@ -4002,7 +4006,8 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, { if( operation->alg == PSA_ALG_ECB_NO_PADDING || ( operation->alg == PSA_ALG_CBC_NO_PADDING && - operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) { + operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) + { status = PSA_ERROR_INVALID_ARGUMENT; goto error; } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e392ecc66..e75d6518e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3349,7 +3349,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3416,7 +3416,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3488,7 +3488,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, handle, alg ) ); if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3557,7 +3557,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, handle, alg ) ); if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3626,9 +3626,9 @@ void cipher_verify_output( int alg_arg, int key_type_arg, handle, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); } output1_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3650,8 +3650,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, ASSERT_ALLOC( output2, output2_size ); if( iv_length > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); } PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length, @@ -3716,9 +3716,9 @@ void cipher_verify_output_multipart( int alg_arg, handle, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); } output1_buffer_size = ( (size_t) input->len + @@ -3751,8 +3751,8 @@ void cipher_verify_output_multipart( int alg_arg, ASSERT_ALLOC( output2, output2_buffer_size ); if( iv_length > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); } PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, From ffecb7b982a5b6c7c214eb3c677c66068b2940fb Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 25 Aug 2020 15:13:13 +0200 Subject: [PATCH 072/488] Implement support for multipart ECB and add tests Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 84 +++++++++++++++++++++++-- tests/suites/test_suite_psa_crypto.data | 64 +++++++++++++++++-- 2 files changed, 139 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f3bd87693..04614d1af 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3945,9 +3945,9 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t output_size, size_t *output_length ) { - psa_status_t status; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; + size_t internal_output_length; if( operation->alg == 0 ) { @@ -3975,9 +3975,83 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, goto exit; } - ret = mbedtls_cipher_update( &operation->ctx.cipher, input, - input_length, output, output_length ); - status = mbedtls_to_psa_error( ret ); + if( operation->alg == PSA_ALG_ECB_NO_PADDING ) + { + /* mbedtls_cipher_update has an API inconsistency: it will only + * process a single block at a time in ECB mode. Abstract away that + * inconsistency here to match the PSA API behaviour. */ + *output_length = 0; + + if( input_length == 0 ) + { + status = PSA_SUCCESS; + goto exit; + } + + if( expected_output_size > 0 ) + { + size_t ctx_bytes = operation->ctx.cipher.unprocessed_len; + if( ctx_bytes > 0 ) + { + /* Fill up to block size and run the block */ + size_t bytes_to_copy = operation->block_size - ctx_bytes; + memcpy( &( operation->ctx.cipher.unprocessed_data[ctx_bytes] ), + input, bytes_to_copy ); + input_length -= bytes_to_copy; + input += bytes_to_copy; + operation->ctx.cipher.unprocessed_len = 0; + + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, + operation->ctx.cipher.unprocessed_data, + operation->block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + + size_t blocks = input_length / operation->block_size; + for( ; blocks > 0; blocks-- ) + { + /* Run all full blocks we have, one by one */ + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, input, + operation->block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + input_length -= operation->block_size; + input += operation->block_size; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + } + + if( input_length > 0 ) + { + /* Save unprocessed bytes for later processing */ + memcpy( &( operation->ctx.cipher.unprocessed_data[operation->ctx.cipher.unprocessed_len] ), + input, input_length ); + operation->ctx.cipher.unprocessed_len += input_length; + } + + status = PSA_SUCCESS; + } + else + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, input, + input_length, output, output_length ) ); + } exit: if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 61338e92c..44a69b989 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1126,10 +1126,18 @@ PSA cipher: bad order function calls depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_bad_order: +PSA symmetric encrypt: AES-ECB, 0 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS + PSA symmetric encrypt: AES-ECB, 16 bytes, good depends_on:MBEDTLS_AES_C cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS +PSA symmetric encrypt: AES-ECB, 32 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":PSA_SUCCESS + PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS @@ -1142,6 +1150,10 @@ PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS +PSA symmetric encrypt: AES-ECB, input too short (15 bytes) +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"3ad77bb40d7a3660a89ecaf32466ef":PSA_ERROR_INVALID_ARGUMENT + PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT @@ -1166,10 +1178,26 @@ PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS +PSA symmetric encrypt: 2-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"c78e2b38139610e3":"5d0652429c5b0ac7":PSA_SUCCESS + +PSA symmetric encrypt: 3-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":"817ca7d69b80d86a":PSA_SUCCESS + +PSA symmetric decrypt: AES-ECB, 0 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS + PSA symmetric decrypt: AES-ECB, 16 bytes, good depends_on:MBEDTLS_AES_C cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS +PSA symmetric decrypt: AES-ECB, 32 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS + PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS @@ -1190,6 +1218,10 @@ PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS +PSA symmetric decrypt: AES-ECB, input too short (15 bytes) +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT + PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE @@ -1206,6 +1238,14 @@ PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS +PSA symmetric decrypt: 2-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"5d0652429c5b0ac7":"c78e2b38139610e3":PSA_SUCCESS + +PSA symmetric decrypt: 3-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3":PSA_SUCCESS + PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good depends_on:MBEDTLS_AES_C cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -1230,6 +1270,14 @@ PSA symmetric encryption multipart: AES-ECB, 16+16 bytes depends_on:MBEDTLS_AES_C cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" +PSA symmetric encryption multipart: AES-ECB, 13+19 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":13:0:32:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + +PSA symmetric encryption multipart: AES-ECB, 24+12 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":24:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b" @@ -1298,6 +1346,14 @@ PSA symmetric decryption multipart: AES-ECB, 16+16 bytes depends_on:MBEDTLS_AES_C cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" +PSA symmetric decryption multipart: AES-ECB, 11+21 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + +PSA symmetric decryption multipart: AES-ECB, 28+4 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a" @@ -1326,19 +1382,19 @@ PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric encryption multipart: AES-CTR, 16+16 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+20 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 20+12 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+10 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" From ee4d4eb6259a297a40f27805dfe1ae6bad0c7ac4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 19:28:13 +0200 Subject: [PATCH 073/488] Remove a useless zeroization Remove the zeroization of a pointer variable in the AES block functions. The code was valid but spurious and misleading since it looked like a mistaken attempt to zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA Leti, France. Note that we do not zeroize the buffer here because these are the round keys, and they need to stay until all the blocks are processed. They will be zeroized in mbedtls_aes_free(). Signed-off-by: Gilles Peskine --- ChangeLog.d/aes-zeroize-pointer.txt | 5 +++++ library/aes.c | 4 ---- 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/aes-zeroize-pointer.txt diff --git a/ChangeLog.d/aes-zeroize-pointer.txt b/ChangeLog.d/aes-zeroize-pointer.txt new file mode 100644 index 000000000..ccc6dc159 --- /dev/null +++ b/ChangeLog.d/aes-zeroize-pointer.txt @@ -0,0 +1,5 @@ +Changes + * Remove the zeroization of a pointer variable in AES rounds. It was valid + but spurious and misleading since it looked like a mistaken attempt to + zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA + Leti, France. diff --git a/library/aes.c b/library/aes.c index ed48b24d3..1d6560749 100644 --- a/library/aes.c +++ b/library/aes.c @@ -923,8 +923,6 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) ); mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) ); - mbedtls_platform_zeroize( &RK, sizeof( RK ) ); - return( 0 ); } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ @@ -1003,8 +1001,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) ); mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) ); - mbedtls_platform_zeroize( &RK, sizeof( RK ) ); - return( 0 ); } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ From 14613bcd75614408448079f27fb9aa79f6be847e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 22:30:31 +0200 Subject: [PATCH 074/488] Fix parity tests to actually fail the test on error Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_metadata.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 1ba846695..96d3afb3d 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -58,7 +58,7 @@ /* Check the parity of value. * Return 0 if value has even parity and a nonzero value otherwise. */ -int test_parity( uint32_t value ) +int check_parity( uint32_t value ) { value ^= value >> 16; value ^= value >> 8; @@ -66,7 +66,7 @@ int test_parity( uint32_t value ) return( 0x9669 & 1 << ( value & 0xf ) ); } #define TEST_PARITY( value ) \ - TEST_ASSERT( test_parity( value ) ) + TEST_ASSERT( check_parity( value ) ) void algorithm_classification( psa_algorithm_t alg, unsigned flags ) { @@ -497,7 +497,7 @@ void ecc_key_family( int curve_arg ) psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve ); - test_parity( curve ); + TEST_PARITY( curve ); test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY ); test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR ); @@ -514,7 +514,7 @@ void dh_key_family( int group_arg ) psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group ); psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group ); - test_parity( group ); + TEST_PARITY( group ); test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY ); test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR ); From bab1b5204889ffcc22ac57807ea85817e3a55d39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 22:49:19 +0200 Subject: [PATCH 075/488] psa_its: Annotate file removal after a failed creation Let static analyzers know that it's ok if remove() fails here. Signed-off-by: Gilles Peskine --- library/psa_its_file.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 34a75dc69..2fbff20ef 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -233,7 +233,12 @@ exit: if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 ) status = PSA_ERROR_STORAGE_FAILURE; } - remove( PSA_ITS_STORAGE_TEMP ); + /* The temporary file may still exist, but only in failure cases where + * we're already reporting an error. So there's nothing we can do on + * failure. If the function succeeded, and in some error cases, the + * temporary file doesn't exist and so remove() is expected to fail. + * Thus we just ignore the return status of remove(). */ + (void) remove( PSA_ITS_STORAGE_TEMP ); return( status ); } From 169ca7f06d99d3e8e4db06c56474f90a8c357be1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 22:50:06 +0200 Subject: [PATCH 076/488] psa_crypto_storage: Annotate file removal after a failed creation Let static analyzers know that it's ok if psa_its_remove() fails here. Signed-off-by: Gilles Peskine --- library/psa_crypto_storage.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 37820533f..103c9bbb8 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -174,7 +174,13 @@ static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key, exit: if( status != PSA_SUCCESS ) - psa_its_remove( data_identifier ); + { + /* Remove the file in case we managed to create it but something + * went wrong. It's ok if the file doesn't exist. If the file exists + * but the removal fails, we're already reporting an error so there's + * nothing else we can do. */ + (void) psa_its_remove( data_identifier ); + } return( status ); } From a09713c7956b300382e5ce4b7cea3b08cf5553e4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 22:50:18 +0200 Subject: [PATCH 077/488] test cleanup: Annotate file removal after a failed creation Let static analyzers know that it's ok if remove() fails here. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_its.function | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index b6cc488a6..a7ce7b1d4 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -40,16 +40,23 @@ static psa_storage_uid_t uid_max = 0; static void cleanup( void ) { + /* Call remove() on all the files that a test might have created. + * We ignore the error if the file exists but remove() fails because + * it can't be checked portably (except by attempting to open the file + * first, which is needlessly slow and complicated here). A failure of + * remove() on an existing file is very unlikely anyway and would not + * have significant consequences other than perhaps failing the next + * test case. */ char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; psa_storage_uid_t uid; for( uid = 0; uid < uid_max; uid++ ) { psa_its_fill_filename( uid, filename ); - remove( filename ); + (void) remove( filename ); } psa_its_fill_filename( (psa_storage_uid_t)( -1 ), filename ); - remove( filename ); - remove( PSA_ITS_STORAGE_TEMP ); + (void) remove( filename ); + (void) remove( PSA_ITS_STORAGE_TEMP ); uid_max = 0; } From 64f13ef6ab5f642f597ff45252cfc008e2d51673 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 23:15:20 +0200 Subject: [PATCH 078/488] Add missing cleanup to some multipart operation tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f4b9a8f67..635114137 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3066,6 +3066,7 @@ void mac_sign( int key_type_arg, sizeof( actual_mac ) - mac_length ) ); exit: + psa_mac_abort( &operation ); psa_destroy_key( handle ); PSA_DONE( ); } @@ -3104,6 +3105,7 @@ void mac_verify( int key_type_arg, expected_mac->len ) ); exit: + psa_mac_abort( &operation ); psa_destroy_key( handle ); PSA_DONE( ); } @@ -3183,6 +3185,7 @@ void cipher_setup( int key_type_arg, #endif exit: + psa_cipher_abort( &operation ); PSA_DONE( ); } /* END_CASE */ @@ -3335,6 +3338,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_destroy_key( handle ) ); exit: + psa_cipher_abort( &operation ); PSA_DONE( ); } /* END_CASE */ @@ -3393,6 +3397,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, } exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); @@ -3461,6 +3466,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, output, total_output_length ); exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); @@ -3532,6 +3538,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output, total_output_length ); exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); @@ -3593,6 +3600,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, } exit: + psa_cipher_abort( &operation ); mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); @@ -3674,6 +3682,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, ASSERT_COMPARE( input->x, input->len, output2, output2_length ); exit: + psa_cipher_abort( &operation1 ); + psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); psa_destroy_key( handle ); @@ -3777,6 +3787,8 @@ void cipher_verify_output_multipart( int alg_arg, ASSERT_COMPARE( input->x, input->len, output2, output2_length ); exit: + psa_cipher_abort( &operation1 ); + psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); psa_destroy_key( handle ); From e92c68a8786ae82302e2b9877ef86de4691ae620 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 00:06:25 +0200 Subject: [PATCH 079/488] Note that a failure in cleanup is intentional In the cleanup code for persistent_key_load_key_from_storage(), we only attempt to reopen the key so that it will be deleted if it exists at that point. It's intentional that we do nothing if psa_open_key() fails here. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 635114137..e48cb9054 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -5651,7 +5651,7 @@ exit: /* In case there was a test failure after creating the persistent key * but while it was not open, try to re-open the persistent key * to delete it. */ - psa_open_key( key_id, &handle ); + (void) psa_open_key( key_id, &handle ); } psa_destroy_key( handle ); PSA_DONE(); From cd65f4ccac29dc64b6fb045a63bc9e8af6738159 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 23:11:21 +0200 Subject: [PATCH 080/488] Add empty-output-buffer test cases for single-part hash functions Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d982f81f6..cd2601796 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -799,6 +799,10 @@ hash_compute_fail:PSA_ALG_ANY_HASH:"":32:PSA_ERROR_NOT_SUPPORTED PSA hash compute: bad algorithm (not a hash) hash_compute_fail:PSA_ALG_HMAC(PSA_ALG_SHA_256):"":32:PSA_ERROR_INVALID_ARGUMENT +PSA hash compute: output buffer empty +depends_on:MBEDTLS_SHA256_C +hash_compute_fail:PSA_ALG_SHA_256:"":0:PSA_ERROR_BUFFER_TOO_SMALL + PSA hash compute: output buffer too small depends_on:MBEDTLS_SHA256_C hash_compute_fail:PSA_ALG_SHA_256:"":31:PSA_ERROR_BUFFER_TOO_SMALL @@ -828,6 +832,10 @@ PSA hash compare: truncated hash depends_on:MBEDTLS_SHA256_C hash_compare_fail:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8":PSA_ERROR_INVALID_SIGNATURE +PSA hash compare: empty hash +depends_on:MBEDTLS_SHA256_C +hash_compare_fail:PSA_ALG_SHA_256:"":"":PSA_ERROR_INVALID_SIGNATURE + PSA hash compare: good depends_on:MBEDTLS_SHA256_C hash_compare_fail:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":PSA_SUCCESS From 3d404d677e8053b328b38b064242babdc24bb5a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 23:47:36 +0200 Subject: [PATCH 081/488] Test PSA_MAC_FINAL_SIZE in mac_sign exactly We expect PSA_MAC_FINAL_SIZE to be exact in this implementation, so check it here. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f4b9a8f67..fb0f2b2e4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3038,7 +3038,8 @@ void mac_sign( int key_type_arg, memset( actual_mac, '+', sizeof( actual_mac ) ); TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); - TEST_ASSERT( expected_mac->len <= mac_buffer_size ); + /* We expect PSA_MAC_FINAL_SIZE to be exact. */ + TEST_ASSERT( expected_mac->len == mac_buffer_size ); PSA_ASSERT( psa_crypto_init( ) ); From 5e65cec5e81cfd203e6f5b8c5c90ce70fae8bd85 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 23:38:39 +0200 Subject: [PATCH 082/488] Simplify output bounds check in mac_sign test Rely on Asan to detect a potential buffer overflow, instead of doing a manual check. This makes the code simpler and Asan can detect underflows as well as overflows. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fb0f2b2e4..5b0054d64 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3028,15 +3028,11 @@ void mac_sign( int key_type_arg, psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - /* Leave a little extra room in the output buffer. At the end of the - * test, we'll check that the implementation didn't overwrite onto - * this extra room. */ - uint8_t actual_mac[PSA_MAC_MAX_SIZE + 10]; + uint8_t *actual_mac = NULL; size_t mac_buffer_size = PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg ); size_t mac_length = 0; - memset( actual_mac, '+', sizeof( actual_mac ) ); TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); /* We expect PSA_MAC_FINAL_SIZE to be exact. */ TEST_ASSERT( expected_mac->len == mac_buffer_size ); @@ -3049,6 +3045,8 @@ void mac_sign( int key_type_arg, PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + ASSERT_ALLOC( actual_mac, mac_buffer_size ); + /* Calculate the MAC. */ PSA_ASSERT( psa_mac_sign_setup( &operation, handle, alg ) ); @@ -3062,13 +3060,10 @@ void mac_sign( int key_type_arg, ASSERT_COMPARE( expected_mac->x, expected_mac->len, actual_mac, mac_length ); - /* Verify that the end of the buffer is untouched. */ - TEST_ASSERT( mem_is_char( actual_mac + mac_length, '+', - sizeof( actual_mac ) - mac_length ) ); - exit: psa_destroy_key( handle ); PSA_DONE( ); + mbedtls_free( actual_mac ); } /* END_CASE */ From 8b356b5652ddf4570e175fca343fe22532ac95dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 23:44:59 +0200 Subject: [PATCH 083/488] Test other output sizes for psa_mac_sign_finish Test psa_mac_sign_finish with a smaller or larger buffer. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 46 +++++++++++++++------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5b0054d64..4b70115cc 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3032,6 +3032,13 @@ void mac_sign( int key_type_arg, size_t mac_buffer_size = PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg ); size_t mac_length = 0; + const size_t output_sizes_to_test[] = { + 0, + 1, + expected_mac->len - 1, + expected_mac->len, + expected_mac->len + 1, + }; TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); /* We expect PSA_MAC_FINAL_SIZE to be exact. */ @@ -3045,20 +3052,35 @@ void mac_sign( int key_type_arg, PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); - ASSERT_ALLOC( actual_mac, mac_buffer_size ); + for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ ) + { + const size_t output_size = output_sizes_to_test[i]; + psa_status_t expected_status = + ( output_size >= expected_mac->len ? PSA_SUCCESS : + PSA_ERROR_BUFFER_TOO_SMALL ); - /* Calculate the MAC. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); - PSA_ASSERT( psa_mac_update( &operation, - input->x, input->len ) ); - PSA_ASSERT( psa_mac_sign_finish( &operation, - actual_mac, mac_buffer_size, - &mac_length ) ); + test_set_step( output_size ); + ASSERT_ALLOC( actual_mac, output_size ); - /* Compare with the expected value. */ - ASSERT_COMPARE( expected_mac->x, expected_mac->len, - actual_mac, mac_length ); + /* Calculate the MAC. */ + PSA_ASSERT( psa_mac_sign_setup( &operation, + handle, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_sign_finish( &operation, + actual_mac, output_size, + &mac_length ), + expected_status ); + PSA_ASSERT( psa_mac_abort( &operation ) ); + + if( expected_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( expected_mac->x, expected_mac->len, + actual_mac, mac_length ); + } + mbedtls_free( actual_mac ); + actual_mac = NULL; + } exit: psa_destroy_key( handle ); From 090e16cb8b5c46bb0507c6a97f5f00232ff3c420 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Aug 2020 23:59:40 +0200 Subject: [PATCH 084/488] Don't destroy the key during a MAC verification operation An early draft of the PSA crypto specification required multipart operations to keep working after destroying the key. This is no longer the case: instead, now, operations are guaranteed to fail. Mbed TLS does not comply yet, and still allows the operation to keep going. Stop testing Mbed TLS's non-compliant behavior. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4b70115cc..1ff083c0c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3114,7 +3114,6 @@ void mac_verify( int key_type_arg, PSA_ASSERT( psa_mac_verify_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, From 29c4a6cf9f03e00e6db5174fe462326dadf264d4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 00:01:39 +0200 Subject: [PATCH 085/488] Add negative tests for MAC verification Add negative tests for psa_mac_verify_finish: too large, too small, or a changed byte. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 41 +++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 1ff083c0c..b0b4ed6a2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3101,6 +3101,7 @@ void mac_verify( int key_type_arg, psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *perturbed_mac = NULL; TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE ); @@ -3112,6 +3113,7 @@ void mac_verify( int key_type_arg, PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + /* Test the correct MAC. */ PSA_ASSERT( psa_mac_verify_setup( &operation, handle, alg ) ); PSA_ASSERT( psa_mac_update( &operation, @@ -3120,9 +3122,48 @@ void mac_verify( int key_type_arg, expected_mac->x, expected_mac->len ) ); + /* Test a MAC that's too short. */ + PSA_ASSERT( psa_mac_verify_setup( &operation, + handle, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, + expected_mac->x, + expected_mac->len - 1 ), + PSA_ERROR_INVALID_SIGNATURE ); + + /* Test a MAC that's too long. */ + ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 ); + memcpy( perturbed_mac, expected_mac->x, expected_mac->len ); + PSA_ASSERT( psa_mac_verify_setup( &operation, + handle, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, + perturbed_mac, + expected_mac->len + 1 ), + PSA_ERROR_INVALID_SIGNATURE ); + + /* Test changing one byte. */ + for( size_t i = 0; i < expected_mac->len; i++ ) + { + test_set_step( i ); + perturbed_mac[i] ^= 1; + PSA_ASSERT( psa_mac_verify_setup( &operation, + handle, alg ) ); + PSA_ASSERT( psa_mac_update( &operation, + input->x, input->len ) ); + TEST_EQUAL( psa_mac_verify_finish( &operation, + perturbed_mac, + expected_mac->len ), + PSA_ERROR_INVALID_SIGNATURE ); + perturbed_mac[i] ^= 1; + } + exit: psa_destroy_key( handle ); PSA_DONE( ); + mbedtls_free( perturbed_mac ); } /* END_CASE */ From 34f063ca4761fb95e6060eeda26544f9f8c2c65d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 10:24:13 +0200 Subject: [PATCH 086/488] Add missing cleanup to hash multipart operation tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_hash.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index 6c577c06a..1bc93313a 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -31,6 +31,7 @@ void hash_finish( int alg_arg, data_t *input, data_t *expected_hash ) actual_hash, actual_hash_length ); exit: + psa_hash_abort( &operation ); PSA_DONE( ); } /* END_CASE */ @@ -52,6 +53,7 @@ void hash_verify( int alg_arg, data_t *input, data_t *expected_hash ) expected_hash->len ) ); exit: + psa_hash_abort( &operation ); PSA_DONE( ); } /* END_CASE */ @@ -95,6 +97,8 @@ void hash_multi_part( int alg_arg, data_t *input, data_t *expected_hash ) } while( len++ != input->len ); exit: + psa_hash_abort( &operation ); + psa_hash_abort( &operation2 ); PSA_DONE( ); } /* END_CASE */ From 6c75152b9f1a5dac1d92b793cb0c1d93b161c690 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 10:24:26 +0200 Subject: [PATCH 087/488] Explain the purpose of check_parity Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_metadata.function | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 96d3afb3d..abee922e7 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -57,6 +57,16 @@ TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) ) /* Check the parity of value. + * + * There are several numerical encodings for which the PSA Cryptography API + * specification deliberately defines encodings that all have the same + * parity. This way, a data glitch that flips one bit in the data cannot + * possibly turn a valid encoding into another valid encoding. Here in + * the tests, we check that the values (including Mbed TLS vendor-specific + * values) have the expected parity. + * + * The expected parity is even so that 0 is considered a valid encoding. + * * Return 0 if value has even parity and a nonzero value otherwise. */ int check_parity( uint32_t value ) { From ed9fbc6443caf4b357145d362075321082be1641 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 11:16:50 +0200 Subject: [PATCH 088/488] Clearer function name for parity check Return a name that more clearly returns nonzero=true=good, 0=bad. We'd normally expect check_xxx to return 0=pass, nonzero=fail so check_parity was a bad name. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_metadata.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index abee922e7..2c069835a 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -68,7 +68,7 @@ * The expected parity is even so that 0 is considered a valid encoding. * * Return 0 if value has even parity and a nonzero value otherwise. */ -int check_parity( uint32_t value ) +int has_even_parity( uint32_t value ) { value ^= value >> 16; value ^= value >> 8; @@ -76,7 +76,7 @@ int check_parity( uint32_t value ) return( 0x9669 & 1 << ( value & 0xf ) ); } #define TEST_PARITY( value ) \ - TEST_ASSERT( check_parity( value ) ) + TEST_ASSERT( has_even_parity( value ) ) void algorithm_classification( psa_algorithm_t alg, unsigned flags ) { From a2e518daf51de2cb548786b37a7d6e55ac8ffd67 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 12:14:37 +0200 Subject: [PATCH 089/488] Fix the documentation of has_even_parity The documentation had the boolean meaning of the return value inverted. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_metadata.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 2c069835a..7c0929e29 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -67,7 +67,7 @@ * * The expected parity is even so that 0 is considered a valid encoding. * - * Return 0 if value has even parity and a nonzero value otherwise. */ + * Return a nonzero value if value has even parity and 0 otherwise. */ int has_even_parity( uint32_t value ) { value ^= value >> 16; From c18a7b8466964bf713bf9e9b0fb09bc6cb2d865e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 Aug 2020 14:49:16 +0100 Subject: [PATCH 090/488] Assemble ChangeLog Executed scripts/assemble_changelog.py. Signed-off-by: Janos Follath --- ChangeLog | 111 ++++++++++++++++++ ChangeLog.d/bugfix_PR3452.txt | 3 - .../build_with_only_montgomery_curves.txt | 6 - ChangeLog.d/cmake-install.txt | 3 - ChangeLog.d/copyright.txt | 6 - ChangeLog.d/crl-revocationDate.txt | 11 -- .../do_not_persist_volatile_external_keys.txt | 4 - ChangeLog.d/e2k-support.txt | 5 - ChangeLog.d/format-signedness.txt | 3 - ChangeLog.d/local-lucky13.txt | 11 -- ChangeLog.d/md_setup-leak.txt | 3 - ChangeLog.d/netbsd-rand-arc4random_buf.txt | 3 - ChangeLog.d/protect-base-blinding.txt | 6 - ChangeLog.d/psa_curve25519_key_support.txt | 9 -- .../psa_curve25519_public_key_import.txt | 3 - ChangeLog.d/psa_ecc_dh_macros.txt | 9 -- .../pw_protected_key_file_ssl_clisrv2.txt | 8 -- ChangeLog.d/stdout-macro.txt | 3 - .../undef_assert_before_defining_it.txt | 3 - ChangeLog.d/x509-verify-non-dns-san.txt | 11 -- ChangeLog.d/x509parse_crl-empty_entry.txt | 4 - ChangeLog.d/x509write_csr_heap_alloc.txt | 4 - ChangeLog.d/zeroising_of_plaintext_buffer.txt | 4 - 23 files changed, 111 insertions(+), 122 deletions(-) delete mode 100644 ChangeLog.d/bugfix_PR3452.txt delete mode 100644 ChangeLog.d/build_with_only_montgomery_curves.txt delete mode 100644 ChangeLog.d/cmake-install.txt delete mode 100644 ChangeLog.d/copyright.txt delete mode 100644 ChangeLog.d/crl-revocationDate.txt delete mode 100644 ChangeLog.d/do_not_persist_volatile_external_keys.txt delete mode 100644 ChangeLog.d/e2k-support.txt delete mode 100644 ChangeLog.d/format-signedness.txt delete mode 100644 ChangeLog.d/local-lucky13.txt delete mode 100644 ChangeLog.d/md_setup-leak.txt delete mode 100644 ChangeLog.d/netbsd-rand-arc4random_buf.txt delete mode 100644 ChangeLog.d/protect-base-blinding.txt delete mode 100644 ChangeLog.d/psa_curve25519_key_support.txt delete mode 100644 ChangeLog.d/psa_curve25519_public_key_import.txt delete mode 100644 ChangeLog.d/psa_ecc_dh_macros.txt delete mode 100644 ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt delete mode 100644 ChangeLog.d/stdout-macro.txt delete mode 100644 ChangeLog.d/undef_assert_before_defining_it.txt delete mode 100644 ChangeLog.d/x509-verify-non-dns-san.txt delete mode 100644 ChangeLog.d/x509parse_crl-empty_entry.txt delete mode 100644 ChangeLog.d/x509write_csr_heap_alloc.txt delete mode 100644 ChangeLog.d/zeroising_of_plaintext_buffer.txt diff --git a/ChangeLog b/ChangeLog index 32853ce43..1c6e41467 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,116 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +API changes + * In the PSA API, rename the types of elliptic curve and Diffie-Hellman group families to + psa_ecc_family_t and psa_dh_family_t, in line with the PSA Crypto API specification version 1.0.0. + Rename associated macros as well: + PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx + PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx + PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY + PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY + +Default behavior changes + * Stop storing persistent information about externally stored keys created + through PSA Crypto with a volatile lifetime. Reported in #3288 and + contributed by Steven Cooreman in #3382. + +Features + * The new function mbedtls_ecp_write_key() exports private ECC keys back to + a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key(). + * Support building on e2k (Elbrus) architecture: correctly enable + -Wformat-signedness, and fix the code that causes signed-one-bit-field + and sign-compare warnings. Contributed by makise-homura (Igor Molchanov) + . + +Security + * Fix a vulnerability in the verification of X.509 certificates when + matching the expected common name (the cn argument of + mbedtls_x509_crt_verify()) with the actual certificate name: when the + subjecAltName extension is present, the expected name was compared to any + name in that extension regardless of its type. This means that an + attacker could for example impersonate a 4-bytes or 16-byte domain by + getting a certificate for the corresponding IPv4 or IPv6 (this would + require the attacker to control that IP address, though). Similar attacks + using other subjectAltName name types might be possible. Found and + reported by kFYatek in #3498. + * When checking X.509 CRLs, a certificate was only considered as revoked if + its revocationDate was in the past according to the local clock if + available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, + certificates were never considered as revoked. On builds with + MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for + example, an untrusted OS attacking a secure enclave) could prevent + revocation of certificates via CRLs. Fixed by no longer checking the + revocationDate field, in accordance with RFC 5280. Reported by + yuemonangong in #3340. Reported independently and fixed by + Raoul Strackx and Jethro Beekman in #3433. + * In (D)TLS record decryption, when using a CBC ciphersuites without the + Encrypt-then-Mac extension, use constant code flow memory access patterns + to extract and check the MAC. This is an improvement to the existing + countermeasure against Lucky 13 attacks. The previous countermeasure was + effective against network-based attackers, but less so against local + attackers. The new countermeasure defends against local attackers, even + if they have access to fine-grained measurements. In particular, this + fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, + Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler + (University of Florida) and Dave Tian (Purdue University). + * Fix side channel in RSA private key operations and static (finite-field) + Diffie-Hellman. An adversary with precise enough timing and memory access + information (typically an untrusted operating system attacking a secure + enclave) could bypass an existing counter-measure (base blinding) and + potentially fully recover the private key. + * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). + Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine + for pinpointing the problematic code. + * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused + application data from memory. Reported in #689 by + Johan Uppman Bruce of Sectra. + +Bugfix + * Library files installed after a CMake build no longer have execute + permission. + * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol redefinition if the function is inlined. + Reported in #3451 and fix contributed in #3452 by okhowang. + * Fix the endianness of Curve25519 keys imported/exported through the PSA + APIs. psa_import_key and psa_export_key will now correctly expect/output + Montgomery keys in little-endian as defined by RFC7748. Contributed by + Steven Cooreman in #3425. + * Fix build errors when the only enabled elliptic curves are Montgomery + curves. Raised by signpainter in #941 and by Taiki-San in #1412. This + also fixes missing declarations reported by Steven Cooreman in #1147. + * Fix self-test failure when the only enabled short Weierstrass elliptic + curve is secp192k1. Fixes #2017. + * PSA key import will now correctly import a Curve25519/Curve448 public key + instead of erroring out. Contributed by Steven Cooreman in #3492. + * Use arc4random_buf on NetBSD instead of rand implementation with cyclical + lower bits. Fix contributed in #3540. + * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory + conditions. Reported and fix suggested by Guido Vranken in #3486. + * Fix bug in redirection of unit test outputs on platforms where stdout is + defined as a macro. First reported in #2311 and fix contributed in #3528. + +Changes + * Only pass -Wformat-signedness to versions of GCC that support it. Reported + in #3478 and fix contributed in #3479 by okhowang. + * Reduce the stack consumption of mbedtls_x509write_csr_der() which + previously could lead to stack overflow on constrained devices. + Contributed by Doru Gucea and Simon Leet in #3464. + * Undefine the ASSERT macro before defining it locally, in case it is defined + in a platform header. Contributed by Abdelatif Guettouche in #3557. + * Update copyright notices to use Linux Foundation guidance. As a result, + the copyright of contributors other than Arm is now acknowledged, and the + years of publishing are no longer tracked in the source files. This also + eliminates the need for the lines declaring the files to be part of + MbedTLS. Fixes #3457. + * Add the command line parameter key_pwd to the ssl_client2 and ssl_server2 + example applications which allows to provide a password for the key file + specified through the existing key_file argument. This allows the use of + these applications with password-protected key files. Analogously but for + ssl_server2 only, add the command line parameter key_pwd2 which allows to + set a password for the key file provided through the existing key_file2 + argument. + = mbed TLS 2.23.0 branch released 2020-07-01 Default behavior changes diff --git a/ChangeLog.d/bugfix_PR3452.txt b/ChangeLog.d/bugfix_PR3452.txt deleted file mode 100644 index acf593eb8..000000000 --- a/ChangeLog.d/bugfix_PR3452.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol redefinition if the function is inlined. - Reported in #3451 and fix contributed in #3452 by okhowang. diff --git a/ChangeLog.d/build_with_only_montgomery_curves.txt b/ChangeLog.d/build_with_only_montgomery_curves.txt deleted file mode 100644 index d4ec7c56c..000000000 --- a/ChangeLog.d/build_with_only_montgomery_curves.txt +++ /dev/null @@ -1,6 +0,0 @@ -Bugfix - * Fix build errors when the only enabled elliptic curves are Montgomery - curves. Raised by signpainter in #941 and by Taiki-San in #1412. This - also fixes missing declarations reported by Steven Cooreman in #1147. - * Fix self-test failure when the only enabled short Weierstrass elliptic - curve is secp192k1. Fixes #2017. diff --git a/ChangeLog.d/cmake-install.txt b/ChangeLog.d/cmake-install.txt deleted file mode 100644 index 1bcec4aa9..000000000 --- a/ChangeLog.d/cmake-install.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Library files installed after a CMake build no longer have execute - permission. diff --git a/ChangeLog.d/copyright.txt b/ChangeLog.d/copyright.txt deleted file mode 100644 index aefc6bc7e..000000000 --- a/ChangeLog.d/copyright.txt +++ /dev/null @@ -1,6 +0,0 @@ -Changes - * Update copyright notices to use Linux Foundation guidance. As a result, - the copyright of contributors other than Arm is now acknowledged, and the - years of publishing are no longer tracked in the source files. This also - eliminates the need for the lines declaring the files to be part of - MbedTLS. Fixes #3457. diff --git a/ChangeLog.d/crl-revocationDate.txt b/ChangeLog.d/crl-revocationDate.txt deleted file mode 100644 index a8ad53216..000000000 --- a/ChangeLog.d/crl-revocationDate.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * When checking X.509 CRLs, a certificate was only considered as revoked if - its revocationDate was in the past according to the local clock if - available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, - certificates were never considered as revoked. On builds with - MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for - example, an untrusted OS attacking a secure enclave) could prevent - revocation of certificates via CRLs. Fixed by no longer checking the - revocationDate field, in accordance with RFC 5280. Reported by - yuemonangong in #3340. Reported independently and fixed by - Raoul Strackx and Jethro Beekman in #3433. diff --git a/ChangeLog.d/do_not_persist_volatile_external_keys.txt b/ChangeLog.d/do_not_persist_volatile_external_keys.txt deleted file mode 100644 index b27292c90..000000000 --- a/ChangeLog.d/do_not_persist_volatile_external_keys.txt +++ /dev/null @@ -1,4 +0,0 @@ -Default behavior changes - * Stop storing persistent information about externally stored keys created - through PSA Crypto with a volatile lifetime. Reported in #3288 and - contributed by Steven Cooreman in #3382. diff --git a/ChangeLog.d/e2k-support.txt b/ChangeLog.d/e2k-support.txt deleted file mode 100644 index 023b1888e..000000000 --- a/ChangeLog.d/e2k-support.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Support building on e2k (Elbrus) architecture: correctly enable - -Wformat-signedness, and fix the code that causes signed-one-bit-field - and sign-compare warnings. Contributed by makise-homura (Igor Molchanov) - . diff --git a/ChangeLog.d/format-signedness.txt b/ChangeLog.d/format-signedness.txt deleted file mode 100644 index ee1ee4bb3..000000000 --- a/ChangeLog.d/format-signedness.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Only pass -Wformat-signedness to versions of GCC that support it. Reported - in #3478 and fix contributed in #3479 by okhowang. diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt deleted file mode 100644 index adf493abe..000000000 --- a/ChangeLog.d/local-lucky13.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * In (D)TLS record decryption, when using a CBC ciphersuites without the - Encrypt-then-Mac extension, use constant code flow memory access patterns - to extract and check the MAC. This is an improvement to the existing - countermeasure against Lucky 13 attacks. The previous countermeasure was - effective against network-based attackers, but less so against local - attackers. The new countermeasure defends against local attackers, even - if they have access to fine-grained measurements. In particular, this - fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz, - Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler - (University of Florida) and Dave Tian (Purdue University). diff --git a/ChangeLog.d/md_setup-leak.txt b/ChangeLog.d/md_setup-leak.txt deleted file mode 100644 index 5111d8ef8..000000000 --- a/ChangeLog.d/md_setup-leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory - conditions. Reported and fix suggested by Guido Vranken in #3486. diff --git a/ChangeLog.d/netbsd-rand-arc4random_buf.txt b/ChangeLog.d/netbsd-rand-arc4random_buf.txt deleted file mode 100644 index 8539d1f5e..000000000 --- a/ChangeLog.d/netbsd-rand-arc4random_buf.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Use arc4random_buf on NetBSD instead of rand implementation with cyclical - lower bits. Fix contributed in #3540. diff --git a/ChangeLog.d/protect-base-blinding.txt b/ChangeLog.d/protect-base-blinding.txt deleted file mode 100644 index ca0600cee..000000000 --- a/ChangeLog.d/protect-base-blinding.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix side channel in RSA private key operations and static (finite-field) - Diffie-Hellman. An adversary with precise enough timing and memory access - information (typically an untrusted operating system attacking a secure - enclave) could bypass an existing counter-measure (base blinding) and - potentially fully recover the private key. diff --git a/ChangeLog.d/psa_curve25519_key_support.txt b/ChangeLog.d/psa_curve25519_key_support.txt deleted file mode 100644 index 954ca0ff4..000000000 --- a/ChangeLog.d/psa_curve25519_key_support.txt +++ /dev/null @@ -1,9 +0,0 @@ -Features - * The new function mbedtls_ecp_write_key() exports private ECC keys back to - a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key(). - -Bugfix - * Fix the endianness of Curve25519 keys imported/exported through the PSA - APIs. psa_import_key and psa_export_key will now correctly expect/output - Montgomery keys in little-endian as defined by RFC7748. Contributed by - Steven Cooreman in #3425. diff --git a/ChangeLog.d/psa_curve25519_public_key_import.txt b/ChangeLog.d/psa_curve25519_public_key_import.txt deleted file mode 100644 index 2ea11e2c8..000000000 --- a/ChangeLog.d/psa_curve25519_public_key_import.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * PSA key import will now correctly import a Curve25519/Curve448 public key - instead of erroring out. Contributed by Steven Cooreman in #3492. diff --git a/ChangeLog.d/psa_ecc_dh_macros.txt b/ChangeLog.d/psa_ecc_dh_macros.txt deleted file mode 100644 index 033f3d8ae..000000000 --- a/ChangeLog.d/psa_ecc_dh_macros.txt +++ /dev/null @@ -1,9 +0,0 @@ -API changes - * In the PSA API, rename the types of elliptic curve and Diffie-Hellman group families to - psa_ecc_family_t and psa_dh_family_t, in line with the PSA Crypto API specification version 1.0.0. - Rename associated macros as well: - PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx - PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx - PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY - PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY - diff --git a/ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt b/ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt deleted file mode 100644 index ad1ad3038..000000000 --- a/ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt +++ /dev/null @@ -1,8 +0,0 @@ -Changes - * Add the command line parameter key_pwd to the ssl_client2 and ssl_server2 - example applications which allows to provide a password for the key file - specified through the existing key_file argument. This allows the use of - these applications with password-protected key files. Analogously but for - ssl_server2 only, add the command line parameter key_pwd2 which allows to - set a password for the key file provided through the existing key_file2 - argument. diff --git a/ChangeLog.d/stdout-macro.txt b/ChangeLog.d/stdout-macro.txt deleted file mode 100644 index 94562404a..000000000 --- a/ChangeLog.d/stdout-macro.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix bug in redirection of unit test outputs on platforms where stdout is - defined as a macro. First reported in #2311 and fix contributed in #3528. diff --git a/ChangeLog.d/undef_assert_before_defining_it.txt b/ChangeLog.d/undef_assert_before_defining_it.txt deleted file mode 100644 index 74a20188c..000000000 --- a/ChangeLog.d/undef_assert_before_defining_it.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Undefine the ASSERT macro before defining it locally, in case it is defined - in a platform header. Contributed by Abdelatif Guettouche in #3557. diff --git a/ChangeLog.d/x509-verify-non-dns-san.txt b/ChangeLog.d/x509-verify-non-dns-san.txt deleted file mode 100644 index 0cd81b385..000000000 --- a/ChangeLog.d/x509-verify-non-dns-san.txt +++ /dev/null @@ -1,11 +0,0 @@ -Security - * Fix a vulnerability in the verification of X.509 certificates when - matching the expected common name (the cn argument of - mbedtls_x509_crt_verify()) with the actual certificate name: when the - subjecAltName extension is present, the expected name was compared to any - name in that extension regardless of its type. This means that an - attacker could for example impersonate a 4-bytes or 16-byte domain by - getting a certificate for the corresponding IPv4 or IPv6 (this would - require the attacker to control that IP address, though). Similar attacks - using other subjectAltName name types might be possible. Found and - reported by kFYatek in #3498. diff --git a/ChangeLog.d/x509parse_crl-empty_entry.txt b/ChangeLog.d/x509parse_crl-empty_entry.txt deleted file mode 100644 index 483abb10a..000000000 --- a/ChangeLog.d/x509parse_crl-empty_entry.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der(). - Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine - for pinpointing the problematic code. diff --git a/ChangeLog.d/x509write_csr_heap_alloc.txt b/ChangeLog.d/x509write_csr_heap_alloc.txt deleted file mode 100644 index abce20c4d..000000000 --- a/ChangeLog.d/x509write_csr_heap_alloc.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Reduce the stack consumption of mbedtls_x509write_csr_der() which - previously could lead to stack overflow on constrained devices. - Contributed by Doru Gucea and Simon Leet in #3464. diff --git a/ChangeLog.d/zeroising_of_plaintext_buffer.txt b/ChangeLog.d/zeroising_of_plaintext_buffer.txt deleted file mode 100644 index f618beb91..000000000 --- a/ChangeLog.d/zeroising_of_plaintext_buffer.txt +++ /dev/null @@ -1,4 +0,0 @@ -Security - * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused - application data from memory. Reported in #689 by - Johan Uppman Bruce of Sectra. From 5197c6692c6d895956b833951079dcf4d937fd5c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 17:03:24 +0200 Subject: [PATCH 091/488] Put local variables in a struct This way we can have a single call to mbedtls_platform_zeroize, which saves a few bytes of code size. Additionally, on my PC, I notice a significant speed improvement (x86_64 build with MBEDTLS_AESNI_C disabled, gcc 5.4.0 -O3). I don't have an explanation for that (I expected no measurable difference). Signed-off-by: Gilles Peskine --- library/aes.c | 162 +++++++++++++++++++++++--------------------------- 1 file changed, 76 insertions(+), 86 deletions(-) diff --git a/library/aes.c b/library/aes.c index 1d6560749..8b54e7eab 100644 --- a/library/aes.c +++ b/library/aes.c @@ -867,61 +867,56 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ) { int i; - uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; + uint32_t *RK = ctx->rk; + struct + { + uint32_t X[4]; + uint32_t Y[4]; + } t; - RK = ctx->rk; - - GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++; - GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++; - GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++; - GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++; + GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; + GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; + GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; + GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) { - AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); - AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); + AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); } - AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - X0 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y0 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); + t.X[0] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); - X1 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y1 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); + t.X[1] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); - X2 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y2 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); + t.X[2] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); - X3 = *RK++ ^ \ - ( (uint32_t) FSb[ ( Y3 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); + t.X[3] = *RK++ ^ \ + ( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^ + ( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); - PUT_UINT32_LE( X0, output, 0 ); - PUT_UINT32_LE( X1, output, 4 ); - PUT_UINT32_LE( X2, output, 8 ); - PUT_UINT32_LE( X3, output, 12 ); + PUT_UINT32_LE( t.X[0], output, 0 ); + PUT_UINT32_LE( t.X[1], output, 4 ); + PUT_UINT32_LE( t.X[2], output, 8 ); + PUT_UINT32_LE( t.X[3], output, 12 ); - mbedtls_platform_zeroize( &X0, sizeof( X0 ) ); - mbedtls_platform_zeroize( &X1, sizeof( X1 ) ); - mbedtls_platform_zeroize( &X2, sizeof( X2 ) ); - mbedtls_platform_zeroize( &X3, sizeof( X3 ) ); - - mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) ); - mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) ); - mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) ); - mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) ); + mbedtls_platform_zeroize( &t, sizeof( t ) ); return( 0 ); } @@ -945,61 +940,56 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, unsigned char output[16] ) { int i; - uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; + uint32_t *RK = ctx->rk; + struct + { + uint32_t X[4]; + uint32_t Y[4]; + } t; - RK = ctx->rk; - - GET_UINT32_LE( X0, input, 0 ); X0 ^= *RK++; - GET_UINT32_LE( X1, input, 4 ); X1 ^= *RK++; - GET_UINT32_LE( X2, input, 8 ); X2 ^= *RK++; - GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++; + GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; + GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; + GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; + GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) { - AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); - AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); + AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); } - AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - X0 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y0 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); + t.X[0] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); - X1 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y1 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); + t.X[1] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); - X2 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y2 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); + t.X[2] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); - X3 = *RK++ ^ \ - ( (uint32_t) RSb[ ( Y3 ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); + t.X[3] = *RK++ ^ \ + ( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^ + ( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ + ( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ + ( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); - PUT_UINT32_LE( X0, output, 0 ); - PUT_UINT32_LE( X1, output, 4 ); - PUT_UINT32_LE( X2, output, 8 ); - PUT_UINT32_LE( X3, output, 12 ); + PUT_UINT32_LE( t.X[0], output, 0 ); + PUT_UINT32_LE( t.X[1], output, 4 ); + PUT_UINT32_LE( t.X[2], output, 8 ); + PUT_UINT32_LE( t.X[3], output, 12 ); - mbedtls_platform_zeroize( &X0, sizeof( X0 ) ); - mbedtls_platform_zeroize( &X1, sizeof( X1 ) ); - mbedtls_platform_zeroize( &X2, sizeof( X2 ) ); - mbedtls_platform_zeroize( &X3, sizeof( X3 ) ); - - mbedtls_platform_zeroize( &Y0, sizeof( Y0 ) ); - mbedtls_platform_zeroize( &Y1, sizeof( Y1 ) ); - mbedtls_platform_zeroize( &Y2, sizeof( Y2 ) ); - mbedtls_platform_zeroize( &Y3, sizeof( Y3 ) ); + mbedtls_platform_zeroize( &t, sizeof( t ) ); return( 0 ); } From 17ffc5da8d030aa3dca7a98e643eb4c69d492c9a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 Aug 2020 15:22:45 +0100 Subject: [PATCH 092/488] Bump version to Mbed TLS 2.24.0 Executed "./scripts/bump_version.sh --version 2.24.0" Signed-off-by: Janos Follath --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 1bb6f3702..c13b27951 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -22,7 +22,7 @@ */ /** - * @mainpage mbed TLS v2.23.0 source code documentation + * @mainpage mbed TLS v2.24.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index e89021a21..bf33dabc7 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.23.0" +PROJECT_NAME = "mbed TLS v2.24.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index d62d3124e..665a283e1 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -37,7 +37,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 23 +#define MBEDTLS_VERSION_MINOR 24 #define MBEDTLS_VERSION_PATCH 0 /** @@ -45,9 +45,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02170000 -#define MBEDTLS_VERSION_STRING "2.23.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.23.0" +#define MBEDTLS_VERSION_NUMBER 0x02180000 +#define MBEDTLS_VERSION_STRING "2.24.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.24.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 1bdc59ec1..33e2cfc85 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -178,15 +178,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.23.0 SOVERSION 5) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.24.0 SOVERSION 5) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.23.0 SOVERSION 1) + set_target_properties(mbedx509 PROPERTIES VERSION 2.24.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.23.0 SOVERSION 13) + set_target_properties(mbedtls PROPERTIES VERSION 2.24.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 846ebb731..bb2624636 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.23.0" +check_compiletime_version:"2.24.0" Check runtime library version -check_runtime_version:"2.23.0" +check_runtime_version:"2.24.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 6012f0ee5b3a3553a434b1a70100a172bb95cfb7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 Aug 2020 15:32:10 +0100 Subject: [PATCH 093/488] Finalize ChangeLog Fix alignment where necessary and update ChangeLog header. Signed-off-by: Janos Follath --- ChangeLog | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1c6e41467..594c3cf4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.24.0 branch released 2020-09-01 API changes - * In the PSA API, rename the types of elliptic curve and Diffie-Hellman group families to - psa_ecc_family_t and psa_dh_family_t, in line with the PSA Crypto API specification version 1.0.0. + * In the PSA API, rename the types of elliptic curve and Diffie-Hellman + group families to psa_ecc_family_t and psa_dh_family_t, in line with the + PSA Crypto API specification version 1.0.0. Rename associated macros as well: PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx @@ -70,7 +71,8 @@ Security Bugfix * Library files installed after a CMake build no longer have execute permission. - * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol redefinition if the function is inlined. + * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol + redefinition if the function is inlined. Reported in #3451 and fix contributed in #3452 by okhowang. * Fix the endianness of Curve25519 keys imported/exported through the PSA APIs. psa_import_key and psa_export_key will now correctly expect/output From 880f7f2c42e7db02fb4f5feac31cf2aaa605f987 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 22:50:38 +0200 Subject: [PATCH 094/488] ssl-opt.sh --help: don't show regexps for -f and -e Showing a regexp to say that by default all tests are executed is not particularly helpful. If we ever add a default exclusion list or a default filter, we can edit the documentation again. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 653d88da7..05873237f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -114,8 +114,8 @@ print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" printf " -m|--memcheck\tCheck memory leaks and errors.\n" - printf " -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n" - printf " -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n" + printf " -f|--filter\tOnly matching tests are executed (BRE)\n" + printf " -e|--exclude\tMatching tests are excluded (BRE)\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" From 231befab5132f597d916a5b1945cc82d2a46263d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Aug 2020 20:05:11 +0200 Subject: [PATCH 095/488] Fix printf escape errors in shell scripts Fix `printf "$foo"` which treats the value of `foo` as a printf format rather than a string. I used the following command to find potentially problematic lines: ``` git ls-files '*.sh' | xargs egrep 'printf +("?[^"]*|[^ ]*)\$' ``` The remaining ones are false positives for this regexp. The errors only had minor consequences: the output of `ssl-opt.sh` contained lines like ``` Renegotiation: gnutls server strict, client-initiated .................. ./tests/ssl-opt.sh: 741: printf: %S: invalid directive PASS ``` and in case of failure the GnuTLS command containing a substring like `--priority=NORMAL:%SAFE_RENEGOTIATION` was not included in the log file. With the current tests, there was no risk of a test failure going undetected. Signed-off-by: Gilles Peskine --- tests/compat.sh | 14 +++++++------- tests/context-info.sh | 5 +++-- tests/scripts/check-names.sh | 4 ++-- tests/ssl-opt.sh | 24 ++++++++++++------------ 4 files changed, 24 insertions(+), 23 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 68b9f740e..6e0a8f963 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -90,12 +90,12 @@ PEERS="OpenSSL$PEER_GNUTLS mbedTLS" print_usage() { echo "Usage: $0" printf " -h|--help\tPrint this help.\n" - printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n" - printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n" - printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n" - printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n" - printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n" - printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n" + printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER" + printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE" + printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES" + printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES" + printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES" + printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS" printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -v|--verbose\tSet verbose output.\n" @@ -1107,7 +1107,7 @@ run_client() { VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`" TITLE="$TITLE $MODE,$VERIF $2" - printf "$TITLE " + printf "%s " "$TITLE" LEN=$(( 72 - `echo "$TITLE" | wc -c` )) for i in `seq 1 $LEN`; do printf '.'; done; printf ' ' diff --git a/tests/context-info.sh b/tests/context-info.sh index 150584b5d..cc5d6eaf3 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -433,10 +433,11 @@ run_test "Binary file instead of text file" \ # End of tests +echo if [ $T_FAILED -eq 0 ]; then - printf "\nPASSED ( $T_COUNT tests )\n" + echo "PASSED ( $T_COUNT tests )" else - printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n" + echo "FAILED ( $T_FAILED / $T_COUNT tests )" fi exit $T_FAILED diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 3e6c0f8f1..8e0a987fc 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -65,7 +65,7 @@ fi diff macros identifiers | sed -n -e 's/< //p' > actual-macros for THING in actual-macros enum-consts; do - printf "Names of $THING: " + printf 'Names of %s: ' "$THING" test -r $THING BAD=$( grep -E -v '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) UNDERSCORES=$( grep -E '.*__.*' $THING || true ) @@ -81,7 +81,7 @@ for THING in actual-macros enum-consts; do done for THING in identifiers; do - printf "Names of $THING: " + printf 'Names of %s: ' "$THING" test -r $THING BAD=$( grep -E -v '^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$' $THING || true ) if [ "x$BAD" = "x" ]; then diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 05873237f..37e2d0de1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -411,7 +411,7 @@ print_name() { fi LINE="$LINE$1" - printf "$LINE " + printf "%s " "$LINE" LEN=$(( 72 - `echo "$LINE" | wc -c` )) for i in `seq 1 $LEN`; do printf '.'; done printf ' ' @@ -738,12 +738,12 @@ run_test() { fi check_osrv_dtls - printf "# $NAME\n$SRV_CMD\n" > $SRV_OUT + printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & SRV_PID=$! wait_server_start "$SRV_PORT" "$SRV_PID" - printf "# $NAME\n$CLI_CMD\n" > $CLI_OUT + printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT eval "$CLI_CMD" >> $CLI_OUT 2>&1 & wait_client_done @@ -3023,12 +3023,12 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then - printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" + printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}" exit 1 fi if [ $MAX_CONTENT_LEN -ne 16384 ]; then - printf "Using non-default maximum content length $MAX_CONTENT_LEN\n" + echo "Using non-default maximum content length $MAX_CONTENT_LEN" fi requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -4182,14 +4182,14 @@ MAX_IM_CA='8' MAX_IM_CA_CONFIG=$( ../scripts/config.py get MBEDTLS_X509_MAX_INTERMEDIATE_CA) if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then - printf "The ${CONFIG_H} file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" - printf "test value of ${MAX_IM_CA}. \n" - printf "\n" - printf "The tests assume this value and if it changes, the tests in this\n" - printf "script should also be adjusted.\n" - printf "\n" + cat < Date: Sat, 29 Aug 2020 15:18:23 +0200 Subject: [PATCH 096/488] Report the first failure, not the last one If test_fail is called multiple times in the same test case, report the location of the first failure, not the last one. With this change, you no longer need to take care in tests that use auxiliary functions not to fail in the main function if the auxiliary function has failed. Signed-off-by: Gilles Peskine --- tests/suites/helpers.function | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 7425a359c..ec43d1349 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -407,6 +407,12 @@ void test_set_step( unsigned long step ) void test_fail( const char *test, int line_no, const char* filename ) { + if( test_info.result == TEST_RESULT_FAILED ) + { + /* We've already recorded the test as having failed. Don't + * overwrite any previous information about the failure. */ + return; + } test_info.result = TEST_RESULT_FAILED; test_info.test = test; test_info.line_no = line_no; From b51f96a7bf2fe0c041253cb1653bbd68a6638cb6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 Aug 2020 14:03:05 +0200 Subject: [PATCH 097/488] Pure C configuration of PSA crypto mechanisms Proposed specification for conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS. The inclusion of a mechanism is based on a declaration of boolean symbols by the application. There is a symbol for each key type or parametrized key type constructor, and for each algorithm or parametrized algorithm constructor. This is work in progress, presented for a first design discussion. Signed-off-by: Gilles Peskine --- docs/proposed/Makefile | 1 + docs/proposed/psa-conditional-inclusion-c.md | 119 +++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 docs/proposed/psa-conditional-inclusion-c.md diff --git a/docs/proposed/Makefile b/docs/proposed/Makefile index 2132b0843..1c314640b 100644 --- a/docs/proposed/Makefile +++ b/docs/proposed/Makefile @@ -3,6 +3,7 @@ PANDOC = pandoc default: all all_markdown = \ + psa-conditional-inclusion-c.md \ psa-driver-developer-guide.md \ psa-driver-integration-guide.md \ psa-driver-interface.md \ diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md new file mode 100644 index 000000000..578cc4183 --- /dev/null +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -0,0 +1,119 @@ +Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS +================================================================================ + +This document is a proposed interface for deciding at build time which cryptographic mechanisms to include in the PSA Cryptography interface. + +This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. + +Time-stamp: "2020/08/31 14:01:46 CEST gilpes01@e120160-lin.cambridge.arm.com" + +## Introduction + +### Purpose of this specification + +The [PSA Cryptography API specification](https://armmbed.github.io/mbed-crypto/psa/#application-programming-interface) specifies the interface between a PSA Cryptography implementation and an application. The interface defines a number of categories of cryptographic algorithms (hashes, MAC, signatures, etc.). In each category, a typical implementation offers many algorithms (e.g. for signatures: RSA-PKCS#1v1.5, RSA-PSS, ECDSA). When building the implementation for a specific use case, it is often desirable to include only a subset of the available cryptographic mechanisms, primarily in order to reduce the code footprint of the compiled system. + +The present document proposes a way for an application using the PSA cryptography interface to declare which mechanisms it requires. + +### Current situation + +Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if ``MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`. + +This is difficult to adapt to the PSA interface for several reasons. The `MBEDTLS_xxx_ALT` symbols are somewhat inconsistent, and in particular do not work well for asymmetric cryptography. For example, many parts of the ECC code have no `MBEDTLS_xxx_ALT` symbol, so a platform with ECC acceleration that can perform all ECDSA and ECDH operations in the accelerator would still embark the `bignum` module and large parts of the `ecp_curves`, `ecp` and `ecdsa` modules. Also the availability of a transparent driver for a mechanism does not translate directly to `MBEDTLS_xxx` symbols. + +### Requirements + +[Req.interface] The application can declare which cryptographic mechanisms it needs. + +[Req.inclusion] If the application does not require a mechanism, a suitably configured Mbed TLS build must not include it. The granularity of mechanisms must work for typical use cases and has [acceptable limitations](#acceptable-limitations). + +[Req.drivers] If a PSA driver is available in the build, a suitably configured Mbed TLS build must not include the corresponding software code (unless a software fallback is needed). + +[Req.c] The configuration mechanism consists of C preprocessor definitions, and the build does not require tools other than a C compiler. This is necessary to allow building an application and Mbed TLS in development environments that do not allow third-party tools. + +[Req.adaptability] The implementation of the mechanism must be adaptable with future evolution of the PSA cryptography specifications and Mbed TLS. Therefore the interface must remain sufficiently simple and abstract. + +### Acceptable limitations + +[Limitation.matrix] If a mechanism is defined by a combination of algorithms and key types, for example a block cipher mode (CBC, CTR, CFB, …) and a block permutation (AES, CAMELLIA, ARIA, …), there is no requirement to include only specific combinations. + +[Limitation.direction] For mechanisms that have multiple directions (for example encrypt/decrypt, sign/verify), there is no requirement to include only one direction. + +[Limitation.size] There is no requirement to include only support for certain key sizes. + +## Interface + +### PSA Crypto configuration file + +The PSA crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` . The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below. + +The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/config.h` determines whether `psa/crypto_config.h`. is used. + +* If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, things are as they are today: the PSA subsystem includes generic code unconditionally, and includes support for specific mechanisms conditionally based on the existing `MBEDTLS_xxx_` symbols. +* If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`. + +### PSA Crypto configuration symbols + +#### Configuration symbol syntax + +A PSA crypto configuration symbol is a C preprocessor symbol whose name starts with `PSA_WANT_`. + +* If the symbol is not defined, the corresponding feature is not included. +* If the symbol is defined to a preprocessor expression with the value `1`, the corresponding feature is included. +* If the symbol is defined with a different value, the behavior is currently undefined and reserved for future use. + +#### Configuration symbol semantics + +If a feature is not requested for inclusion in the PSA crypto configuration file, it may still be included in the build, either because the feature has been requested in some other way, or because the library does not support the exclusion of this feature. Mbed TLS should make a best effort to support the exclusion of all features, but in some cases this may be judged too much effort for too little benefit. + +#### Configuration symbols for key types + +For each constant or constructor macro of the form `PSA_KEY_TYPE_xxx`, the symbol **`PSA_WANT_KEY_TYPE_xxx`** indicates that support for this key type is desired. + +For asymmetric cryptography, `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR` determines whether private-key operations are desired, and `PSA_WANT_KEY_TYPE_xxx_PUBLIC_KEY` determines whether public-key operations are desired. `PSA_WANT_KEY_TYPE_xxx_KEY_PAIR` implicitly enables `PSA_WANT_KEY_TYPE_xxx_PUBLIC_KEY`: there is no way to only include private-key operations (which typically saves little code). + +#### Configuration symbols for curves + +For elliptic curve key types, only the specified curves are included. To include a curve, include a symbol of the form **`PSA_WANT_ECC_family_size`**. For example: `PSA_WANT_ECC_SECP_R1_256` for secp256r1, `PSA_WANT_ECC_MONTGOMERY_CURVE25519`. It is an error to require an ECC key type but no curve, and Mbed TLS will reject this at compile time. + +#### Configuration symbols for algorithms + +For each constant or constructor macro of the form `PSA_ALG_xxx`, the symbol **`PSA_WANT_ALG_xxx`** indicates that support for this algorithm is desired. + +For parametrized algorithms, the `PSA_WANT_ALG_xxx` symbol indicates whether the base mechanism is supported. Parameters must themselves be included through their own `PSA_WANT_ALG_xxx` symbols. It is an error to include a base mechanism without at least one possible parameter, and Mbed TLS will reject this at compile time. For example, `PSA_WANT_ALG_ECDSA` requires the inclusion of randomized ECDSA for all hash algorithms whose corresponding symbol `PSA_WANT_ALG_xxx` is enabled. + +## Implementation + +## Open questions + +### Open questions about the interface + +#### Naming of symbols + +The names of [elliptic curve symbols](#configuration-symbols-for-curves) are a bit weird: `SECP_R1_256` instead of `SECP256R1`. Should we make them more classical, but less systematic? + +#### Diffie-Hellman + +Way to request only specific groups? Not a priority: constrained devices don't do FFDH. Specify it as may change in future versions. + +#### Coexistence with the current Mbed TLS configuration + +The two mechanisms have very different designs. Is there serious potential for confusion? Do we understand how the combinations work? + +### Open questions about the design + +#### Algorithms without a key type or vice versa + +Is it realistic to mandate a compile-time error if a key type is required, but no matching algorithm, or vice versa? Is it always the right thing, for example if there is an opaque driver that manipulates this key type? + +#### Opaque-only mechanisms + +If a mechanism should only be supported in an opaque driver, what does the core need to know about it? Do we have all the information we need? + +This is especially relevant to suppress a mechanism completely if there is no matching algorithm. For example, if there is no transparent implementation of RSA or ECDSA, `psa_sign_hash` and `psa_verify_hash` may still be needed if there is an opaque signature driver. + +### Open questions about the implementation + +#### Testability + +Is this proposal decently testable? There are a lot of combinations. What combinations should we test? From dbd2e3c43fa5134c9c715aaae9f64ff201e37ac1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 Aug 2020 15:41:10 +0200 Subject: [PATCH 098/488] Nicer time stamp format Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 578cc4183..61d3d1798 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/08/31 14:01:46 CEST gilpes01@e120160-lin.cambridge.arm.com" +Time-stamp: "2020/08/31 13:40:49 GMT" ## Introduction @@ -117,3 +117,13 @@ This is especially relevant to suppress a mechanism completely if there is no ma #### Testability Is this proposal decently testable? There are a lot of combinations. What combinations should we test? + + From 54a0ad2012dd61e363c96ea3ba832d1f1c329ae2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 Aug 2020 15:41:29 +0200 Subject: [PATCH 099/488] Note the limitation that you can't exclude multipart support Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 61d3d1798..7ba52d00b 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -41,6 +41,8 @@ This is difficult to adapt to the PSA interface for several reasons. The `MBEDTL [Limitation.size] There is no requirement to include only support for certain key sizes. +[Limitation.multipart] Where there are multiple ways to perform an operation, for example single-part and multi-part, there is no mechanism to select only one or a subset of the possible ways. + ## Interface ### PSA Crypto configuration file From 2e4062ce179a62b015ea42ff0e28baf483ad9524 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 Aug 2020 15:41:54 +0200 Subject: [PATCH 100/488] First go at describing how this can be implemented Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 67 ++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 7ba52d00b..cc280279e 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -86,6 +86,69 @@ For parametrized algorithms, the `PSA_WANT_ALG_xxx` symbol indicates whether the ## Implementation +### Additional non-public symbols + +#### Accounting for transparent drivers + +In addition to the [configuration symbols](#psa-crypto-configuration-symbols), we need two parallel or mostly parallel sets of symbols: + +* **`MBEDTLS_PSA_ACCEL_xxx`** indicates whether a fully-featured, fallback-free transparent driver is available. +* **`MBEDTLS_PSA_BUILTIN_xxx`** indicates whether the software implementation is needed. + +`MBEDTLS_PSA_ACCEL_xxx` is one of the outputs of the transpilation of a driver description, alongside the glue code for calling the drivers. + +`MBEDTLS_PSA_BUILTIN_xxx` is enabled when `PSA_WANT_xxx` is enabled and `MBEDTLS_PSA_ACCEL_xxx` is disabled. + +These symbols are not part of the public interface of Mbed TLS towards applications or to drivers, regardless of whether the symbols are actually visible. + +### Architecture of symbol definitions + +#### Definition of internal inclusion symbols + +The header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. + +#### Visibility of internal symbols + +Ideally, the `MBEDTLS_PSA_ACCEL_xxx` and `MBEDTLS_PSA_BUILTIN_xxx` symbols should not be visible to application code or driver code, since they are not part of the public interface of the library. However these symbols are needed to deduce whether to include library modules (for example `MBEDTLS_AES_C` has to be enabled if `MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES` is enabled), which makes it difficult to keep them private. + +#### Compile-time checks + +The header file **`library/psa_check_config.h`** applies sanity checks to the configuration, throwing `#error` if something is wrong. + +A mechanism similar to `mbedtls/check_config.h` detects errors such as enabling ECDSA but no curve. + +Since configuration symbols must be undefined or 1, any other value should trigger an `#error`. + +#### Automatic generation of preprocessor symbol manipulations + +A lot of the preprocessor symbol manipulation is systematic calculations that analyze the configuration. `mbedtls/config_psa.h` and `library/psa_check_config.h` should be generated automatically, in the same manner as `version_features.c`. + +### Structure of PSA crypto library code + +#### Conditional inclusion of library entry points + +An entry point can be eliminated entirely if no algorithm requires it. + +#### Conditional inclusion of mechanism-specific code + +Code that is specific to certain key types or to certain algorithms must be guarded by the applicable symbols: `PSA_WANT_xxx` for code that is independent of the application, and `MBEDTLS_PSA_BUILTIN_xxx` for code that calls an Mbed TLS software implementation. + +## PSA standardization + +### JSON configuration mechanism + +At the time of writing, the preferred configuration mechanism for a PSA service is in JSON syntax. The translation from JSON to build instructions is not specified by PSA. + +For PSA Crypto, the preferred configuration mechanism would be similar to capability specifications of transparent drivers. The same JSON properties that are used to mean “this driver can perform that mechanism” in a driver description would be used to mean “the application wants to perform that mechanism” in the application configuration. + +### From JSON to C + +The JSON capability language allows a more fine-grained selection than the C mechanism proposed here. For example, it allows requesting only single-part mechanisms, only certain key sizes, or only certain combinations of algorithms and key types. + +The JSON capability language can be translated approximately to the boolean symbol mechanism proposed here. The approximation considers a feature to be enabled if any part of it is enabled. For example, if there is a capability for AES-CTR and one for CAMELLIA-GCM, the translation to boolean symbols will also include AES-GCM and CAMELLIA-CTR. If there is a capability for AES-128, the translation will also include AES-192 and AES-256. + +The boolean symbol mechanism proposed here can be translated to a list of JSON capabilities: for each included algorithm, include a capability with that algorithm, the key types that apply to that algorithm, no size restriction, and all the entry points that apply to that algorithm. + ## Open questions ### Open questions about the interface @@ -94,6 +157,10 @@ For parametrized algorithms, the `PSA_WANT_ALG_xxx` symbol indicates whether the The names of [elliptic curve symbols](#configuration-symbols-for-curves) are a bit weird: `SECP_R1_256` instead of `SECP256R1`. Should we make them more classical, but less systematic? +#### Impossible combinations + +What does it mean to have `PSA_WANT_ALG_ECDSA` enabled but with only Curve25519? Is it a mandatory error? + #### Diffie-Hellman Way to request only specific groups? Not a priority: constrained devices don't do FFDH. Specify it as may change in future versions. From feaebc537779a6ded438930344b10965de927c04 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 16 Jul 2020 04:37:41 -0400 Subject: [PATCH 101/488] x509.c: Remove one unnecessary cast Signed-off-by: Andrzej Kurek --- library/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509.c b/library/x509.c index 1579c1abc..2a7be329b 100644 --- a/library/x509.c +++ b/library/x509.c @@ -154,7 +154,7 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md return( MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); - p = (unsigned char *) alg->p; + p = alg->p; end = p + alg->len; if( p >= end ) From aeedd74b4232ba064641eb1eaf93d90b7119a71d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Sep 2020 11:03:04 +0200 Subject: [PATCH 102/488] Pass -std=c99 to arm-none-eabi-gcc GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm builds started failing on Travis when we introduced a C99 construct in the configurations that we test on arm on Travis. Other builds, and Jenkins CI, are not affected because they use GCC 5.x or newer. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ca73722ba..4fafe0208 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1827,7 +1827,7 @@ component_test_no_64bit_multiplication () { component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -O1' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o @@ -1841,7 +1841,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { # See https://github.com/ARMmbed/mbedtls/pull/2169 and comments. # It would be better to build with arm-linux-gnueabi-gcc but # we don't have that on our CI at this time. - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1" ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o @@ -1850,7 +1850,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { component_build_arm_none_eabi_gcc_m0plus () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus" # ~ 10s scripts/config.py baremetal - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os" ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o @@ -1860,7 +1860,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_UDBL_DIVISION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -Wall -Wextra' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" if_build_succeeded not grep __aeabi_uldiv library/*.o } @@ -1869,7 +1869,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s scripts/config.py baremetal scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION - make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib echo "Checking that software 64-bit multiplication is not required" if_build_succeeded not grep __aeabi_lmul library/*.o } From 80b95101a95e126009a50f45e6f4aa41c51295f6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 28 Aug 2020 14:29:16 +0200 Subject: [PATCH 103/488] psa: Move psa_key_file_id_t definition to crypto_types.h `psa_key_file_id_t` was defined in `crypto_platform.h` and not `crypto_types.h` even if it wasn't platform dependent because back when the PSA Crypto Specification was put together `crypto_types.h` was meant to contain only types that were intended to make it to the specification. There is not such constraint anymore thus move the definition of `psa_key_file_id_t` to crypto_types.h. Signed-off-by: Ronald Cron --- include/psa/crypto_platform.h | 23 +---------------------- include/psa/crypto_types.h | 28 +++++++++++++++++++++++++--- 2 files changed, 26 insertions(+), 25 deletions(-) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 77c0e5b2f..bd3dc10ea 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -74,27 +74,6 @@ typedef uint32_t psa_app_key_id_t; typedef int32_t psa_key_owner_id_t; #endif -typedef struct -{ - uint32_t key_id; - psa_key_owner_id_t owner; -} psa_key_file_id_t; -#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id ) - -/* Since crypto.h is used as part of the PSA Cryptography API specification, - * it must use standard types for things like the argument of psa_open_key(). - * If it wasn't for that constraint, psa_open_key() would take a - * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an - * alias for `psa_key_file_id_t` when building for a multi-client service. */ -typedef psa_key_file_id_t psa_key_id_t; -#define PSA_KEY_ID_INIT {0, 0} - -#else /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ - -/* By default, a key file identifier is just the application key identifier. */ -typedef psa_app_key_id_t psa_key_file_id_t; -#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) - -#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ #endif /* PSA_CRYPTO_PLATFORM_H */ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 17718eb6d..f8811ad10 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -33,6 +33,8 @@ #ifndef PSA_CRYPTO_TYPES_H #define PSA_CRYPTO_TYPES_H +#include "crypto_platform.h" + #include /** \defgroup error Error codes @@ -229,12 +231,32 @@ typedef uint32_t psa_key_location_t; /* Implementation-specific quirk: The Mbed Crypto library can be built as * part of a multi-client service that exposes the PSA Crypto API in each * client and encodes the client identity in the key id argument of functions - * such as psa_open_key(). In this build configuration, we define - * psa_key_id_t in crypto_platform.h instead of here. */ + * such as psa_open_key(). */ #if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) typedef uint32_t psa_key_id_t; +typedef psa_key_id_t psa_key_file_id_t; + #define PSA_KEY_ID_INIT 0 -#endif +#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) + +#else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +typedef struct +{ + uint32_t key_id; + psa_key_owner_id_t owner; +} psa_key_file_id_t; + +/* Since crypto.h is used as part of the PSA Cryptography API specification, + * it must use standard types for things like the argument of psa_open_key(). + * If it wasn't for that constraint, psa_open_key() would take a + * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an + * alias for `psa_key_file_id_t` when building for a multi-client service. */ +typedef psa_key_file_id_t psa_key_id_t; + +#define PSA_KEY_ID_INIT {0, 0} +#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id ) + +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ /**@}*/ From 27238fcbd8a737993e0713ffeea5be56f4983adf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Jul 2020 12:30:41 +0200 Subject: [PATCH 104/488] psa: Use psa_key_file_id_t as the key id type The purpose of this commit and the following is for psa_key_id_t to always be as defined by the PSA Cryptography API specification. Currently psa_key_id_t departs from its specification definition when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER configuration flag is set. In that configuration, it is set to be equal to psa_key_file_id_t which in that configuration encodes an owner identifier along the key identifier. Type psa_key_file_id_t was meant to be the key identifier type used throughout the library code. If MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set it includes both a key and owner identifier, otherwise it is equal to psa_key_id_t. It has not been the key identifier type throughout the library so far because when the PSA Cryptography specification was developped the library Doxygen documentation was used to generate the PSA Cryptography API specification thus the need to use psa_key_id_t and not psa_key_file_id_t. As this constraint does not hold anymore, move to psa_key_file_id_t as the key identifier type throughout the library code. By the way, this commit updates the key identifier initialization in the tests to be compatible with a composit key identifier. A psa_key_id_make() inline function is introduced to initialize key identifiers (composit ot not) at runtime. Signed-off-by: Ronald Cron --- include/psa/crypto.h | 18 ++++----- include/psa/crypto_struct.h | 8 ++-- include/psa/crypto_types.h | 39 +++++++++++++++---- library/psa_crypto_se.h | 4 +- library/psa_crypto_slot_management.c | 14 +++---- library/psa_crypto_slot_management.h | 6 +-- library/psa_crypto_storage.c | 2 +- library/psa_crypto_storage.h | 4 +- tests/suites/test_suite_psa_crypto.function | 12 +++--- ...t_suite_psa_crypto_persistent_key.function | 8 ++-- ...st_suite_psa_crypto_se_driver_hal.function | 18 ++++----- ...te_psa_crypto_se_driver_hal_mocks.function | 16 ++++---- ..._suite_psa_crypto_slot_management.function | 20 +++++----- 13 files changed, 96 insertions(+), 73 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index a3161666d..c8eb08bd0 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -146,11 +146,11 @@ static psa_key_attributes_t psa_key_attributes_init(void); * linkage). This function may be provided as a function-like macro, * but in this case it must evaluate each of its arguments exactly once. * - * \param[out] attributes The attribute structure to write to. - * \param id The persistent identifier for the key. + * \param[out] attributes The attribute structure to write to. + * \param key The persistent identifier for the key. */ static void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_id_t id); + psa_key_file_id_t key); /** Set the location of a persistent key. * @@ -192,7 +192,7 @@ static void psa_set_key_lifetime(psa_key_attributes_t *attributes, * This value is unspecified if the attribute structure declares * the key as volatile. */ -static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes); +static psa_key_file_id_t psa_get_key_id(const psa_key_attributes_t *attributes); /** Retrieve the lifetime from key attributes. * @@ -392,8 +392,9 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key * always has a nonzero key identifier, set with psa_set_key_id() when * creating the key. Implementations may provide additional pre-provisioned - * keys that can be opened with psa_open_key(). Such keys have a key identifier - * in the vendor range, as documented in the description of #psa_key_id_t. + * keys that can be opened with psa_open_key(). Such keys have an application + * key identifier in the vendor range, as documented in the description of + * #psa_key_id_t. * * The application must eventually close the handle with psa_close_key() or * psa_destroy_key() to release associated resources. If the application dies @@ -408,7 +409,7 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * portable to implementations that only permit a single key handle to be * opened. See also :ref:\`key-handles\`. * - * \param id The persistent identifier of the key. + * \param key The persistent identifier of the key. * \param[out] handle On success, a handle to the key. * * \retval #PSA_SUCCESS @@ -436,8 +437,7 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_open_key(psa_key_id_t id, - psa_key_handle_t *handle); +psa_status_t psa_open_key(psa_key_file_id_t key, psa_key_handle_t *handle); /** Close a key handle. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 67c53db92..267b0501a 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -330,7 +330,7 @@ typedef struct psa_key_type_t type; psa_key_bits_t bits; psa_key_lifetime_t lifetime; - psa_key_id_t id; + psa_key_file_id_t id; psa_key_policy_t policy; psa_key_attributes_flag_t flags; } psa_core_key_attributes_t; @@ -360,14 +360,14 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void ) } static inline void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_id_t id) + psa_key_file_id_t key) { - attributes->core.id = id; + attributes->core.id = key; if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE ) attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT; } -static inline psa_key_id_t psa_get_key_id( +static inline psa_key_file_id_t psa_get_key_id( const psa_key_attributes_t *attributes) { return( attributes->core.id ); diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index f8811ad10..4603a1d1a 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -37,6 +37,11 @@ #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + /** \defgroup error Error codes * @{ */ @@ -125,7 +130,7 @@ typedef uint32_t psa_algorithm_t; * implementation-specific device management event occurs (for example, * a factory reset). * - * Persistent keys have a key identifier of type #psa_key_id_t. + * Persistent keys have a key identifier of type #psa_key_file_id_t. * This identifier remains valid throughout the lifetime of the key, * even if the application instance that created the key terminates. * The application can call psa_open_key() to open a persistent key that @@ -239,6 +244,19 @@ typedef psa_key_id_t psa_key_file_id_t; #define PSA_KEY_ID_INIT 0 #define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) +/** Utility to initialize a key file identifier at runtime. + * + * \param unused Unused parameter. + * \param key_id Identifier of the key. + */ +static inline psa_key_file_id_t psa_key_file_id_make( + unsigned int unused, psa_key_id_t key_id ) +{ + (void)unused; + + return( key_id ); +} + #else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ typedef struct { @@ -246,16 +264,21 @@ typedef struct psa_key_owner_id_t owner; } psa_key_file_id_t; -/* Since crypto.h is used as part of the PSA Cryptography API specification, - * it must use standard types for things like the argument of psa_open_key(). - * If it wasn't for that constraint, psa_open_key() would take a - * `psa_key_file_id_t` argument. As a workaround, make `psa_key_id_t` an - * alias for `psa_key_file_id_t` when building for a multi-client service. */ -typedef psa_key_file_id_t psa_key_id_t; - #define PSA_KEY_ID_INIT {0, 0} #define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id ) +/** Utility to initialize a key file identifier at runtime. + * + * \param owner_id Identifier of the key owner. + * \param key_id Identifier of the key. + */ +static inline psa_key_file_id_t psa_key_file_id_make( + psa_key_owner_id_t owner_id, uint32_t key_id ) +{ + return( (psa_key_file_id_t){ .key_id = key_id, + .owner = owner_id } ); +} + #endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ /**@}*/ diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index a46423256..258c211af 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -45,13 +45,13 @@ /** The base of the range of ITS file identifiers for secure element * driver persistent data. * - * We use a slice of the implemenation reserved range 0xffff0000..0xffffffff, + * We use a slice of the implementation reserved range 0xffff0000..0xffffffff, * specifically the range 0xfffffe00..0xfffffeff. The length of this range * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE * which doesn't have a driver. */ -#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 ) +#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_app_key_id_t) 0xfffffe00 ) /** The maximum number of registered secure element driver locations. */ #define PSA_MAX_SE_DRIVERS 4 diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a32a02798..3600e1a37 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -204,7 +204,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, } psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - psa_key_id_t key_id ) + psa_key_file_id_t key ) { if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { @@ -215,19 +215,19 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, { /* Persistent keys require storage support */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( psa_is_key_id_valid( key_id, + if( psa_is_key_id_valid( key, psa_key_lifetime_is_external( lifetime ) ) ) return( PSA_SUCCESS ); else return( PSA_ERROR_INVALID_ARGUMENT ); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - (void) key_id; + (void) key; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */ } } -psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) +psa_status_t psa_open_key( psa_key_file_id_t key, psa_key_handle_t *handle ) { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_status_t status; @@ -235,7 +235,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) *handle = 0; - if( ! psa_is_key_id_valid( id, 1 ) ) + if( ! psa_is_key_id_valid( key, 1 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_empty_key_slot( handle, &slot ); @@ -243,7 +243,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) return( status ); slot->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT; - slot->attr.id = id; + slot->attr.id = key; status = psa_load_persistent_key_into_slot( slot ); if( status != PSA_SUCCESS ) @@ -254,7 +254,7 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) return( status ); #else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ - (void) id; + (void) key; *handle = 0; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 676a77e5a..58e7f7cb6 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -113,14 +113,14 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, * This function checks whether a key's declared persistence level and key ID * attributes are valid and known to the PSA Core in its actual configuration. * - * \param[in] lifetime The key lifetime attribute. - * \param[in] key_id The key ID attribute + * \param[in] lifetime The key lifetime attribute. + * \param[in] key The key identifier. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_ARGUMENT */ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - psa_key_id_t key_id ); + psa_key_file_id_t key ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 103c9bbb8..18889a17e 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -394,7 +394,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, psa_status_t status = PSA_SUCCESS; uint8_t *loaded_data; size_t storage_data_length = 0; - psa_key_id_t key = attr->id; + psa_key_file_id_t key = attr->id; status = psa_crypto_storage_get_data_length( key, &storage_data_length ); if( status != PSA_SUCCESS ) diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index debc742bd..6fcae272e 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -292,7 +292,7 @@ typedef union uint16_t unused1; psa_key_lifetime_t lifetime; psa_key_slot_number_t slot; - psa_key_id_t id; + psa_key_file_id_t id; } key; } psa_crypto_transaction_t; @@ -361,7 +361,7 @@ psa_status_t psa_crypto_stop_transaction( void ); * * 0xffffffNN = special file; 0x74 = 't' for transaction. */ -#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 ) +#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_app_key_id_t) 0xffffff74 ) #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 665580bfe..af7a22133 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -233,7 +233,7 @@ int check_key_attributes_sanity( psa_key_handle_t key ) int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_lifetime_t lifetime; - psa_key_id_t id; + psa_key_file_id_t id; psa_key_type_t type; psa_key_type_t bits; @@ -1326,7 +1326,7 @@ void attributes_set_get( int id_arg, int lifetime_arg, int type_arg, int bits_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t id = id_arg; + psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); psa_key_lifetime_t lifetime = lifetime_arg; psa_key_usage_t usage_flags = usage_flags_arg; psa_algorithm_t alg = alg_arg; @@ -1370,10 +1370,10 @@ void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg, int expected_id_arg, int expected_lifetime_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t id1 = id1_arg; + psa_key_file_id_t id1 = psa_key_file_id_make( 1, id1_arg ); psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id2 = id2_arg; - psa_key_id_t expected_id = expected_id_arg; + psa_key_file_id_t id2 = psa_key_file_id_make( 1, id2_arg ); + psa_key_file_id_t expected_id = psa_key_file_id_make( 1, expected_id_arg ); psa_key_lifetime_t expected_lifetime = expected_lifetime_arg; if( id1_arg != -1 ) @@ -5584,7 +5584,7 @@ void persistent_key_load_key_from_storage( data_t *data, int usage_flags_arg, int alg_arg, int generation_method ) { - psa_key_id_t key_id = 1; + psa_key_file_id_t key_id = psa_key_file_id_make( 1, 1 ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_handle_t handle = 0; psa_key_handle_t base_key = 0; diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 49ce964fb..43cc5df5f 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -112,7 +112,7 @@ exit: /* BEGIN_CASE */ void save_large_persistent_key( int data_length_arg, int expected_status ) { - psa_key_id_t key_id = 42; + psa_key_file_id_t key_id = psa_key_file_id_make( 1, 42 ); psa_key_handle_t handle = 0; uint8_t *data = NULL; size_t data_length = data_length_arg; @@ -143,7 +143,7 @@ void persistent_key_destroy( int key_id_arg, int restart, int first_type_arg, data_t *first_data, int second_type_arg, data_t *second_data ) { - psa_key_id_t key_id = key_id_arg; + psa_key_file_id_t key_id = psa_key_file_id_make( 1, key_id_arg ); psa_key_handle_t handle = 0; psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg; @@ -196,7 +196,7 @@ exit: void persistent_key_import( int key_id_arg, int type_arg, data_t *data, int restart, int expected_status ) { - psa_key_id_t key_id = (psa_key_id_t) key_id_arg; + psa_key_file_id_t key_id = psa_key_file_id_make( 1, key_id_arg ); psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -245,7 +245,7 @@ void import_export_persistent_key( data_t *data, int type_arg, int expected_bits, int restart, int key_not_exist ) { - psa_key_id_t key_id = 42; + psa_key_file_id_t key_id = psa_key_file_id_make( 1, 42 ); psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_handle_t handle = 0; unsigned char *exported = NULL; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index c9ce8667b..e7c26d22c 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -760,13 +760,13 @@ exit: #define MAX_KEY_ID_FOR_TEST 10 static void psa_purge_storage( void ) { - psa_key_id_t id; + psa_app_key_id_t id; psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) - psa_destroy_persistent_key( id ); + psa_destroy_persistent_key( psa_key_file_id_make( 1, id ) ); /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -853,7 +853,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -985,7 +985,7 @@ void key_creation_in_chosen_slot( int slot_arg, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -1067,7 +1067,7 @@ void import_key_smoke( int type_arg, int alg_arg, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1139,7 +1139,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1178,7 +1178,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1258,7 +1258,7 @@ void sign_verify( int flow, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t drv_handle = 0; /* key managed by the driver */ psa_key_handle_t sw_handle = 0; /* transparent key */ psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1420,7 +1420,7 @@ void register_key_smoke_test( int lifetime_arg, psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t id = id_arg; + psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; psa_key_handle_t handle = 0; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index ef50a6814..618bd1546 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -89,13 +89,13 @@ static struct #define MAX_KEY_ID_FOR_TEST 10 static void psa_purge_storage( void ) { - psa_key_id_t id; + psa_app_key_id_t id; psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) - psa_destroy_persistent_key( id ); + psa_destroy_persistent_key( psa_key_file_id_make( 1, id ) ); /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -330,7 +330,7 @@ void mock_import( int mock_alloc_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -387,7 +387,7 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -441,7 +441,7 @@ void mock_generate( int mock_alloc_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -496,7 +496,7 @@ void mock_export_public( int mock_export_public_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -546,7 +546,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_drv_se_asymmetric_t asymmetric; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -607,7 +607,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_drv_se_asymmetric_t asymmetric; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_id_t id = 1; + psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 3a14b1211..bd15865cb 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -34,11 +34,11 @@ typedef enum * code. */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -static psa_key_id_t key_ids_used_in_test[9]; +static psa_key_file_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; /* Record a key id as potentially used in a test case. */ -static int test_uses_key_id( psa_key_id_t key_id ) +static int test_uses_key_id( psa_key_file_id_t key_id ) { size_t i; if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) @@ -178,7 +178,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, int close_method_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id = id_arg; + psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); psa_algorithm_t alg = alg_arg; psa_algorithm_t alg2 = alg2_arg; psa_key_usage_t usage_flags = usage_arg; @@ -296,7 +296,7 @@ void create_existent( int lifetime_arg, int id_arg, int reopen_policy_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id = id_arg; + psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); psa_key_handle_t handle1 = 0, handle2 = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; @@ -363,7 +363,7 @@ exit: void open_fail( int id_arg, int expected_status_arg ) { - psa_key_id_t id = id_arg; + psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); psa_status_t expected_status = expected_status_arg; psa_key_handle_t handle = 0xdead; @@ -382,7 +382,7 @@ void create_fail( int lifetime_arg, int id_arg, int expected_status_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_id_t id = id_arg; + psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; psa_key_handle_t handle = 0xdead; @@ -420,14 +420,14 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, int expected_alg_arg, int expected_alg2_arg ) { psa_key_lifetime_t source_lifetime = source_lifetime_arg; - psa_key_id_t source_id = source_id_arg; + psa_key_file_id_t source_id = psa_key_file_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; psa_key_handle_t source_handle = 0; psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t source_type = type_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg; - psa_key_id_t target_id = target_id_arg; + psa_key_file_id_t target_id = psa_key_file_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; psa_key_handle_t target_handle = 0; @@ -534,13 +534,13 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, int target_type_arg, data_t *target_material ) { psa_key_lifetime_t source_lifetime = source_lifetime_arg; - psa_key_id_t source_id = source_id_arg; + psa_key_file_id_t source_id = psa_key_file_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; psa_key_handle_t source_handle = 0; psa_key_type_t source_type = source_type_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg; - psa_key_id_t target_id = target_id_arg; + psa_key_file_id_t target_id = psa_key_file_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; psa_key_handle_t target_handle = 0; From 039a98b5989519722e4709f634061dedcca90f72 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Jul 2020 16:07:42 +0200 Subject: [PATCH 105/488] Define always psa_key_id_t as defined in PSA crypto spec Define always psa_key_id_t as defined in the PSA Cryptography API specification independently of whether the MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER configuration file is set or not. As a consequence, get rid of `psa_app_key_id_t` that is not needed anymore. Signed-off-by: Ronald Cron --- include/psa/crypto_extra.h | 4 ++-- include/psa/crypto_platform.h | 19 ------------------- include/psa/crypto_types.h | 17 +++++++++-------- include/psa/crypto_values.h | 8 ++++---- library/psa_crypto_se.h | 2 +- library/psa_crypto_slot_management.c | 6 +++--- library/psa_crypto_storage.h | 2 +- ...st_suite_psa_crypto_se_driver_hal.function | 2 +- ...te_psa_crypto_se_driver_hal_mocks.function | 2 +- 9 files changed, 22 insertions(+), 40 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f0c7979a8..71adb9355 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -232,9 +232,9 @@ typedef struct mbedtls_psa_stats_s /** Number of slots that are not used for anything. */ size_t empty_slots; /** Largest key id value among open keys in internal persistent storage. */ - psa_app_key_id_t max_open_internal_key_id; + psa_key_id_t max_open_internal_key_id; /** Largest key id value among open keys in secure elements. */ - psa_app_key_id_t max_open_external_key_id; + psa_key_id_t max_open_external_key_id; } mbedtls_psa_stats_t; /** \brief Get statistics about diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index bd3dc10ea..0bebb08b6 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -47,25 +47,6 @@ /* Integral type representing a key handle. */ typedef uint16_t psa_key_handle_t; -/* This implementation distinguishes *application key identifiers*, which - * are the key identifiers specified by the application, from - * *key file identifiers*, which are the key identifiers that the library - * sees internally. The two types can be different if there is a remote - * call layer between the application and the library which supports - * multiple client applications that do not have access to each others' - * keys. The point of having different types is that the key file - * identifier may encode not only the key identifier specified by the - * application, but also the the identity of the application. - * - * Note that this is an internal concept of the library and the remote - * call layer. The application itself never sees anything other than - * #psa_app_key_id_t with its standard definition. - */ - -/* The application key identifier is always what the application sees as - * #psa_key_id_t. */ -typedef uint32_t psa_app_key_id_t; - #if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) #if defined(PSA_CRYPTO_SECURE) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 4603a1d1a..a8becb7b8 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -233,14 +233,10 @@ typedef uint32_t psa_key_location_t; * - 0 is reserved as an invalid key identifier. * - Key identifiers outside these ranges are reserved for future use. */ -/* Implementation-specific quirk: The Mbed Crypto library can be built as - * part of a multi-client service that exposes the PSA Crypto API in each - * client and encodes the client identity in the key id argument of functions - * such as psa_open_key(). */ -#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) typedef uint32_t psa_key_id_t; -typedef psa_key_id_t psa_key_file_id_t; +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) +typedef psa_key_id_t psa_key_file_id_t; #define PSA_KEY_ID_INIT 0 #define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) @@ -258,9 +254,14 @@ static inline psa_key_file_id_t psa_key_file_id_make( } #else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +/* Implementation-specific: The Mbed Crypto library can be built as + * part of a multi-client service that exposes the PSA Crypto API in each + * client and encodes the client identity in the key id argument of functions + * such as psa_open_key(). + */ typedef struct { - uint32_t key_id; + psa_key_id_t key_id; psa_key_owner_id_t owner; } psa_key_file_id_t; @@ -273,7 +274,7 @@ typedef struct * \param key_id Identifier of the key. */ static inline psa_key_file_id_t psa_key_file_id_make( - psa_key_owner_id_t owner_id, uint32_t key_id ) + psa_key_owner_id_t owner_id, psa_key_id_t key_id ) { return( (psa_key_file_id_t){ .key_id = key_id, .owner = owner_id } ); diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a94071180..02e9c0076 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1636,16 +1636,16 @@ /** The minimum value for a key identifier chosen by the application. */ -#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001) +#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001) /** The maximum value for a key identifier chosen by the application. */ -#define PSA_KEY_ID_USER_MAX ((psa_app_key_id_t)0x3fffffff) +#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff) /** The minimum value for a key identifier chosen by the implementation. */ -#define PSA_KEY_ID_VENDOR_MIN ((psa_app_key_id_t)0x40000000) +#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000) /** The maximum value for a key identifier chosen by the implementation. */ -#define PSA_KEY_ID_VENDOR_MAX ((psa_app_key_id_t)0x7fffffff) +#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff) /**@}*/ diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 258c211af..56917383c 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -51,7 +51,7 @@ * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE * which doesn't have a driver. */ -#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_app_key_id_t) 0xfffffe00 ) +#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 ) /** The maximum number of registered secure element driver locations. */ #define PSA_MAX_SE_DRIVERS 4 diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3600e1a37..a9b862479 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -166,7 +166,7 @@ exit: static int psa_is_key_id_valid( psa_key_file_id_t file_id, int vendor_ok ) { - psa_app_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id ); + psa_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id ); if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX ) return( 1 ); else if( vendor_ok && @@ -291,14 +291,14 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) ++stats->volatile_slots; else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT ) { - psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); ++stats->persistent_slots; if( id > stats->max_open_internal_key_id ) stats->max_open_internal_key_id = id; } else { - psa_app_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); ++stats->external_slots; if( id > stats->max_open_external_key_id ) stats->max_open_external_key_id = id; diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 6fcae272e..c9270a913 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -361,7 +361,7 @@ psa_status_t psa_crypto_stop_transaction( void ); * * 0xffffffNN = special file; 0x74 = 't' for transaction. */ -#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_app_key_id_t) 0xffffff74 ) +#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 ) #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index e7c26d22c..992e5dfd0 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -760,7 +760,7 @@ exit: #define MAX_KEY_ID_FOR_TEST 10 static void psa_purge_storage( void ) { - psa_app_key_id_t id; + psa_key_id_t id; psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 618bd1546..8f1f9689b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -89,7 +89,7 @@ static struct #define MAX_KEY_ID_FOR_TEST 10 static void psa_purge_storage( void ) { - psa_app_key_id_t id; + psa_key_id_t id; psa_key_location_t location; /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id From fa7d7af55d4870be12c8f542796606d794e908da Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 24 Jul 2020 14:50:11 +0200 Subject: [PATCH 106/488] psa: Don't reset the key owner id in psa_set_key_lifetime As a volatile key identifier may have a non-zero owner identifier, don't reset the key owner identifier (if any) when setting a volatile lifetime for a key. Signed-off-by: Ronald Cron --- include/psa/crypto_struct.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 267b0501a..4e4e9e504 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -381,7 +381,6 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, { #ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER attributes->core.id.key_id = 0; - attributes->core.id.owner = 0; #else attributes->core.id = 0; #endif From 72f65fc6e9013980dda082490ba774fc5924cf63 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 1 Sep 2020 15:50:17 +0200 Subject: [PATCH 107/488] psa: Rename pss_key_owner_id_t to mbedtls_key_owner_id_t Rename psa_key_owner_id_t to mbedtls_key_owner_id_t to highlight that this is a Mbed TLS specific type and not a type defined in the PSA Cryptography API specification. Signed-off-by: Ronald Cron --- configs/config-psa-crypto.h | 2 +- include/mbedtls/config.h | 2 +- include/psa/crypto_platform.h | 2 +- include/psa/crypto_types.h | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 70563ae3c..447284b93 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -1150,7 +1150,7 @@ * * This is only meaningful when building the library as part of a * multi-client service. When you activate this option, you must provide - * an implementation of the type psa_key_owner_id_t and a translation + * an implementation of the type mbedtls_key_owner_id_t and a translation * from psa_key_file_id_t to file name in all the storage backends that * you wish to support. * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1e6e05275..1209b8340 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1264,7 +1264,7 @@ * * This is only meaningful when building the library as part of a * multi-client service. When you activate this option, you must provide - * an implementation of the type psa_key_owner_id_t and a translation + * an implementation of the type mbedtls_key_owner_id_t and a translation * from psa_key_file_id_t to file name in all the storage backends that * you wish to support. * diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 0bebb08b6..5e6180e36 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -52,7 +52,7 @@ typedef uint16_t psa_key_handle_t; #if defined(PSA_CRYPTO_SECURE) /* Building for the PSA Crypto service on a PSA platform. */ /* A key owner is a PSA partition identifier. */ -typedef int32_t psa_key_owner_id_t; +typedef int32_t mbedtls_key_owner_id_t; #endif #endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index a8becb7b8..753fd304a 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -262,7 +262,7 @@ static inline psa_key_file_id_t psa_key_file_id_make( typedef struct { psa_key_id_t key_id; - psa_key_owner_id_t owner; + mbedtls_key_owner_id_t owner; } psa_key_file_id_t; #define PSA_KEY_ID_INIT {0, 0} @@ -274,7 +274,7 @@ typedef struct * \param key_id Identifier of the key. */ static inline psa_key_file_id_t psa_key_file_id_make( - psa_key_owner_id_t owner_id, psa_key_id_t key_id ) + mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id ) { return( (psa_key_file_id_t){ .key_id = key_id, .owner = owner_id } ); From 71016a9ea7d9a14688b1e0871e4e8d693742854b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 28 Aug 2020 19:01:50 +0200 Subject: [PATCH 108/488] psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t With PSA crypto v1.0.0, a volatile key identifier may contain a owner identifier but no file is associated to it. Thus rename the type psa_key_file_id_t to mbedtls_svc_key_id_t to avoid a direct link with a file when a key identifier involves an owner identifier. The new type name is prefixed by mbedtls to highlight that the type is specific to Mbed TLS implementation and not defined in the PSA Cryptography API specification. The svc in the type name stands for service as this is the key identifier type from the point of view of the service providing the Cryptography services. The service can be completely provided by the present library or partially in case of a multi-client service. As a consequence rename as well: . MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER . PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT . PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID . psa_key_file_id_make to mbedtls_svc_key_id_make Signed-off-by: Ronald Cron --- configs/config-psa-crypto.h | 12 +++--- .../mbed-crypto-storage-specification.md | 10 ++--- include/mbedtls/config.h | 12 +++--- include/psa/crypto.h | 11 ++--- include/psa/crypto_platform.h | 4 +- include/psa/crypto_struct.h | 12 +++--- include/psa/crypto_types.h | 41 ++++++++++--------- library/psa_crypto_slot_management.c | 21 +++++----- library/psa_crypto_slot_management.h | 3 +- library/psa_crypto_storage.c | 37 ++++++++--------- library/psa_crypto_storage.h | 6 +-- library/version_features.c | 6 +-- programs/test/query_config.c | 8 ++-- scripts/config.py | 2 +- tests/suites/test_suite_psa_crypto.function | 13 +++--- ...t_suite_psa_crypto_persistent_key.function | 8 ++-- ...st_suite_psa_crypto_se_driver_hal.function | 16 ++++---- ...te_psa_crypto_se_driver_hal_mocks.function | 14 +++---- ..._suite_psa_crypto_slot_management.function | 24 ++++++----- 19 files changed, 131 insertions(+), 129 deletions(-) diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 447284b93..b98fc9cde 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -1144,20 +1144,20 @@ */ //#define MBEDTLS_ENTROPY_NV_SEED -/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER * - * In PSA key storage, encode the owner of the key. + * Enable key identifiers that encode a key owner identifier. * * This is only meaningful when building the library as part of a - * multi-client service. When you activate this option, you must provide - * an implementation of the type mbedtls_key_owner_id_t and a translation - * from psa_key_file_id_t to file name in all the storage backends that + * multi-client service. When you activate this option, you must provide an + * implementation of the type mbedtls_key_owner_id_t and a translation from + * mbedtls_svc_key_id_t to file name in all the storage backends that you * you wish to support. * * Note that this option is meant for internal use only and may be removed * without notice. */ -//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER /** * \def MBEDTLS_MEMORY_DEBUG diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index e7315ebc2..afeb29f4b 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -107,14 +107,12 @@ Backward compatibility commitments: TBD ### Key names for 1.0.0 -Information about each key is stored in a dedicated file designated by a _key file identifier_ (`psa_key_file_id_t`). The key file identifier is constructed from the 32-bit key identifier (`psa_key_id_t`) and, if applicable, an identifier of the owner of the key. In integrations where there is no concept of key owner (in particular, in library integrations), the key file identifier is exactly the key identifier. When the library is integrated into a service, the service determines the semantics of the owner identifier. +Information about each key is stored in a dedicated file designated by the key identifier. In integrations where there is no concept of key owner (in particular, in library integrations), the key identifier is exactly the key identifier as defined in the PSA Cryptography API specification (`psa_key_id_t`). In integrations where there is a concept of key owner (integration into a service for example), the key identifier is made of an owner identifier (its semantics and type are integration specific) and of the key identifier (`psa_key_id_t`) from the key owner point of view. -The way in which the file name is constructed from the key file identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0). +The way in which the file name is constructed from the key identifier depends on the storage backend. The content of the file is described [below](#key-file-format-for-1.0.0). -The valid values for a key identifier are the range from 1 to 0xfffeffff. This limitation on the range is not documented in user-facing documentation: according to the user-facing documentation, arbitrary 32-bit values are valid. - -* Library integration: the key file name is just the key identifer. This is a 32-bit value. -* PSA service integration: the key file identifier is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier specified by the application and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value. +* Library integration: the key file name is just the key identifier as defined in the PSA crypto specification. This is a 32-bit value. +* PSA service integration: the key file name is `(uint32_t)owner_uid << 32 | key_id` where `key_id` is the key identifier from the owner point of view and `owner_uid` (of type `int32_t`) is the calling partition identifier provided to the server by the partition manager. This is a 64-bit value. ### Key file format for 1.0.0 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1209b8340..496ebe968 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1258,20 +1258,20 @@ */ //#define MBEDTLS_ENTROPY_NV_SEED -/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER * - * In PSA key storage, encode the owner of the key. + * Enable key identifiers that encode a key owner identifier. * * This is only meaningful when building the library as part of a - * multi-client service. When you activate this option, you must provide - * an implementation of the type mbedtls_key_owner_id_t and a translation - * from psa_key_file_id_t to file name in all the storage backends that + * multi-client service. When you activate this option, you must provide an + * implementation of the type mbedtls_key_owner_id_t and a translation from + * mbedtls_svc_key_id_t to file name in all the storage backends that you * you wish to support. * * Note that this option is meant for internal use only and may be removed * without notice. */ -//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER /** * \def MBEDTLS_MEMORY_DEBUG diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c8eb08bd0..5ba16b987 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -149,8 +149,8 @@ static psa_key_attributes_t psa_key_attributes_init(void); * \param[out] attributes The attribute structure to write to. * \param key The persistent identifier for the key. */ -static void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_file_id_t key); +static void psa_set_key_id( psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t key ); /** Set the location of a persistent key. * @@ -192,7 +192,8 @@ static void psa_set_key_lifetime(psa_key_attributes_t *attributes, * This value is unspecified if the attribute structure declares * the key as volatile. */ -static psa_key_file_id_t psa_get_key_id(const psa_key_attributes_t *attributes); +static mbedtls_svc_key_id_t psa_get_key_id( + const psa_key_attributes_t *attributes); /** Retrieve the lifetime from key attributes. * @@ -437,8 +438,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_open_key(psa_key_file_id_t key, psa_key_handle_t *handle); - +psa_status_t psa_open_key( mbedtls_svc_key_id_t key, + psa_key_handle_t *handle ); /** Close a key handle. * diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 5e6180e36..aa55aea47 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -47,7 +47,7 @@ /* Integral type representing a key handle. */ typedef uint16_t psa_key_handle_t; -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) #if defined(PSA_CRYPTO_SECURE) /* Building for the PSA Crypto service on a PSA platform. */ @@ -55,6 +55,6 @@ typedef uint16_t psa_key_handle_t; typedef int32_t mbedtls_key_owner_id_t; #endif -#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #endif /* PSA_CRYPTO_PLATFORM_H */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 4e4e9e504..065c6b146 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -330,12 +330,12 @@ typedef struct psa_key_type_t type; psa_key_bits_t bits; psa_key_lifetime_t lifetime; - psa_key_file_id_t id; + mbedtls_svc_key_id_t id; psa_key_policy_t policy; psa_key_attributes_flag_t flags; } psa_core_key_attributes_t; -#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0} +#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0} struct psa_key_attributes_s { @@ -359,15 +359,15 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void ) return( v ); } -static inline void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_file_id_t key) +static inline void psa_set_key_id( psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t key ) { attributes->core.id = key; if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE ) attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT; } -static inline psa_key_file_id_t psa_get_key_id( +static inline mbedtls_svc_key_id_t psa_get_key_id( const psa_key_attributes_t *attributes) { return( attributes->core.id ); @@ -379,7 +379,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, attributes->core.lifetime = lifetime; if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) { -#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER +#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER attributes->core.id.key_id = 0; #else attributes->core.id = 0; diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 753fd304a..fb61e9a8f 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -130,7 +130,7 @@ typedef uint32_t psa_algorithm_t; * implementation-specific device management event occurs (for example, * a factory reset). * - * Persistent keys have a key identifier of type #psa_key_file_id_t. + * Persistent keys have a key identifier of type #mbedtls_svc_key_id_t. * This identifier remains valid throughout the lifetime of the key, * even if the application instance that created the key terminates. * The application can call psa_open_key() to open a persistent key that @@ -235,17 +235,18 @@ typedef uint32_t psa_key_location_t; */ typedef uint32_t psa_key_id_t; -#if !defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) -typedef psa_key_id_t psa_key_file_id_t; -#define PSA_KEY_ID_INIT 0 -#define PSA_KEY_FILE_GET_KEY_ID( id ) ( id ) +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) +typedef psa_key_id_t mbedtls_svc_key_id_t; -/** Utility to initialize a key file identifier at runtime. +#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 ) +#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id ) + +/** Utility to initialize a key identifier at runtime. * * \param unused Unused parameter. * \param key_id Identifier of the key. */ -static inline psa_key_file_id_t psa_key_file_id_make( +static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( unsigned int unused, psa_key_id_t key_id ) { (void)unused; @@ -253,34 +254,34 @@ static inline psa_key_file_id_t psa_key_file_id_make( return( key_id ); } -#else /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ -/* Implementation-specific: The Mbed Crypto library can be built as - * part of a multi-client service that exposes the PSA Crypto API in each - * client and encodes the client identity in the key id argument of functions - * such as psa_open_key(). +#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ +/* Implementation-specific: The Mbed Cryptography library can be built as + * part of a multi-client service that exposes the PSA Cryptograpy API in each + * client and encodes the client identity in the key identifier argument of + * functions such as psa_open_key(). */ typedef struct { psa_key_id_t key_id; mbedtls_key_owner_id_t owner; -} psa_key_file_id_t; +} mbedtls_svc_key_id_t; -#define PSA_KEY_ID_INIT {0, 0} -#define PSA_KEY_FILE_GET_KEY_ID( file_id ) ( ( file_id ).key_id ) +#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } ) +#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id ) -/** Utility to initialize a key file identifier at runtime. +/** Utility to initialize a key identifier at runtime. * * \param owner_id Identifier of the key owner. * \param key_id Identifier of the key. */ -static inline psa_key_file_id_t psa_key_file_id_make( +static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id ) { - return( (psa_key_file_id_t){ .key_id = key_id, - .owner = owner_id } ); + return( (mbedtls_svc_key_id_t){ .key_id = key_id, + .owner = owner_id } ); } -#endif /* !MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /**@}*/ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a9b862479..e5265604c 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -157,16 +157,15 @@ exit: * past released version must remain valid, unless a migration path * is provided. * - * \param file_id The key identifier to check. - * \param vendor_ok Nonzero to allow key ids in the vendor range. - * 0 to allow only key ids in the application range. + * \param key The key identifier to check. + * \param vendor_ok Nonzero to allow key ids in the vendor range. + * 0 to allow only key ids in the application range. * - * \return 1 if \p file_id is acceptable, otherwise 0. + * \return 1 if \p key is acceptable, otherwise 0. */ -static int psa_is_key_id_valid( psa_key_file_id_t file_id, - int vendor_ok ) +static int psa_is_key_id_valid( mbedtls_svc_key_id_t key, int vendor_ok ) { - psa_key_id_t key_id = PSA_KEY_FILE_GET_KEY_ID( file_id ); + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX ) return( 1 ); else if( vendor_ok && @@ -204,7 +203,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, } psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - psa_key_file_id_t key ) + mbedtls_svc_key_id_t key ) { if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { @@ -227,7 +226,7 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, } } -psa_status_t psa_open_key( psa_key_file_id_t key, psa_key_handle_t *handle ) +psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_status_t status; @@ -291,14 +290,14 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) ++stats->volatile_slots; else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT ) { - psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ); ++stats->persistent_slots; if( id > stats->max_open_internal_key_id ) stats->max_open_internal_key_id = id; } else { - psa_key_id_t id = PSA_KEY_FILE_GET_KEY_ID(slot->attr.id); + psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ); ++stats->external_slots; if( id > stats->max_open_external_key_id ) stats->max_open_external_key_id = id; diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 58e7f7cb6..c6fecbb7a 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -120,7 +120,6 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, * \retval #PSA_ERROR_INVALID_ARGUMENT */ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - psa_key_file_id_t key ); - + mbedtls_svc_key_id_t key ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 18889a17e..b94cfd0f0 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -55,27 +55,27 @@ /* Key storage */ /****************************************************************/ -/* Determine a file name (ITS file identifier) for the given key file - * identifier. The file name must be distinct from any file that is used - * for a purpose other than storing a key. Currently, the only such file - * is the random seed file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID - * and whose value is 0xFFFFFF52. */ -static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id ) +/* Determine a file name (ITS file identifier) for the given key identifier. + * The file name must be distinct from any file that is used for a purpose + * other than storing a key. Currently, the only such file is the random seed + * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is + * 0xFFFFFF52. */ +static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key ) { -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) && \ +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \ defined(PSA_CRYPTO_SECURE) /* Encode the owner in the upper 32 bits. This means that if * owner values are nonzero (as they are on a PSA platform), * no key file will ever have a value less than 0x100000000, so * the whole range 0..0xffffffff is available for non-key files. */ - uint32_t unsigned_owner = (uint32_t) file_id.owner; - return( (uint64_t) unsigned_owner << 32 | file_id.key_id ); + uint32_t unsigned_owner = (uint32_t) key.owner; + return( (uint64_t) unsigned_owner << 32 | key.key_id ); #else /* Use the key id directly as a file name. - * psa_is_key_file_id_valid() in psa_crypto_slot_management.c + * psa_is_key_id_valid() in psa_crypto_slot_management.c * is responsible for ensuring that key identifiers do not have a * value that is reserved for non-key files. */ - return( file_id ); + return( key ); #endif } @@ -94,9 +94,8 @@ static psa_storage_uid_t psa_its_identifier_of_slot( psa_key_file_id_t file_id ) * \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_DOES_NOT_EXIST */ -static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, - uint8_t *data, - size_t data_size ) +static psa_status_t psa_crypto_storage_load( + const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size ) { psa_status_t status; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -114,7 +113,7 @@ static psa_status_t psa_crypto_storage_load( const psa_key_file_id_t key, return( status ); } -int psa_is_key_present_in_storage( const psa_key_file_id_t key ) +int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ) { psa_status_t ret; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -143,7 +142,7 @@ int psa_is_key_present_in_storage( const psa_key_file_id_t key ) * \retval PSA_ERROR_STORAGE_FAILURE * \retval PSA_ERROR_ALREADY_EXISTS */ -static psa_status_t psa_crypto_storage_store( const psa_key_file_id_t key, +static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key, const uint8_t *data, size_t data_length ) { @@ -184,7 +183,7 @@ exit: return( status ); } -psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key ) +psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ) { psa_status_t ret; psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); @@ -215,7 +214,7 @@ psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key ) * \retval PSA_ERROR_STORAGE_FAILURE */ static psa_status_t psa_crypto_storage_get_data_length( - const psa_key_file_id_t key, + const mbedtls_svc_key_id_t key, size_t *data_length ) { psa_status_t status; @@ -394,7 +393,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, psa_status_t status = PSA_SUCCESS; uint8_t *loaded_data; size_t storage_data_length = 0; - psa_key_file_id_t key = attr->id; + mbedtls_svc_key_id_t key = attr->id; status = psa_crypto_storage_get_data_length( key, &storage_data_length ); if( status != PSA_SUCCESS ) diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index c9270a913..de845a748 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -72,7 +72,7 @@ extern "C" { * \retval 1 * Persistent data present for slot number */ -int psa_is_key_present_in_storage( const psa_key_file_id_t key ); +int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ); /** * \brief Format key data and metadata and save to a location for given key @@ -141,7 +141,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, * or the key did not exist. * \retval PSA_ERROR_STORAGE_FAILURE */ -psa_status_t psa_destroy_persistent_key( const psa_key_file_id_t key ); +psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ); /** * \brief Free the temporary buffer allocated by psa_load_persistent_key(). @@ -292,7 +292,7 @@ typedef union uint16_t unused1; psa_key_lifetime_t lifetime; psa_key_slot_number_t slot; - psa_key_file_id_t id; + mbedtls_svc_key_id_t id; } key; } psa_crypto_transaction_t; diff --git a/library/version_features.c b/library/version_features.c index d2840fa3c..80263f75f 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -417,9 +417,9 @@ static const char * const features[] = { #if defined(MBEDTLS_ENTROPY_NV_SEED) "MBEDTLS_ENTROPY_NV_SEED", #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) - "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", -#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", +#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #if defined(MBEDTLS_MEMORY_DEBUG) "MBEDTLS_MEMORY_DEBUG", #endif /* MBEDTLS_MEMORY_DEBUG */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index f4c14d6cb..fd3b8265d 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1168,13 +1168,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if defined(MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER) - if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER", config ) == 0 ) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER ); + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER ); return( 0 ); } -#endif /* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER */ +#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #if defined(MBEDTLS_MEMORY_DEBUG) if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 ) diff --git a/scripts/config.py b/scripts/config.py index 703e6e906..508dac6e1 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -184,7 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature - 'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time) + 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time) 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index af7a22133..3f34211d6 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -233,7 +233,7 @@ int check_key_attributes_sanity( psa_key_handle_t key ) int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_lifetime_t lifetime; - psa_key_file_id_t id; + mbedtls_svc_key_id_t id; psa_key_type_t type; psa_key_type_t bits; @@ -1326,7 +1326,7 @@ void attributes_set_get( int id_arg, int lifetime_arg, int type_arg, int bits_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_key_lifetime_t lifetime = lifetime_arg; psa_key_usage_t usage_flags = usage_flags_arg; psa_algorithm_t alg = alg_arg; @@ -1370,10 +1370,11 @@ void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg, int expected_id_arg, int expected_lifetime_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_file_id_t id1 = psa_key_file_id_make( 1, id1_arg ); + mbedtls_svc_key_id_t id1 = mbedtls_svc_key_id_make( 1, id1_arg ); psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_file_id_t id2 = psa_key_file_id_make( 1, id2_arg ); - psa_key_file_id_t expected_id = psa_key_file_id_make( 1, expected_id_arg ); + mbedtls_svc_key_id_t id2 = mbedtls_svc_key_id_make( 1, id2_arg ); + mbedtls_svc_key_id_t expected_id = + mbedtls_svc_key_id_make( 1, expected_id_arg ); psa_key_lifetime_t expected_lifetime = expected_lifetime_arg; if( id1_arg != -1 ) @@ -5584,7 +5585,7 @@ void persistent_key_load_key_from_storage( data_t *data, int usage_flags_arg, int alg_arg, int generation_method ) { - psa_key_file_id_t key_id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_handle_t handle = 0; psa_key_handle_t base_key = 0; diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 43cc5df5f..ffb4f461c 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -112,7 +112,7 @@ exit: /* BEGIN_CASE */ void save_large_persistent_key( int data_length_arg, int expected_status ) { - psa_key_file_id_t key_id = psa_key_file_id_make( 1, 42 ); + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); psa_key_handle_t handle = 0; uint8_t *data = NULL; size_t data_length = data_length_arg; @@ -143,7 +143,7 @@ void persistent_key_destroy( int key_id_arg, int restart, int first_type_arg, data_t *first_data, int second_type_arg, data_t *second_data ) { - psa_key_file_id_t key_id = psa_key_file_id_make( 1, key_id_arg ); + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, key_id_arg ); psa_key_handle_t handle = 0; psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg; @@ -196,7 +196,7 @@ exit: void persistent_key_import( int key_id_arg, int type_arg, data_t *data, int restart, int expected_status ) { - psa_key_file_id_t key_id = psa_key_file_id_make( 1, key_id_arg ); + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, key_id_arg ); psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -245,7 +245,7 @@ void import_export_persistent_key( data_t *data, int type_arg, int expected_bits, int restart, int key_not_exist ) { - psa_key_file_id_t key_id = psa_key_file_id_make( 1, 42 ); + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_handle_t handle = 0; unsigned char *exported = NULL; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 992e5dfd0..d117738b7 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -766,7 +766,7 @@ static void psa_purge_storage( void ) * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) - psa_destroy_persistent_key( psa_key_file_id_make( 1, id ) ); + psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) ); /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -853,7 +853,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -985,7 +985,7 @@ void key_creation_in_chosen_slot( int slot_arg, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -1067,7 +1067,7 @@ void import_key_smoke( int type_arg, int alg_arg, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1139,7 +1139,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1178,7 +1178,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1258,7 +1258,7 @@ void sign_verify( int flow, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t drv_handle = 0; /* key managed by the driver */ psa_key_handle_t sw_handle = 0; /* transparent key */ psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1420,7 +1420,7 @@ void register_key_smoke_test( int lifetime_arg, psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; psa_key_handle_t handle = 0; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 8f1f9689b..c4c89cd65 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -95,7 +95,7 @@ static void psa_purge_storage( void ) * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) - psa_destroy_persistent_key( psa_key_file_id_make( 1, id ) ); + psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) ); /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -330,7 +330,7 @@ void mock_import( int mock_alloc_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -387,7 +387,7 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -441,7 +441,7 @@ void mock_generate( int mock_alloc_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -496,7 +496,7 @@ void mock_export_public( int mock_export_public_return_value, psa_drv_se_key_management_t key_management; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -546,7 +546,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_drv_se_asymmetric_t asymmetric; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -607,7 +607,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_drv_se_asymmetric_t asymmetric; psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); - psa_key_file_id_t id = psa_key_file_id_make( 1, 1 ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index bd15865cb..bc6ecdaec 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -34,11 +34,11 @@ typedef enum * code. */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -static psa_key_file_id_t key_ids_used_in_test[9]; +static mbedtls_svc_key_id_t key_ids_used_in_test[9]; static size_t num_key_ids_used; /* Record a key id as potentially used in a test case. */ -static int test_uses_key_id( psa_key_file_id_t key_id ) +static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) { size_t i; if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) @@ -178,7 +178,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, int close_method_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_algorithm_t alg = alg_arg; psa_algorithm_t alg2 = alg2_arg; psa_key_usage_t usage_flags = usage_arg; @@ -296,7 +296,7 @@ void create_existent( int lifetime_arg, int id_arg, int reopen_policy_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_key_handle_t handle1 = 0, handle2 = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; @@ -363,7 +363,7 @@ exit: void open_fail( int id_arg, int expected_status_arg ) { - psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_status_t expected_status = expected_status_arg; psa_key_handle_t handle = 0xdead; @@ -382,7 +382,7 @@ void create_fail( int lifetime_arg, int id_arg, int expected_status_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - psa_key_file_id_t id = psa_key_file_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; psa_key_handle_t handle = 0xdead; @@ -420,14 +420,16 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, int expected_alg_arg, int expected_alg2_arg ) { psa_key_lifetime_t source_lifetime = source_lifetime_arg; - psa_key_file_id_t source_id = psa_key_file_id_make( 1, source_id_arg ); + mbedtls_svc_key_id_t source_id = + mbedtls_svc_key_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; psa_key_handle_t source_handle = 0; psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t source_type = type_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg; - psa_key_file_id_t target_id = psa_key_file_id_make( 1, target_id_arg ); + mbedtls_svc_key_id_t target_id = + mbedtls_svc_key_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; psa_key_handle_t target_handle = 0; @@ -534,13 +536,15 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, int target_type_arg, data_t *target_material ) { psa_key_lifetime_t source_lifetime = source_lifetime_arg; - psa_key_file_id_t source_id = psa_key_file_id_make( 1, source_id_arg ); + mbedtls_svc_key_id_t source_id = + mbedtls_svc_key_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; psa_key_handle_t source_handle = 0; psa_key_type_t source_type = source_type_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg; - psa_key_file_id_t target_id = psa_key_file_id_make( 1, target_id_arg ); + mbedtls_svc_key_id_t target_id = + mbedtls_svc_key_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; psa_key_handle_t target_handle = 0; From 2647b68dde08e411f2f4e966c47f4cf44bf9c28d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 29 Jul 2020 10:25:02 +0200 Subject: [PATCH 109/488] Set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in full configuration Enable key identifiers encoding owner identifier in the full configuration. With this change the unit tests on the full configuration are failing. The following commit do the necessary changes to the PSA code and test code for the tests to pass with this configuration option enabled. Signed-off-by: Ronald Cron --- scripts/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.py b/scripts/config.py index 508dac6e1..47a83558b 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -184,7 +184,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature - 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time) 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature @@ -248,6 +247,7 @@ EXCLUDE_FROM_BAREMETAL = frozenset([ 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem + 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # requires a multi-client service 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread From ecfb237f233a11f347cb95497cf31d97ccc7db5a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Jul 2020 17:13:42 +0200 Subject: [PATCH 110/488] Fix PSA code and unit tests Fix PSA code and unit tests for the unit tests to pass with key identifiers encoding owner identifiers. The changes in PSA code just make the enablement of key identifiers encoding owner identifiers platform independent. Previous to this commit, such key identifiers were used only in the case of PSA SPM platforms. Signed-off-by: Ronald Cron --- include/psa/crypto_platform.h | 20 ++++++- include/psa/crypto_types.h | 29 ++++++++++ library/psa_crypto_storage.c | 3 +- tests/suites/test_suite_psa_crypto.data | 10 ++-- tests/suites/test_suite_psa_crypto.function | 47 ++++++++++----- ...t_suite_psa_crypto_persistent_key.function | 6 +- ...st_suite_psa_crypto_se_driver_hal.function | 6 +- ...te_psa_crypto_se_driver_hal_mocks.function | 34 +++++++++-- ..._suite_psa_crypto_slot_management.function | 57 ++++++++++++------- 9 files changed, 159 insertions(+), 53 deletions(-) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index aa55aea47..4e2f162ea 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -44,16 +44,32 @@ /* PSA requires several types which C99 provides in stdint.h. */ #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + /* Integral type representing a key handle. */ typedef uint16_t psa_key_handle_t; #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) -#if defined(PSA_CRYPTO_SECURE) /* Building for the PSA Crypto service on a PSA platform. */ /* A key owner is a PSA partition identifier. */ typedef int32_t mbedtls_key_owner_id_t; -#endif + +/** Compare two key owner identifiers. + * + * \param id1 First key owner identifier. + * \param id2 Second key owner identifier. + * + * \return Non-zero if the two key owner identifiers are equal, zero otherwise. + */ +static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1, + mbedtls_key_owner_id_t id2 ) +{ + return( id1 == id2 ); +} #endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index fb61e9a8f..864e93788 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -240,6 +240,7 @@ typedef psa_key_id_t mbedtls_svc_key_id_t; #define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 ) #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id ) +#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 ) /** Utility to initialize a key identifier at runtime. * @@ -254,6 +255,19 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( return( key_id ); } +/** Compare two key identifiers. + * + * \param id1 First key identifier. + * \param id2 Second key identifier. + * + * \return Non-zero if the two key identifier are equal, zero otherwise. + */ +static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, + mbedtls_svc_key_id_t id2 ) +{ + return( id1 == id2 ); +} + #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /* Implementation-specific: The Mbed Cryptography library can be built as * part of a multi-client service that exposes the PSA Cryptograpy API in each @@ -268,6 +282,7 @@ typedef struct #define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } ) #define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id ) +#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner ) /** Utility to initialize a key identifier at runtime. * @@ -281,6 +296,20 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( .owner = owner_id } ); } +/** Compare two key identifiers. + * + * \param id1 First key identifier. + * \param id2 Second key identifier. + * + * \return Non-zero if the two key identifier are equal, zero otherwise. + */ +static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, + mbedtls_svc_key_id_t id2 ) +{ + return( ( id1.key_id == id2.key_id ) && + mbedtls_key_owner_id_equal( id1.owner, id2.owner ) ); +} + #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /**@}*/ diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index b94cfd0f0..e48bc282f 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -62,8 +62,7 @@ * 0xFFFFFF52. */ static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key ) { -#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \ - defined(PSA_CRYPTO_SECURE) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Encode the owner in the upper 32 bits. This means that if * owner values are nonzero (as they are on a PSA platform), * no key file will ever have a value less than 0x100000000, so diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cd2601796..723eebf0f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5,19 +5,19 @@ PSA key attributes structure attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128 PSA key attributes: id only -persistence_attributes:0x1234:-1:-1:0x1234:PSA_KEY_LIFETIME_PERSISTENT +persistence_attributes:0x1234:0x5678:-1:-1:0:0x1234:0x5678:PSA_KEY_LIFETIME_PERSISTENT PSA key attributes: lifetime=3 only -persistence_attributes:-1:3:-1:0:3 +persistence_attributes:-1:0:3:-1:0:0:0:3 PSA key attributes: id then back to volatile -persistence_attributes:0x1234:PSA_KEY_LIFETIME_VOLATILE:-1:0:PSA_KEY_LIFETIME_VOLATILE +persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_VOLATILE:-1:0:0:0x5678:PSA_KEY_LIFETIME_VOLATILE PSA key attributes: id then lifetime -persistence_attributes:0x1234:3:-1:0x1234:3 +persistence_attributes:0x1234:0x5678:3:-1:0:0x1234:0x5678:3 PSA key attributes: lifetime then id -persistence_attributes:0x1234:3:0x1235:0x1235:3 +persistence_attributes:0x1234:0x5678:3:0x1235:0x5679:0x1235:0x5679:3 PSA key attributes: slot number slot_number_attribute: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3f34211d6..3e3a7a268 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -245,12 +245,12 @@ int check_key_attributes_sanity( psa_key_handle_t key ) /* Persistence */ if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) - TEST_ASSERT( id == 0 ); + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) == 0 ); else { TEST_ASSERT( - ( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) || - ( PSA_KEY_ID_USER_MIN <= id && id <= PSA_KEY_ID_USER_MAX ) ); + ( PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= PSA_KEY_ID_USER_MAX ) ); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* randomly-generated 64-bit constant, should never appear in test data */ @@ -1178,17 +1178,21 @@ static psa_key_usage_t usage_to_exercise( psa_key_type_t type, static int test_operations_on_invalid_handle( psa_key_handle_t handle ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 ); uint8_t buffer[1]; size_t length; int ok = 0; - psa_set_key_id( &attributes, 0x6964 ); + psa_set_key_id( &attributes, key_id ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, PSA_ALG_CTR ); psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), PSA_ERROR_INVALID_HANDLE ); - TEST_EQUAL( psa_get_key_id( &attributes ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); @@ -1333,7 +1337,10 @@ void attributes_set_get( int id_arg, int lifetime_arg, psa_key_type_t type = type_arg; size_t bits = bits_arg; - TEST_EQUAL( psa_get_key_id( &attributes ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); @@ -1347,7 +1354,8 @@ void attributes_set_get( int id_arg, int lifetime_arg, psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); @@ -1356,7 +1364,10 @@ void attributes_set_get( int id_arg, int lifetime_arg, psa_reset_key_attributes( &attributes ); - TEST_EQUAL( psa_get_key_id( &attributes ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); + TEST_EQUAL( + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psa_get_key_id( &attributes ) ), 0 ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), 0 ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); @@ -1366,15 +1377,19 @@ void attributes_set_get( int id_arg, int lifetime_arg, /* END_CASE */ /* BEGIN_CASE */ -void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg, - int expected_id_arg, int expected_lifetime_arg ) +void persistence_attributes( int id1_arg, int owner_id1_arg, int lifetime_arg, + int id2_arg, int owner_id2_arg, + int expected_id_arg, int expected_owner_id_arg, + int expected_lifetime_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t id1 = mbedtls_svc_key_id_make( 1, id1_arg ); + mbedtls_svc_key_id_t id1 = + mbedtls_svc_key_id_make( owner_id1_arg, id1_arg ); psa_key_lifetime_t lifetime = lifetime_arg; - mbedtls_svc_key_id_t id2 = mbedtls_svc_key_id_make( 1, id2_arg ); + mbedtls_svc_key_id_t id2 = + mbedtls_svc_key_id_make( owner_id2_arg, id2_arg ); mbedtls_svc_key_id_t expected_id = - mbedtls_svc_key_id_make( 1, expected_id_arg ); + mbedtls_svc_key_id_make( expected_owner_id_arg, expected_id_arg ); psa_key_lifetime_t expected_lifetime = expected_lifetime_arg; if( id1_arg != -1 ) @@ -1384,7 +1399,8 @@ void persistence_attributes( int id1_arg, int lifetime_arg, int id2_arg, if( id2_arg != -1 ) psa_set_key_id( &attributes, id2 ); - TEST_EQUAL( psa_get_key_id( &attributes ), expected_id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), expected_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), expected_lifetime ); } /* END_CASE */ @@ -5677,7 +5693,8 @@ void persistent_key_load_key_from_storage( data_t *data, /* Check key slot still contains key data */ PSA_ASSERT( psa_open_key( key_id, &handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), key_id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index ffb4f461c..5087034a4 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -224,7 +224,8 @@ void persistent_key_import( int key_id_arg, int type_arg, data_t *data, psa_reset_key_attributes( &attributes ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), key_id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); @@ -276,7 +277,8 @@ void import_export_persistent_key( data_t *data, int type_arg, /* Test the key information */ psa_reset_key_attributes( &attributes ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), key_id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index d117738b7..6f7cfa946 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -532,8 +532,9 @@ static int check_key_attributes( PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) ); - TEST_EQUAL( psa_get_key_id( &actual_attributes ), - psa_get_key_id( reference_attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &actual_attributes ), + psa_get_key_id( reference_attributes ) ) ); TEST_EQUAL( psa_get_key_lifetime( &actual_attributes ), psa_get_key_lifetime( reference_attributes ) ); TEST_EQUAL( psa_get_key_type( &actual_attributes ), @@ -762,6 +763,7 @@ static void psa_purge_storage( void ) { psa_key_id_t id; psa_key_location_t location; + /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index c4c89cd65..7d4a59125 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -91,11 +91,13 @@ static void psa_purge_storage( void ) { psa_key_id_t id; psa_key_location_t location; + /* The tests may have potentially created key ids from 1 to * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id * 0, which file-based storage uses as a temporary file. */ for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) ); + /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ @@ -360,8 +362,20 @@ void mock_import( int mock_alloc_return_value, TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_import_data.called == ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) ); - TEST_ASSERT( mock_import_data.attributes.core.id == - ( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) ); + + if( mock_alloc_return_value == PSA_SUCCESS ) + { + TEST_ASSERT( mbedtls_svc_key_id_equal( + mock_import_data.attributes.core.id, id ) ); + } + else + { + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( + mock_import_data.attributes.core.id ) == 0 ); + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( + mock_import_data.attributes.core.id ) == 0 ); + } + TEST_ASSERT( mock_import_data.attributes.core.lifetime == ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) ); TEST_ASSERT( mock_import_data.attributes.core.policy.usage == @@ -467,8 +481,20 @@ void mock_generate( int mock_alloc_return_value, TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_generate_data.called == ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) ); - TEST_ASSERT( mock_generate_data.attributes.core.id == - ( mock_alloc_return_value == PSA_SUCCESS? id : 0 ) ); + + if( mock_alloc_return_value == PSA_SUCCESS ) + { + TEST_ASSERT( mbedtls_svc_key_id_equal( + mock_generate_data.attributes.core.id, id ) ); + } + else + { + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( + mock_generate_data.attributes.core.id ) == 0 ); + TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( + mock_generate_data.attributes.core.id ) == 0 ); + } + TEST_ASSERT( mock_generate_data.attributes.core.lifetime == ( mock_alloc_return_value == PSA_SUCCESS? lifetime : 0 ) ); TEST_ASSERT( mock_generate_data.attributes.core.policy.usage == diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index bc6ecdaec..c9d4404e8 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -41,14 +41,15 @@ static size_t num_key_ids_used; static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) { size_t i; - if( key_id > PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id ) > + PSA_MAX_PERSISTENT_KEY_IDENTIFIER ) { /* Don't touch key id values that designate non-key files. */ return( 1 ); } for( i = 0; i < num_key_ids_used ; i++ ) { - if( key_id == key_ids_used_in_test[i] ) + if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) return( 1 ); } if( num_key_ids_used == ARRAY_LENGTH( key_ids_used_in_test ) ) @@ -206,7 +207,8 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, TEST_ASSERT( handle != 0 ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); @@ -217,7 +219,8 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, PSA_ASSERT( psa_open_key( id, &handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); @@ -247,8 +250,9 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), psa_get_key_lifetime( &read_attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), - psa_get_key_id( &read_attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), + psa_get_key_id( &read_attributes ) ) ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), psa_get_key_algorithm( &read_attributes ) ); @@ -338,7 +342,8 @@ void create_existent( int lifetime_arg, int id_arg, /* Check that the original key hasn't changed. */ psa_reset_key_attributes( &attributes ); PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) ); - TEST_EQUAL( psa_get_key_id( &attributes ), id ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_EQUAL( psa_get_key_type( &attributes ), type1 ); TEST_EQUAL( psa_get_key_bits( &attributes ), bits1 ); @@ -445,11 +450,9 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, PSA_ASSERT( psa_crypto_init( ) ); /* Populate the source slot. */ - if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE ) - { - psa_set_key_id( &source_attributes, source_id ); - psa_set_key_lifetime( &source_attributes, source_lifetime ); - } + psa_set_key_id( &source_attributes, source_id ); + psa_set_key_lifetime( &source_attributes, source_lifetime ); + psa_set_key_type( &source_attributes, source_type ); psa_set_key_usage_flags( &source_attributes, source_usage ); psa_set_key_algorithm( &source_attributes, source_alg ); @@ -461,11 +464,9 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) ); /* Prepare the target slot. */ - if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) - { - psa_set_key_id( &target_attributes, target_id ); - psa_set_key_lifetime( &target_attributes, target_lifetime ); - } + psa_set_key_id( &target_attributes, target_id ); + psa_set_key_lifetime( &target_attributes, target_lifetime ); + psa_set_key_usage_flags( &target_attributes, target_usage ); psa_set_key_algorithm( &target_attributes, target_alg ); psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); @@ -489,7 +490,20 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, /* Test that the target slot has the expected content. */ psa_reset_key_attributes( &target_attributes ); PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) ); - TEST_EQUAL( target_id, psa_get_key_id( &target_attributes ) ); + + if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) + { + TEST_ASSERT( mbedtls_svc_key_id_equal( + target_id, psa_get_key_id( &target_attributes ) ) ); + } + else + { +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ), 1 ); +#endif + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 ); + } + TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) ); TEST_EQUAL( source_type, psa_get_key_type( &target_attributes ) ); TEST_EQUAL( psa_get_key_bits( &source_attributes ), @@ -574,7 +588,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, &source_handle ) ); /* Populate the target slot. */ - if( target_id == source_id ) + if( mbedtls_svc_key_id_equal( target_id, source_id ) ) { target_handle = source_handle; } @@ -601,8 +615,9 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, /* Test that the target slot is unaffected. */ PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) ); - TEST_EQUAL( psa_get_key_id( &attributes1 ), - psa_get_key_id( &attributes2 ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( + psa_get_key_id( &attributes1 ), + psa_get_key_id( &attributes2 ) ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes1 ), psa_get_key_lifetime( &attributes2 ) ); TEST_EQUAL( psa_get_key_type( &attributes1 ), From 978d57d61e5f6350f6f5e455557747c0a6cfb532 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 26 Aug 2020 15:42:34 +0200 Subject: [PATCH 111/488] tests: psa: Fix storage purge in se_driver_hal tests (1) Remove systematic deletion of key file associated to key identifier 0 as this file is not created under the hood anymore by the library. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto_se_driver_hal.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 6f7cfa946..fc2eb4806 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -765,10 +765,10 @@ static void psa_purge_storage( void ) psa_key_location_t location; /* The tests may have potentially created key ids from 1 to - * MAX_KEY_ID_FOR_TEST. In addition, run the destroy function on key id - * 0, which file-based storage uses as a temporary file. */ - for( id = 0; id <= MAX_KEY_ID_FOR_TEST; id++ ) + * MAX_KEY_ID_FOR_TEST. */ + for( id = 1; id <= MAX_KEY_ID_FOR_TEST; id++ ) psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) ); + /* Purge the transaction file. */ psa_crypto_stop_transaction( ); /* Purge driver persistent data. */ From 5731f6f5d7a3389860d2589939cd18779d3e20fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 26 Aug 2020 15:29:11 +0200 Subject: [PATCH 112/488] tests: psa: Fix storage purge in se_driver_hal tests (2) Delete key files based on declaration by test cases and not based on a hardcoded list of identifiers as in test_suite_psa_crypto_slot_management.function. This fixes the fact that in case of error the file associated to the key identifier PSA_KEY_ID_VENDOR_MAX was not purged (register_key_smoke_test test function). Signed-off-by: Ronald Cron --- ...st_suite_psa_crypto_se_driver_hal.function | 50 ++++++++++++++++--- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index fc2eb4806..cbc5cf788 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -758,16 +758,40 @@ exit: return( ok ); } -#define MAX_KEY_ID_FOR_TEST 10 +static mbedtls_svc_key_id_t key_ids_used_in_test[10]; +static size_t num_key_ids_used; + +/* Record a key id as potentially used in a test case. */ +static int test_uses_key_id( mbedtls_svc_key_id_t key_id ) +{ + size_t i; + + for( i = 0; i < num_key_ids_used ; i++ ) + { + if( mbedtls_svc_key_id_equal( key_id, key_ids_used_in_test[i] ) ) + return( 1 ); + } + + if( num_key_ids_used >= ARRAY_LENGTH( key_ids_used_in_test ) ) + return( 0 ); + + key_ids_used_in_test[num_key_ids_used] = key_id; + ++num_key_ids_used; + + return( 1 ); +} + +#define TEST_USES_KEY_ID( key_id ) \ + TEST_ASSERT( test_uses_key_id( key_id ) ) + static void psa_purge_storage( void ) { - psa_key_id_t id; + size_t i; psa_key_location_t location; - /* The tests may have potentially created key ids from 1 to - * MAX_KEY_ID_FOR_TEST. */ - for( id = 1; id <= MAX_KEY_ID_FOR_TEST; id++ ) - psa_destroy_persistent_key( mbedtls_svc_key_id_make( 1, id ) ); + for( i = 0; i < num_key_ids_used; i++ ) + psa_destroy_persistent_key( key_ids_used_in_test[i] ); + num_key_ids_used = 0; /* Purge the transaction file. */ psa_crypto_stop_transaction( ); @@ -862,6 +886,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) uint8_t exported[sizeof( key_material )]; size_t exported_length; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -992,6 +1018,8 @@ void key_creation_in_chosen_slot( int slot_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1073,6 +1101,8 @@ void import_key_smoke( int type_arg, int alg_arg, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1145,6 +1175,8 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1184,6 +1216,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; @@ -1268,6 +1302,8 @@ void sign_verify( int flow, uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; size_t signature_length; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); memset( &key_management, 0, sizeof( key_management ) ); memset( &asymmetric, 0, sizeof( asymmetric ) ); @@ -1428,6 +1464,8 @@ void register_key_smoke_test( int lifetime_arg, psa_key_handle_t handle = 0; psa_status_t status; + TEST_USES_KEY_ID( id ); + memset( &driver, 0, sizeof( driver ) ); driver.hal_version = PSA_DRV_SE_HAL_VERSION; memset( &key_management, 0, sizeof( key_management ) ); From 81e005042e82e8c1194126b6c96772c5840629b9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 28 Jul 2020 15:06:14 +0200 Subject: [PATCH 113/488] tests: psa: Add owner identifier as test parameter To test the proper handling of owner identifier as of key identifiers, add owner identifier(s) to tests having key identifier(s) as test parameters. Just don't do it for tests related to tests invalid values of key identifiers as there is no owner identifier invalid values. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto.data | 2 +- tests/suites/test_suite_psa_crypto.function | 4 +- .../test_suite_psa_crypto_persistent_key.data | 10 ++--- ...t_suite_psa_crypto_persistent_key.function | 12 ++--- .../test_suite_psa_crypto_se_driver_hal.data | 16 +++---- ...st_suite_psa_crypto_se_driver_hal.function | 3 +- ...test_suite_psa_crypto_slot_management.data | 44 +++++++++---------- ..._suite_psa_crypto_slot_management.function | 23 +++++----- 8 files changed, 59 insertions(+), 55 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 723eebf0f..ae8c08159 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2,7 +2,7 @@ PSA compile-time sanity checks static_checks: PSA key attributes structure -attributes_set_get:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128 +attributes_set_get:0xffff1234:0x6963:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CCM:PSA_KEY_TYPE_AES:128 PSA key attributes: id only persistence_attributes:0x1234:0x5678:-1:-1:0:0x1234:0x5678:PSA_KEY_LIFETIME_PERSISTENT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3e3a7a268..7f199e22e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1325,12 +1325,12 @@ void static_checks( ) /* END_CASE */ /* BEGIN_CASE */ -void attributes_set_get( int id_arg, int lifetime_arg, +void attributes_set_get( int owner_id_arg, int id_arg, int lifetime_arg, int usage_flags_arg, int alg_arg, int type_arg, int bits_arg ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_key_lifetime_t lifetime = lifetime_arg; psa_key_usage_t usage_flags = usage_flags_arg; psa_algorithm_t alg = alg_arg; diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index e0fba02c8..f65e57e37 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -32,23 +32,23 @@ save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTE Persistent key destroy depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_destroy:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" +persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key destroy after restart depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_destroy:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" +persistent_key_destroy:17:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key import (RSA) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS +persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS Persistent key import with restart (RSA) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS +persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS Persistent key import garbage data, should fail depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C -persistent_key_import:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT +persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT import/export persistent raw key: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0 diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 5087034a4..9e2fbf6d3 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -139,11 +139,12 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void persistent_key_destroy( int key_id_arg, int restart, +void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, int first_type_arg, data_t *first_data, int second_type_arg, data_t *second_data ) { - mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, key_id_arg ); + mbedtls_svc_key_id_t key_id = + mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); psa_key_handle_t handle = 0; psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg; @@ -193,10 +194,11 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void persistent_key_import( int key_id_arg, int type_arg, data_t *data, - int restart, int expected_status ) +void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, + data_t *data, int restart, int expected_status ) { - mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, key_id_arg ); + mbedtls_svc_key_id_t key_id = + mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); psa_key_type_t type = (psa_key_type_t) type_arg; psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 32e2ecb06..e5eee58d9 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -130,28 +130,28 @@ Key generation smoke test: HMAC-SHA-256 generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 ) Key registration: smoke test -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:1:PSA_SUCCESS Key registration: invalid lifetime (volatile internal storage) -register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:7:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (internal storage) -register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:7:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (no registered driver) -register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):7:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: rejected -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:0:PSA_ERROR_NOT_PERMITTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:0:PSA_ERROR_NOT_PERMITTED Key registration: not supported -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:-1:PSA_ERROR_NOT_SUPPORTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:-1:PSA_ERROR_NOT_SUPPORTED Key registration: key id out of range -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT Key registration: key id in vendor range -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index cbc5cf788..1d213610f 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1448,6 +1448,7 @@ exit: /* BEGIN_CASE */ void register_key_smoke_test( int lifetime_arg, + int owner_id_arg, int id_arg, int validate, int expected_status_arg ) @@ -1458,7 +1459,7 @@ void register_key_smoke_test( int lifetime_arg, psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; psa_key_handle_t handle = 0; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 84caef916..3031266e6 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -14,61 +14,61 @@ Transient slot, check after restart with live handles transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN Persistent slot, check after closing, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE Persistent slot, check after closing and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE Persistent slot, check after destroying, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY Persistent slot, check after destroying and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY Persistent slot, check after restart with live handle, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN Persistent slot, check after closing, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:129:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE Persistent slot, check after destroying, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:130:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY Persistent slot, check after restart, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:131:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDSA, exportable), close depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:132:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE Persistent slot: ECP keypair (ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:133:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDSA, exportable), restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:134:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:135:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:136:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN Attempt to overwrite: close before -create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE +create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x1736:1:CLOSE_BEFORE Attempt to overwrite: close after -create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_AFTER +create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x7361:1:CLOSE_AFTER Attempt to overwrite: keep open -create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:KEEP_OPEN +create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x3617:1:KEEP_OPEN Open failure: invalid identifier (0) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -118,23 +118,23 @@ depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C create_fail:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_NOT_SUPPORTED Copy volatile to volatile -copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0x10:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0x10:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy volatile to persistent depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_VOLATILE:0x100:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x100:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy persistent to volatile depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x1000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_VOLATILE:0x1000:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy persistent to persistent depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10000:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 Copy persistent to persistent with enrollment algorithm depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC -copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x100000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:0x100000:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING Copy volatile to occupied depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index c9d4404e8..3c5af4724 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -173,13 +173,13 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ -void persistent_slot_lifecycle( int lifetime_arg, int id_arg, +void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, int usage_arg, int alg_arg, int alg2_arg, int type_arg, data_t *key_data, int close_method_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_algorithm_t alg = alg_arg; psa_algorithm_t alg2 = alg2_arg; psa_key_usage_t usage_flags = usage_arg; @@ -296,11 +296,11 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ -void create_existent( int lifetime_arg, int id_arg, +void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, int reopen_policy_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; - mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); + mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); psa_key_handle_t handle1 = 0, handle2 = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; @@ -414,19 +414,19 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, - int source_usage_arg, +void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, + int source_id_arg, int source_usage_arg, int source_alg_arg, int source_alg2_arg, int type_arg, data_t *material, - int target_lifetime_arg, int target_id_arg, - int target_usage_arg, + int target_lifetime_arg, int target_owner_id_arg, + int target_id_arg, int target_usage_arg, int target_alg_arg, int target_alg2_arg, int expected_usage_arg, int expected_alg_arg, int expected_alg2_arg ) { psa_key_lifetime_t source_lifetime = source_lifetime_arg; mbedtls_svc_key_id_t source_id = - mbedtls_svc_key_id_make( 1, source_id_arg ); + mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; psa_key_handle_t source_handle = 0; @@ -434,7 +434,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, psa_key_type_t source_type = type_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg; mbedtls_svc_key_id_t target_id = - mbedtls_svc_key_id_make( 1, target_id_arg ); + mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; psa_key_handle_t target_handle = 0; @@ -499,7 +499,8 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_id_arg, else { #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ), 1 ); + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ), + target_owner_id_arg ); #endif TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 ); } From f1c9a5594709df7b3297355c1ff1fb64742a5b9e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 29 Jul 2020 15:24:05 +0200 Subject: [PATCH 114/488] tests: psa: Add checks involving unknown key owner ids Add checks involving unknown key owner identifiers in tests related to SE and persistent keys. Signed-off-by: Ronald Cron --- ...est_suite_psa_crypto_se_driver_hal.function | 6 ++++++ .../test_suite_psa_crypto_slot_management.data | 4 ++++ ...t_suite_psa_crypto_slot_management.function | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 1d213610f..8584e5ed6 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1503,6 +1503,12 @@ void register_key_smoke_test( int lifetime_arg, goto exit; PSA_ASSERT( psa_close_key( handle ) ); +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_svc_key_id_t invalid_id = + mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); + TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); +#endif + /* Restart and try again. */ PSA_DONE( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 3031266e6..e16089d65 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -132,6 +132,10 @@ Copy persistent to persistent depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10000:2:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 +Copy persistent to persistent, same id but different owner +depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x10000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"4142434445":PSA_KEY_LIFETIME_PERSISTENT:0x10001:1:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_USAGE_EXPORT:0:0 + Copy persistent to persistent with enrollment algorithm depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC copy_across_lifetimes:PSA_KEY_LIFETIME_PERSISTENT:0x100000:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:0x100000:2:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 3c5af4724..fa3dd6e3a 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -191,6 +191,12 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, uint8_t *reexported = NULL; size_t reexported_length = -1; +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_svc_key_id_t wrong_owner_id = + mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); + psa_key_handle_t invalid_handle = 0; +#endif + TEST_USES_KEY_ID( id ); PSA_ASSERT( psa_crypto_init( ) ); @@ -205,6 +211,12 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); TEST_ASSERT( handle != 0 ); + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + PSA_ERROR_DOES_NOT_EXIST ); +#endif + PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_ASSERT( mbedtls_svc_key_id_equal( @@ -216,6 +228,12 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, /* Close the key and reopen it. */ PSA_ASSERT( psa_close_key( handle ) ); + +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + PSA_ERROR_DOES_NOT_EXIST ); +#endif + PSA_ASSERT( psa_open_key( id, &handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); From 79ca4274e1aa65c76dea14f863c6808712c3fd08 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 25 Aug 2020 09:53:53 +0200 Subject: [PATCH 115/488] psa: storage: Use key id macros to compute ITS file identifier Use macros instead of accessing directly the key identifier fields for coding consistency and ease maintenance. Signed-off-by: Ronald Cron --- library/psa_crypto_storage.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index e48bc282f..46d0b6518 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -67,8 +67,9 @@ static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key ) * owner values are nonzero (as they are on a PSA platform), * no key file will ever have a value less than 0x100000000, so * the whole range 0..0xffffffff is available for non-key files. */ - uint32_t unsigned_owner = (uint32_t) key.owner; - return( (uint64_t) unsigned_owner << 32 | key.key_id ); + uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ); + return( ( (uint64_t) unsigned_owner_id << 32 ) | + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) ); #else /* Use the key id directly as a file name. * psa_is_key_id_valid() in psa_crypto_slot_management.c From 0deccf1f3ee93843dae0c2a3d5e59311a8480af2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 2 Sep 2020 15:18:07 +0200 Subject: [PATCH 116/488] Initialize ret from test code The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test code. If there was a bug in library code whereby the library function mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have missed it if ret happened to contain the expected value. So initialize ret to a value that we never expect. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index e54aaffe6..2b2daf652 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -596,7 +596,7 @@ void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X, int size_Y, char * input_Y, int input_ret, int input_err ) { - unsigned ret; + unsigned ret = -1; unsigned input_uret = input_ret; mbedtls_mpi X, Y; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); From a70d588f741385a8287e6c84d400ddb7a4d96f54 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:26:18 +0200 Subject: [PATCH 117/488] Add initial test driver conforming to the new spec Also adjusted the different makefiles accordingly. Note: driver lifetime is currently statically defined in the header, but this will be replaced in the future based on autogeneration of lifetime values by a script (TBD) Signed-off-by: Steven Cooreman --- CMakeLists.txt | 2 +- programs/Makefile | 2 +- programs/fuzz/Makefile | 2 +- scripts/generate_visualc_files.pl | 3 + tests/Makefile | 9 +- tests/include/drivers/signature.h | 55 +++++++++ tests/include/drivers/test_driver.h | 29 +++++ tests/src/drivers/signature.c | 171 ++++++++++++++++++++++++++++ 8 files changed, 268 insertions(+), 5 deletions(-) create mode 100644 tests/include/drivers/signature.h create mode 100644 tests/include/drivers/test_driver.h create mode 100644 tests/src/drivers/signature.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 88332464b..5af4c8124 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -261,7 +261,7 @@ add_subdirectory(library) # to define the test executables. # if(ENABLE_TESTING OR ENABLE_PROGRAMS) - file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c) + file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include diff --git a/programs/Makefile b/programs/Makefile index f9c260867..dfe055569 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -8,7 +8,7 @@ WARNING_CXXFLAGS ?= -Wall -Wextra LDFLAGS ?= MBEDTLS_TEST_PATH:=../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 8196f3930..fa17918fa 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,5 +1,5 @@ MBEDTLS_TEST_PATH:=../../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) LOCAL_CFLAGS = -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 3d4baca41..469595518 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -39,6 +39,7 @@ my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; my $test_source_dir = 'tests/src'; my $test_header_dir = 'tests/include/test'; +my $test_drivers_header_dir = 'tests/include/drivers'; my @thirdparty_header_dirs = qw( 3rdparty/everest/include/everest @@ -116,6 +117,7 @@ sub check_dirs { && -d $source_dir && -d $test_source_dir && -d $test_header_dir + && -d $test_drivers_header_dir && -d $programs_dir; } @@ -262,6 +264,7 @@ sub main { $mbedtls_header_dir, $psa_header_dir, $test_header_dir, + $test_drivers_header_dir, $source_dir, @thirdparty_header_dirs, ); diff --git a/tests/Makefile b/tests/Makefile index ffa4812bd..511db9db5 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -80,7 +80,7 @@ all: $(BINARIES) $(MBEDLIBS): $(MAKE) -C ../library -MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) +MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c)) mbedtls_test: $(MBEDTLS_TEST_OBJS) @@ -89,6 +89,10 @@ src/%.o : src/%.c echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< +src/drivers/%.o : src/drivers/%.c + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< + C_FILES := $(addsuffix .c,$(APPS)) # Wildcard target for test code generation: @@ -130,12 +134,13 @@ $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mb clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax TESTS - rm -f src/*.o src/libmbed* + rm -f src/*.o src/drivers/*.o src/libmbed* else if exist *.c del /Q /F *.c if exist *.exe del /Q /F *.exe if exist *.datax del /Q /F *.datax if exist src/*.o del /Q /F src/*.o + if exist src/drivers/*.o del /Q /F src/drivers/*.o if exist src/libmbed* del /Q /F src/libmed* ifneq ($(wildcard TESTS/.*),) rmdir /Q /S TESTS diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h new file mode 100644 index 000000000..1607ba512 --- /dev/null +++ b/tests/include/drivers/signature.h @@ -0,0 +1,55 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_TEST_HOOKS) +#include + +extern void *test_driver_forced_output; +extern size_t test_driver_forced_output_length; + +extern psa_status_t test_transparent_signature_sign_hash_status; +extern unsigned long test_transparent_signature_sign_hash_hit; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h new file mode 100644 index 000000000..549467447 --- /dev/null +++ b/tests/include/drivers/test_driver.h @@ -0,0 +1,29 @@ +/* + * Umbrella include for all of the test driver functionality + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H + +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff + +#include "drivers/signature.h" + +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c new file mode 100644 index 000000000..0f006c70a --- /dev/null +++ b/tests/src/drivers/signature.c @@ -0,0 +1,171 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#include "psa/crypto.h" +#include "mbedtls/ecp.h" + +#include "drivers/signature.h" + +#include "mbedtls/md.h" +#include "mbedtls/ecdsa.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_forced_output = NULL; +size_t test_driver_forced_output_length = 0; + +psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_signature_sign_hash_hit = 0; + +psa_status_t test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + ++test_transparent_signature_sign_hash_hit; + + if( test_transparent_signature_sign_hash_status != PSA_SUCCESS ) + return( test_transparent_signature_sign_hash_status ); + + if( test_driver_forced_output != NULL ) + { + if( test_driver_forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( signature, test_driver_forced_output, + test_driver_forced_output_length ); + *signature_length = test_driver_forced_output_length; + return( PSA_SUCCESS ); + } + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + + /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ + mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; + if( signature_size < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, + hash, hash_length, md_alg ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, + signature + curve_bytes, + curve_bytes ) ); +cleanup: + /* There's no easy way to translate the error code except through a + * library function that's not exported. Use a debugger. */ + if( ret == 0 ) + status = PSA_SUCCESS; + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); + if( status == PSA_SUCCESS ) + *signature_length = 2 * curve_bytes; +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_size; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ From 0d59f7b092b5665391a7bead2ba2b015b654709d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:27:57 +0200 Subject: [PATCH 118/488] Add configuration flag `MBEDTLS_PSA_CRYPTO_DRIVERS` Signed-off-by: Steven Cooreman --- include/mbedtls/config.h | 11 +++++++++++ library/version_features.c | 3 +++ programs/test/query_config.c | 8 ++++++++ 3 files changed, 22 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1e6e05275..a2f408f2d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1329,6 +1329,17 @@ */ #define MBEDTLS_PKCS1_V21 +/** \def MBEDTLS_PSA_CRYPTO_DRIVERS + * + * Enable support for the experimental PSA crypto driver interface. + * + * Requires: MBEDTLS_PSA_CRYPTO_C. + * + * \warning This interface is experimental and may change or be removed + * without notice. + */ +//#define MBEDTLS_PSA_CRYPTO_DRIVERS + /** * \def MBEDTLS_PSA_CRYPTO_SPM * diff --git a/library/version_features.c b/library/version_features.c index d2840fa3c..051fb1953 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -435,6 +435,9 @@ static const char * const features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + "MBEDTLS_PSA_CRYPTO_DRIVERS", +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ #if defined(MBEDTLS_PSA_CRYPTO_SPM) "MBEDTLS_PSA_CRYPTO_SPM", #endif /* MBEDTLS_PSA_CRYPTO_SPM */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index f4c14d6cb..f64eb887b 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1216,6 +1216,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + if( strcmp( "MBEDTLS_PSA_CRYPTO_DRIVERS", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_DRIVERS ); + return( 0 ); + } +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ + #if defined(MBEDTLS_PSA_CRYPTO_SPM) if( strcmp( "MBEDTLS_PSA_CRYPTO_SPM", config ) == 0 ) { From cd84cb4903f77538d1bea8158041b0f70ca14f28 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:28:36 +0200 Subject: [PATCH 119/488] Add a handcrafted first version of the driver wrapper code Signed-off-by: Steven Cooreman --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/psa_crypto.c | 12 ++++ library/psa_crypto_driver_wrappers.c | 103 +++++++++++++++++++++++++++ library/psa_crypto_driver_wrappers.h | 40 +++++++++++ visualc/VS2010/mbedTLS.vcxproj | 5 ++ 6 files changed, 162 insertions(+) create mode 100644 library/psa_crypto_driver_wrappers.c create mode 100644 library/psa_crypto_driver_wrappers.h diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 33e2cfc85..91ac8bc7e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -61,6 +61,7 @@ set(src_crypto platform_util.c poly1305.c psa_crypto.c + psa_crypto_driver_wrappers.c psa_crypto_se.c psa_crypto_slot_management.c psa_crypto_storage.c diff --git a/library/Makefile b/library/Makefile index b76a84bdd..c7d4a0615 100644 --- a/library/Makefile +++ b/library/Makefile @@ -118,6 +118,7 @@ OBJS_CRYPTO= \ platform_util.o \ poly1305.o \ psa_crypto.o \ + psa_crypto_driver_wrappers.o \ psa_crypto_se.o \ psa_crypto_slot_management.o \ psa_crypto_storage.o \ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bffddc995..af8a7a973 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -27,6 +27,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_invasive.h" +#include "psa_crypto_driver_wrappers.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) #include "psa_crypto_se.h" #endif @@ -3659,6 +3660,17 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, goto exit; } + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_sign_hash( slot, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + goto exit; + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c new file mode 100644 index 000000000..9ace0cb28 --- /dev/null +++ b/library/psa_crypto_driver_wrappers.c @@ -0,0 +1,103 @@ +/* + * Functions to delegate cryptographic operations to an available + * and appropriate accelerator. + * Warning: auto-generated file. + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include "psa_crypto_core.h" +#include "psa_crypto_driver_wrappers.h" + +/* Include test driver definition when running tests */ +#if defined(MBEDTLS_TEST_HOOKS) +#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#include "drivers/test_driver.h" +#endif + +/* Include driver definition file for each registered driver */ + +/* Start delegation functions */ +psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(MBEDTLS_TEST_HOOKS) + status = test_transparent_signature_sign_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; +#endif /* MBEDTLS_TEST_HOOKS */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(MBEDTLS_TEST_HOOKS) + case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_signature_sign_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ) ); +#endif /* MBEDTLS_TEST_HOOKS */ + default: + /* Key is declared with a lifetime not known to us */ + return status; + } +#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +} + +/* End of automatically generated file. */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h new file mode 100644 index 000000000..8fbf034c6 --- /dev/null +++ b/library/psa_crypto_driver_wrappers.h @@ -0,0 +1,40 @@ +/* + * Function signatures for functionality that can be provided by + * cryptographic accelerators. + * Warning: auto-generated file. + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H +#define PSA_CRYPTO_DRIVER_WRAPPERS_H + +#include "psa/crypto.h" +#include "psa/crypto_driver_common.h" + +psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ + +/* End of automatically generated file. */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 578289f17..8371edaf2 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -238,8 +238,12 @@ + + + + @@ -307,6 +311,7 @@ + From d57203d9555757a5020bfc18b3d77676750fb000 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 16 Jul 2020 20:28:59 +0200 Subject: [PATCH 120/488] Add driver tests and run them through all.sh Signed-off-by: Steven Cooreman --- tests/scripts/all.sh | 11 ++ ...test_suite_psa_crypto_driver_wrappers.data | 11 ++ ..._suite_psa_crypto_driver_wrappers.function | 104 ++++++++++++++++++ 3 files changed, 126 insertions(+) create mode 100644 tests/suites/test_suite_psa_crypto_driver_wrappers.data create mode 100644 tests/suites/test_suite_psa_crypto_driver_wrappers.function diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4fafe0208..983e12124 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1656,6 +1656,17 @@ component_test_se_default () { make test } +component_test_psa_crypto_drivers () { + msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_TEST_HOOKS + # Need to include the test driver header path in order to build + make CC=gcc CFLAGS="$ASAN_CFLAGS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" + make test +} + component_test_make_shared () { msg "build/test: make shared" # ~ 40s make SHARED=1 all check diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data new file mode 100644 index 000000000..fd20b1872 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -0,0 +1,11 @@ +sign_hash through transparent driver: calculate in driver +ecdsa_sign:PSA_SUCCESS:0:PSA_SUCCESS + +sign_hash through transparent driver: fallback +ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS + +sign_hash through transparent driver: error +ecdsa_sign:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR + +sign_hash through transparent driver: fake +ecdsa_sign:PSA_SUCCESS:1:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function new file mode 100644 index 000000000..8c6338c0c --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -0,0 +1,104 @@ +/* BEGIN_HEADER */ +#include "test/psa_crypto_helpers.h" + +#include "drivers/test_driver.h" + +uint8_t test_secp256r1_key_data[32] = { + 0xab, 0x45, 0x43, 0x57, 0x12, 0x64, 0x9c, 0xb3, + 0x0b, 0xbd, 0xda, 0xc4, 0x91, 0x97, 0xee, 0xbf, + 0x27, 0x40, 0xff, 0xc7, 0xf8, 0x74, 0xd9, 0x24, + 0x4c, 0x34, 0x60, 0xf5, 0x4f, 0x32, 0x2d, 0x3a, +}; +uint8_t test_hash_32[32] = { + 0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, + 0x14, 0x39, 0x24, 0x85, 0x04, 0xdd, 0x0d, 0x49, + 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, + 0xc6, 0x85, 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b, +}; +uint8_t test_signature_hash_32_with_secp256r1[64] = { + 0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, + 0x49, 0x03, 0x77, 0xad, 0xf2, 0xea, 0x1f, 0x11, + 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, + 0x18, 0xd5, 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, + 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e, 0x25, + 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, + 0x3c, 0x24, 0x12, 0x53, 0x4b, 0xb4, 0xa1, 0x9b, + 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f, +}; + +uint8_t test_fake_output[] = "INJECTED OUTPUT"; + +typedef enum +{ + EXPECT_FAILURE, + EXPECT_CORRECT_OUTPUT, + EXPECT_FAKE_OUTPUT, +} expected_output_t; + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_TEST_HOOKS + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_sign( int force_status_arg, + int fake_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + uint8_t signature[64]; + size_t signature_length = 0xdeadbeef; + const uint8_t *expected_output; + size_t expected_output_length; + psa_status_t actual_status; + + PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + &handle ); + + test_transparent_signature_sign_hash_hit = 0; + test_transparent_signature_sign_hash_status = force_status; + if( fake_output ) + { + expected_output = test_driver_forced_output = test_fake_output; + expected_output_length = test_driver_forced_output_length = + sizeof( test_fake_output ); + } + else + { + expected_output = test_signature_hash_32_with_secp256r1; + expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + } + + actual_status = psa_sign_hash( handle, alg, + test_hash_32, sizeof( test_hash_32 ), + signature, sizeof( signature ), + &signature_length ); + TEST_EQUAL( actual_status, expected_status ); + if( expected_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( signature, signature_length, + expected_output, expected_output_length ); + } + TEST_EQUAL( test_transparent_signature_sign_hash_hit, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; + test_driver_forced_output = NULL; + test_driver_forced_output_length = 0; +} +/* END_CASE */ From 7a2505788c61ebe30b38a0e62ae8a5a3e20f6659 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 17 Jul 2020 16:43:05 +0200 Subject: [PATCH 121/488] Move handling of 'SE' drivers into driver wrappers This is a more natural place for handling the drivers belonging to the 'previous' SE driver spec. It makes for a cleaner psa_crypto.c, and potentially an easier overview of how to migrate from the old SE driver interface to the 'opaque accelerator' interface. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 23 +----------------- library/psa_crypto_driver_wrappers.c | 35 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index af8a7a973..460b9df6c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3638,10 +3638,6 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, { psa_key_slot_t *slot; psa_status_t status; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ *signature_length = signature_size; /* Immediately reject a zero-length signature buffer. This guarantees @@ -3671,24 +3667,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, if( status != PSA_ERROR_NOT_SUPPORTED ) goto exit; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_sign == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = drv->asymmetric->p_sign( drv_context, - slot->data.se.slot_number, - alg, - hash, hash_length, - signature, signature_size, - signature_length ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + /* If the operation was not supported by any accelerator, try fallback. */ #if defined(MBEDTLS_RSA_C) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 9ace0cb28..06f33699d 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -28,9 +28,17 @@ #if defined(MBEDTLS_TEST_HOOKS) #undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#include "psa_crypto_se.h" +#endif + /* Include driver definition file for each registered driver */ /* Start delegation functions */ @@ -43,6 +51,30 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, size_t *signature_length ) { #if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_sign == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return PSA_ERROR_INVALID_ARGUMENT; + } + return( drv->asymmetric->p_sign( drv_context, + slot->data.se.slot_number, + alg, + hash, hash_length, + signature, signature_size, + signature_length ) ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { @@ -87,6 +119,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Key is declared with a lifetime not known to us */ return status; } +#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; From 55ae2176ab9943a654c3789600d52ba598159667 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 17 Jul 2020 19:46:15 +0200 Subject: [PATCH 122/488] Add and splice in signature verification through driver Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 28 ++-- library/psa_crypto_driver_wrappers.c | 97 +++++++++++++ library/psa_crypto_driver_wrappers.h | 10 ++ tests/include/drivers/signature.h | 17 +++ tests/scripts/all.sh | 2 +- tests/src/drivers/signature.c | 130 ++++++++++++++++++ ...test_suite_psa_crypto_driver_wrappers.data | 18 +++ ..._suite_psa_crypto_driver_wrappers.function | 69 ++++++++++ 8 files changed, 352 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 460b9df6c..edef287c1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3754,29 +3754,21 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, { psa_key_slot_t *slot; psa_status_t status; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg ); if( status != PSA_SUCCESS ) return( status ); -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_verify == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - return( drv->asymmetric->p_verify( drv_context, - slot->data.se.slot_number, - alg, - hash, hash_length, - signature, signature_length ) ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_verify_hash( slot, + alg, + hash, + hash_length, + signature, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; + #if defined(MBEDTLS_RSA_C) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 06f33699d..09a7ccd32 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -135,4 +135,101 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, #endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ } +psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) +{ +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_verify == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return PSA_ERROR_INVALID_ARGUMENT; + } + return( drv->asymmetric->p_verify( drv_context, + slot->data.se.slot_number, + alg, + hash, hash_length, + signature, signature_length ) ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(MBEDTLS_TEST_HOOKS) + status = test_transparent_signature_verify_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; +#endif /* MBEDTLS_TEST_HOOKS */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(MBEDTLS_TEST_HOOKS) + case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_signature_verify_hash( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + hash, + hash_length, + signature, + signature_length ) ); +#endif /* MBEDTLS_TEST_HOOKS */ + default: + /* Key is declared with a lifetime not known to us */ + return status; + } +#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, + psa_key_slot_t *slot ) +{ + (void) attributes; + (void) slot; + + return PSA_ERROR_NOT_SUPPORTED; +} + /* End of automatically generated file. */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 8fbf034c6..6ab2d9019 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -35,6 +35,16 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, size_t signature_size, size_t *signature_length ); +psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ); + +psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, + psa_key_slot_t *slot ); + #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ /* End of automatically generated file. */ diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 1607ba512..232ed4147 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -37,6 +37,9 @@ extern size_t test_driver_forced_output_length; extern psa_status_t test_transparent_signature_sign_hash_status; extern unsigned long test_transparent_signature_sign_hash_hit; +extern psa_status_t test_transparent_signature_verify_hash_status; +extern unsigned long test_transparent_signature_verify_hash_hit; + psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -51,5 +54,19 @@ psa_status_t test_opaque_signature_sign_hash( const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ); +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 983e12124..a3f67bef8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1657,7 +1657,7 @@ component_test_se_default () { } component_test_psa_crypto_drivers () { - msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" + msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_TEST_HOOKS # Need to include the test driver header path in order to build diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 0f006c70a..32ebbfdff 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -34,6 +34,8 @@ #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" +#include "test/random.h" + #include /* If non-null, on success, copy this to the output. */ @@ -43,6 +45,9 @@ size_t test_driver_forced_output_length = 0; psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; unsigned long test_transparent_signature_sign_hash_hit = 0; +psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_signature_verify_hash_hit = 0; + psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -168,4 +173,129 @@ psa_status_t test_opaque_signature_sign_hash( return( PSA_ERROR_NOT_SUPPORTED ); } +psa_status_t test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + ++test_transparent_signature_verify_hash_hit; + + if( test_transparent_signature_verify_hash_status != PSA_SUCCESS ) + return( test_transparent_signature_verify_hash_status ); + + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) + if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_ecp_group_id grp_id; + switch( psa_get_key_type( attributes ) ) + { + case PSA_ECC_CURVE_SECP_R1: + switch( psa_get_key_bits( attributes ) ) + { + case 256: + grp_id = MBEDTLS_ECP_DP_SECP256R1; + break; + case 384: + grp_id = MBEDTLS_ECP_DP_SECP384R1; + break; + case 521: + grp_id = MBEDTLS_ECP_DP_SECP521R1; + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + break; + default: + return( PSA_ERROR_NOT_SUPPORTED ); + } + + /* Beyond this point, the driver is actually doing the work of + * calculating the signature. */ + + status = PSA_ERROR_GENERIC_ERROR; + int ret = 0; + mbedtls_mpi r, s; + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init( &ecp ); + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); + + MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + + /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ + if( signature_length < 2 * curve_bytes ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, + signature + curve_bytes, + curve_bytes ) ); + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) + MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + key, key_length ) ); + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); + MBEDTLS_MPI_CHK( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + } + + MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, + &ecp.Q, &r, &s ) ); +cleanup: + /* There's no easy way to translate the error code except through a + * library function that's not exported. Use a debugger. */ + if( ret == 0 ) + status = PSA_SUCCESS; + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( &ecp ); +#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; +#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ + defined(MBEDTLS_SHA256_C) */ + + return( status ); +} + +psa_status_t test_opaque_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index fd20b1872..2d2c5c4b4 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -9,3 +9,21 @@ ecdsa_sign:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR sign_hash through transparent driver: fake ecdsa_sign:PSA_SUCCESS:1:PSA_SUCCESS + +verify_hash using private key through transparent driver: calculate in driver +ecdsa_verify:PSA_SUCCESS:0:PSA_SUCCESS + +verify_hash using private key through transparent driver: fallback +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS + +verify_hash using private key through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR + +verify_hash using public key through transparent driver: calculate in driver +ecdsa_verify:PSA_SUCCESS:1:PSA_SUCCESS + +verify_hash using public key through transparent driver: fallback +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:PSA_SUCCESS + +verify_hash through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:PSA_ERROR_GENERIC_ERROR diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 8c6338c0c..a954446ed 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -25,6 +25,17 @@ uint8_t test_signature_hash_32_with_secp256r1[64] = { 0x3c, 0x24, 0x12, 0x53, 0x4b, 0xb4, 0xa1, 0x9b, 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f, }; +uint8_t test_secp256r1_public_key_data[65] = { + 0x04, + 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, + 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, + 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, + 0x4a, 0x57, 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, + 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, + 0x8b, 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, + 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98, 0xa1, + 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20 +}; uint8_t test_fake_output[] = "INJECTED OUTPUT"; @@ -102,3 +113,61 @@ exit: test_driver_forced_output_length = 0; } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_verify( int force_status_arg, + int register_public_key, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + const uint8_t *expected_output; + size_t expected_output_length; + psa_status_t actual_status; + + PSA_ASSERT( psa_crypto_init( ) ); + if( register_public_key ) + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + test_secp256r1_public_key_data, sizeof( test_secp256r1_public_key_data ), + &handle ); + } + else + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + &handle ); + } + + test_transparent_signature_verify_hash_hit = 0; + test_transparent_signature_verify_hash_status = force_status; + + expected_output = test_signature_hash_32_with_secp256r1; + expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + + actual_status = psa_verify_hash( handle, alg, + test_hash_32, sizeof( test_hash_32 ), + expected_output, expected_output_length ); + TEST_EQUAL( actual_status, expected_status ); + TEST_EQUAL( test_transparent_signature_verify_hash_hit, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; + test_driver_forced_output = NULL; + test_driver_forced_output_length = 0; +} +/* END_CASE */ From 0116416e61329a6d01493430c77e8a5ee70cf046 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 20 Jul 2020 15:31:37 +0200 Subject: [PATCH 123/488] Expose mbedtls_error_to_psa_status for use in test drivers Signed-off-by: Steven Cooreman --- include/psa/crypto_extra.h | 11 +++++++++++ library/psa_crypto.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f0c7979a8..2ac2c5bf1 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -645,6 +645,17 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ); #endif /* MBEDTLS_ECP_C */ +/** Convert an mbed TLS error code to a PSA error code + * + * \note This function is provided solely for the convenience of + * Mbed TLS and may be removed at any time without notice. + * + * \param ret An mbed TLS-thrown error code + * + * \return The corresponding PSA error code + */ +psa_status_t mbedtls_to_psa_error( int ret ); + /**@}*/ #ifdef __cplusplus diff --git a/library/psa_crypto.c b/library/psa_crypto.c index edef287c1..7da2ff678 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -125,7 +125,7 @@ static psa_global_data_t global_data; if( global_data.initialized == 0 ) \ return( PSA_ERROR_BAD_STATE ); -static psa_status_t mbedtls_to_psa_error( int ret ) +psa_status_t mbedtls_to_psa_error( int ret ) { /* If there's both a high-level code and low-level code, dispatch on * the high-level code. */ From 2a1664cb49bc5527ae2fdc75358c437f07f77908 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 20 Jul 2020 15:33:08 +0200 Subject: [PATCH 124/488] Add & splice in test driver for ECC keygen Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 32 ++-- library/psa_crypto_driver_wrappers.c | 151 +++++++++++++++++- tests/include/drivers/keygen.h | 49 ++++++ tests/include/drivers/test_driver.h | 1 + tests/src/drivers/keygen.c | 129 +++++++++++++++ ...test_suite_psa_crypto_driver_wrappers.data | 12 ++ ..._suite_psa_crypto_driver_wrappers.function | 70 ++++++++ 7 files changed, 418 insertions(+), 26 deletions(-) create mode 100644 tests/include/drivers/keygen.h create mode 100644 tests/src/drivers/keygen.c diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7da2ff678..03326f70b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5987,29 +5987,15 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) - { - const psa_drv_se_t *drv = psa_get_se_driver_methods( driver ); - size_t pubkey_length = 0; /* We don't support this feature yet */ - if( drv->key_management == NULL || - drv->key_management->p_generate == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = drv->key_management->p_generate( - psa_get_se_driver_context( driver ), - slot->data.se.slot_number, attributes, - NULL, 0, &pubkey_length ); - } - else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - { - status = psa_generate_key_internal( - slot, attributes->core.bits, - attributes->domain_parameters, attributes->domain_parameters_size ); - } + status = psa_driver_wrapper_generate_key( attributes, + slot ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( attributes->core.lifetime ) ) + goto exit; + + status = psa_generate_key_internal( + slot, attributes->core.bits, + attributes->domain_parameters, attributes->domain_parameters_size ); exit: if( status == PSA_SUCCESS ) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 09a7ccd32..0f6cfe911 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -23,6 +23,9 @@ #include "psa_crypto_core.h" #include "psa_crypto_driver_wrappers.h" +#include "mbedtls/platform.h" + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Include test driver definition when running tests */ #if defined(MBEDTLS_TEST_HOOKS) @@ -31,16 +34,18 @@ #undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" -#endif +#endif /* MBEDTLS_TEST_HOOKS */ +/* Include driver definition file for each registered driver here */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ + +/* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) #undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #include "psa_crypto_se.h" #endif -/* Include driver definition file for each registered driver */ - /* Start delegation functions */ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, psa_algorithm_t alg, @@ -223,13 +228,153 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, #endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ } +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes, + size_t *expected_size ) +{ + if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE ) + { + if( PSA_KEY_TYPE_IS_UNSTRUCTURED( attributes->core.type ) ) + { + *expected_size = PSA_BITS_TO_BYTES( attributes->core.bits ); + return PSA_SUCCESS; + } + + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { + if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + { + *expected_size = PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + else + { + *expected_size = PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + } + + if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) + { + if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + { + *expected_size = PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + else + { + *expected_size = PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); + return PSA_SUCCESS; + } + } + + return PSA_ERROR_NOT_SUPPORTED; + } + else + { + /* TBD: opaque driver support, need to calculate size through driver-defined size function */ + return PSA_ERROR_NOT_SUPPORTED; + } +} +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ + psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ) { +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + { + size_t pubkey_length = 0; /* We don't support this feature yet */ + if( drv->key_management == NULL || + drv->key_management->p_generate == NULL ) + { + /* Key is defined as being in SE, but we have no way to generate it */ + return PSA_ERROR_NOT_SUPPORTED; + } + return( drv->key_management->p_generate( + drv_context, + slot->data.se.slot_number, attributes, + NULL, 0, &pubkey_length ) ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + + /* Then try accelerator API */ +#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + size_t export_size = 0; + + status = get_expected_key_size( attributes, &export_size ); + if( status != PSA_SUCCESS ) + return status; + + slot->data.key.data = mbedtls_calloc(1, export_size); + if( slot->data.key.data == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + slot->data.key.bytes = export_size; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + + /* Transparent drivers are limited to generating asymmetric keys */ + if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) ) + { + status = PSA_ERROR_NOT_SUPPORTED; + break; + } +#if defined(MBEDTLS_TEST_HOOKS) + status = test_transparent_generate_key( attributes, + slot->data.key.data, + slot->data.key.bytes, + &slot->data.key.bytes ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + break; +#endif /* MBEDTLS_TEST_HOOKS */ + /* Fell through, meaning no accelerator supports this operation */ + status = PSA_ERROR_NOT_SUPPORTED; + break; + /* Add cases for opaque driver here */ +#if defined(MBEDTLS_TEST_HOOKS) + case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: + status = test_opaque_generate_key( attributes, + slot->data.key.data, + slot->data.key.bytes, + &slot->data.key.bytes ); + break; +#endif /* MBEDTLS_TEST_HOOKS */ + default: + /* Key is declared with a lifetime not known to us */ + status = PSA_ERROR_INVALID_ARGUMENT; + break; + } + + if( status != PSA_SUCCESS ) + { + /* free allocated buffer */ + mbedtls_free( slot->data.key.data ); + slot->data.key.data = NULL; + slot->data.key.bytes = 0; + } + + return( status ); +#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ (void) attributes; (void) slot; return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ } /* End of automatically generated file. */ diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h new file mode 100644 index 000000000..436df3441 --- /dev/null +++ b/tests/include/drivers/keygen.h @@ -0,0 +1,49 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_TEST_HOOKS) +#include + +extern void *test_driver_keygen_forced_output; +extern size_t test_driver_keygen_forced_output_length; + +extern psa_status_t test_transparent_keygen_status; +extern unsigned long test_transparent_keygen_hit; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ); + +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h index 549467447..fec305fae 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/drivers/test_driver.h @@ -25,5 +25,6 @@ #define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "drivers/signature.h" +#include "drivers/keygen.h" #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c new file mode 100644 index 000000000..4c830c35e --- /dev/null +++ b/tests/src/drivers/keygen.c @@ -0,0 +1,129 @@ +/* + * Test driver for signature functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#include "psa/crypto.h" +#include "mbedtls/ecp.h" +#include "mbedtls/error.h" + +#include "drivers/keygen.h" + +#include "test/random.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_keygen_forced_output = NULL; +size_t test_driver_keygen_forced_output_length = 0; + +psa_status_t test_transparent_keygen_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_keygen_hit = 0; + +psa_status_t test_transparent_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ + ++test_transparent_keygen_hit; + + if( test_transparent_keygen_status != PSA_SUCCESS ) + return( test_transparent_keygen_status ); + + if( test_driver_keygen_forced_output != NULL ) + { + if( test_driver_keygen_forced_output_length > key_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( key, test_driver_keygen_forced_output, + test_driver_keygen_forced_output_length ); + *key_length = test_driver_keygen_forced_output_length; + return( PSA_SUCCESS ); + } + + /* Copied from psa_crypto.c */ +#if defined(MBEDTLS_ECP_C) + if ( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + { + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ); + mbedtls_ecp_group_id grp_id = + mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( attributes->core.bits ) ); + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( curve_info->bit_size != attributes->core.bits ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_ecp_keypair_init( &ecp ); + ret = mbedtls_ecp_gen_key( grp_id, &ecp, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ); + if( ret != 0 ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( mbedtls_to_psa_error( ret ) ); + } + + /* Make sure to use export representation */ + size_t bytes = PSA_BITS_TO_BYTES( attributes->core.bits ); + if( key_size < bytes ) + { + mbedtls_ecp_keypair_free( &ecp ); + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + psa_status_t status = mbedtls_to_psa_error( + mbedtls_mpi_write_binary( &ecp.d, key, bytes ) ); + + if( status == PSA_SUCCESS ) + { + *key_length = bytes; + } + + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } + else +#endif /* MBEDTLS_ECP_C */ + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length ) +{ + (void) attributes; + (void) key; + (void) key_size; + (void) key_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 2d2c5c4b4..ddf283ff3 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -27,3 +27,15 @@ ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:PSA_SUCCESS verify_hash through transparent driver: error ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:PSA_ERROR_GENERIC_ERROR + +generate_key through transparent driver: fake +generate_key:PSA_SUCCESS:1:PSA_SUCCESS + +generate_key through transparent driver: in-driver +generate_key:PSA_SUCCESS:0:PSA_SUCCESS + +generate_key through transparent driver: fallback +generate_key:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS + +generate_key through transparent driver: error +generate_key:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a954446ed..9bb794385 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -171,3 +171,73 @@ exit: test_driver_forced_output_length = 0; } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void generate_key( int force_status_arg, + int fake_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); + const uint8_t *expected_output; + size_t expected_output_length; + psa_status_t actual_status; + uint8_t actual_output[sizeof(test_secp256r1_key_data)] = {0}; + size_t actual_output_length; + + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_bits( &attributes, 256 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT ); + psa_set_key_algorithm( &attributes, alg ); + + if( fake_output ) + { + expected_output = test_driver_keygen_forced_output = test_secp256r1_key_data; + expected_output_length = test_driver_keygen_forced_output_length = + sizeof( test_secp256r1_key_data ); + } + + test_transparent_keygen_hit = 0; + test_transparent_keygen_status = force_status; + + PSA_ASSERT( psa_crypto_init( ) ); + + actual_status = psa_generate_key( &attributes, &handle ); + fprintf(stdout, "rteturn %d\n", actual_status); + + TEST_EQUAL( test_transparent_keygen_hit, 1 ); + TEST_EQUAL( actual_status, expected_status ); + + if( actual_status == PSA_SUCCESS ) + { + psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + + if( fake_output ) + { + ASSERT_COMPARE( actual_output, actual_output_length, + expected_output, expected_output_length ); + } + else + { + size_t zeroes = 0; + for( size_t i = 0; i < sizeof(actual_output); i++ ) + { + if( actual_output[i] == 0) + zeroes++; + } + TEST_ASSERT( zeroes != sizeof(actual_output) ); + } + } +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; + test_driver_keygen_forced_output = NULL; + test_driver_keygen_forced_output_length = 0; +} +/* END_CASE */ From 7922396c256e30174816812cf3946ca2cb3bb248 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 20 Jul 2020 16:55:54 +0200 Subject: [PATCH 125/488] Added changelog Signed-off-by: Steven Cooreman --- ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt diff --git a/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt b/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt new file mode 100644 index 000000000..fe4389992 --- /dev/null +++ b/ChangeLog.d/add_sign_verify_keygen_transparent_driver.txt @@ -0,0 +1,4 @@ +Features + * Partial implementation of the new PSA Crypto accelerator APIs for + enabling key generation and asymmetric signing/verification through crypto + accelerators. Contributed by Steven Cooreman in #3501. From 1cd39d52298b953d59cc791a07240d44f0522a21 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 23 Jul 2020 16:26:08 +0200 Subject: [PATCH 126/488] Use own define for building with test drivers Trying to compile in the PSA accelerator test driver under MBEDTLS_TEST_HOOKS turned out to be awkward regarding existing builds. We'll put it under a custom (not in config.h) define instead, since it's something that only should happen in test. Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 28 +++++++++---------- tests/include/drivers/keygen.h | 4 +-- tests/include/drivers/signature.h | 4 +-- tests/scripts/all.sh | 5 ++-- tests/src/drivers/keygen.c | 4 +-- tests/src/drivers/signature.c | 4 +-- ..._suite_psa_crypto_driver_wrappers.function | 2 +- 7 files changed, 25 insertions(+), 26 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 0f6cfe911..dc84f3ba8 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -28,13 +28,13 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Include test driver definition when running tests */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT #undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Include driver definition file for each registered driver here */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ @@ -91,7 +91,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_sign_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -104,11 +104,11 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_sign_hash( &attributes, slot->data.key.data, @@ -119,7 +119,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature, signature_size, signature_length ) ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; @@ -182,7 +182,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_verify_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -194,11 +194,11 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_verify_hash( &attributes, slot->data.key.data, @@ -208,7 +208,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, hash_length, signature, signature_length ) ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; @@ -330,7 +330,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib status = PSA_ERROR_NOT_SUPPORTED; break; } -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) status = test_transparent_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, @@ -338,19 +338,19 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) break; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ status = PSA_ERROR_NOT_SUPPORTED; break; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: status = test_opaque_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, &slot->data.key.bytes ); break; -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ status = PSA_ERROR_INVALID_ARGUMENT; diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index 436df3441..7e6ed2756 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_keygen_forced_output; @@ -45,5 +45,5 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 232ed4147..ec4f66341 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_forced_output; @@ -68,5 +68,5 @@ psa_status_t test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a3f67bef8..540179b50 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1659,9 +1659,8 @@ component_test_se_default () { component_test_psa_crypto_drivers () { msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_TEST_HOOKS - # Need to include the test driver header path in order to build - make CC=gcc CFLAGS="$ASAN_CFLAGS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" make test diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 4c830c35e..c883e006e 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -126,4 +126,4 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 32ebbfdff..114007a7b 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" @@ -298,4 +298,4 @@ psa_status_t test_opaque_signature_verify_hash( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 9bb794385..f8ea80d47 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -49,7 +49,7 @@ typedef enum /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_TEST_HOOKS + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVER_TEST * END_DEPENDENCIES */ From f1720ea93098f7e5bd261e618720e6e953cbda92 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 24 Jul 2020 18:41:58 +0200 Subject: [PATCH 127/488] Fix macro naming to match inhouse style Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 90 ++++++++++++++-------------- tests/include/drivers/keygen.h | 10 ++-- tests/include/drivers/signature.h | 10 ++-- tests/include/drivers/test_driver.h | 8 +-- tests/scripts/all.sh | 2 +- tests/src/drivers/keygen.c | 4 +- tests/src/drivers/signature.c | 4 +- 7 files changed, 64 insertions(+), 64 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index dc84f3ba8..597f14251 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -28,21 +28,21 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Include test driver definition when running tests */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) -#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT -#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT -#undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT -#define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#if defined(PSA_CRYPTO_DRIVER_TEST) +#undef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#undef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #include "drivers/test_driver.h" -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Include driver definition file for each registered driver here */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT -#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT +#undef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT #include "psa_crypto_se.h" #endif @@ -55,7 +55,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, size_t signature_size, size_t *signature_length ) { -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -76,10 +76,10 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature, signature_size, signature_length ) ); } -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +#endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { @@ -91,7 +91,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_sign_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -104,12 +104,12 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_sign_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -119,15 +119,15 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature, signature_size, signature_length ) ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; } -#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)hash; @@ -137,7 +137,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, (void)signature_length; return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, @@ -147,7 +147,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, const uint8_t *signature, size_t signature_length ) { -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -167,10 +167,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, hash, hash_length, signature, signature_length ) ); } -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +#endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { @@ -182,7 +182,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_verify_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -194,12 +194,12 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return status; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return PSA_ERROR_NOT_SUPPORTED; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_verify_hash( &attributes, slot->data.key.data, slot->data.key.bytes, @@ -208,15 +208,15 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, hash_length, signature, signature_length ) ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ return status; } -#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)hash; @@ -225,10 +225,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, (void)signature_length; return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes, size_t *expected_size ) { @@ -276,12 +276,12 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute return PSA_ERROR_NOT_SUPPORTED; } } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ) { -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -304,7 +304,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ /* Then try accelerator API */ -#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); size_t export_size = 0; @@ -330,7 +330,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib status = PSA_ERROR_NOT_SUPPORTED; break; } -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, @@ -338,19 +338,19 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) break; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ status = PSA_ERROR_NOT_SUPPORTED; break; /* Add cases for opaque driver here */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME: +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: status = test_opaque_generate_key( attributes, slot->data.key.data, slot->data.key.bytes, &slot->data.key.bytes ); break; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ status = PSA_ERROR_INVALID_ARGUMENT; @@ -366,15 +366,15 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib } return( status ); -#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) attributes; (void) slot; return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } /* End of automatically generated file. */ diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index 7e6ed2756..e671df116 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -19,8 +19,8 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#define PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_keygen_forced_output; @@ -45,5 +45,5 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index ec4f66341..90b787994 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -19,8 +19,8 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -28,7 +28,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(PSA_CRYPTO_DRIVER_TEST) #include extern void *test_driver_forced_output; @@ -68,5 +68,5 @@ psa_status_t test_opaque_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ); -#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */ diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h index fec305fae..d123f105a 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/drivers/test_driver.h @@ -19,12 +19,12 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H +#ifndef PSA_CRYPTO_TEST_DRIVER_H +#define PSA_CRYPTO_TEST_DRIVER_H -#define MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff +#define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "drivers/signature.h" #include "drivers/keygen.h" -#endif /* MBEDTLS_PSA_CRYPTO_TEST_DRIVER_H */ +#endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 540179b50..596e1a96a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1660,7 +1660,7 @@ component_test_psa_crypto_drivers () { msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" make test diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index c883e006e..1f96fc813 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -126,4 +126,4 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 114007a7b..e1cd988b7 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_PSA_CRYPTO_DRIVER_TEST) +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "mbedtls/ecp.h" @@ -298,4 +298,4 @@ psa_status_t test_opaque_signature_verify_hash( return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_PSA_CRYPTO_DRIVER_TEST */ +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 2c7b2f86971536818ddbf87158ea03af7e24c264 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 2 Sep 2020 13:43:46 +0200 Subject: [PATCH 128/488] Apply changes from #3546 to newly introduced files Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 4 +--- library/psa_crypto_driver_wrappers.h | 4 +--- tests/include/drivers/keygen.h | 4 +--- tests/include/drivers/signature.h | 4 +--- tests/include/drivers/test_driver.h | 4 +--- tests/src/drivers/keygen.c | 4 +--- tests/src/drivers/signature.c | 4 +--- 7 files changed, 7 insertions(+), 21 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 597f14251..5fa7966d9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -3,7 +3,7 @@ * and appropriate accelerator. * Warning: auto-generated file. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -17,8 +17,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #include "psa_crypto_core.h" diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 6ab2d9019..f0b5db09f 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -3,7 +3,7 @@ * cryptographic accelerators. * Warning: auto-generated file. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -17,8 +17,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index e671df116..f0eb56915 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 90b787994..900f0c8bb 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/tests/include/drivers/test_driver.h b/tests/include/drivers/test_driver.h index d123f105a..98dded8d2 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/drivers/test_driver.h @@ -1,7 +1,7 @@ /* * Umbrella include for all of the test driver functionality */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 1f96fc813..7f14b20ef 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index e1cd988b7..62ba4072a 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -1,7 +1,7 @@ /* * Test driver for signature functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) From 15f58d28775d455e71fd042a0601cadf3d8ca180 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:05:23 +0200 Subject: [PATCH 129/488] Move mbedtls_to_psa_error declaration to internal header Signed-off-by: Steven Cooreman --- include/psa/crypto_extra.h | 11 ----------- library/psa_crypto_core.h | 12 ++++++++++++ tests/src/drivers/keygen.c | 1 + tests/src/drivers/signature.c | 1 + 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 2ac2c5bf1..f0c7979a8 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -645,17 +645,6 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ); #endif /* MBEDTLS_ECP_C */ -/** Convert an mbed TLS error code to a PSA error code - * - * \note This function is provided solely for the convenience of - * Mbed TLS and may be removed at any time without notice. - * - * \param ret An mbed TLS-thrown error code - * - * \return The corresponding PSA error code - */ -psa_status_t mbedtls_to_psa_error( int ret ); - /**@}*/ #ifdef __cplusplus diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 9a61babb5..6ee17fce0 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -161,4 +161,16 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, const uint8_t *data, size_t data_length ); + +/** Convert an mbed TLS error code to a PSA error code + * + * \note This function is provided solely for the convenience of + * Mbed TLS and may be removed at any time without notice. + * + * \param ret An mbed TLS-thrown error code + * + * \return The corresponding PSA error code + */ +psa_status_t mbedtls_to_psa_error( int ret ); + #endif /* PSA_CRYPTO_CORE_H */ diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 7f14b20ef..4f30f0efc 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 62ba4072a..04c5de4a2 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -25,6 +25,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/ecp.h" #include "drivers/signature.h" From 8d2bde77a1d3e17de9b286b658ddf694358a63dd Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:06:39 +0200 Subject: [PATCH 130/488] Make sure software fallback isn't tried on opaque keys Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 03326f70b..77e63045a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3664,7 +3664,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, signature, signature_size, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED ) + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; /* If the operation was not supported by any accelerator, try fallback. */ @@ -3766,7 +3767,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, hash_length, signature, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED ) + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) return status; #if defined(MBEDTLS_RSA_C) From 56250fd1697ba6939347f6e7d07dc796d11df9a5 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 4 Sep 2020 13:07:15 +0200 Subject: [PATCH 131/488] Style fixes after PR review Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 109 +++++++++++++-------------- library/psa_crypto_driver_wrappers.h | 2 +- tests/include/drivers/keygen.h | 2 +- tests/include/drivers/signature.h | 2 +- tests/src/drivers/keygen.c | 14 ++-- tests/src/drivers/signature.c | 14 ++-- 6 files changed, 68 insertions(+), 75 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 5fa7966d9..56bb0035f 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1,7 +1,7 @@ /* * Functions to delegate cryptographic operations to an available * and appropriate accelerator. - * Warning: auto-generated file. + * Warning: This file will be auto-generated in the future. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -27,20 +27,26 @@ /* Include test driver definition when running tests */ #if defined(PSA_CRYPTO_DRIVER_TEST) -#undef PSA_CRYPTO_DRIVER_PRESENT +#ifndef PSA_CRYPTO_DRIVER_PRESENT #define PSA_CRYPTO_DRIVER_PRESENT -#undef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif #include "drivers/test_driver.h" #endif /* PSA_CRYPTO_DRIVER_TEST */ -/* Include driver definition file for each registered driver here */ +/* Repeat above block for each JSON-declared driver during autogeneration */ + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#undef PSA_CRYPTO_DRIVER_PRESENT +/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style + * SE driver is present, to avoid unused argument errors at compile time. */ +#ifndef PSA_CRYPTO_DRIVER_PRESENT #define PSA_CRYPTO_DRIVER_PRESENT +#endif #include "psa_crypto_se.h" #endif @@ -65,7 +71,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, drv->asymmetric->p_sign == NULL ) { /* Key is defined in SE, but we have no way to exercise it */ - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->asymmetric->p_sign( drv_context, slot->data.se.slot_number, @@ -101,10 +107,10 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, signature_length ); /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: @@ -120,10 +126,10 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return status; + return( status ); } #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; @@ -134,7 +140,7 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, (void)signature_size; (void)signature_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -157,7 +163,7 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, drv->asymmetric->p_verify == NULL ) { /* Key is defined in SE, but we have no way to exercise it */ - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->asymmetric->p_verify( drv_context, slot->data.se.slot_number, @@ -191,10 +197,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, signature_length ); /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: @@ -209,10 +215,10 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return status; + return( status ); } #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; @@ -222,56 +228,45 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, (void)signature; (void)signature_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +/** Calculate the size to allocate for buffering a key with given attributes. + * + * This function provides a way to get the expected size for storing a key with + * the given attributes. This will be the size of the export representation for + * cleartext keys, and a driver-defined size for keys stored by opaque drivers. + * + * \param[in] attributes The key attribute structure of the key to store. + * \param[out] expected_size On success, a byte size large enough to contain + * the declared key. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED + */ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes, size_t *expected_size ) { + size_t buffer_size = 0; if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE ) { - if( PSA_KEY_TYPE_IS_UNSTRUCTURED( attributes->core.type ) ) - { - *expected_size = PSA_BITS_TO_BYTES( attributes->core.bits ); - return PSA_SUCCESS; - } + buffer_size = PSA_KEY_EXPORT_MAX_SIZE( attributes->core.type, + attributes->core.bits ); - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { - if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) - { - *expected_size = PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - else - { - *expected_size = PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - } + if( buffer_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); - if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) - { - if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) - { - *expected_size = PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - else - { - *expected_size = PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE( attributes->core.bits ); - return PSA_SUCCESS; - } - } - - return PSA_ERROR_NOT_SUPPORTED; + *expected_size = buffer_size; + return( PSA_SUCCESS ); } else { - /* TBD: opaque driver support, need to calculate size through driver-defined size function */ - return PSA_ERROR_NOT_SUPPORTED; + /* TBD: opaque driver support: need to calculate size through a + * driver-defined size function, since the size of an opaque (wrapped) + * key will be different for each implementation. */ + return( PSA_ERROR_NOT_SUPPORTED ); } } #endif /* PSA_CRYPTO_DRIVER_PRESENT */ @@ -292,7 +287,7 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib drv->key_management->p_generate == NULL ) { /* Key is defined as being in SE, but we have no way to generate it */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } return( drv->key_management->p_generate( drv_context, @@ -309,11 +304,11 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib status = get_expected_key_size( attributes, &export_size ); if( status != PSA_SUCCESS ) - return status; + return( status ); slot->data.key.data = mbedtls_calloc(1, export_size); if( slot->data.key.data == NULL ) - return PSA_ERROR_INSUFFICIENT_MEMORY; + return( PSA_ERROR_INSUFFICIENT_MEMORY ); slot->data.key.bytes = export_size; switch( location ) @@ -365,13 +360,13 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib return( status ); #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) attributes; (void) slot; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index f0b5db09f..42993792a 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -1,7 +1,7 @@ /* * Function signatures for functionality that can be provided by * cryptographic accelerators. - * Warning: auto-generated file. + * Warning: This file will be auto-generated in the future. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index f0eb56915..af1f49985 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -1,5 +1,5 @@ /* - * Test driver for signature functions + * Test driver for generating keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 900f0c8bb..1506bac70 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -1,5 +1,5 @@ /* - * Test driver for signature functions + * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index 4f30f0efc..a21ec27ce 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -1,5 +1,6 @@ /* - * Test driver for signature functions + * Test driver for generating keys. + * Currently only supports generating ECC keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -63,11 +64,12 @@ psa_status_t test_transparent_generate_key( /* Copied from psa_crypto.c */ #if defined(MBEDTLS_ECP_C) - if ( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) ) + if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) + && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { - psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ); + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( psa_get_key_type( attributes ) ); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( attributes->core.bits ) ); + mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_keypair ecp; @@ -79,7 +81,7 @@ psa_status_t test_transparent_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( curve_info->bit_size != attributes->core.bits ) + if( curve_info->bit_size != psa_get_key_bits( attributes ) ) return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ecp_keypair_init( &ecp ); ret = mbedtls_ecp_gen_key( grp_id, &ecp, @@ -92,7 +94,7 @@ psa_status_t test_transparent_generate_key( } /* Make sure to use export representation */ - size_t bytes = PSA_BITS_TO_BYTES( attributes->core.bits ); + size_t bytes = PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ); if( key_size < bytes ) { mbedtls_ecp_keypair_free( &ecp ); diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 04c5de4a2..d1a600928 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -1,5 +1,7 @@ /* - * Test driver for signature functions + * Test driver for signature functions. + * Currently supports signing and verifying precalculated hashes, using + * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -130,10 +132,7 @@ psa_status_t test_transparent_signature_sign_hash( signature + curve_bytes, curve_bytes ) ); cleanup: - /* There's no easy way to translate the error code except through a - * library function that's not exported. Use a debugger. */ - if( ret == 0 ) - status = PSA_SUCCESS; + status = mbedtls_to_psa_error( ret ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); mbedtls_ecp_keypair_free( &ecp ); @@ -258,10 +257,7 @@ psa_status_t test_transparent_signature_verify_hash( MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, &ecp.Q, &r, &s ) ); cleanup: - /* There's no easy way to translate the error code except through a - * library function that's not exported. Use a debugger. */ - if( ret == 0 ) - status = PSA_SUCCESS; + status = mbedtls_to_psa_error( ret ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); mbedtls_ecp_keypair_free( &ecp ); From 6cf4ab8f2f3837e9515e7f7a846eb26275630d1a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Sep 2020 09:43:16 +0200 Subject: [PATCH 132/488] Fix formatting glitch Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index cc280279e..83bfa0340 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/08/31 13:40:49 GMT" +Time-stamp: "2020/09/07 07:41:23 GMT" ## Introduction @@ -17,7 +17,7 @@ The present document proposes a way for an application using the PSA cryptograph ### Current situation -Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if ``MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`. +Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if `MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`. This is difficult to adapt to the PSA interface for several reasons. The `MBEDTLS_xxx_ALT` symbols are somewhat inconsistent, and in particular do not work well for asymmetric cryptography. For example, many parts of the ECC code have no `MBEDTLS_xxx_ALT` symbol, so a platform with ECC acceleration that can perform all ECDSA and ECDH operations in the accelerator would still embark the `bignum` module and large parts of the `ecp_curves`, `ecp` and `ecdsa` modules. Also the availability of a transparent driver for a mechanism does not translate directly to `MBEDTLS_xxx` symbols. From 34b07e7f2527a84420739cc34d93c96d70b181e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Sep 2020 10:28:38 +0200 Subject: [PATCH 133/488] Add a subsection with driver interface terminology Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 83bfa0340..08306d283 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/09/07 07:41:23 GMT" +Time-stamp: "2020/09/07 08:27:32 GMT" ## Introduction @@ -15,11 +15,15 @@ The [PSA Cryptography API specification](https://armmbed.github.io/mbed-crypto/p The present document proposes a way for an application using the PSA cryptography interface to declare which mechanisms it requires. -### Current situation +### Conditional inclusion of legacy cryptography modules Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its configuration file (`config.h`). This mechanism is based on two main sets of symbols: `MBEDTLS_xxx_C` controls the availability of the mechanism to the application, and `MBEDTLS_xxx_ALT` controls the availability of an alternative implementation, so the software implementation is only included if `MBEDTLS_xxx_C` is defined but not `MBEDTLS_xxx_ALT`. -This is difficult to adapt to the PSA interface for several reasons. The `MBEDTLS_xxx_ALT` symbols are somewhat inconsistent, and in particular do not work well for asymmetric cryptography. For example, many parts of the ECC code have no `MBEDTLS_xxx_ALT` symbol, so a platform with ECC acceleration that can perform all ECDSA and ECDH operations in the accelerator would still embark the `bignum` module and large parts of the `ecp_curves`, `ecp` and `ecdsa` modules. Also the availability of a transparent driver for a mechanism does not translate directly to `MBEDTLS_xxx` symbols. +### PSA evolution + +In the PSA cryptography interface, the **core** (built-in implementations of cryptographic mechanisms) can be augmented with drivers. **Transparent drivers** replace the built-in implementation of a cryptographic mechanism (or, with **fallback**, the built-in implementation is tried if the driver only has partial support for the mechanism). **Opaque drivers** implement cryptographic mechanisms on keys which are stored in a separate domain such as a secure element, for which the core only does key management and dispatch using wrapped key blobs or key identifiers. + +The current model is difficult to adapt to the PSA interface for several reasons. The `MBEDTLS_xxx_ALT` symbols are somewhat inconsistent, and in particular do not work well for asymmetric cryptography. For example, many parts of the ECC code have no `MBEDTLS_xxx_ALT` symbol, so a platform with ECC acceleration that can perform all ECDSA and ECDH operations in the accelerator would still embark the `bignum` module and large parts of the `ecp_curves`, `ecp` and `ecdsa` modules. Also the availability of a transparent driver for a mechanism does not translate directly to `MBEDTLS_xxx` symbols. ### Requirements From 4374dc493df688e2c684f230b0c4ac8a0a5c2548 Mon Sep 17 00:00:00 2001 From: Daniel Otte Date: Mon, 7 Sep 2020 13:06:40 +0200 Subject: [PATCH 134/488] fixing spelling mistakes (window <-- windows) Signed-off-by: Daniel Otte --- include/mbedtls/bignum.h | 2 +- include/mbedtls/config.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 0d019b9c4..8ab2dd526 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -66,7 +66,7 @@ * * Reduction in size, reduces speed. */ -#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ #endif /* !MBEDTLS_MPI_WINDOW_SIZE */ #if !defined(MBEDTLS_MPI_MAX_SIZE) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6f457daa0..900aa7e0b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3414,7 +3414,7 @@ */ /* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */ +//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ /* CTR_DRBG options */ From 608615168a42293175792f9c4c0f557da60d1e4b Mon Sep 17 00:00:00 2001 From: Daniel Otte Date: Mon, 7 Sep 2020 13:07:14 +0200 Subject: [PATCH 135/488] adjusting comment on sliding window memory usage. The comment now uses '**' as exponentiation operator. Signed-off-by: Daniel Otte --- include/mbedtls/bignum.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 8ab2dd526..637360e30 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -61,7 +61,7 @@ * Maximum window size used for modular exponentiation. Default: 6 * Minimum value: 1. Maximum value: 6. * - * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used + * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used * for the sliding window calculation. (So 64 by default) * * Reduction in size, reduces speed. From b9da1dd335f60a07c7547f16c08d6529209007ac Mon Sep 17 00:00:00 2001 From: Daniel Otte Date: Mon, 7 Sep 2020 13:08:10 +0200 Subject: [PATCH 136/488] adding entry file to ChangeLog.d for PR3592 Signed-off-by: Daniel Otte --- ChangeLog.d/adjusting sliding_window_size_PR3592.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/adjusting sliding_window_size_PR3592.txt diff --git a/ChangeLog.d/adjusting sliding_window_size_PR3592.txt b/ChangeLog.d/adjusting sliding_window_size_PR3592.txt new file mode 100644 index 000000000..608956541 --- /dev/null +++ b/ChangeLog.d/adjusting sliding_window_size_PR3592.txt @@ -0,0 +1,3 @@ +Changes + * Reduce stack usage significantly during sliding window exponentiation. + Reported in #3591 and fix contributed in #3592 by Daniel Otte. From 831c695787ded250d2be0e4d51445cff512f3ebf Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 12:58:16 +0200 Subject: [PATCH 137/488] Apply feedback from PR review * Moved test data to .data file * Bundled test driver hook variables in a struct * Style fixes Signed-off-by: Steven Cooreman --- tests/.gitignore | 1 + tests/include/drivers/keygen.h | 22 ++- tests/include/drivers/signature.h | 24 +++- tests/src/drivers/keygen.c | 23 ++- tests/src/drivers/signature.c | 33 ++--- ...test_suite_psa_crypto_driver_wrappers.data | 30 ++-- ..._suite_psa_crypto_driver_wrappers.function | 136 +++++------------- 7 files changed, 113 insertions(+), 156 deletions(-) diff --git a/tests/.gitignore b/tests/.gitignore index d49611c1e..d9f4b5178 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -11,4 +11,5 @@ data_files/entropy_seed include/test/instrument_record_status.h src/*.o +src/drivers/*.o src/libmbed* diff --git a/tests/include/drivers/keygen.h b/tests/include/drivers/keygen.h index af1f49985..b72c65c78 100644 --- a/tests/include/drivers/keygen.h +++ b/tests/include/drivers/keygen.h @@ -29,11 +29,25 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -extern void *test_driver_keygen_forced_output; -extern size_t test_driver_keygen_forced_output_length; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_keygen_hooks_t; -extern psa_status_t test_transparent_keygen_status; -extern unsigned long test_transparent_keygen_hit; +#define TEST_DRIVER_KEYGEN_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_keygen_hooks_t test_driver_keygen_hooks_init( void ) +{ + const test_driver_keygen_hooks_t v = TEST_DRIVER_KEYGEN_INIT; + return( v ); +} + +extern test_driver_keygen_hooks_t test_driver_keygen_hooks; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, diff --git a/tests/include/drivers/signature.h b/tests/include/drivers/signature.h index 1506bac70..e41892e77 100644 --- a/tests/include/drivers/signature.h +++ b/tests/include/drivers/signature.h @@ -29,14 +29,26 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include -extern void *test_driver_forced_output; -extern size_t test_driver_forced_output_length; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_signature_hooks_t; -extern psa_status_t test_transparent_signature_sign_hash_status; -extern unsigned long test_transparent_signature_sign_hash_hit; +#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) +{ + const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; + return( v ); +} -extern psa_status_t test_transparent_signature_verify_hash_status; -extern unsigned long test_transparent_signature_verify_hash_hit; +extern test_driver_signature_hooks_t test_driver_signature_sign_hooks; +extern test_driver_signature_hooks_t test_driver_signature_verify_hooks; psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index a21ec27ce..d493ab3e1 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -36,29 +36,24 @@ #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_keygen_forced_output = NULL; -size_t test_driver_keygen_forced_output_length = 0; - -psa_status_t test_transparent_keygen_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_keygen_hit = 0; +test_driver_keygen_hooks_t test_driver_keygen_hooks = TEST_DRIVER_KEYGEN_INIT; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { - ++test_transparent_keygen_hit; + ++test_driver_keygen_hooks.hits; - if( test_transparent_keygen_status != PSA_SUCCESS ) - return( test_transparent_keygen_status ); + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); - if( test_driver_keygen_forced_output != NULL ) + if( test_driver_keygen_hooks.forced_output != NULL ) { - if( test_driver_keygen_forced_output_length > key_size ) + if( test_driver_keygen_hooks.forced_output_length > key_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key, test_driver_keygen_forced_output, - test_driver_keygen_forced_output_length ); - *key_length = test_driver_keygen_forced_output_length; + memcpy( key, test_driver_keygen_hooks.forced_output, + test_driver_keygen_hooks.forced_output_length ); + *key_length = test_driver_keygen_hooks.forced_output_length; return( PSA_SUCCESS ); } diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index d1a600928..5299a9654 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -39,15 +39,8 @@ #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_forced_output = NULL; -size_t test_driver_forced_output_length = 0; - -psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_signature_sign_hash_hit = 0; - -psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED; -unsigned long test_transparent_signature_verify_hash_hit = 0; +test_driver_signature_hooks_t test_driver_signature_sign_hooks = TEST_DRIVER_SIGNATURE_INIT; +test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_SIGNATURE_INIT; psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, @@ -56,18 +49,18 @@ psa_status_t test_transparent_signature_sign_hash( const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - ++test_transparent_signature_sign_hash_hit; + ++test_driver_signature_sign_hooks.hits; - if( test_transparent_signature_sign_hash_status != PSA_SUCCESS ) - return( test_transparent_signature_sign_hash_status ); + if( test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_sign_hooks.forced_status ); - if( test_driver_forced_output != NULL ) + if( test_driver_signature_sign_hooks.forced_output != NULL ) { - if( test_driver_forced_output_length > signature_size ) + if( test_driver_signature_sign_hooks.forced_output_length > signature_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( signature, test_driver_forced_output, - test_driver_forced_output_length ); - *signature_length = test_driver_forced_output_length; + memcpy( signature, test_driver_signature_sign_hooks.forced_output, + test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = test_driver_signature_sign_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -178,10 +171,10 @@ psa_status_t test_transparent_signature_verify_hash( const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - ++test_transparent_signature_verify_hash_hit; + ++test_driver_signature_verify_hooks.hits; - if( test_transparent_signature_verify_hash_status != PSA_SUCCESS ) - return( test_transparent_signature_verify_hash_status ); + if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_signature_verify_hooks.forced_status ); psa_status_t status = PSA_ERROR_NOT_SUPPORTED; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index ddf283ff3..74e61723f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -1,41 +1,41 @@ sign_hash through transparent driver: calculate in driver -ecdsa_sign:PSA_SUCCESS:0:PSA_SUCCESS +ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: fallback -ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS +ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: error -ecdsa_sign:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR +ecdsa_sign:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR sign_hash through transparent driver: fake -ecdsa_sign:PSA_SUCCESS:1:PSA_SUCCESS +ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS verify_hash using private key through transparent driver: calculate in driver -ecdsa_verify:PSA_SUCCESS:0:PSA_SUCCESS +ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: fallback -ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: error -ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR verify_hash using public key through transparent driver: calculate in driver -ecdsa_verify:PSA_SUCCESS:1:PSA_SUCCESS +ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: fallback -ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:PSA_SUCCESS +ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS -verify_hash through transparent driver: error -ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:PSA_ERROR_GENERIC_ERROR +verify_hash using public key through transparent driver: error +ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR generate_key through transparent driver: fake -generate_key:PSA_SUCCESS:1:PSA_SUCCESS +generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS generate_key through transparent driver: in-driver -generate_key:PSA_SUCCESS:0:PSA_SUCCESS +generate_key:PSA_SUCCESS:"":PSA_SUCCESS generate_key through transparent driver: fallback -generate_key:PSA_ERROR_NOT_SUPPORTED:0:PSA_SUCCESS +generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS generate_key through transparent driver: error -generate_key:PSA_ERROR_GENERIC_ERROR:0:PSA_ERROR_GENERIC_ERROR +generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index f8ea80d47..c3830a76b 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -2,59 +2,18 @@ #include "test/psa_crypto_helpers.h" #include "drivers/test_driver.h" - -uint8_t test_secp256r1_key_data[32] = { - 0xab, 0x45, 0x43, 0x57, 0x12, 0x64, 0x9c, 0xb3, - 0x0b, 0xbd, 0xda, 0xc4, 0x91, 0x97, 0xee, 0xbf, - 0x27, 0x40, 0xff, 0xc7, 0xf8, 0x74, 0xd9, 0x24, - 0x4c, 0x34, 0x60, 0xf5, 0x4f, 0x32, 0x2d, 0x3a, -}; -uint8_t test_hash_32[32] = { - 0x9a, 0xc4, 0x33, 0x5b, 0x46, 0x9b, 0xbd, 0x79, - 0x14, 0x39, 0x24, 0x85, 0x04, 0xdd, 0x0d, 0x49, - 0xc7, 0x13, 0x49, 0xa2, 0x95, 0xfe, 0xe5, 0xa1, - 0xc6, 0x85, 0x07, 0xf4, 0x5a, 0x9e, 0x1c, 0x7b, -}; -uint8_t test_signature_hash_32_with_secp256r1[64] = { - 0x6a, 0x33, 0x99, 0xf6, 0x94, 0x21, 0xff, 0xe1, - 0x49, 0x03, 0x77, 0xad, 0xf2, 0xea, 0x1f, 0x11, - 0x7d, 0x81, 0xa6, 0x3c, 0xf5, 0xbf, 0x22, 0xe9, - 0x18, 0xd5, 0x11, 0x75, 0xeb, 0x25, 0x91, 0x51, - 0xce, 0x95, 0xd7, 0xc2, 0x6c, 0xc0, 0x4e, 0x25, - 0x50, 0x3e, 0x2f, 0x7a, 0x1e, 0xc3, 0x57, 0x3e, - 0x3c, 0x24, 0x12, 0x53, 0x4b, 0xb4, 0xa1, 0x9b, - 0x3a, 0x78, 0x11, 0x74, 0x2f, 0x49, 0xf5, 0x0f, -}; -uint8_t test_secp256r1_public_key_data[65] = { - 0x04, - 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, - 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, - 0xa1, 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, - 0x4a, 0x57, 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, - 0x70, 0x97, 0x49, 0x6e, 0xfc, 0x58, 0x3f, 0xed, - 0x8b, 0x24, 0xa5, 0xb9, 0xbe, 0x9a, 0x51, 0xde, - 0x06, 0x3f, 0x5a, 0x00, 0xa8, 0xb6, 0x98, 0xa1, - 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, 0xf3, 0x20 -}; - -uint8_t test_fake_output[] = "INJECTED OUTPUT"; - -typedef enum -{ - EXPECT_FAILURE, - EXPECT_CORRECT_OUTPUT, - EXPECT_FAKE_OUTPUT, -} expected_output_t; - /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_DRIVER_TEST + * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:PSA_CRYPTO_DRIVER_TEST * END_DEPENDENCIES */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ void ecdsa_sign( int force_status_arg, + data_t *key_input, + data_t *data_input, + data_t *expected_output, int fake_output, int expected_status_arg ) { @@ -65,9 +24,8 @@ void ecdsa_sign( int force_status_arg, psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); uint8_t signature[64]; size_t signature_length = 0xdeadbeef; - const uint8_t *expected_output; - size_t expected_output_length; psa_status_t actual_status; + test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_type( &attributes, @@ -75,48 +33,42 @@ void ecdsa_sign( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, - test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + key_input->x, key_input->len, &handle ); - test_transparent_signature_sign_hash_hit = 0; - test_transparent_signature_sign_hash_status = force_status; - if( fake_output ) + test_driver_signature_sign_hooks.forced_status = force_status; + if( fake_output == 1 ) { - expected_output = test_driver_forced_output = test_fake_output; - expected_output_length = test_driver_forced_output_length = - sizeof( test_fake_output ); - } - else - { - expected_output = test_signature_hash_32_with_secp256r1; - expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + test_driver_signature_sign_hooks.forced_output = expected_output->x; + test_driver_signature_sign_hooks.forced_output_length = expected_output->len; } actual_status = psa_sign_hash( handle, alg, - test_hash_32, sizeof( test_hash_32 ), + data_input->x, data_input->len, signature, sizeof( signature ), &signature_length ); TEST_EQUAL( actual_status, expected_status ); if( expected_status == PSA_SUCCESS ) { ASSERT_COMPARE( signature, signature_length, - expected_output, expected_output_length ); + expected_output->x, expected_output->len ); } - TEST_EQUAL( test_transparent_signature_sign_hash_hit, 1 ); + TEST_EQUAL( test_driver_signature_sign_hooks.hits, 1 ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; - test_driver_forced_output = NULL; - test_driver_forced_output_length = 0; + test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ void ecdsa_verify( int force_status_arg, int register_public_key, + data_t *key_input, + data_t *data_input, + data_t *signature_input, int expected_status_arg ) { psa_status_t force_status = force_status_arg; @@ -124,9 +76,8 @@ void ecdsa_verify( int force_status_arg, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); - const uint8_t *expected_output; - size_t expected_output_length; psa_status_t actual_status; + test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); if( register_public_key ) @@ -136,7 +87,7 @@ void ecdsa_verify( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, - test_secp256r1_public_key_data, sizeof( test_secp256r1_public_key_data ), + key_input->x, key_input->len, &handle ); } else @@ -146,35 +97,29 @@ void ecdsa_verify( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, - test_secp256r1_key_data, sizeof( test_secp256r1_key_data ), + key_input->x, key_input->len, &handle ); } - test_transparent_signature_verify_hash_hit = 0; - test_transparent_signature_verify_hash_status = force_status; - - expected_output = test_signature_hash_32_with_secp256r1; - expected_output_length = sizeof( test_signature_hash_32_with_secp256r1 ); + test_driver_signature_verify_hooks.forced_status = force_status; actual_status = psa_verify_hash( handle, alg, - test_hash_32, sizeof( test_hash_32 ), - expected_output, expected_output_length ); + data_input->x, data_input->len, + signature_input->x, signature_input->len ); TEST_EQUAL( actual_status, expected_status ); - TEST_EQUAL( test_transparent_signature_verify_hash_hit, 1 ); + TEST_EQUAL( test_driver_signature_verify_hooks.hits, 1 ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; - test_driver_forced_output = NULL; - test_driver_forced_output_length = 0; + test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ void generate_key( int force_status_arg, - int fake_output, + data_t *fake_output, int expected_status_arg ) { psa_status_t force_status = force_status_arg; @@ -182,11 +127,12 @@ void generate_key( int force_status_arg, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); - const uint8_t *expected_output; - size_t expected_output_length; + const uint8_t *expected_output = NULL; + size_t expected_output_length = 0; psa_status_t actual_status; - uint8_t actual_output[sizeof(test_secp256r1_key_data)] = {0}; + uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = {0}; size_t actual_output_length; + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); @@ -194,29 +140,27 @@ void generate_key( int force_status_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, alg ); - if( fake_output ) + if( fake_output->len > 0 ) { - expected_output = test_driver_keygen_forced_output = test_secp256r1_key_data; - expected_output_length = test_driver_keygen_forced_output_length = - sizeof( test_secp256r1_key_data ); + expected_output = test_driver_keygen_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_keygen_hooks.forced_output_length = + fake_output->len; } - test_transparent_keygen_hit = 0; - test_transparent_keygen_status = force_status; + test_driver_keygen_hooks.hits = 0; + test_driver_keygen_hooks.forced_status = force_status; PSA_ASSERT( psa_crypto_init( ) ); actual_status = psa_generate_key( &attributes, &handle ); - fprintf(stdout, "rteturn %d\n", actual_status); - - TEST_EQUAL( test_transparent_keygen_hit, 1 ); + TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); if( actual_status == PSA_SUCCESS ) { psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); - if( fake_output ) + if( fake_output->len > 0 ) { ASSERT_COMPARE( actual_output, actual_output_length, expected_output, expected_output_length ); @@ -236,8 +180,6 @@ exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED; - test_driver_keygen_forced_output = NULL; - test_driver_keygen_forced_output_length = 0; + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); } /* END_CASE */ From 27a2688fbbe2bff37030bcbd5e9b18d5951e6d6f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Aug 2020 11:30:05 +0100 Subject: [PATCH 138/488] Introduce public macro for maximum symmetric cipher key length This commit introduces the public macro MBEDTLS_MAX_KEY_LENGTH, which evaluates to an upper bound for the key lengths of all enabled ciphers, in Bytes. This is analogous to the already existing macros MBEDTLS_MAX_IV_LENGTH and MBEDTLS_MAX_BLOCK_LENGTH, which provide upper bounds for the IV and block length, respectively. For now, MBEDTLS_MAX_KEY_LENGTH is 32 Bytes by default, and 64 in case XTS is enabled. This is a strict overapproximation for some restricted configurations. Ideally, the upper bound should be calculated exactly and automatically from the list of enabled ciphers. The same applies to the existing macros MBEDTLS_MAX_IV_LENGTH and MBEDTLS_MAX_BLOCK_LENGTH, though, and is left for future work. Signed-off-by: Hanno Becker --- include/mbedtls/cipher.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 014786ad5..8a6c8ebdb 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -227,10 +227,23 @@ enum { }; /** Maximum length of any IV, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. */ #define MBEDTLS_MAX_IV_LENGTH 16 + /** Maximum block size of any cipher, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. */ #define MBEDTLS_MAX_BLOCK_LENGTH 16 +/** Maximum key length, in Bytes. */ +/* This should ideally be derived automatically from list of ciphers. + * For now, only check whether XTS is enabled which uses 64 Byte keys, + * and use 32 Bytes as an upper bound for the maximum key length otherwise. */ +#if defined(MBEDTLS_CIPHER_MODE_XTS) +#define MBEDTLS_MAX_KEY_LENGTH 64 +#else +#define MBEDTLS_MAX_KEY_LENGTH 32 +#endif /* MBEDTLS_CIPHER_MODE_XTS */ + /** * Base cipher information (opaque struct). */ From 0d7c64dd8fbc2c3f2ba553d05485ecb8b95d9b66 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 16:17:55 +0200 Subject: [PATCH 139/488] Changed test driver include folder to reflect it's a test driver Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 2 +- scripts/generate_visualc_files.pl | 2 +- tests/include/{ => test}/drivers/keygen.h | 0 tests/include/{ => test}/drivers/signature.h | 0 tests/include/{ => test}/drivers/test_driver.h | 4 ++-- tests/src/drivers/keygen.c | 2 +- tests/src/drivers/signature.c | 2 +- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 2 +- visualc/VS2010/mbedTLS.vcxproj | 6 +++--- 9 files changed, 10 insertions(+), 10 deletions(-) rename tests/include/{ => test}/drivers/keygen.h (100%) rename tests/include/{ => test}/drivers/signature.h (100%) rename tests/include/{ => test}/drivers/test_driver.h (92%) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 56bb0035f..cc51e2450 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -33,7 +33,7 @@ #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #endif -#include "drivers/test_driver.h" +#include "test/drivers/test_driver.h" #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Repeat above block for each JSON-declared driver during autogeneration */ diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 469595518..6c2b5e4ab 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -39,7 +39,7 @@ my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; my $test_source_dir = 'tests/src'; my $test_header_dir = 'tests/include/test'; -my $test_drivers_header_dir = 'tests/include/drivers'; +my $test_drivers_header_dir = 'tests/include/test/drivers'; my @thirdparty_header_dirs = qw( 3rdparty/everest/include/everest diff --git a/tests/include/drivers/keygen.h b/tests/include/test/drivers/keygen.h similarity index 100% rename from tests/include/drivers/keygen.h rename to tests/include/test/drivers/keygen.h diff --git a/tests/include/drivers/signature.h b/tests/include/test/drivers/signature.h similarity index 100% rename from tests/include/drivers/signature.h rename to tests/include/test/drivers/signature.h diff --git a/tests/include/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h similarity index 92% rename from tests/include/drivers/test_driver.h rename to tests/include/test/drivers/test_driver.h index 98dded8d2..75135e0f4 100644 --- a/tests/include/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -22,7 +22,7 @@ #define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff -#include "drivers/signature.h" -#include "drivers/keygen.h" +#include "test/drivers/signature.h" +#include "test/drivers/keygen.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index d493ab3e1..f15a4bc9a 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -30,7 +30,7 @@ #include "mbedtls/ecp.h" #include "mbedtls/error.h" -#include "drivers/keygen.h" +#include "test/drivers/keygen.h" #include "test/random.h" diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 5299a9654..028d24a09 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -30,7 +30,7 @@ #include "psa_crypto_core.h" #include "mbedtls/ecp.h" -#include "drivers/signature.h" +#include "test/drivers/signature.h" #include "mbedtls/md.h" #include "mbedtls/ecdsa.h" diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index c3830a76b..917798237 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include "test/psa_crypto_helpers.h" -#include "drivers/test_driver.h" +#include "test/drivers/test_driver.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 8371edaf2..9d7929839 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -238,9 +238,9 @@ - - - + + + From 177deba54b923d05359dcdd5ece0851f3e3375af Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 17:14:14 +0200 Subject: [PATCH 140/488] Fix style and pull out ECB processing in separate function Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 160 ++++++++++++-------- tests/suites/test_suite_psa_crypto.data | 22 +-- tests/suites/test_suite_psa_crypto.function | 18 ++- 3 files changed, 117 insertions(+), 83 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 04614d1af..d64a9dd9e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3938,6 +3938,94 @@ exit: return( status ); } +/* Process input for which the algorithm is set to ECB mode. This requires + * manual processing, since the PSA API is defined as being able to process + * arbitrary-length calls to psa_cipher_update() with ECB mode, but the + * underlying mbedtls_cipher_update only takes full blocks. */ +static psa_status_t psa_cipher_update_ecb_internal( + mbedtls_cipher_context_t *ctx, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t block_size = ctx->cipher_info->block_size; + size_t internal_output_length = 0; + *output_length = 0; + + if( input_length == 0 ) + { + status = PSA_SUCCESS; + goto exit; + } + + if( ctx->unprocessed_len > 0 ) + { + /* Fill up to block size, and run the block if there's a full one. */ + size_t bytes_to_copy = block_size - ctx->unprocessed_len; + + if( input_length < bytes_to_copy ) + bytes_to_copy = input_length; + + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, bytes_to_copy ); + input_length -= bytes_to_copy; + input += bytes_to_copy; + ctx->unprocessed_len += bytes_to_copy; + + if( ctx->unprocessed_len == block_size ) + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, + ctx->unprocessed_data, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + ctx->unprocessed_len = 0; + } + } + + while( input_length >= block_size ) + { + /* Run all full blocks we have, one by one */ + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, input, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + input_length -= block_size; + input += block_size; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + + if( input_length > 0 ) + { + /* Save unprocessed bytes for later processing */ + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, input_length ); + ctx->unprocessed_len += input_length; + } + + status = PSA_SUCCESS; + +exit: + return( status ); +} + psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, @@ -3947,7 +4035,6 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; - size_t internal_output_length; if( operation->alg == 0 ) { @@ -3980,71 +4067,12 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, /* mbedtls_cipher_update has an API inconsistency: it will only * process a single block at a time in ECB mode. Abstract away that * inconsistency here to match the PSA API behaviour. */ - *output_length = 0; - - if( input_length == 0 ) - { - status = PSA_SUCCESS; - goto exit; - } - - if( expected_output_size > 0 ) - { - size_t ctx_bytes = operation->ctx.cipher.unprocessed_len; - if( ctx_bytes > 0 ) - { - /* Fill up to block size and run the block */ - size_t bytes_to_copy = operation->block_size - ctx_bytes; - memcpy( &( operation->ctx.cipher.unprocessed_data[ctx_bytes] ), - input, bytes_to_copy ); - input_length -= bytes_to_copy; - input += bytes_to_copy; - operation->ctx.cipher.unprocessed_len = 0; - - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, - operation->ctx.cipher.unprocessed_data, - operation->block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - } - - size_t blocks = input_length / operation->block_size; - for( ; blocks > 0; blocks-- ) - { - /* Run all full blocks we have, one by one */ - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, input, - operation->block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - input_length -= operation->block_size; - input += operation->block_size; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - } - } - - if( input_length > 0 ) - { - /* Save unprocessed bytes for later processing */ - memcpy( &( operation->ctx.cipher.unprocessed_data[operation->ctx.cipher.unprocessed_len] ), - input, input_length ); - operation->ctx.cipher.unprocessed_len += input_length; - } - - status = PSA_SUCCESS; + status = psa_cipher_update_ecb_internal( &operation->ctx.cipher, + input, + input_length, + output, + output_size, + output_length ); } else { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 44a69b989..86f6bc71c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1152,7 +1152,7 @@ cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4 PSA symmetric encrypt: AES-ECB, input too short (15 bytes) depends_on:MBEDTLS_AES_C -cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"3ad77bb40d7a3660a89ecaf32466ef":PSA_ERROR_INVALID_ARGUMENT +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"":PSA_ERROR_INVALID_ARGUMENT PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC @@ -1306,23 +1306,23 @@ PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric encryption multipart: AES-CTR, 16+16 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+20 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 20+12 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+10 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" @@ -1378,23 +1378,23 @@ PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric decryption multipart: AES-CTR, 16+16 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 12+20 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 20+12 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 12+10 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e75d6518e..ae61ea99a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3487,7 +3487,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - if( iv->len > 0 ) { + if( iv->len > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } @@ -3556,7 +3557,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - if( iv->len > 0 ) { + if( iv->len > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } @@ -3625,7 +3627,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - if( alg != PSA_ALG_ECB_NO_PADDING ) { + if( alg != PSA_ALG_ECB_NO_PADDING ) + { PSA_ASSERT( psa_cipher_generate_iv( &operation1, iv, iv_size, &iv_length ) ); @@ -3649,7 +3652,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, output2_size = output1_length; ASSERT_ALLOC( output2, output2_size ); - if( iv_length > 0 ) { + if( iv_length > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) ); } @@ -3715,7 +3719,8 @@ void cipher_verify_output_multipart( int alg_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - if( alg != PSA_ALG_ECB_NO_PADDING ) { + if( alg != PSA_ALG_ECB_NO_PADDING ) + { PSA_ASSERT( psa_cipher_generate_iv( &operation1, iv, iv_size, &iv_length ) ); @@ -3750,7 +3755,8 @@ void cipher_verify_output_multipart( int alg_arg, output2_buffer_size = output1_length; ASSERT_ALLOC( output2, output2_buffer_size ); - if( iv_length > 0 ) { + if( iv_length > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) ); } From be9d6648f81497172440efd6785f9339271168ae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 21 Aug 2020 13:20:06 +0100 Subject: [PATCH 141/488] Implement TLS 1.3 key derivation function HKDF-Expand-Label This commit introduces a new file library/ssl_tls13_key.c which will subsequently be populated with functionality relating to the TLS 1.3 key schedule. Those functions are expected to be internal and are documented in the internal header library/ssl_tls13_keys.h. The first function to be implemented is the key expansion function `HKDF-Expand-Label`. See the documentation in library/ssl_tls13_keys.h for more information. Signed-off-by: Hanno Becker --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/ssl_tls13_keys.c | 182 +++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 106 +++++++++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 + 5 files changed, 292 insertions(+) create mode 100644 library/ssl_tls13_keys.c create mode 100644 library/ssl_tls13_keys.h diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 33e2cfc85..7e11816f1 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -103,6 +103,7 @@ set(src_tls ssl_srv.c ssl_ticket.c ssl_tls.c + ssl_tls13_keys.c ) if(CMAKE_COMPILER_IS_GNUCC) diff --git a/library/Makefile b/library/Makefile index b76a84bdd..bd5274de4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -162,6 +162,7 @@ OBJS_TLS= \ ssl_srv.o \ ssl_ticket.o \ ssl_tls.o \ + ssl_tls13_keys.o \ # This line is intentionally left blank .SILENT: diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c new file mode 100644 index 000000000..448d03a61 --- /dev/null +++ b/library/ssl_tls13_keys.c @@ -0,0 +1,182 @@ +/* + * TLS 1.3 key schedule + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +#include "mbedtls/hkdf.h" +#include "ssl_tls13_keys.h" + +#include +#include + +struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = +{ + /* This seems to work in C, despite the string literal being one + * character too long due to the 0-termination. */ + .finished = "finished", + .resumption = "resumption", + .traffic_upd = "traffic upd", + .export = "exporter", + .key = "key", + .iv = "iv", + .sn = "sn", + .c_hs_traffic = "c hs traffic", + .c_ap_traffic = "c ap traffic", + .c_e_traffic = "c e traffic", + .s_hs_traffic = "s hs traffic", + .s_ap_traffic = "s ap traffic", + .s_e_traffic = "s e traffic", + .exp_master = "exp master", + .res_master = "res master", + .ext_binder = "ext binder", + .res_binder = "res binder", + .derived = "derived" +}; + +/* + * This function creates a HkdfLabel structure used in the TLS 1.3 key schedule. + * + * The HkdfLabel is specified in RFC 8446 as follows: + * + * struct HkdfLabel { + * uint16 length; // Length of expanded key material + * opaque label<7..255>; // Always prefixed by "tls13 " + * opaque context<0..255>; // Usually a communication transcript hash + * }; + * + * Parameters: + * - desired_length: Length of expanded key material + * Even though the standard allows expansion to up to + * 2**16 Bytes, TLS 1.3 never uses expansion to more than + * 255 Bytes, so we require `desired_length` to be at most + * 255. This allows us to save a few Bytes of code by + * hardcoding the writing of the high bytes. + * - (label, llen): label + label length, without "tls13 " prefix + * The label length MUST be + * <= MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN + * It is the caller's responsiblity to ensure this. + * - (ctx, clen): context + context length + * The context length MUST be + * <= MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN + * It is the caller's responsiblity to ensure this. + * - dst: Target buffer for HkdfLabel structure, + * This MUST be a writable buffer of size + * at least SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN Bytes. + * - dlen: Pointer at which to store the actual length of + * the HkdfLabel structure on success. + */ + +#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ + ( 2 /* expansion length */ \ + + 1 /* label length */ \ + + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ + + 1 /* context length */ \ + + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) + +static void ssl_tls1_3_hkdf_encode_label( + size_t desired_length, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *dst, size_t *dlen ) +{ + const char label_prefix[6] = { 't', 'l', 's', '1', '3', ' ' }; + size_t total_label_len = sizeof( label_prefix ) + llen; + size_t total_hkdf_lbl_len = + 2 /* length of expanded key material */ + + 1 /* label length */ + + total_label_len /* actual label, incl. prefix */ + + 1 /* context length */ + + clen; /* actual context */ + + unsigned char *p = dst; + + /* Add total length. */ + *p++ = 0; + *p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF ); + + /* Add label incl. prefix */ + *p++ = (unsigned char)( total_label_len & 0xFF ); + memcpy( p, label_prefix, sizeof(label_prefix) ); + p += sizeof(label_prefix); + memcpy( p, label, llen ); + p += llen; + + /* Add context value */ + *p++ = (unsigned char)( clen & 0xFF ); + if( ctx != NULL ) + memcpy( p, ctx, clen ); + + /* Return total length to the caller. */ + *dlen = total_hkdf_lbl_len; +} + +int mbedtls_ssl_tls1_3_hkdf_expand_label( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen ) +{ + const mbedtls_md_info_t *md; + unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; + size_t hkdf_label_len; + + if( llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) + { + /* Should never happen since this is an internal + * function, and we know statically which labels + * are allowed. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + if( clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) + { + /* Should not happen, as above. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + if( blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN ) + { + /* Should not happen, as above. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + md = mbedtls_md_info_from_type( hash_alg ); + if( md == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + ssl_tls1_3_hkdf_encode_label( blen, + label, llen, + ctx, clen, + hkdf_label, + &hkdf_label_len ); + + return( mbedtls_hkdf_expand( md, + secret, slen, + hkdf_label, hkdf_label_len, + buf, blen ) ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h new file mode 100644 index 000000000..49f412113 --- /dev/null +++ b/library/ssl_tls13_keys.h @@ -0,0 +1,106 @@ +/* + * TLS 1.3 key schedule + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) +#define MBEDTLS_SSL_TLS1_3_KEYS_H + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ + const unsigned char finished [ sizeof("finished") - 1 ]; \ + const unsigned char resumption [ sizeof("resumption") - 1 ]; \ + const unsigned char traffic_upd [ sizeof("traffic upd") - 1 ]; \ + const unsigned char export [ sizeof("exporter") - 1 ]; \ + const unsigned char key [ sizeof("key") - 1 ]; \ + const unsigned char iv [ sizeof("iv") - 1 ]; \ + const unsigned char sn [ sizeof("sn") - 1 ]; \ + const unsigned char c_hs_traffic[ sizeof("c hs traffic") - 1 ]; \ + const unsigned char c_ap_traffic[ sizeof("c ap traffic") - 1 ]; \ + const unsigned char c_e_traffic [ sizeof("c e traffic") - 1 ]; \ + const unsigned char s_hs_traffic[ sizeof("s hs traffic") - 1 ]; \ + const unsigned char s_ap_traffic[ sizeof("s ap traffic") - 1 ]; \ + const unsigned char s_e_traffic [ sizeof("s e traffic") - 1 ]; \ + const unsigned char exp_master [ sizeof("exp master") - 1 ]; \ + const unsigned char res_master [ sizeof("res master") - 1 ]; \ + const unsigned char ext_binder [ sizeof("ext binder") - 1 ]; \ + const unsigned char res_binder [ sizeof("res binder") - 1 ]; \ + const unsigned char derived [ sizeof("derived") - 1 ]; \ + +union mbedtls_ssl_tls1_3_labels_union +{ + MBEDTLS_SSL_TLS1_3_LABEL_LIST +}; +struct mbedtls_ssl_tls1_3_labels_struct +{ + MBEDTLS_SSL_TLS1_3_LABEL_LIST +}; +extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; + +#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \ + mbedtls_ssl_tls1_3_labels.LABEL, \ + sizeof(mbedtls_ssl_tls1_3_labels.LABEL) + +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ + sizeof( union mbedtls_ssl_tls1_3_labels_union ) + +/* The maximum length of HKDF contexts used in the TLS 1.3 standad. + * Since contexts are always hashes of message transcripts, this can + * be approximated from above by the maximum hash size. */ +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ + MBEDTLS_MD_MAX_SIZE + +/* Maximum desired length for expanded key material generated + * by HKDF-Expand-Label. */ +#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255 + +/** + * \brief The \c HKDF-Expand-Label function from + * the TLS 1.3 standard RFC 8446. + * + * + * HKDF-Expand-Label( Secret, Label, Context, Length ) = + * HKDF-Expand( Secret, HkdfLabel, Length ) + * + * + * \param hash_alg The identifier for the hash algorithm to use. + * \param secret The \c Secret argument to \c HKDF-Expand-Label. + * This must be a readable buffer of length \p slen Bytes. + * \param slen The length of \p secret in Bytes. + * \param label The \c Label argument to \c HKDF-Expand-Label. + * This must be a readable buffer of length \p llen Bytes. + * \param llen The length of \p label in Bytes. + * \param ctx The \c Context argument to \c HKDF-Expand-Label. + * This must be a readable buffer of length \p clen Bytes. + * \param clen The length of \p context in Bytes. + * \param buf The destination buffer to hold the expanded secret. + * This must be a writable buffe of length \p blen Bytes. + * \param blen The desired size of the expanded secret in Bytes. + * + * \returns \c 0 on success. + * \return A negative error code on failure. + */ + +int mbedtls_ssl_tls1_3_hkdf_expand_label( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen ); + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 578289f17..14d978ec6 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -247,6 +247,7 @@ + @@ -325,6 +326,7 @@ + From 39ff4928ffac0834697ff15b0ef2b3336d54669f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 21 Aug 2020 13:36:56 +0100 Subject: [PATCH 142/488] Add test vectors for TLS 1.3 HKDF-Expand-Label Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 55 ++++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 27 ++++++++++++++ 2 files changed, 82 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 1b7919104..257e3cf22 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10398,6 +10398,61 @@ Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255 depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255 +SSL TLS 1.3 Key schedule: HKDF Expand Label #1 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Server handshake traffic secret -> Server traffic key +# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6b6579":"":16:"844780a7acad9f980fa25c114e43402a" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #2 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Server handshake traffic secret -> Server traffic IV +# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6976":"":12:"4c042ddc120a38d1417fc815" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #3 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Client handshake traffic secret -> Client traffic key +# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6b6579":"":16:"7154f314e6be7dc008df2c832baa1d39" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #4 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Client handshake traffic secret -> Client traffic IV +# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6976":"":12:"71abc2cae4c699d47c600268" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) +# Vector from RFC 8448 +# Server handshake traffic secret -> Server traffic IV +# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6976":"":12:"5d313eb2671276ee13000b30" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) +# Vector from RFC 8448 +# Server handshake traffic secret -> Server traffic Key +# HKDF-Expand-Label(server_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6b6579":"":16:"3fce516009c21727d0f2e4e86ee403bc" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) +# Vector from RFC 8448 +# Client handshake traffic secret -> Client traffic IV +# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6976":"":12:"5bd3c71b836e0b76bb73265f" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) +# Vector from RFC 8448 +# Client handshake traffic secret -> Client traffic Key +# HKDF-Expand-Label(client_handshake_secret, "key", "", 16) +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01" SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7c4f865e9..8f5c9edda 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6,6 +6,7 @@ #include #include #include +#include <../library/ssl_tls13_keys.h> #include @@ -3669,6 +3670,32 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_hkdf_expand_label( int hash_alg, + data_t *secret, + data_t *label, + data_t *ctx, + int desired_length, + data_t *expected ) +{ + unsigned char dst[ 100 ]; + + + /* Check sanity of test parameters. */ + TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); + TEST_ASSERT( (size_t) desired_length == expected->len ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label( + (mbedtls_md_type_t) hash_alg, + secret->x, secret->len, + label->x, label->len, + ctx->x, ctx->len, + dst, desired_length ) == 0 ); + + TEST_ASSERT( memcmp( dst, expected->x, desired_length ) == 0 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ssl_tls_prf( int type, data_t * secret, data_t * random, char *label, data_t *result_hex_str, int exp_ret ) From 3385a4d5cf6a19adc89d31eee85805874267917b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 21 Aug 2020 13:03:34 +0100 Subject: [PATCH 143/488] Implement TLS 1.3 traffic key generation See the documentation in library/ssl_tls13_keys.h. Signed-off-by: Hanno Becker --- include/mbedtls/ssl_internal.h | 25 +++++++++++++ library/ssl_tls13_keys.c | 64 ++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 36 +++++++++++++++++++ 3 files changed, 125 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index b3d53d34a..6167f567c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -378,6 +378,31 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) +/** + * \brief The data structure holding the cryptographic material (key and IV) + * used for record protection in TLS 1.3. + */ +struct mbedtls_ssl_key_set +{ + /*! The key for client->server records. */ + unsigned char client_write_key[ MBEDTLS_MAX_KEY_LENGTH ]; + /*! The key for server->client records. */ + unsigned char server_write_key[ MBEDTLS_MAX_KEY_LENGTH ]; + /*! The IV for client->server records. */ + unsigned char client_write_iv[ MBEDTLS_MAX_IV_LENGTH ]; + /*! The IV for server->client records. */ + unsigned char server_write_iv[ MBEDTLS_MAX_IV_LENGTH ]; + + size_t keyLen; /*!< The length of client_write_key and + * server_write_key, in Bytes. */ + size_t ivLen; /*!< The length of client_write_iv and + * server_write_iv, in Bytes. */ +}; +typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* * This structure contains the parameters only needed during handshake. */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 448d03a61..4b07aa7f4 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -26,6 +26,7 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #include "mbedtls/hkdf.h" +#include "mbedtls/ssl_internal.h" #include "ssl_tls13_keys.h" #include @@ -179,4 +180,67 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label( buf, blen ) ); } +/* + * The traffic keying material is generated from the following inputs: + * + * - One secret value per sender. + * - A purpose value indicating the specific value being generated + * - The desired lengths of key and IV. + * + * The expansion itself is based on HKDF: + * + * [sender]_write_key = HKDF-Expand-Label( Secret, "key", "", key_length ) + * [sender]_write_iv = HKDF-Expand-Label( Secret, "iv" , "", iv_length ) + * + * [sender] denotes the sending side and the Secret value is provided + * by the function caller. Note that we generate server and client side + * keys in a single function call. + */ +int mbedtls_ssl_tls1_3_make_traffic_keys( + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t keyLen, size_t ivLen, + mbedtls_ssl_key_set *keys ) +{ + int ret = 0; + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), + NULL, 0, + keys->client_write_key, keyLen ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), + NULL, 0, + keys->server_write_key, keyLen ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), + NULL, 0, + keys->client_write_iv, ivLen ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), + NULL, 0, + keys->server_write_iv, ivLen ); + if( ret != 0 ) + return( ret ); + + keys->keyLen = keyLen; + keys->ivLen = ivLen; + + return( 0 ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 49f412113..996a1c79f 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -101,6 +101,42 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label( const unsigned char *ctx, size_t clen, unsigned char *buf, size_t blen ); +/** + * \brief This function is part of the TLS 1.3 key schedule. + * It extracts key and IV for the actual client/server traffic + * from the client/server traffic secrets. + * + * From RFC 8446: + * + * + * [sender]_write_key = HKDF-Expand-Label(Secret, "key", "", key_length) + * [sender]_write_iv = HKDF-Expand-Label(Secret, "iv", "", iv_length)* + * + * + * \param hash_alg The identifier for the hash algorithm to be used + * for the HKDF-based expansion of the secret. + * \param client_secret The client traffic secret. + * This must be a readable buffer of size \p slen Bytes + * \param server_secret The server traffic secret. + * This must be a readable buffer of size \p slen Bytes + * \param slen Length of the secrets \p client_secret and + * \p server_secret in Bytes. + * \param keyLen The desired length of the key to be extracted in Bytes. + * \param ivLen The desired length of the IV to be extracted in Bytes. + * \param keys The address of the structure holding the generated + * keys and IVs. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ + +int mbedtls_ssl_tls1_3_make_traffic_keys( + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t keyLen, size_t ivLen, + mbedtls_ssl_key_set *keys ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ From 19498f8fbd0a525edf191355bf4cbeabde5ddd87 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 21 Aug 2020 13:37:08 +0100 Subject: [PATCH 144/488] Add test vectors for TLS 1.3 traffic key generation Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 12 ++++++++ tests/suites/test_suite_ssl.function | 46 ++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 257e3cf22..a14925c6e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10454,6 +10454,18 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01" +SSL TLS 1.3 Key schedule: Traffic key generation #1 +# Vector from TLS 1.3 Byte by Byte ((https://tls13.ulfheim.net/) +# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" + +SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448) +# Vector RFC 8448 +# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" + SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8f5c9edda..36f10ca61 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3696,6 +3696,52 @@ void ssl_tls1_3_hkdf_expand_label( int hash_alg, } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_traffic_key_generation( int hash_alg, + data_t *server_secret, + data_t *client_secret, + int desired_iv_len, + int desired_key_len, + data_t *expected_server_write_key, + data_t *expected_server_write_iv, + data_t *expected_client_write_key, + data_t *expected_client_write_iv ) +{ + mbedtls_ssl_key_set keys; + + /* Check sanity of test parameters. */ + TEST_ASSERT( client_secret->len == server_secret->len ); + TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len && + expected_client_write_iv->len == (size_t) desired_iv_len ); + TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len && + expected_client_write_key->len == (size_t) desired_key_len ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_make_traffic_keys( + (mbedtls_md_type_t) hash_alg, + client_secret->x, + server_secret->x, + client_secret->len /* == server_secret->len */, + desired_key_len, desired_iv_len, + &keys ) == 0 ); + + TEST_ASSERT( keys.keyLen == (size_t) desired_key_len ); + TEST_ASSERT( keys.ivLen == (size_t) desired_iv_len ); + + TEST_ASSERT( memcmp( keys.client_write_key, + expected_client_write_key->x, + desired_key_len ) == 0 ); + TEST_ASSERT( memcmp( keys.server_write_key, + expected_server_write_key->x, + desired_key_len ) == 0 ); + TEST_ASSERT( memcmp( keys.client_write_iv, + expected_client_write_iv->x, + desired_iv_len ) == 0 ); + TEST_ASSERT( memcmp( keys.server_write_iv, + expected_server_write_iv->x, + desired_iv_len ) == 0 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ssl_tls_prf( int type, data_t * secret, data_t * random, char *label, data_t *result_hex_str, int exp_ret ) From b35d52240b2b466b9f493f288cae900ec7cc0182 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 21 Aug 2020 13:27:44 +0100 Subject: [PATCH 145/488] Implement TLS 1.3 key derivation function Derive-Secret Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 42 +++++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 45 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 4b07aa7f4..d9d5d9846 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -243,4 +243,46 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( return( 0 ); } +int mbedtls_ssl_tls1_3_derive_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int context_already_hashed, + unsigned char *dstbuf, size_t buflen ) +{ + int ret; + unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ]; + + const mbedtls_md_info_t *md; + md = mbedtls_md_info_from_type( hash_alg ); + if( md == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + if( context_already_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) + { + ret = mbedtls_md( md, ctx, clen, hashed_context ); + if( ret != 0 ) + return( ret ); + clen = mbedtls_md_get_size( md ); + } + else + { + /* This should never happen since this function is internal + * and the code sets `context_already_hashed` correctly. + * Let's double-check nonetheless to not run at the risk + * of getting a stack overflow. */ + if( clen > sizeof(hashed_context) ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + memcpy( hashed_context, ctx, clen ); + } + + return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, + secret, slen, + label, llen, + hashed_context, clen, + dstbuf, buflen ) ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 996a1c79f..c877c06d4 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -137,6 +137,51 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( size_t slen, size_t keyLen, size_t ivLen, mbedtls_ssl_key_set *keys ); +/** + * \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446. + * + * + * Derive-Secret( Secret, Label, Messages ) = + * HKDF-Expand-Label( Secret, Label, + * Hash( Messages ), + * Hash.Length ) ) + * + * + * Note: In this implementation of the function we assume that + * the parameter message contains the already hashed value and + * the Derive-Secret function does not need to hash it again. + * + * \param hash_alg The identifier for the hash function used for the + * applications of HKDF. + * \param secret The \c Secret argument to the \c Derive-Secret function. + * This must be a readable buffer of length \p slen Bytes. + * \param slen The length of \p secret in Bytes. + * \param label The \c Label argument to the \c Derive-Secret function. + * This must be a readable buffer of length \p llen Bytes. + * \param llen The length of \p label in Bytes. + * \param hash The hash of the \c Messages argument to the \c Derive-Secret + * function. This must be a readable buffer of length \p mlen + * hlen Bytes. + * \param hlen The length of \p hash. + * \param dstbuf The target buffer to write the output of \c Derive-Secret to. + * This must be a writable buffer of size \p buflen Bytes. + * \param buflen The length of \p dstbuf in Bytes. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ + +#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 +#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1 + +int mbedtls_ssl_tls1_3_derive_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int context_already_hashed, + unsigned char *dstbuf, size_t buflen ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ From e4849d10a6416037f0df7a5d0927d40708ee5d44 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 21 Aug 2020 14:14:14 +0100 Subject: [PATCH 146/488] Add test vectors for TLS 1.3 Derive-Secret Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 16 ++++++++++++++++ tests/suites/test_suite_ssl.function | 27 +++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a14925c6e..4db9cfed1 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10466,6 +10466,22 @@ SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448) depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" +SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Derive-Secret( Early-Secret, "derived", "") +# Tests the case where context isn't yet hashed (empty string here, +# but still needs to be hashed) +# 64657269766564 = hex("derived") +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"64657269766564":"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Derive-Secret( MasterSecret, "s ap traffic", hash) +# Tests the case where context is already hashed +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":"732061702074726166666963":"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" + SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 36f10ca61..b488b23b0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3742,6 +3742,33 @@ void ssl_tls1_3_traffic_key_generation( int hash_alg, } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_derive_secret( int hash_alg, + data_t *secret, + data_t *label, + data_t *ctx, + int desired_length, + int already_hashed, + data_t *expected ) +{ + unsigned char dst[ 100 ]; + + /* Check sanity of test parameters. */ + TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); + TEST_ASSERT( (size_t) desired_length == expected->len ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret( + (mbedtls_md_type_t) hash_alg, + secret->x, secret->len, + label->x, label->len, + ctx->x, ctx->len, + already_hashed, + dst, desired_length ) == 0 ); + + TEST_ASSERT( memcmp( dst, expected->x, desired_length ) == 0 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ssl_tls_prf( int type, data_t * secret, data_t * random, char *label, data_t *result_hex_str, int exp_ret ) From e9cccb440ce99d12f7ac65b7402e8ba40568c9c1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Aug 2020 13:42:46 +0100 Subject: [PATCH 147/488] Implement TLS 1.3 key evolution function Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 62 ++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 73 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index d9d5d9846..1d614556a 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -285,4 +285,66 @@ int mbedtls_ssl_tls1_3_derive_secret( dstbuf, buflen ) ); } +int mbedtls_ssl_tls1_3_evolve_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new ) +{ + int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + size_t hlen, ilen; + unsigned char _secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + unsigned char _input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + + const mbedtls_md_info_t *md; + md = mbedtls_md_info_from_type( hash_alg ); + if( md == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + hlen = mbedtls_md_get_size( md ); + + /* For non-initial runs, call Derive-Secret( ., "derived", "") + * on the old secreet. */ + if( secret_old != NULL ) + { + ret = mbedtls_ssl_tls1_3_derive_secret( + hash_alg, + secret_old, hlen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ), + NULL, 0, /* context */ + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + _secret, hlen ); + if( ret != 0 ) + goto cleanup; + } + + if( input != NULL ) + { + memcpy( _input, input, input_len ); + ilen = input_len; + } + else + { + ilen = hlen; + } + + /* HKDF-Extract takes a salt and input key material. + * The salt is the old secret, and the input key material + * is the input secret (PSK / ECDHE). */ + ret = mbedtls_hkdf_extract( md, + _secret, hlen, + _input, ilen, + secret_new ); + if( ret != 0 ) + goto cleanup; + + ret = 0; + + cleanup: + + mbedtls_platform_zeroize( _secret, sizeof(_secret) ); + mbedtls_platform_zeroize( _input, sizeof(_input) ); + return( ret ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index c877c06d4..a35e08597 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -182,6 +182,79 @@ int mbedtls_ssl_tls1_3_derive_secret( int context_already_hashed, unsigned char *dstbuf, size_t buflen ); +/** + * \brief Compute the next secret in the TLS 1.3 key schedule + * + * The TLS 1.3 key schedule proceeds as follows to compute + * the three main secrets during the handshake: The early + * secret for early data, the handshake secret for all + * other encrypted handshake messages, and the master + * secret for all application traffic. + * + * + * 0 + * | + * v + * PSK -> HKDF-Extract = Early Secret + * | + * v + * Derive-Secret( ., "derived", "" ) + * | + * v + * (EC)DHE -> HKDF-Extract = Handshake Secret + * | + * v + * Derive-Secret( ., "derived", "" ) + * | + * v + * 0 -> HKDF-Extract = Master Secret + * + * + * Each of the three secrets in turn is the basis for further + * key derivations, such as the derivation of traffic keys and IVs; + * see e.g. mbedtls_ssl_tls1_3_make_traffic_keys(). + * + * This function implements one step in this evolution of secrets: + * + * + * old_secret + * | + * v + * Derive-Secret( ., "derived", "" ) + * | + * v + * input -> HKDF-Extract = new_secret + * + * + * \param hash_alg The identifier for the hash function used for the + * applications of HKDF. + * \param secret_old The address of the buffer holding the old secret + * on function entry. If not \c NULL, this must be a + * readable buffer whose size matches the output size + * of the hash function represented by \p hash_alg. + * If \c NULL, an all \c 0 array will be used instead. + * \param input The address of the buffer holding the additional + * input for the key derivation (e.g., the PSK or the + * ephemeral (EC)DH secret). If not \c NULL, this must be + * a readable buffer whose size \p input_len Bytes. + * If \c NULL, an all \c 0 array will be used instead. + * \param input_len The length of \p input in Bytes. + * \param secret_new The address of the buffer holding the new secret + * on function exit. This must be a writable buffer + * whose size matches the output size of the hash + * function represented by \p hash_alg. + * This may be the same as \p secret_old. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ + +int mbedtls_ssl_tls1_3_evolve_secret( + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new ); + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ From 2d2c3eb687b90a788c04a037550bac905bbaf326 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Aug 2020 14:54:24 +0100 Subject: [PATCH 148/488] Add tests for TLS 1.3 key evolution function Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 18 ++++++++++++++++++ tests/suites/test_suite_ssl.function | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 4db9cfed1..0dd445508 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10398,6 +10398,24 @@ Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255 depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255 +SSL TLS 1.3 Key schedule: Secret evolution #1 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Initial secret to Early Secret +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a" + +SSL TLS 1.3 Key schedule: Secret evolution #2 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Early secret to Handshake Secret +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a" + +SSL TLS 1.3 Key schedule: Secret evolution #3 +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) +# Handshake secret to Master Secret +depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" + SSL TLS 1.3 Key schedule: HKDF Expand Label #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic key diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b488b23b0..e0588f7f7 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3769,6 +3769,24 @@ void ssl_tls1_3_derive_secret( int hash_alg, } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_key_evolution( int hash_alg, + data_t *secret, + data_t *input, + data_t *expected ) +{ + unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ]; + + TEST_ASSERT( mbedtls_ssl_tls1_3_evolve_secret( + (mbedtls_md_type_t) hash_alg, + secret->len ? secret->x : NULL, + input->len ? input->x : NULL, input->len, + secret_new ) == 0 ); + + TEST_ASSERT( memcmp( secret_new, expected->x, expected->len ) == 0 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ssl_tls_prf( int type, data_t * secret, data_t * random, char *label, data_t *result_hex_str, int exp_ret ) From b11c3097a57ce51d2ab1eb87c4c77ad6d1b1cf6b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 10 Aug 2020 17:00:19 +0100 Subject: [PATCH 149/488] Update state of TLS 1.3 functionality in architecture document Signed-off-by: Hanno Becker --- docs/architecture/tls13-experimental.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md index bcf3e34f9..3db16e0a6 100644 --- a/docs/architecture/tls13-experimental.md +++ b/docs/architecture/tls13-experimental.md @@ -38,3 +38,12 @@ together with their level of testing: - The HKDF key derivation function on which the TLS 1.3 key schedule is based, is already present as an independent module controlled by `MBEDTLS_HKDF_C` independently of the development of the TLS 1.3 prototype. + +- The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446): + * HKDF-Expand-Label + * Derive-Secret + - Secret evolution + * The traffic {Key,IV} generation from secret + Those functions are implemented in `library/ssl_tls13_keys.c` and + tested in `test_suite_ssl` using test vectors from RFC 8448 and + https://tls13.ulfheim.net/. From 58c5cea73b7763f714f056263a40da56aeb84ca5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:31:33 +0100 Subject: [PATCH 150/488] Include common.h from ssl_tls13_keys.c `common.h` takes care of the logic of chosing the correct configuration file, so we don't need to replicate it in each source file. Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 1d614556a..53044baed 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -17,11 +17,7 @@ * limitations under the License. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) From 1981cb2972548ffe33953b70a2c65d3730f683b2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:36:29 +0100 Subject: [PATCH 151/488] Use uniform naming for TLS 1.3 label fields Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 53044baed..20cca3103 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -35,7 +35,7 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = .finished = "finished", .resumption = "resumption", .traffic_upd = "traffic upd", - .export = "exporter", + .exporter = "exporter", .key = "key", .iv = "iv", .sn = "sn", From e4435ea777bbecc453c447e0785cffea7bb27f2e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:43:52 +0100 Subject: [PATCH 152/488] Introduce TLS 1.3 labels in a single place Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 24 ++++++--------------- library/ssl_tls13_keys.h | 46 +++++++++++++++++++++++----------------- 2 files changed, 33 insertions(+), 37 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 20cca3103..c985aafb5 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -28,30 +28,18 @@ #include #include +#define LABEL( name, string ) \ + .name = string, + struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = { /* This seems to work in C, despite the string literal being one * character too long due to the 0-termination. */ - .finished = "finished", - .resumption = "resumption", - .traffic_upd = "traffic upd", - .exporter = "exporter", - .key = "key", - .iv = "iv", - .sn = "sn", - .c_hs_traffic = "c hs traffic", - .c_ap_traffic = "c ap traffic", - .c_e_traffic = "c e traffic", - .s_hs_traffic = "s hs traffic", - .s_ap_traffic = "s ap traffic", - .s_e_traffic = "s e traffic", - .exp_master = "exp master", - .res_master = "res master", - .ext_binder = "ext binder", - .res_binder = "res binder", - .derived = "derived" + MBEDTLS_SSL_TLS1_3_LABEL_LIST }; +#undef LABEL + /* * This function creates a HkdfLabel structure used in the TLS 1.3 key schedule. * diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index a35e08597..9efeb0458 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -20,25 +20,31 @@ #define MBEDTLS_SSL_TLS1_3_KEYS_H #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - const unsigned char finished [ sizeof("finished") - 1 ]; \ - const unsigned char resumption [ sizeof("resumption") - 1 ]; \ - const unsigned char traffic_upd [ sizeof("traffic upd") - 1 ]; \ - const unsigned char export [ sizeof("exporter") - 1 ]; \ - const unsigned char key [ sizeof("key") - 1 ]; \ - const unsigned char iv [ sizeof("iv") - 1 ]; \ - const unsigned char sn [ sizeof("sn") - 1 ]; \ - const unsigned char c_hs_traffic[ sizeof("c hs traffic") - 1 ]; \ - const unsigned char c_ap_traffic[ sizeof("c ap traffic") - 1 ]; \ - const unsigned char c_e_traffic [ sizeof("c e traffic") - 1 ]; \ - const unsigned char s_hs_traffic[ sizeof("s hs traffic") - 1 ]; \ - const unsigned char s_ap_traffic[ sizeof("s ap traffic") - 1 ]; \ - const unsigned char s_e_traffic [ sizeof("s e traffic") - 1 ]; \ - const unsigned char exp_master [ sizeof("exp master") - 1 ]; \ - const unsigned char res_master [ sizeof("res master") - 1 ]; \ - const unsigned char ext_binder [ sizeof("ext binder") - 1 ]; \ - const unsigned char res_binder [ sizeof("res binder") - 1 ]; \ - const unsigned char derived [ sizeof("derived") - 1 ]; \ + +/* This requires LABEL( name, string ) to be defined at the point of use. + * See e.g. the definition of mbedtls_ssl_tls1_3_labels_union below. */ +#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ + LABEL( finished , "finished" ) \ + LABEL( resumption , "resumption" ) \ + LABEL( traffic_upd , "traffic upd" ) \ + LABEL( export , "exporter" ) \ + LABEL( key , "key" ) \ + LABEL( iv , "iv" ) \ + LABEL( sn , "sn" ) \ + LABEL( c_hs_traffic, "c hs traffic" ) \ + LABEL( c_ap_traffic, "c ap traffic" ) \ + LABEL( c_e_traffic , "c e traffic" ) \ + LABEL( s_hs_traffic, "s hs traffic" ) \ + LABEL( s_ap_traffic, "s ap traffic" ) \ + LABEL( s_e_traffic , "s e traffic" ) \ + LABEL( exp_master , "exp master" ) \ + LABEL( res_master , "res master" ) \ + LABEL( ext_binder , "ext binder" ) \ + LABEL( res_binder , "res binder" ) \ + LABEL( derived , "derived" ) + +#define LABEL( name, string ) \ + const unsigned char name [ sizeof(string) - 1 ]; union mbedtls_ssl_tls1_3_labels_union { @@ -48,6 +54,8 @@ struct mbedtls_ssl_tls1_3_labels_struct { MBEDTLS_SSL_TLS1_3_LABEL_LIST }; +#undef LABEL + extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; #define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \ From 9cb0a146f1621a3a4132e71ef61ef69fbc87b72a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:48:14 +0100 Subject: [PATCH 153/488] Remove duplicated computation of TLS 1.3 HKDF label length Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index c985aafb5..a899b7b9f 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -73,12 +73,17 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = * the HkdfLabel structure on success. */ -#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ +#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \ ( 2 /* expansion length */ \ + 1 /* label length */ \ - + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ + + label_len \ + 1 /* context length */ \ - + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) + + context_len ) + +#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ + SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ + MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) static void ssl_tls1_3_hkdf_encode_label( size_t desired_length, @@ -89,11 +94,7 @@ static void ssl_tls1_3_hkdf_encode_label( const char label_prefix[6] = { 't', 'l', 's', '1', '3', ' ' }; size_t total_label_len = sizeof( label_prefix ) + llen; size_t total_hkdf_lbl_len = - 2 /* length of expanded key material */ - + 1 /* label length */ - + total_label_len /* actual label, incl. prefix */ - + 1 /* context length */ - + clen; /* actual context */ + SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen ); unsigned char *p = dst; From 939bb4d8f6f10dd79f8fec3f6b1b4b8a9d4fd928 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:48:55 +0100 Subject: [PATCH 154/488] Initialize TLS 1.3 label prefix with string literal This is in line with how the entries of the TLS 1.3 label structure `mbedtls_ssl_tls1_3_labels` are initialized. Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a899b7b9f..76c939846 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -91,7 +91,7 @@ static void ssl_tls1_3_hkdf_encode_label( const unsigned char *ctx, size_t clen, unsigned char *dst, size_t *dlen ) { - const char label_prefix[6] = { 't', 'l', 's', '1', '3', ' ' }; + const char label_prefix[6] = "tls13 "; size_t total_label_len = sizeof( label_prefix ) + llen; size_t total_hkdf_lbl_len = SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen ); From 73c825ae4fb6a83f2986d7adb2c21122fb548403 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:52:58 +0100 Subject: [PATCH 155/488] Shorten include path in test_suite_ssl.function Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e0588f7f7..8a24320f0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -6,7 +6,7 @@ #include #include #include -#include <../library/ssl_tls13_keys.h> +#include #include From f376cee8b4bf2078025188c01c7fa5b050b31b26 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:53:45 +0100 Subject: [PATCH 156/488] Remove redundant dependency in TLS 1.3 key generation tests The relevant test functions are already marked as depending on `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`, so there's no need to re-state this dependency for each test case. Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 0dd445508..e896c019f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10407,81 +10407,69 @@ ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"":"":"33ad0a1c607ec03b09e6cd9893680c SSL TLS 1.3 Key schedule: Secret evolution #2 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Early secret to Handshake Secret -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624":"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a" SSL TLS 1.3 Key schedule: Secret evolution #3 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Handshake secret to Master Secret -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_key_evolution:MBEDTLS_MD_SHA256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" SSL TLS 1.3 Key schedule: HKDF Expand Label #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6b6579":"":16:"844780a7acad9f980fa25c114e43402a" SSL TLS 1.3 Key schedule: HKDF Expand Label #2 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6976":"":12:"4c042ddc120a38d1417fc815" SSL TLS 1.3 Key schedule: HKDF Expand Label #3 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6b6579":"":16:"7154f314e6be7dc008df2c832baa1d39" SSL TLS 1.3 Key schedule: HKDF Expand Label #4 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6976":"":12:"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6976":"":12:"5d313eb2671276ee13000b30" SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic Key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6b6579":"":16:"3fce516009c21727d0f2e4e86ee403bc" SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6976":"":12:"5bd3c71b836e0b76bb73265f" SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic Key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01" SSL TLS 1.3 Key schedule: Traffic key generation #1 # Vector from TLS 1.3 Byte by Byte ((https://tls13.ulfheim.net/) # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448) # Vector RFC 8448 # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") @@ -10490,14 +10478,12 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") # Tests the case where context isn't yet hashed (empty string here, # but still needs to be hashed) # 64657269766564 = hex("derived") -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"64657269766564":"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Derive-Secret( MasterSecret, "s ap traffic", hash) # Tests the case where context is already hashed -depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":"732061702074726166666963":"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE From fb08096b9b477a461d0c81d7a35455d86a0ec723 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 10:58:42 +0100 Subject: [PATCH 157/488] Use ASSERT_COMPARE instead of TEST_ASSERT( memcmp( ... ) == 0 ) Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.function | 40 +++++++++++++++------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8a24320f0..6a2871f8b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3692,7 +3692,8 @@ void ssl_tls1_3_hkdf_expand_label( int hash_alg, ctx->x, ctx->len, dst, desired_length ) == 0 ); - TEST_ASSERT( memcmp( dst, expected->x, desired_length ) == 0 ); + ASSERT_COMPARE( dst, (size_t) desired_length, + expected->x, (size_t) expected->len ); } /* END_CASE */ @@ -3724,21 +3725,22 @@ void ssl_tls1_3_traffic_key_generation( int hash_alg, desired_key_len, desired_iv_len, &keys ) == 0 ); - TEST_ASSERT( keys.keyLen == (size_t) desired_key_len ); - TEST_ASSERT( keys.ivLen == (size_t) desired_iv_len ); - - TEST_ASSERT( memcmp( keys.client_write_key, - expected_client_write_key->x, - desired_key_len ) == 0 ); - TEST_ASSERT( memcmp( keys.server_write_key, - expected_server_write_key->x, - desired_key_len ) == 0 ); - TEST_ASSERT( memcmp( keys.client_write_iv, - expected_client_write_iv->x, - desired_iv_len ) == 0 ); - TEST_ASSERT( memcmp( keys.server_write_iv, - expected_server_write_iv->x, - desired_iv_len ) == 0 ); + ASSERT_COMPARE( keys.client_write_key, + keys.keyLen, + expected_client_write_key->x, + (size_t) desired_key_len ); + ASSERT_COMPARE( keys.server_write_key, + keys.keyLen, + expected_server_write_key->x, + (size_t) desired_key_len ); + ASSERT_COMPARE( keys.client_write_iv, + keys.ivLen, + expected_client_write_iv->x, + (size_t) desired_iv_len ); + ASSERT_COMPARE( keys.server_write_iv, + keys.ivLen, + expected_server_write_iv->x, + (size_t) desired_iv_len ); } /* END_CASE */ @@ -3765,7 +3767,8 @@ void ssl_tls1_3_derive_secret( int hash_alg, already_hashed, dst, desired_length ) == 0 ); - TEST_ASSERT( memcmp( dst, expected->x, desired_length ) == 0 ); + ASSERT_COMPARE( dst, desired_length, + expected->x, desired_length ); } /* END_CASE */ @@ -3783,7 +3786,8 @@ void ssl_tls1_3_key_evolution( int hash_alg, input->len ? input->x : NULL, input->len, secret_new ) == 0 ); - TEST_ASSERT( memcmp( secret_new, expected->x, expected->len ) == 0 ); + ASSERT_COMPARE( secret_new, (size_t) expected->len, + expected->x, (size_t) expected->len ); } /* END_CASE */ From 493ea7f4ae7afa79b8be7a7bd23767abed03014e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 11:01:00 +0100 Subject: [PATCH 158/488] Remove instances of camelCase in TLS 1.3 key schedule Signed-off-by: Hanno Becker --- include/mbedtls/ssl_internal.h | 8 ++++---- library/ssl_tls13_keys.c | 14 +++++++------- library/ssl_tls13_keys.h | 6 +++--- tests/suites/test_suite_ssl.function | 8 ++++---- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 6167f567c..617bdc74f 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -395,10 +395,10 @@ struct mbedtls_ssl_key_set /*! The IV for server->client records. */ unsigned char server_write_iv[ MBEDTLS_MAX_IV_LENGTH ]; - size_t keyLen; /*!< The length of client_write_key and - * server_write_key, in Bytes. */ - size_t ivLen; /*!< The length of client_write_iv and - * server_write_iv, in Bytes. */ + size_t key_len; /*!< The length of client_write_key and + * server_write_key, in Bytes. */ + size_t iv_len; /*!< The length of client_write_iv and + * server_write_iv, in Bytes. */ }; typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 76c939846..c334dbca6 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -185,7 +185,7 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( mbedtls_md_type_t hash_alg, const unsigned char *client_secret, const unsigned char *server_secret, - size_t slen, size_t keyLen, size_t ivLen, + size_t slen, size_t key_len, size_t iv_len, mbedtls_ssl_key_set *keys ) { int ret = 0; @@ -194,7 +194,7 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( client_secret, slen, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), NULL, 0, - keys->client_write_key, keyLen ); + keys->client_write_key, key_len ); if( ret != 0 ) return( ret ); @@ -202,7 +202,7 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( server_secret, slen, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), NULL, 0, - keys->server_write_key, keyLen ); + keys->server_write_key, key_len ); if( ret != 0 ) return( ret ); @@ -210,7 +210,7 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( client_secret, slen, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), NULL, 0, - keys->client_write_iv, ivLen ); + keys->client_write_iv, iv_len ); if( ret != 0 ) return( ret ); @@ -218,12 +218,12 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( server_secret, slen, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), NULL, 0, - keys->server_write_iv, ivLen ); + keys->server_write_iv, iv_len ); if( ret != 0 ) return( ret ); - keys->keyLen = keyLen; - keys->ivLen = ivLen; + keys->key_len = key_len; + keys->iv_len = iv_len; return( 0 ); } diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 9efeb0458..62e94d360 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -129,8 +129,8 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label( * This must be a readable buffer of size \p slen Bytes * \param slen Length of the secrets \p client_secret and * \p server_secret in Bytes. - * \param keyLen The desired length of the key to be extracted in Bytes. - * \param ivLen The desired length of the IV to be extracted in Bytes. + * \param key_len The desired length of the key to be extracted in Bytes. + * \param iv_len The desired length of the IV to be extracted in Bytes. * \param keys The address of the structure holding the generated * keys and IVs. * @@ -142,7 +142,7 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( mbedtls_md_type_t hash_alg, const unsigned char *client_secret, const unsigned char *server_secret, - size_t slen, size_t keyLen, size_t ivLen, + size_t slen, size_t key_len, size_t iv_len, mbedtls_ssl_key_set *keys ); /** diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6a2871f8b..58abef846 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3726,19 +3726,19 @@ void ssl_tls1_3_traffic_key_generation( int hash_alg, &keys ) == 0 ); ASSERT_COMPARE( keys.client_write_key, - keys.keyLen, + keys.key_len, expected_client_write_key->x, (size_t) desired_key_len ); ASSERT_COMPARE( keys.server_write_key, - keys.keyLen, + keys.key_len, expected_server_write_key->x, (size_t) desired_key_len ); ASSERT_COMPARE( keys.client_write_iv, - keys.ivLen, + keys.iv_len, expected_client_write_iv->x, (size_t) desired_iv_len ); ASSERT_COMPARE( keys.server_write_iv, - keys.ivLen, + keys.iv_len, expected_server_write_iv->x, (size_t) desired_iv_len ); } From ab2ce23f92df2d90dcc9a81fac0cf9621fea9713 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 11:09:32 +0100 Subject: [PATCH 159/488] Fix typo in SSL test suite Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index e896c019f..8a2b96a03 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10463,7 +10463,7 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01" SSL TLS 1.3 Key schedule: Traffic key generation #1 -# Vector from TLS 1.3 Byte by Byte ((https://tls13.ulfheim.net/) +# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268" From 00debc734b18bad0e9d7a1e4b5bf969add448d6e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 11:12:24 +0100 Subject: [PATCH 160/488] Minor improvement in ssl_tls13_keys.c Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index c334dbca6..8725d1495 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -111,7 +111,7 @@ static void ssl_tls1_3_hkdf_encode_label( /* Add context value */ *p++ = (unsigned char)( clen & 0xFF ); - if( ctx != NULL ) + if( clen != 0 ) memcpy( p, ctx, clen ); /* Return total length to the caller. */ From 815869ac9c5d04d81095d1919cbb1adb84e8f9e2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 11:16:16 +0100 Subject: [PATCH 161/488] Improve documentation of ssl_tls1_3_hkdf_encode_label() Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 8725d1495..ec2fe3b23 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -62,6 +62,8 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = * The label length MUST be * <= MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN * It is the caller's responsiblity to ensure this. + * All (label, label length) pairs used in TLS 1.3 + * can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(). * - (ctx, clen): context + context length * The context length MUST be * <= MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN From 1588983ef0828df82a71db33b5ed5eeb574c94bc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 11:29:11 +0100 Subject: [PATCH 162/488] Introduce macros for max-{IV,block,key}-size for ciphers used in TLS See the documentation in ssl_internal.h that this commit introduces for more information. Signed-off-by: Hanno Becker --- include/mbedtls/cipher.h | 13 ++++++++++--- include/mbedtls/ssl_internal.h | 30 ++++++++++++++++++++++++++---- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 8a6c8ebdb..8827e0b79 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -227,17 +227,24 @@ enum { }; /** Maximum length of any IV, in Bytes. */ -/* This should ideally be derived automatically from list of ciphers. */ +/* This should ideally be derived automatically from list of ciphers. + * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined + * in ssl_internal.h. */ #define MBEDTLS_MAX_IV_LENGTH 16 /** Maximum block size of any cipher, in Bytes. */ -/* This should ideally be derived automatically from list of ciphers. */ +/* This should ideally be derived automatically from list of ciphers. + * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined + * in ssl_internal.h. */ #define MBEDTLS_MAX_BLOCK_LENGTH 16 /** Maximum key length, in Bytes. */ /* This should ideally be derived automatically from list of ciphers. * For now, only check whether XTS is enabled which uses 64 Byte keys, - * and use 32 Bytes as an upper bound for the maximum key length otherwise. */ + * and use 32 Bytes as an upper bound for the maximum key length otherwise. + * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined + * in ssl_internal.h, which however deliberately ignores the case of XTS + * since the latter isn't used in SSL/TLS. */ #if defined(MBEDTLS_CIPHER_MODE_XTS) #define MBEDTLS_MAX_KEY_LENGTH 64 #else diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 617bdc74f..2c30855f5 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -379,7 +379,29 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ); +/* cipher.h exports the maximum IV, key and block length from all + * all ciphers enabled in the config, regardless of whether those + * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled + * in the default configuration and uses 64 Byte keys, but it is + * not used for record protection in SSL/TLS. + * + * In order to prevent unnecessary inflation of key structures, + * we introduce SSL-specific variants of the max-{key,block,IV} + * macros here which are meant to only take those ciphers into + * account which can be negotiated in SSL/TLS. + * + * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH + * in cipher.h are rough overapproximations of the real maxima, here + * we content ourselves with defining replicating those overapproximations + * for the maximum block and IV length, and excluding XTS from the + * computation of the maximum key length. */ +#define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16 +#define MBEDTLS_SSL_MAX_IV_LENGTH 16 +#define MBEDTLS_SSL_MAX_KEY_LENGTH 32 + + #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + /** * \brief The data structure holding the cryptographic material (key and IV) * used for record protection in TLS 1.3. @@ -387,13 +409,13 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, struct mbedtls_ssl_key_set { /*! The key for client->server records. */ - unsigned char client_write_key[ MBEDTLS_MAX_KEY_LENGTH ]; + unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; /*! The key for server->client records. */ - unsigned char server_write_key[ MBEDTLS_MAX_KEY_LENGTH ]; + unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; /*! The IV for client->server records. */ - unsigned char client_write_iv[ MBEDTLS_MAX_IV_LENGTH ]; + unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; /*! The IV for server->client records. */ - unsigned char server_write_iv[ MBEDTLS_MAX_IV_LENGTH ]; + unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ]; size_t key_len; /*!< The length of client_write_key and * server_write_key, in Bytes. */ From a3a5a4e1f9fd57364c34ddb42aba00db7b78df95 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Sep 2020 11:33:48 +0100 Subject: [PATCH 163/488] Please check-names.sh Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 4 ++-- library/ssl_tls13_keys.h | 45 ++++++++++++++++++++-------------------- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ec2fe3b23..7befbeaee 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -28,7 +28,7 @@ #include #include -#define LABEL( name, string ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = @@ -38,7 +38,7 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = MBEDTLS_SSL_TLS1_3_LABEL_LIST }; -#undef LABEL +#undef MBEDTLS_SSL_TLS1_3_LABEL /* * This function creates a HkdfLabel structure used in the TLS 1.3 key schedule. diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 62e94d360..2b15859ea 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -21,29 +21,30 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -/* This requires LABEL( name, string ) to be defined at the point of use. - * See e.g. the definition of mbedtls_ssl_tls1_3_labels_union below. */ +/* This requires MBEDTLS_SSL_TLS1_3_LABEL( name, string ) to be defined at + * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union + * below. */ #define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - LABEL( finished , "finished" ) \ - LABEL( resumption , "resumption" ) \ - LABEL( traffic_upd , "traffic upd" ) \ - LABEL( export , "exporter" ) \ - LABEL( key , "key" ) \ - LABEL( iv , "iv" ) \ - LABEL( sn , "sn" ) \ - LABEL( c_hs_traffic, "c hs traffic" ) \ - LABEL( c_ap_traffic, "c ap traffic" ) \ - LABEL( c_e_traffic , "c e traffic" ) \ - LABEL( s_hs_traffic, "s hs traffic" ) \ - LABEL( s_ap_traffic, "s ap traffic" ) \ - LABEL( s_e_traffic , "s e traffic" ) \ - LABEL( exp_master , "exp master" ) \ - LABEL( res_master , "res master" ) \ - LABEL( ext_binder , "ext binder" ) \ - LABEL( res_binder , "res binder" ) \ - LABEL( derived , "derived" ) + MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( export , "exporter" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( sn , "sn" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) -#define LABEL( name, string ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ const unsigned char name [ sizeof(string) - 1 ]; union mbedtls_ssl_tls1_3_labels_union @@ -54,7 +55,7 @@ struct mbedtls_ssl_tls1_3_labels_struct { MBEDTLS_SSL_TLS1_3_LABEL_LIST }; -#undef LABEL +#undef MBEDTLS_SSL_TLS1_3_LABEL extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; From 2ec2eaac312f782f3ccdf5b69d01e64d40aa2c90 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 24 Aug 2020 18:29:15 -0700 Subject: [PATCH 164/488] Fix test issues with depends-hashes Needed to make additional fixes so that when MBEDTLS_USE_PSA_CRYPTO is defined, the depends-hashes test will succeed. There are two versions of the ecdsa_verify_wrap() function, one with MBEDTLS_USE_PSA_CRYPTO and when when it is not enabled. The non PSA version is not using the md_alg parameter since it is not required. The PSA version was using that parameter to derive a different value it needed for PSA_ALG_ECDSA. The arguement of PSA_ALG_ECDSA is ignored for psa_sign_hash and psa_verify_hash. It is present because it is used and must be a valid hash, not zero, for psa_sign_hash (but not psa_verify_hash) with PSA_ALG_DETERMINISTIC_ECDSA, and it is needed for psa_sign_message and psa_verify_message which are not implemented yet. The local parameter now uses PSA_ALG_ECDSA_ANY for the verify function to avoid using the md_alg parameter and avoids returning incorrect error codes. Fixes #3587 Signed-off-by: John Durkop --- library/pk_wrap.c | 8 ++------ tests/scripts/all.sh | 6 ++++++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 6983d1475..103842c02 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -553,11 +553,12 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES]; unsigned char *p; mbedtls_pk_info_t pk_info = mbedtls_eckey_info; - psa_algorithm_t psa_sig_md, psa_md; + psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8; + ((void) md_alg); if( curve == 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -571,11 +572,6 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - psa_md = mbedtls_psa_translate_md( md_alg ); - if( psa_md == 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - psa_sig_md = PSA_ALG_ECDSA( psa_md ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, psa_sig_md ); diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1c67a9ac9..15d8a1dec 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1190,6 +1190,12 @@ component_test_depends_hashes () { record_status tests/scripts/depends-hashes.pl } +component_test_depends_hashes_psa () { + msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + record_status tests/scripts/depends-hashes.pl +} + component_test_depends_pkalgs_psa () { msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO From d4efa8d0ac41a20baa346c634154fc1c6eb75d16 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 8 Sep 2020 05:58:28 -0700 Subject: [PATCH 165/488] Fix pk_ec_test_vec() to use MBEDTLS_MD_NONE The pk_ec_test_vec() was incorrectly using MBEDTLS_MD_SHA1 for the parameter to mbedtls_pk_verify(). It should use MBEDTLS_MD_NONE since that parameter is ignored for this test case. Signed-off-by: John Durkop --- tests/suites/test_suite_pk.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 43b491473..c6041b249 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -775,8 +775,8 @@ void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash, TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q, key->x, key->len ) == 0 ); - // MBEDTLS_MD_SHA1 is a dummy - it is ignored, but has to be other than MBEDTLS_MD_NONE. - TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA1, + // MBEDTLS_MD_NONE is used since it will be ignored. + TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash->x, hash->len, sig->x, sig->len ) == ret ); exit: From 619e09e70534e7a95ad16c7dccf9c480fdcae1f6 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 8 Sep 2020 22:19:56 -0700 Subject: [PATCH 166/488] Minor update to all.sh to change test order Moved the new component_test_depends_pkalgs_psa to after the component_test_depends_pkalgs test to be more consistent. Signed-off-by: John Durkop --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 15d8a1dec..bd5d5a18e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1196,14 +1196,14 @@ component_test_depends_hashes_psa () { record_status tests/scripts/depends-hashes.pl } -component_test_depends_pkalgs_psa () { - msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO +component_test_depends_pkalgs () { + msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min record_status tests/scripts/depends-pkalgs.pl } -component_test_depends_pkalgs () { - msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min +component_test_depends_pkalgs_psa () { + msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO record_status tests/scripts/depends-pkalgs.pl } From 9a7a2ac2dec56b68f2c766ff5a47f9a829841b77 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 09:24:54 +0100 Subject: [PATCH 167/488] Fix typo in ssl_internal.h Signed-off-by: Hanno Becker --- include/mbedtls/ssl_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 2c30855f5..c6847ba58 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -392,7 +392,7 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, * * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH * in cipher.h are rough overapproximations of the real maxima, here - * we content ourselves with defining replicating those overapproximations + * we content ourselves with replicating those overapproximations * for the maximum block and IV length, and excluding XTS from the * computation of the maximum key length. */ #define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16 From 90551c7a26f798afe968011bfd2655768cbc31fd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 09:25:23 +0100 Subject: [PATCH 168/488] Use uniform naming scheme for TLS 1.3 label structure Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 2b15859ea..64caa8a1b 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -28,7 +28,7 @@ MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( export , "exporter" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ MBEDTLS_SSL_TLS1_3_LABEL( sn , "sn" ) \ From 70d7fb0c2df35e3086503590f5a2a48cef0a822d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 10:11:21 +0100 Subject: [PATCH 169/488] Don't hardcode TLS 1.3 labels in test cases ssl_tls1_3_keys.c exports a structure containing all labels used in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit tests so far replicated those labels in the test file. In particular, wrong label values in ssl_tls1_3_keys.c wouldn't have been caught by the unit tests. This commit modifies the TLS 1.3 key schedule unit tests to use the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only makes sure that those labels are correct, but also avoids hardcoding their hex-encoding in the test file. Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 40 ++++++++++++++-------------- tests/suites/test_suite_ssl.data | 21 +++++++-------- tests/suites/test_suite_ssl.function | 36 ++++++++++++++++++++++--- 4 files changed, 63 insertions(+), 36 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 7befbeaee..1730501fa 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -28,7 +28,7 @@ #include #include -#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ .name = string, struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 64caa8a1b..ee6572f28 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -21,30 +21,30 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -/* This requires MBEDTLS_SSL_TLS1_3_LABEL( name, string ) to be defined at +/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union * below. */ #define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( sn , "sn" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) + MBEDTLS_SSL_TLS1_3_LABEL( 0, finished , "finished" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 1, resumption , "resumption" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 2, traffic_upd , "traffic upd" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 3, exporter , "exporter" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 4, key , "key" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 5, iv , "iv" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 6, sn , "sn" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 7, c_hs_traffic, "c hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 8, c_ap_traffic, "c ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 9, c_e_traffic , "c e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 10, s_hs_traffic, "s hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 11, s_ap_traffic, "s ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 12, s_e_traffic , "s e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 13, exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 14, res_master , "res master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 15, ext_binder , "ext binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 16, res_binder , "res binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 17, derived , "derived" ) -#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ const unsigned char name [ sizeof(string) - 1 ]; union mbedtls_ssl_tls1_3_labels_union diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 8a2b96a03..badb11626 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10418,49 +10418,49 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6b6579":"":16:"844780a7acad9f980fa25c114e43402a" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a" SSL TLS 1.3 Key schedule: HKDF Expand Label #2 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6976":"":12:"4c042ddc120a38d1417fc815" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815" SSL TLS 1.3 Key schedule: HKDF Expand Label #3 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6b6579":"":16:"7154f314e6be7dc008df2c832baa1d39" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39" SSL TLS 1.3 Key schedule: HKDF Expand Label #4 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6976":"":12:"71abc2cae4c699d47c600268" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268" SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic IV # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6976":"":12:"5d313eb2671276ee13000b30" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30" SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448) # Vector from RFC 8448 # Server handshake traffic secret -> Server traffic Key # HKDF-Expand-Label(server_handshake_secret, "key", "", 16) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6b6579":"":16:"3fce516009c21727d0f2e4e86ee403bc" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc" SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic IV # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6976":"":12:"5bd3c71b836e0b76bb73265f" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f" SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic Key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) -ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01" +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" SSL TLS 1.3 Key schedule: Traffic key generation #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) @@ -10477,14 +10477,13 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") # Derive-Secret( Early-Secret, "derived", "") # Tests the case where context isn't yet hashed (empty string here, # but still needs to be hashed) -# 64657269766564 = hex("derived") -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":"64657269766564":"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Derive-Secret( MasterSecret, "s ap traffic", hash) # Tests the case where context is already hashed -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":"732061702074726166666963":"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 58abef846..153242925 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -12,6 +12,11 @@ #include +#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ + const int tls1_3_label_ ## name = idx; +MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL + typedef struct log_pattern { const char *pattern; @@ -3673,13 +3678,24 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_hkdf_expand_label( int hash_alg, data_t *secret, - data_t *label, + int label_idx, data_t *ctx, int desired_length, data_t *expected ) { unsigned char dst[ 100 ]; + unsigned char const *lbl = NULL; + size_t lbl_len; +#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ + if( label_idx == tls1_3_label_ ## name ) \ + { \ + lbl = mbedtls_ssl_tls1_3_labels.name; \ + lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \ + } +MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL + TEST_ASSERT( lbl != NULL ); /* Check sanity of test parameters. */ TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); @@ -3688,7 +3704,7 @@ void ssl_tls1_3_hkdf_expand_label( int hash_alg, TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label( (mbedtls_md_type_t) hash_alg, secret->x, secret->len, - label->x, label->len, + lbl, lbl_len, ctx->x, ctx->len, dst, desired_length ) == 0 ); @@ -3747,7 +3763,7 @@ void ssl_tls1_3_traffic_key_generation( int hash_alg, /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_derive_secret( int hash_alg, data_t *secret, - data_t *label, + int label_idx, data_t *ctx, int desired_length, int already_hashed, @@ -3755,6 +3771,18 @@ void ssl_tls1_3_derive_secret( int hash_alg, { unsigned char dst[ 100 ]; + unsigned char const *lbl = NULL; + size_t lbl_len; +#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ + if( label_idx == tls1_3_label_ ## name ) \ + { \ + lbl = mbedtls_ssl_tls1_3_labels.name; \ + lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \ + } +MBEDTLS_SSL_TLS1_3_LABEL_LIST +#undef MBEDTLS_SSL_TLS1_3_LABEL + TEST_ASSERT( lbl != NULL ); + /* Check sanity of test parameters. */ TEST_ASSERT( (size_t) desired_length <= sizeof(dst) ); TEST_ASSERT( (size_t) desired_length == expected->len ); @@ -3762,7 +3790,7 @@ void ssl_tls1_3_derive_secret( int hash_alg, TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret( (mbedtls_md_type_t) hash_alg, secret->x, secret->len, - label->x, label->len, + lbl, lbl_len, ctx->x, ctx->len, already_hashed, dst, desired_length ) == 0 ); From 00cfc1ce5260812d42d03da33cf942c6cb192354 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 10:41:23 +0100 Subject: [PATCH 170/488] Add "e exp master" TLS 1.3 key schedule label Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index ee6572f28..b75c5cea3 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -38,11 +38,12 @@ MBEDTLS_SSL_TLS1_3_LABEL( 10, s_hs_traffic, "s hs traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 11, s_ap_traffic, "s ap traffic" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 12, s_e_traffic , "s e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 13, exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 13, e_exp_master, "e exp master" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 14, res_master , "res master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 15, ext_binder , "ext binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 16, res_binder , "res binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 17, derived , "derived" ) + MBEDTLS_SSL_TLS1_3_LABEL( 15, exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 16, ext_binder , "ext binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 17, res_binder , "res binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 18, derived , "derived" ) #define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ const unsigned char name [ sizeof(string) - 1 ]; From 81e91d46adb93c6be74e3fbe29bbf05e4381bfe4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 10:41:43 +0100 Subject: [PATCH 171/488] Add further unit tests for TLS 1.3 key schedule Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 42 +++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index badb11626..9ecea1112 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10456,12 +10456,20 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f" -SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) +SSL TLS 1.3 Key schedule: HKDF Expand Label (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic Key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01" +SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448) +# Calculation of finished_key +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls1_3_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e" + +SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448) +# Calculation of resumption key +ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls1_3_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3" + SSL TLS 1.3 Key schedule: Traffic key generation #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV} @@ -10485,6 +10493,38 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) # Tests the case where context is already hashed ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" +SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:1:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:1:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03"::32:1:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:1:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:1:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:1:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:1:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" + +SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) +# Vector from RFC 8448 +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:1:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" + SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE From 9b9be006066b21d2c0c1c09869c0c3b6a463e1d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 10:42:10 +0100 Subject: [PATCH 172/488] Remove DTLS 1.3 specific label Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.h | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index b75c5cea3..4bd2d47a3 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -31,19 +31,18 @@ MBEDTLS_SSL_TLS1_3_LABEL( 3, exporter , "exporter" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 4, key , "key" ) \ MBEDTLS_SSL_TLS1_3_LABEL( 5, iv , "iv" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 6, sn , "sn" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 7, c_hs_traffic, "c hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 8, c_ap_traffic, "c ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 9, c_e_traffic , "c e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 10, s_hs_traffic, "s hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 11, s_ap_traffic, "s ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 12, s_e_traffic , "s e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 13, e_exp_master, "e exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 14, res_master , "res master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 15, exp_master , "exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 16, ext_binder , "ext binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 17, res_binder , "res binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 18, derived , "derived" ) + MBEDTLS_SSL_TLS1_3_LABEL( 6, c_hs_traffic, "c hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 7, c_ap_traffic, "c ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 8, c_e_traffic , "c e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 9, s_hs_traffic, "s hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 10, s_ap_traffic, "s ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 11, s_e_traffic , "s e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 12, e_exp_master, "e exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 13, res_master , "res master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 14, exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 15, ext_binder , "ext binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 16, res_binder , "res binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( 17, derived , "derived" ) #define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ const unsigned char name [ sizeof(string) - 1 ]; From 59b50a19979d42c3b0b60458b6e3cb80d6cc4c6e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 10:56:56 +0100 Subject: [PATCH 173/488] Don't use _xxx naming for local variables in ssl_tls13_keys.c Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 1730501fa..a924dc86c 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -280,8 +280,8 @@ int mbedtls_ssl_tls1_3_evolve_secret( { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; size_t hlen, ilen; - unsigned char _secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; - unsigned char _input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; + unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; const mbedtls_md_info_t *md; md = mbedtls_md_info_from_type( hash_alg ); @@ -300,14 +300,14 @@ int mbedtls_ssl_tls1_3_evolve_secret( MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ), NULL, 0, /* context */ MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - _secret, hlen ); + tmp_secret, hlen ); if( ret != 0 ) goto cleanup; } if( input != NULL ) { - memcpy( _input, input, input_len ); + memcpy( tmp_input, input, input_len ); ilen = input_len; } else @@ -319,8 +319,8 @@ int mbedtls_ssl_tls1_3_evolve_secret( * The salt is the old secret, and the input key material * is the input secret (PSK / ECDHE). */ ret = mbedtls_hkdf_extract( md, - _secret, hlen, - _input, ilen, + tmp_secret, hlen, + tmp_input, ilen, secret_new ); if( ret != 0 ) goto cleanup; @@ -329,8 +329,8 @@ int mbedtls_ssl_tls1_3_evolve_secret( cleanup: - mbedtls_platform_zeroize( _secret, sizeof(_secret) ); - mbedtls_platform_zeroize( _input, sizeof(_input) ); + mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) ); + mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) ); return( ret ); } From 2fe043a6d1e498b24006b925cf9fe6b3fe090c74 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 10:57:24 +0100 Subject: [PATCH 174/488] Remove guard for TLS 1.3 specific declarations We only guard the implementations of modules, not their declarations. Signed-off-by: Hanno Becker --- include/mbedtls/ssl_internal.h | 4 ---- library/ssl_tls13_keys.h | 4 ---- 2 files changed, 8 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index c6847ba58..188b94771 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -399,9 +399,6 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, #define MBEDTLS_SSL_MAX_IV_LENGTH 16 #define MBEDTLS_SSL_MAX_KEY_LENGTH 32 - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - /** * \brief The data structure holding the cryptographic material (key and IV) * used for record protection in TLS 1.3. @@ -423,7 +420,6 @@ struct mbedtls_ssl_key_set * server_write_iv, in Bytes. */ }; typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* * This structure contains the parameters only needed during handshake. diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 4bd2d47a3..33becd6cc 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -19,8 +19,6 @@ #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) #define MBEDTLS_SSL_TLS1_3_KEYS_H -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - /* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union * below. */ @@ -264,6 +262,4 @@ int mbedtls_ssl_tls1_3_evolve_secret( const unsigned char *input, size_t input_len, unsigned char *secret_new ); -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ - #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ From 8c82bfdf225805da2713e4cd41ace56a99b3062b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 11:03:08 +0100 Subject: [PATCH 175/488] Use TLS1_3_CONTEXT_[UN]HASHED in 1.3 key schedule tests Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9ecea1112..9aad56104 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10485,45 +10485,45 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") # Derive-Secret( Early-Secret, "derived", "") # Tests the case where context isn't yet hashed (empty string here, # but still needs to be hashed) -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:0:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Derive-Secret( MasterSecret, "s ap traffic", hash) # Tests the case where context is already hashed -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:1:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:1:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62" SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:1:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03"::32:1:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03"::32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:1:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:1:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:1:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:1:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) # Vector from RFC 8448 -ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:1:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" +ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE From c54888eb6050c5d98ac5fdb350357d8e27e3393f Mon Sep 17 00:00:00 2001 From: gufe44 Date: Mon, 17 Aug 2020 15:04:06 +0200 Subject: [PATCH 176/488] Make arc4random_buf declaration available on NetBSD Signed-off-by: gufe44 --- ChangeLog.d/arc4random_buf-implicit.txt | 3 +++ tests/src/random.c | 9 +++++++++ 2 files changed, 12 insertions(+) create mode 100644 ChangeLog.d/arc4random_buf-implicit.txt diff --git a/ChangeLog.d/arc4random_buf-implicit.txt b/ChangeLog.d/arc4random_buf-implicit.txt new file mode 100644 index 000000000..81c245e67 --- /dev/null +++ b/ChangeLog.d/arc4random_buf-implicit.txt @@ -0,0 +1,3 @@ +Bugfix + * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is + defined. Fix contributed in #3571. diff --git a/tests/src/random.c b/tests/src/random.c index 3345f78be..78419c4d4 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -24,6 +24,15 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +/* + * for arc4random_buf() from + */ +#if defined(__NetBSD__) +#define _NETBSD_SOURCE 1 +#elif defined(__OpenBSD__) +#define _BSD_SOURCE 1 +#endif + #include #include #include From 1413bd8ae92ba09078ad3022327c5e14396f3ea7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 12:46:09 +0100 Subject: [PATCH 177/488] Simplify identification of TLS 1.3 labels in unit test suite Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 38 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 15 ++++++----- 3 files changed, 29 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a924dc86c..88b1b8ad9 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -28,7 +28,7 @@ #include #include -#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 33becd6cc..03235e5e1 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -23,26 +23,26 @@ * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union * below. */ #define MBEDTLS_SSL_TLS1_3_LABEL_LIST \ - MBEDTLS_SSL_TLS1_3_LABEL( 0, finished , "finished" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 1, resumption , "resumption" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 2, traffic_upd , "traffic upd" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 3, exporter , "exporter" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 4, key , "key" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 5, iv , "iv" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 6, c_hs_traffic, "c hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 7, c_ap_traffic, "c ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 8, c_e_traffic , "c e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 9, s_hs_traffic, "s hs traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 10, s_ap_traffic, "s ap traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 11, s_e_traffic , "s e traffic" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 12, e_exp_master, "e exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 13, res_master , "res master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 14, exp_master , "exp master" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 15, ext_binder , "ext binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 16, res_binder , "res binder" ) \ - MBEDTLS_SSL_TLS1_3_LABEL( 17, derived , "derived" ) + MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( resumption , "resumption" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( traffic_upd , "traffic upd" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exporter , "exporter" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( key , "key" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( iv , "iv" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_hs_traffic, "c hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_ap_traffic, "c ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( c_e_traffic , "c e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_hs_traffic, "s hs traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_ap_traffic, "s ap traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( s_e_traffic , "s e traffic" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( e_exp_master, "e exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_master , "res master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( exp_master , "exp master" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( ext_binder , "ext binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( res_binder , "res binder" ) \ + MBEDTLS_SSL_TLS1_3_LABEL( derived , "derived" ) -#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ const unsigned char name [ sizeof(string) - 1 ]; union mbedtls_ssl_tls1_3_labels_union diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 153242925..9fcf36729 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -12,10 +12,13 @@ #include -#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ - const int tls1_3_label_ ## name = idx; +enum +{ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + tls1_3_label_ ## name, MBEDTLS_SSL_TLS1_3_LABEL_LIST #undef MBEDTLS_SSL_TLS1_3_LABEL +}; typedef struct log_pattern { @@ -3687,8 +3690,8 @@ void ssl_tls1_3_hkdf_expand_label( int hash_alg, unsigned char const *lbl = NULL; size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ - if( label_idx == tls1_3_label_ ## name ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + if( label_idx == (int) tls1_3_label_ ## name ) \ { \ lbl = mbedtls_ssl_tls1_3_labels.name; \ lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \ @@ -3773,8 +3776,8 @@ void ssl_tls1_3_derive_secret( int hash_alg, unsigned char const *lbl = NULL; size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) \ - if( label_idx == tls1_3_label_ ## name ) \ +#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ + if( label_idx == (int) tls1_3_label_ ## name ) \ { \ lbl = mbedtls_ssl_tls1_3_labels.name; \ lbl_len = sizeof( mbedtls_ssl_tls1_3_labels.name ); \ From 3eb3563c0b3f7260d78fe5596f7ec3ba52f8ea69 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 12:47:56 +0100 Subject: [PATCH 178/488] Fix TLS 1.3 key schedule unit test case name Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9aad56104..73a692d8a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10456,7 +10456,7 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448) # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12) ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f" -SSL TLS 1.3 Key schedule: HKDF Expand Label (RFC 8448) +SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448) # Vector from RFC 8448 # Client handshake traffic secret -> Client traffic Key # HKDF-Expand-Label(client_handshake_secret, "key", "", 16) From 0973ff9545f21541978e790bcddfa79293477862 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 12:56:28 +0100 Subject: [PATCH 179/488] Remove macro definitions between Doxygen block and prototype Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 03235e5e1..161f0a114 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -144,6 +144,10 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( size_t slen, size_t key_len, size_t iv_len, mbedtls_ssl_key_set *keys ); + +#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 +#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1 + /** * \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446. * @@ -177,10 +181,6 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( * \returns \c 0 on success. * \returns A negative error code on failure. */ - -#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 -#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED 1 - int mbedtls_ssl_tls1_3_derive_secret( mbedtls_md_type_t hash_alg, const unsigned char *secret, size_t slen, From 97a21567dfbc4cf6b70b1c10b91ca71cc3f0ddfe Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 12:57:16 +0100 Subject: [PATCH 180/488] Move misplaced comment Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 88b1b8ad9..2128f838d 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -255,12 +255,14 @@ int mbedtls_ssl_tls1_3_derive_secret( } else { - /* This should never happen since this function is internal - * and the code sets `context_already_hashed` correctly. - * Let's double-check nonetheless to not run at the risk - * of getting a stack overflow. */ if( clen > sizeof(hashed_context) ) + { + /* This should never happen since this function is internal + * and the code sets `context_already_hashed` correctly. + * Let's double-check nonetheless to not run at the risk + * of getting a stack overflow. */ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } memcpy( hashed_context, ctx, clen ); } From 0c42fd94bb9d332079515f5a5a0ef2b1a12552d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 12:58:29 +0100 Subject: [PATCH 181/488] Fix Doxygen documentation of mbedtls_ssl_tls1_3_derive_secret() Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 6 +++--- library/ssl_tls13_keys.h | 40 ++++++++++++++++++++++++---------------- 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 2128f838d..54742f3b4 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -235,7 +235,7 @@ int mbedtls_ssl_tls1_3_derive_secret( const unsigned char *secret, size_t slen, const unsigned char *label, size_t llen, const unsigned char *ctx, size_t clen, - int context_already_hashed, + int ctx_hashed, unsigned char *dstbuf, size_t buflen ) { int ret; @@ -246,7 +246,7 @@ int mbedtls_ssl_tls1_3_derive_secret( if( md == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( context_already_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) + if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) { ret = mbedtls_md( md, ctx, clen, hashed_context ); if( ret != 0 ) @@ -258,7 +258,7 @@ int mbedtls_ssl_tls1_3_derive_secret( if( clen > sizeof(hashed_context) ) { /* This should never happen since this function is internal - * and the code sets `context_already_hashed` correctly. + * and the code sets `ctx_hashed` correctly. * Let's double-check nonetheless to not run at the risk * of getting a stack overflow. */ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 161f0a114..9838f48cd 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -162,21 +162,29 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( * the parameter message contains the already hashed value and * the Derive-Secret function does not need to hash it again. * - * \param hash_alg The identifier for the hash function used for the - * applications of HKDF. - * \param secret The \c Secret argument to the \c Derive-Secret function. - * This must be a readable buffer of length \p slen Bytes. - * \param slen The length of \p secret in Bytes. - * \param label The \c Label argument to the \c Derive-Secret function. - * This must be a readable buffer of length \p llen Bytes. - * \param llen The length of \p label in Bytes. - * \param hash The hash of the \c Messages argument to the \c Derive-Secret - * function. This must be a readable buffer of length \p mlen - * hlen Bytes. - * \param hlen The length of \p hash. - * \param dstbuf The target buffer to write the output of \c Derive-Secret to. - * This must be a writable buffer of size \p buflen Bytes. - * \param buflen The length of \p dstbuf in Bytes. + * \param hash_alg The identifier for the hash function used for the + * applications of HKDF. + * \param secret The \c Secret argument to the \c Derive-Secret function. + * This must be a readable buffer of length \p slen Bytes. + * \param slen The length of \p secret in Bytes. + * \param label The \c Label argument to the \c Derive-Secret function. + * This must be a readable buffer of length \p llen Bytes. + * \param llen The length of \p label in Bytes. + * \param ctx The hash of the \c Messages argument to the + * \c Derive-Secret function, or the \c Messages argument + * itself, depending on \p context_already_hashed. + * \param clen The length of \p hash. + * \param ctx_hashed This indicates whether the \p ctx contains the hash of + * the \c Messages argument in the application of the + * \c Derive-Secret function + * (value MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED), or whether + * it is the content of \c Messages itself, in which case + * the function takes care of the hashing + * (value MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED). + * \param dstbuf The target buffer to write the output of + * \c Derive-Secret to. This must be a writable buffer of + * size \p buflen Bytes. + * \param buflen The length of \p dstbuf in Bytes. * * \returns \c 0 on success. * \returns A negative error code on failure. @@ -186,7 +194,7 @@ int mbedtls_ssl_tls1_3_derive_secret( const unsigned char *secret, size_t slen, const unsigned char *label, size_t llen, const unsigned char *ctx, size_t clen, - int context_already_hashed, + int ctx_hashed, unsigned char *dstbuf, size_t buflen ); /** From 5cfc7245c81f4f295a6ee3de68ca4de0fcabb8e2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 13:00:29 +0100 Subject: [PATCH 182/488] Remove outdated documentation of mbedtls_ssl_tls1_3_derive_secret() Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 9838f48cd..7a9e5c94a 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -158,10 +158,6 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( * Hash.Length ) ) * * - * Note: In this implementation of the function we assume that - * the parameter message contains the already hashed value and - * the Derive-Secret function does not need to hash it again. - * * \param hash_alg The identifier for the hash function used for the * applications of HKDF. * \param secret The \c Secret argument to the \c Derive-Secret function. From d61712233e7d33edaa200094201febec3fb5ada7 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Wed, 9 Sep 2020 05:18:51 -0700 Subject: [PATCH 183/488] Remove check compilation guards from travis build With the increase in depends testing for PSA changes introduced here the Travis builds are now taking too long. The check for compilation guards will only be run on Jenkins now. See this comment for further details. https://github.com/ARMmbed/mbedtls/pull/3585#discussion_r485189748 Signed-off-by: John Durkop --- .travis.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index c67c0cd33..76cb1c537 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,10 +28,6 @@ jobs: script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan - - name: check compilation guards - script: - - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges' - - name: macOS os: osx compiler: clang From 29ea84e906688a8f2743dcbf88895e8f58a12369 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 9 Sep 2020 13:52:40 +0100 Subject: [PATCH 184/488] Avoid duplicated test case names in TLS 1.3 key schedule unit tests Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 73a692d8a..6e653ffc2 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10487,7 +10487,7 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "derived", "") # but still needs to be hashed) ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba" -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Derive-Secret( MasterSecret, "s ap traffic", hash) # Tests the case where context is already hashed @@ -10513,7 +10513,7 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash) # Vector from RFC 8448 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1" -SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) +SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2 # Vector from RFC 8448 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691" From ccbd622ed78034c24ac19c7cb1cf238f3f74c1ff Mon Sep 17 00:00:00 2001 From: HowJMay Date: Wed, 29 Jul 2020 16:59:19 +0800 Subject: [PATCH 185/488] Fix typo in comment Fix typo in program/pkey/ecdh_curve25519.c Signed-off-by: HowJMay --- ChangeLog.d/fix-typo.txt | 3 +++ programs/pkey/ecdh_curve25519.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-typo.txt diff --git a/ChangeLog.d/fix-typo.txt b/ChangeLog.d/fix-typo.txt new file mode 100644 index 000000000..08a93343b --- /dev/null +++ b/ChangeLog.d/fix-typo.txt @@ -0,0 +1,3 @@ +Bugfix + * There is typo in the example code which locates in + program/pkey/ecdh_curve25519.c diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index e79dce09a..5febc68a8 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -88,7 +88,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Client: inialize context and generate keypair + * Client: initialize context and generate keypair */ mbedtls_printf( " . Setting up client context..." ); fflush( stdout ); From 0e9afb8bd16428137b6fa0e0a0ff192533321ddb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Sep 2020 12:05:25 +0100 Subject: [PATCH 186/488] Minor fixes to changelog Change section from "Bugfix" to "Changes". Minor grammar tidy-up. Signed-off-by: Dave Rodgman --- ChangeLog.d/fix-typo.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-typo.txt b/ChangeLog.d/fix-typo.txt index 08a93343b..8e961d280 100644 --- a/ChangeLog.d/fix-typo.txt +++ b/ChangeLog.d/fix-typo.txt @@ -1,3 +1,3 @@ -Bugfix - * There is typo in the example code which locates in +Changes + * Fixes a typo in the example code located in program/pkey/ecdh_curve25519.c From 2dfe1327e582694a5d6186385640d8d3d0debc9b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 10 Sep 2020 09:23:12 +0100 Subject: [PATCH 187/488] Fix miscalculation of maximum TLS 1.3 HKDF label length Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 54742f3b4..5a6204eda 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -75,6 +75,8 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = * the HkdfLabel structure on success. */ +static const char tls1_3_label_prefix[6] = "tls13 "; + #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \ ( 2 /* expansion length */ \ + 1 /* label length */ \ @@ -84,6 +86,7 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \ SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \ + sizeof(tls1_3_label_prefix) + \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \ MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) @@ -93,8 +96,8 @@ static void ssl_tls1_3_hkdf_encode_label( const unsigned char *ctx, size_t clen, unsigned char *dst, size_t *dlen ) { - const char label_prefix[6] = "tls13 "; - size_t total_label_len = sizeof( label_prefix ) + llen; + size_t total_label_len = + sizeof(tls1_3_label_prefix) + llen; size_t total_hkdf_lbl_len = SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen ); @@ -106,8 +109,8 @@ static void ssl_tls1_3_hkdf_encode_label( /* Add label incl. prefix */ *p++ = (unsigned char)( total_label_len & 0xFF ); - memcpy( p, label_prefix, sizeof(label_prefix) ); - p += sizeof(label_prefix); + memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); + p += sizeof(tls1_3_label_prefix); memcpy( p, label, llen ); p += llen; From 6e2af094b03f42ffa3e75f62d57073fc09e32558 Mon Sep 17 00:00:00 2001 From: Yonatan Goldschmidt Date: Sat, 12 Sep 2020 00:19:52 +0300 Subject: [PATCH 188/488] Fix docs to desribe written-into buffer parameter as writable Signed-off-by: Yonatan Goldschmidt --- include/mbedtls/ccm.h | 4 ++-- include/mbedtls/gcm.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 81965ba4d..7193863c3 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -148,7 +148,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * than zero, \p output must be a writable buffer of at least * that length. * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * writable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 4, 6, 8, 10, 12, 14 or 16. * @@ -193,7 +193,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * than zero, \p output must be a writable buffer of at least * that length. * \param tag The buffer holding the authentication field. This must be a - * readable buffer of at least \p tag_len Bytes. + * writable buffer of at least \p tag_len Bytes. * \param tag_len The length of the authentication field to generate in Bytes: * 0, 4, 6, 8, 10, 12, 14 or 16. * diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index ed23cb9c6..6b673616f 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -155,7 +155,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * than zero, this must be a writable buffer of at least that * size in Bytes. * \param tag_len The length of the tag to generate. - * \param tag The buffer for holding the tag. This must be a readable + * \param tag The buffer for holding the tag. This must be a writable * buffer of at least \p tag_len Bytes. * * \return \c 0 if the encryption or decryption was performed @@ -283,7 +283,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * tag. The tag can have a maximum length of 16 Bytes. * * \param ctx The GCM context. This must be initialized. - * \param tag The buffer for holding the tag. This must be a readable + * \param tag The buffer for holding the tag. This must be a writable * buffer of at least \p tag_len Bytes. * \param tag_len The length of the tag to generate. This must be at least * four. From 37941cb5e16da18dd6182100fa2a69b589341143 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 28 Jul 2020 18:49:51 +0200 Subject: [PATCH 189/488] Add initial pass on a multi-part test driver Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 6 + library/psa_crypto.c | 17 + library/psa_crypto_driver_wrappers.c | 524 +++++++++++++++++++++++ library/psa_crypto_driver_wrappers.h | 62 +++ tests/include/test/drivers/cipher.h | 168 ++++++++ tests/include/test/drivers/test_driver.h | 1 + tests/src/drivers/cipher.c | 348 +++++++++++++++ 7 files changed, 1126 insertions(+) create mode 100644 tests/include/test/drivers/cipher.h create mode 100644 tests/src/drivers/cipher.c diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 67c53db92..0ea8073ec 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -164,6 +164,12 @@ struct psa_cipher_operation_s { unsigned dummy; /* Enable easier initializing of the union. */ mbedtls_cipher_context_t cipher; +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) + struct { + unsigned int id; + void* ctx; + } driver; +#endif } ctx; }; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 04ef28b0c..6acf49850 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4079,6 +4079,23 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, PSA_KEY_USAGE_ENCRYPT : PSA_KEY_USAGE_DECRYPT ); + status = psa_get_key_from_slot( handle, &slot, usage, alg ); + if( status != PSA_SUCCESS ) + goto exit; + + /* Try doing this through a driver before using software fallback */ + if( cipher_operation == MBEDTLS_ENCRYPT ) + status = psa_driver_wrapper_cipher_encrypt_setup( operation, + slot, + alg ); + else + status = psa_driver_wrapper_cipher_decrypt_setup( operation, + slot, + alg ); + + if( status != PSA_ERROR_NOT_SUPPORTED ) + goto exit; + /* A context must be freshly initialized before it can be set up. */ if( operation->alg != 0 ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index cc51e2450..140c3d4b8 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -38,6 +38,11 @@ /* Repeat above block for each JSON-declared driver during autogeneration */ +/* Auto-generated values depending on which drivers are registered */ +#if defined(PSA_CRYPTO_DRIVER_TEST) +#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1) +#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2) +#endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* Support the 'old' SE interface when asked to */ @@ -370,4 +375,523 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } +/* + * Cipher functions + */ +psa_status_t psa_driver_wrapper_cipher_encrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_cipher_encrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_cipher_encrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return status; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) slot; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_decrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_cipher_decrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return status; +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_cipher_decrypt( &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return status; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) slot; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_encrypt_setup( + psa_cipher_operation_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + /* Check for operation already allocated */ + if( operation->ctx.driver.ctx != NULL ) + return PSA_ERROR_BAD_STATE; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + + status = test_transparent_cipher_encrypt_setup( operation->ctx.driver.ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + { + if( status == PSA_SUCCESS ) + operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + else + { + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + } + + return status; + } + else + { + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + } +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + + status = test_opaque_cipher_encrypt_setup( operation->ctx.driver.ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + if( status == PSA_SUCCESS ) + operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + else + { + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + } + + return status; +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return PSA_ERROR_BAD_STATE; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)operation; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_decrypt_setup( + psa_cipher_operation_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + /* Check for operation already allocated */ + if( operation->ctx.driver.ctx != NULL ) + return PSA_ERROR_BAD_STATE; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + + status = test_transparent_cipher_decrypt_setup( operation->ctx.driver.ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + { + if( status == PSA_SUCCESS ) + operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + else + { + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + } + + return status; + } + else + { + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + } +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return PSA_ERROR_NOT_SUPPORTED; + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; + + status = test_opaque_cipher_decrypt_setup( operation->ctx.driver.ctx, + &attributes, + slot->data.key.data, + slot->data.key.bytes, + alg ); + if( status == PSA_SUCCESS ) + operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + else + { + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + } + + return status; +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return PSA_ERROR_BAD_STATE; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)slot; + (void)alg; + (void)operation; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_generate_iv( + psa_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + /* Check for operation already allocated */ + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INVALID_ARGUMENT; + + switch( operation->ctx.driver.id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_generate_iv( operation->ctx.driver.ctx, + iv, + iv_size, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_generate_iv( operation->ctx.driver.ctx, + iv, + iv_size, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return PSA_ERROR_BAD_STATE; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) iv; + (void) iv_size; + (void) iv_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_set_iv( + psa_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + /* Check for operation already allocated */ + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INVALID_ARGUMENT; + + switch( operation->ctx.driver.id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx, + iv, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx, + iv, + iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return PSA_ERROR_BAD_STATE; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) iv; + (void) iv_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_update( + psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + /* Check for operation already allocated */ + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INVALID_ARGUMENT; + + switch( operation->ctx.driver.id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_update( operation->ctx.driver.ctx, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_update( operation->ctx.driver.ctx, + input, + input_length, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return PSA_ERROR_BAD_STATE; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) input; + (void) input_length; + (void) output; + (void) output_length; + (void) output_size; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_finish( + psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + /* Check for operation already allocated */ + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INVALID_ARGUMENT; + + switch( operation->ctx.driver.id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( test_transparent_cipher_finish( operation->ctx.driver.ctx, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( test_opaque_cipher_finish( operation->ctx.driver.ctx, + output, + output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is attached to a driver not known to us */ + return PSA_ERROR_BAD_STATE; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void) operation; + (void) output; + (void) output_size; + (void) output_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + +psa_status_t psa_driver_wrapper_cipher_abort( + psa_cipher_operation_t *operation ) +{ +#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + /* Check for operation already allocated */ + if( operation->ctx.driver.ctx == NULL ) + return PSA_ERROR_INVALID_ARGUMENT; + + switch( operation->ctx.driver.id ) + { +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + status = test_transparent_cipher_abort( operation->ctx.driver.ctx ); + + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + operation->ctx.driver.id = 0; + + return status; +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + status = test_opaque_cipher_abort( operation->ctx.driver.ctx ); + mbedtls_free( operation->ctx.driver.ctx ); + operation->ctx.driver.ctx = NULL; + + return status; +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Operation is attached to a driver not known to us */ + return PSA_ERROR_BAD_STATE; + } +#else /* PSA_CRYPTO_DRIVER_PRESENT */ + (void)operation; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + /* End of automatically generated file. */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 42993792a..a2096048d 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -25,6 +25,9 @@ #include "psa/crypto.h" #include "psa/crypto_driver_common.h" +/* + * Signature functions + */ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, psa_algorithm_t alg, const uint8_t *hash, @@ -43,6 +46,65 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ); +/* + * Cipher functions + */ +psa_status_t psa_driver_wrapper_cipher_encrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_decrypt( + psa_key_slot_t *slot, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_encrypt_setup( + psa_cipher_operation_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_cipher_decrypt_setup( + psa_cipher_operation_t *operation, + psa_key_slot_t *slot, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_cipher_generate_iv( + psa_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length ); + +psa_status_t psa_driver_wrapper_cipher_set_iv( + psa_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length ); + +psa_status_t psa_driver_wrapper_cipher_update( + psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_finish( + psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t psa_driver_wrapper_cipher_abort( + psa_cipher_operation_t *operation ); + #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ /* End of automatically generated file. */ diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h new file mode 100644 index 000000000..c58a92691 --- /dev/null +++ b/tests/include/test/drivers/cipher.h @@ -0,0 +1,168 @@ +/* + * Test driver for cipher functions + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H +#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +#include "mbedtls/cipher.h" +typedef struct { + psa_algorithm_t alg; + unsigned int key_set : 1; + unsigned int iv_required : 1; + unsigned int iv_set : 1; + uint8_t iv_size; + uint8_t block_size; + mbedtls_cipher_context_t cipher; +} test_transparent_cipher_operation_t; + +typedef struct{ + unsigned int initialised : 1; + test_transparent_cipher_operation_t ctx; +} test_opaque_cipher_operation_t; + +extern void *test_driver_cipher_forced_output; +extern size_t test_driver_cipher_forced_output_length; + +extern psa_status_t test_transparent_cipher_status; +extern unsigned long test_transparent_cipher_hit; + +psa_status_t test_transparent_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_transparent_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_transparent_cipher_encrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_transparent_cipher_decrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_transparent_cipher_abort( + test_transparent_cipher_operation_t *operation); + +psa_status_t test_transparent_cipher_generate_iv( + test_transparent_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length); + +psa_status_t test_transparent_cipher_set_iv( + test_transparent_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length); + +psa_status_t test_transparent_cipher_update( + test_transparent_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t test_transparent_cipher_finish( + test_transparent_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/* + * opaque versions + */ +psa_status_t test_opaque_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_opaque_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); + +psa_status_t test_opaque_cipher_encrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_opaque_cipher_decrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg); + +psa_status_t test_opaque_cipher_abort( + test_opaque_cipher_operation_t *operation); + +psa_status_t test_opaque_cipher_generate_iv( + test_opaque_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length); + +psa_status_t test_opaque_cipher_set_iv( + test_opaque_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length); + +psa_status_t test_opaque_cipher_update( + test_opaque_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t test_opaque_cipher_finish( + test_opaque_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 75135e0f4..7ee8e5eea 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -24,5 +24,6 @@ #include "test/drivers/signature.h" #include "test/drivers/keygen.h" +#include "test/drivers/cipher.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c new file mode 100644 index 000000000..0f059a08d --- /dev/null +++ b/tests/src/drivers/cipher.c @@ -0,0 +1,348 @@ +/* + * Test driver for cipher functions. + * Currently only supports multi-part operations using AES-CTR. + */ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "mbedtls/cipher.h" + +#include "drivers/cipher.h" + +#include "test/random.h" + +#include + +/* If non-null, on success, copy this to the output. */ +void *test_driver_cipher_forced_output = NULL; +size_t test_driver_cipher_forced_output_length = 0; + +psa_status_t test_transparent_cipher_status = PSA_ERROR_NOT_SUPPORTED; +unsigned long test_transparent_cipher_hit = 0; + +psa_status_t test_transparent_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_encrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_decrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_abort( + test_transparent_cipher_operation_t *operation) +{ + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_generate_iv( + test_transparent_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) +{ + (void) operation; + (void) iv; + (void) iv_size; + (void) iv_length; + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_set_iv( + test_transparent_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) +{ + (void) operation; + (void) iv; + (void) iv_length; + + test_transparent_cipher_hit++; + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_update( + test_transparent_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) input; + (void) input_length; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +psa_status_t test_transparent_cipher_finish( + test_transparent_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + test_transparent_cipher_hit++; + + if( test_transparent_cipher_status != PSA_SUCCESS ) + return test_transparent_cipher_status; + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + + return test_transparent_cipher_status; +} + +/* + * opaque versions, to do + */ +psa_status_t test_opaque_cipher_encrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_decrypt( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_encrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) operation; + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_decrypt_setup( + test_opaque_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + (void) operation; + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_abort( + test_opaque_cipher_operation_t *operation) +{ + (void) operation; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_generate_iv( + test_opaque_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) +{ + (void) operation; + (void) iv; + (void) iv_size; + (void) iv_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_set_iv( + test_opaque_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) +{ + (void) operation; + (void) iv; + (void) iv_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_update( + test_opaque_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) input; + (void) input_length; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t test_opaque_cipher_finish( + test_opaque_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) output; + (void) output_size; + (void) output_length; + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From d3feccd3a5364a7ac99097672954a1c8aa9d45cf Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 1 Sep 2020 15:56:14 +0200 Subject: [PATCH 190/488] Restructure cipher context object to contain driver switch Once an operation has been 'accepted' by a driver, the remainder is bound to the same driver, since driver-specific context structs cannot be shared. This provides a pretty good gate mechanism for the fallback logic, too. Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 3 +- library/psa_crypto.c | 68 +++++++++++++++++++++++++++++-------- tests/src/drivers/cipher.c | 2 ++ 3 files changed, 58 insertions(+), 15 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 0ea8073ec..3ff3f93ef 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -158,6 +158,7 @@ struct psa_cipher_operation_s unsigned int key_set : 1; unsigned int iv_required : 1; unsigned int iv_set : 1; + unsigned int accelerator_set : 1; uint8_t iv_size; uint8_t block_size; union @@ -173,7 +174,7 @@ struct psa_cipher_operation_s } ctx; }; -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, {0}} +#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6acf49850..7eb956835 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4059,9 +4059,9 @@ static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, { operation->iv_required = 1; } + operation->accelerator_set = 0; operation->iv_size = 0; operation->block_size = 0; - mbedtls_cipher_init( &operation->ctx.cipher ); return( PSA_SUCCESS ); } @@ -4083,6 +4083,14 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; + /* A context must be freshly initialized before it can be set up. */ + if( operation->alg != 0 ) + return( PSA_ERROR_BAD_STATE ); + + status = psa_cipher_init( operation, alg ); + if( status != PSA_SUCCESS ) + return( status ); + /* Try doing this through a driver before using software fallback */ if( cipher_operation == MBEDTLS_ENCRYPT ) status = psa_driver_wrapper_cipher_encrypt_setup( operation, @@ -4093,18 +4101,19 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, slot, alg ); - if( status != PSA_ERROR_NOT_SUPPORTED ) - goto exit; - - /* A context must be freshly initialized before it can be set up. */ - if( operation->alg != 0 ) + if( status == PSA_SUCCESS ) { - return( PSA_ERROR_BAD_STATE ); + operation->accelerator_set = 1; + operation->key_set = 1; } - status = psa_cipher_init( operation, alg ); - if( status != PSA_SUCCESS ) - return( status ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + /* Proceed with initializing mbed TLS cipher context if no accelerator is + * available for the given algorithm & key. */ + mbedtls_cipher_init( &operation->ctx.cipher ); status = psa_get_transparent_key( handle, &slot, usage, alg); if( status != PSA_SUCCESS ) @@ -4206,7 +4215,14 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( operation->iv_set || ! operation->iv_required ) + + if( operation->accelerator_set == 1 ) + return( psa_driver_wrapper_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ) ); + + if( operation->iv_set || ! operation->iv_required || ! operation->key_set ) { return( PSA_ERROR_BAD_STATE ); } @@ -4238,7 +4254,13 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( operation->iv_set || ! operation->iv_required ) + + if( operation->accelerator_set == 1 ) + return( psa_driver_wrapper_cipher_set_iv( operation, + iv, + iv_length ) ); + + if( operation->iv_set || ! operation->iv_required || ! operation->key_set ) { return( PSA_ERROR_BAD_STATE ); } @@ -4355,7 +4377,15 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; - if( operation->alg == 0 ) + if( operation->accelerator_set == 1 ) + return( psa_driver_wrapper_cipher_update( operation, + input, + input_length, + output, + output_size, + output_length ) ); + + if( operation->alg == 0 || ! operation->key_set ) { return( PSA_ERROR_BAD_STATE ); } @@ -4414,6 +4444,12 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; + if( operation->accelerator_set == 1 ) + return( psa_driver_wrapper_cipher_finish( operation, + output, + output_size, + output_length ) ); + if( ! operation->key_set ) { return( PSA_ERROR_BAD_STATE ); @@ -4483,11 +4519,15 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) return( PSA_ERROR_BAD_STATE ); - mbedtls_cipher_free( &operation->ctx.cipher ); + if( operation->accelerator_set == 1 ) + psa_driver_wrapper_cipher_abort( operation ); + else + mbedtls_cipher_free( &operation->ctx.cipher ); operation->alg = 0; operation->key_set = 0; operation->iv_set = 0; + operation->accelerator_set = 0; operation->iv_size = 0; operation->block_size = 0; operation->iv_required = 0; diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 0f059a08d..9db506151 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -40,6 +40,8 @@ void *test_driver_cipher_forced_output = NULL; size_t test_driver_cipher_forced_output_length = 0; +/* Test driver, if not explicitly setup, returns 'PSA_ERROR_NOT_SUPPORTED' by default, + * causing regular test suites to pass since the core will go into fallback mode. */ psa_status_t test_transparent_cipher_status = PSA_ERROR_NOT_SUPPORTED; unsigned long test_transparent_cipher_hit = 0; From 3ec4018e2bdcd187604f8280ecb14e00b698fed1 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 2 Sep 2020 16:27:46 +0200 Subject: [PATCH 191/488] Update license texts Signed-off-by: Steven Cooreman --- tests/include/test/drivers/cipher.h | 4 +--- tests/src/drivers/cipher.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index c58a92691..a697054fe 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -1,7 +1,7 @@ /* * Test driver for cipher functions */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -15,8 +15,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 9db506151..95dc2b6bc 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -2,7 +2,7 @@ * Test driver for cipher functions. * Currently only supports multi-part operations using AES-CTR. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -16,8 +16,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #if !defined(MBEDTLS_CONFIG_FILE) From 8b12225717833eacc24f72a222abcf9de0b20f50 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 3 Sep 2020 15:30:32 +0200 Subject: [PATCH 192/488] Add a working implementation of a multipart AES-CTR test driver Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 50 ++++--- tests/src/drivers/cipher.c | 258 ++++++++++++++++++++++++++++++------- 2 files changed, 246 insertions(+), 62 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7eb956835..cdae05ec4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4217,10 +4217,13 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( operation->accelerator_set == 1 ) - return( psa_driver_wrapper_cipher_generate_iv( operation, - iv, - iv_size, - iv_length ) ); + { + status = psa_driver_wrapper_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ); + goto exit; + } if( operation->iv_set || ! operation->iv_required || ! operation->key_set ) { @@ -4256,9 +4259,12 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( operation->accelerator_set == 1 ) - return( psa_driver_wrapper_cipher_set_iv( operation, - iv, - iv_length ) ); + { + status = psa_driver_wrapper_cipher_set_iv( operation, + iv, + iv_length ); + goto exit; + } if( operation->iv_set || ! operation->iv_required || ! operation->key_set ) { @@ -4378,12 +4384,15 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t expected_output_size; if( operation->accelerator_set == 1 ) - return( psa_driver_wrapper_cipher_update( operation, - input, - input_length, - output, - output_size, - output_length ) ); + { + status = psa_driver_wrapper_cipher_update( operation, + input, + input_length, + output, + output_size, + output_length ); + goto exit; + } if( operation->alg == 0 || ! operation->key_set ) { @@ -4445,10 +4454,17 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; if( operation->accelerator_set == 1 ) - return( psa_driver_wrapper_cipher_finish( operation, - output, - output_size, - output_length ) ); + { + status = psa_driver_wrapper_cipher_finish( operation, + output, + output_size, + output_length ); + if( status != PSA_SUCCESS ) + goto error; + + (void) psa_cipher_abort( operation ); + return( status ); + } if( ! operation->key_set ) { diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 95dc2b6bc..278e42899 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -38,9 +38,12 @@ void *test_driver_cipher_forced_output = NULL; size_t test_driver_cipher_forced_output_length = 0; -/* Test driver, if not explicitly setup, returns 'PSA_ERROR_NOT_SUPPORTED' by default, - * causing regular test suites to pass since the core will go into fallback mode. */ -psa_status_t test_transparent_cipher_status = PSA_ERROR_NOT_SUPPORTED; +/* Test driver implements AES-CTR by default when it's status is not overridden. + * Set test_transparent_cipher_status to PSA_ERROR_NOT_SUPPORTED to use fallback + * even for AES-CTR. + * Keep in mind this code is only exercised during the crypto drivers test target, + * meaning the other test runs will still test only the non-driver implementation. */ +psa_status_t test_transparent_cipher_status = PSA_SUCCESS; unsigned long test_transparent_cipher_hit = 0; psa_status_t test_transparent_cipher_encrypt( @@ -101,16 +104,57 @@ psa_status_t test_transparent_cipher_encrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + const mbedtls_cipher_info_t *cipher_info = NULL; + int ret = 0; test_transparent_cipher_hit++; + + if( operation->alg != 0 ) + return PSA_ERROR_BAD_STATE; + + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds, or when the function is called + * without first destroying the context object. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return PSA_ERROR_NOT_SUPPORTED; + + operation->alg = alg; + operation->iv_size = 16; + operation->block_size = 16; + + cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + if( cipher_info == NULL ) + return PSA_ERROR_NOT_SUPPORTED; + + mbedtls_cipher_init( &operation->cipher ); + + ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); + if( ret != 0 ) { + mbedtls_cipher_free( &operation->cipher ); + return mbedtls_to_psa_error( ret ); + } + + ret = mbedtls_cipher_setkey( &operation->cipher, + key, + key_length * 8, MBEDTLS_ENCRYPT ); + if( ret != 0 ) { + mbedtls_cipher_free( &operation->cipher ); + return mbedtls_to_psa_error( ret ); + } + + operation->iv_set = 0; + operation->iv_required = 1; + operation->key_set = 1; + + /* Allow overriding return value for testing purposes */ + if( test_transparent_cipher_status != PSA_SUCCESS ) + mbedtls_cipher_free( &operation->cipher ); + return test_transparent_cipher_status; } @@ -120,28 +164,72 @@ psa_status_t test_transparent_cipher_decrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); +const mbedtls_cipher_info_t *cipher_info = NULL; + int ret = 0; test_transparent_cipher_hit++; + + if( operation->alg != 0 ) + return PSA_ERROR_BAD_STATE; + + /* write our struct, this will trigger memory corruption failures + * in test when we go outside of bounds, or when the function is called + * without first destroying the context object. */ + memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return PSA_ERROR_NOT_SUPPORTED; + + operation->alg = alg; + operation->iv_size = 16; + operation->block_size = 16; + + mbedtls_cipher_init( &operation->cipher ); + + cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + if( cipher_info == NULL ) + return PSA_ERROR_NOT_SUPPORTED; + + ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); + if( ret != 0 ) + return mbedtls_to_psa_error( ret ); + + ret = mbedtls_cipher_setkey( &operation->cipher, + key, + key_length * 8, MBEDTLS_DECRYPT ); + if( ret != 0 ) + return mbedtls_to_psa_error( ret ); + + operation->iv_set = 0; + operation->iv_required = 1; + operation->key_set = 1; + + /* Allow overriding return value for testing purposes */ + if( test_transparent_cipher_status != PSA_SUCCESS ) + mbedtls_cipher_free( &operation->cipher ); + return test_transparent_cipher_status; } psa_status_t test_transparent_cipher_abort( test_transparent_cipher_operation_t *operation) { + if( operation->alg == 0 ) + return( PSA_SUCCESS ); + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + mbedtls_cipher_free( &operation->cipher ); + /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds. */ memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); test_transparent_cipher_hit++; - return test_transparent_cipher_status; + return PSA_SUCCESS; } psa_status_t test_transparent_cipher_generate_iv( @@ -150,13 +238,32 @@ psa_status_t test_transparent_cipher_generate_iv( size_t iv_size, size_t *iv_length) { - (void) operation; - (void) iv; - (void) iv_size; - (void) iv_length; + psa_status_t status; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); test_transparent_cipher_hit++; - return test_transparent_cipher_status; + + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->iv_set || ! operation->iv_required ) + return( PSA_ERROR_BAD_STATE ); + + if( iv_size < operation->iv_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_test_rnd_pseudo_rand( &rnd_info, + iv, + operation->iv_size ) ); + if( status != PSA_SUCCESS ) + return status; + + *iv_length = operation->iv_size; + status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); + + return status; } psa_status_t test_transparent_cipher_set_iv( @@ -164,12 +271,26 @@ psa_status_t test_transparent_cipher_set_iv( const uint8_t *iv, size_t iv_length) { - (void) operation; - (void) iv; - (void) iv_length; + psa_status_t status; test_transparent_cipher_hit++; - return test_transparent_cipher_status; + + if( operation->alg != PSA_ALG_CTR ) + return PSA_ERROR_BAD_STATE; + + if( operation->iv_set || ! operation->iv_required ) + return( PSA_ERROR_BAD_STATE ); + + if( iv_length != operation->iv_size ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) ); + + if( status == PSA_SUCCESS ) + operation->iv_set = 1; + + return status; } psa_status_t test_transparent_cipher_update( @@ -180,18 +301,35 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - (void) operation; - (void) input; - (void) input_length; + size_t expected_output_size; + psa_status_t status; + test_transparent_cipher_hit++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + expected_output_size = ( operation->cipher.unprocessed_len + input_length ) + / operation->block_size * operation->block_size; + + if( output_size < expected_output_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->cipher, input, + input_length, output, output_length ) ); + + if( status != PSA_SUCCESS ) + return status; + + if( test_driver_cipher_forced_output != NULL ) + { + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + } return test_transparent_cipher_status; } @@ -202,16 +340,46 @@ psa_status_t test_transparent_cipher_finish( size_t output_size, size_t *output_length) { - (void) operation; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; + test_transparent_cipher_hit++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( operation->alg != PSA_ALG_CTR ) + return( PSA_ERROR_BAD_STATE ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + + status = mbedtls_to_psa_error( + mbedtls_cipher_finish( &operation->cipher, + temp_output_buffer, + output_length ) ); + + mbedtls_cipher_free( &operation->cipher ); + + if( status != PSA_SUCCESS ) + return( status ); + + if( *output_length == 0 ) + ; /* Nothing to copy. Note that output may be NULL in this case. */ + else if( output_size >= *output_length ) + memcpy( output, temp_output_buffer, *output_length ); + else + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + + if( test_driver_cipher_forced_output != NULL ) + { + if( output_size < test_driver_cipher_forced_output_length ) + return PSA_ERROR_BUFFER_TOO_SMALL; + + memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); + *output_length = test_driver_cipher_forced_output_length; + } return test_transparent_cipher_status; } From d53c1bf6f27f6a52c548d517c27c7a92e7431ed4 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 3 Sep 2020 15:31:04 +0200 Subject: [PATCH 193/488] Exercise the AES-CTR multipart driver and check it gets called Signed-off-by: Steven Cooreman --- ...test_suite_psa_crypto_driver_wrappers.data | 84 +++++ ..._suite_psa_crypto_driver_wrappers.function | 319 ++++++++++++++++++ 2 files changed, 403 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 74e61723f..b864daff5 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -39,3 +39,87 @@ generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS generate_key through transparent driver: error generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR + +PSA symmetric encrypt: AES-CTR, 16 bytes, good +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, good +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, good +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS + +PSA symmetric encryption multipart: AES-CTR, 11+5 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric encryption multipart: AES-CTR, 16+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric encryption multipart: AES-CTR, 12+20 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric encryption multipart: AES-CTR, 20+12 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric encryption multipart: AES-CTR, 12+10 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" + +PSA symmetric encryption multipart: AES-CTR, 0+15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric encryption multipart: AES-CTR, 15+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric encryption multipart: AES-CTR, 0+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric encryption multipart: AES-CTR, 16+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric decryption multipart: AES-CTR, 11+5 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" + +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" + +PSA symmetric decryption multipart: AES-CTR, 0+15 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric decryption multipart: AES-CTR, 15+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd" + +PSA symmetric decryption multipart: AES-CTR, 0+16 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32" + +PSA symmetric decryption multipart: AES-CTR, 16+0 bytes +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 917798237..0e009911e 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -183,3 +183,322 @@ exit: test_driver_keygen_hooks = test_driver_keygen_hooks_init(); } /* END_CASE */ + +/* BEGIN_CASE */ +void cipher_encrypt( int alg_arg, int key_type_arg, + data_t *key, data_t *iv, + data_t *input, data_t *expected_output, + int expected_status_arg ) +{ + psa_key_handle_t handle = 0; + psa_status_t status; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, + handle, alg ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + PSA_ASSERT( psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + total_output_length += function_output_length; + status = psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ); + TEST_EQUAL( test_transparent_cipher_hit, 2); + test_transparent_cipher_hit = 0; + + total_output_length += function_output_length; + + TEST_EQUAL( status, expected_status ); + if( expected_status == PSA_SUCCESS ) + { + PSA_ASSERT( psa_cipher_abort( &operation ) ); + // driver function should've been called as part of the finish() core routine + TEST_EQUAL( test_transparent_cipher_hit, 0); + test_transparent_cipher_hit = 0; + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + } + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( handle ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_encrypt_multipart( int alg_arg, int key_type_arg, + data_t *key, data_t *iv, + data_t *input, + int first_part_size_arg, + int output1_length_arg, int output2_length_arg, + data_t *expected_output ) +{ + psa_key_handle_t handle = 0; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t first_part_size = first_part_size_arg; + size_t output1_length = output1_length_arg; + size_t output2_length = output2_length_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, + handle, alg ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + TEST_ASSERT( first_part_size <= input->len ); + PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + TEST_ASSERT( function_output_length == output1_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_update( &operation, + input->x + first_part_size, + input->len - first_part_size, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + TEST_ASSERT( function_output_length == output2_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 2); + test_transparent_cipher_hit = 0; + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_abort( &operation ) ); + TEST_EQUAL( test_transparent_cipher_hit, 0); + + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( handle ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_decrypt_multipart( int alg_arg, int key_type_arg, + data_t *key, data_t *iv, + data_t *input, + int first_part_size_arg, + int output1_length_arg, int output2_length_arg, + data_t *expected_output ) +{ + psa_key_handle_t handle = 0; + + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t first_part_size = first_part_size_arg; + size_t output1_length = output1_length_arg; + size_t output2_length = output2_length_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, + handle, alg ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + TEST_ASSERT( first_part_size <= input->len ); + PSA_ASSERT( psa_cipher_update( &operation, + input->x, first_part_size, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + TEST_ASSERT( function_output_length == output1_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_update( &operation, + input->x + first_part_size, + input->len - first_part_size, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + TEST_ASSERT( function_output_length == output2_length ); + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 2); + test_transparent_cipher_hit = 0; + total_output_length += function_output_length; + PSA_ASSERT( psa_cipher_abort( &operation ) ); + TEST_EQUAL( test_transparent_cipher_hit, 0); + + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( handle ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void cipher_decrypt( int alg_arg, int key_type_arg, + data_t *key, data_t *iv, + data_t *input, data_t *expected_output, + int expected_status_arg ) +{ + psa_key_handle_t handle = 0; + psa_status_t status; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t expected_status = expected_status_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + size_t total_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, + handle, alg ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + output_buffer_size = ( (size_t) input->len + + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); + ASSERT_ALLOC( output, output_buffer_size ); + + PSA_ASSERT( psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ) ); + TEST_EQUAL( test_transparent_cipher_hit, 1); + test_transparent_cipher_hit = 0; + + total_output_length += function_output_length; + status = psa_cipher_finish( &operation, + output + total_output_length, + output_buffer_size - total_output_length, + &function_output_length ); + TEST_EQUAL( test_transparent_cipher_hit, 2); + test_transparent_cipher_hit = 0; + + total_output_length += function_output_length; + TEST_EQUAL( status, expected_status ); + + if( expected_status == PSA_SUCCESS ) + { + PSA_ASSERT( psa_cipher_abort( &operation ) ); + TEST_EQUAL( test_transparent_cipher_hit, 0); + ASSERT_COMPARE( expected_output->x, expected_output->len, + output, total_output_length ); + } + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( handle ); + PSA_DONE( ); +} +/* END_CASE */ From a32193fae8a2d1adc8d91fab062a6d7b48b0ea3a Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 3 Sep 2020 16:25:36 +0200 Subject: [PATCH 194/488] Add changelog entry Signed-off-by: Steven Cooreman --- ChangeLog.d/add_cipher_transparent_driver.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/add_cipher_transparent_driver.txt diff --git a/ChangeLog.d/add_cipher_transparent_driver.txt b/ChangeLog.d/add_cipher_transparent_driver.txt new file mode 100644 index 000000000..ce6f33d0d --- /dev/null +++ b/ChangeLog.d/add_cipher_transparent_driver.txt @@ -0,0 +1,4 @@ +Features + * Partial implementation of the new PSA Crypto accelerator APIs for + enabling symmetric cipher acceleration through crypto accelerators. + Contributed by Steven Cooreman in #3644. From 435beeaef34c2943ba1829f9d0e256430086618c Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 3 Sep 2020 16:37:54 +0200 Subject: [PATCH 195/488] Add new files to IDE project Signed-off-by: Steven Cooreman --- visualc/VS2010/mbedTLS.vcxproj | 1 + 1 file changed, 1 insertion(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 9d7929839..db8ec3389 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -238,6 +238,7 @@ + From acb5a100a7280aec99218455b3e9ba7be7ae8895 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 8 Sep 2020 14:06:57 +0200 Subject: [PATCH 196/488] Structify cipher test driver hook variables Signed-off-by: Steven Cooreman --- tests/include/test/drivers/cipher.h | 22 ++- tests/src/drivers/cipher.c | 155 +++++++++--------- ..._suite_psa_crypto_driver_wrappers.function | 93 ++++++----- 3 files changed, 146 insertions(+), 124 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index a697054fe..96ab29556 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -45,11 +45,25 @@ typedef struct{ test_transparent_cipher_operation_t ctx; } test_opaque_cipher_operation_t; -extern void *test_driver_cipher_forced_output; -extern size_t test_driver_cipher_forced_output_length; +typedef struct { + /* If non-null, on success, copy this to the output. */ + void *forced_output; + size_t forced_output_length; + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times one of the keygen driver functions is called. */ + unsigned long hits; +} test_driver_cipher_hooks_t; -extern psa_status_t test_transparent_cipher_status; -extern unsigned long test_transparent_cipher_hit; +#define TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 } +static inline test_driver_cipher_hooks_t test_driver_cipher_hooks_init( void ) +{ + const test_driver_cipher_hooks_t v = TEST_DRIVER_CIPHER_INIT; + return( v ); +} + +extern test_driver_cipher_hooks_t test_driver_cipher_hooks; psa_status_t test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 278e42899..0a4a347dd 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -26,25 +26,21 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "mbedtls/cipher.h" -#include "drivers/cipher.h" +#include "test/drivers/cipher.h" #include "test/random.h" #include -/* If non-null, on success, copy this to the output. */ -void *test_driver_cipher_forced_output = NULL; -size_t test_driver_cipher_forced_output_length = 0; - /* Test driver implements AES-CTR by default when it's status is not overridden. - * Set test_transparent_cipher_status to PSA_ERROR_NOT_SUPPORTED to use fallback - * even for AES-CTR. - * Keep in mind this code is only exercised during the crypto drivers test target, - * meaning the other test runs will still test only the non-driver implementation. */ -psa_status_t test_transparent_cipher_status = PSA_SUCCESS; -unsigned long test_transparent_cipher_hit = 0; + * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use + * fallback even for AES-CTR. + * Keep in mind this code is only exercised with the crypto drivers test target, + * meaning the other test runs will only test the non-driver implementation. */ +test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; psa_status_t test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, @@ -59,17 +55,19 @@ psa_status_t test_transparent_cipher_encrypt( (void) alg; (void) input; (void) input_length; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_decrypt( @@ -85,17 +83,19 @@ psa_status_t test_transparent_cipher_decrypt( (void) alg; (void) input; (void) input_length; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; - if( test_transparent_cipher_status != PSA_SUCCESS ) - return test_transparent_cipher_status; - if( output_size < test_driver_cipher_forced_output_length ) - return PSA_ERROR_BUFFER_TOO_SMALL; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_encrypt_setup( @@ -107,19 +107,20 @@ psa_status_t test_transparent_cipher_encrypt_setup( const mbedtls_cipher_info_t *cipher_info = NULL; int ret = 0; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != 0 ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds, or when the function is called * without first destroying the context object. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return PSA_ERROR_NOT_SUPPORTED; + if( alg != PSA_ALG_CTR || + psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_NOT_SUPPORTED ); operation->alg = alg; operation->iv_size = 16; @@ -129,14 +130,14 @@ psa_status_t test_transparent_cipher_encrypt_setup( key_length * 8, MBEDTLS_MODE_CTR ); if( cipher_info == NULL ) - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); mbedtls_cipher_init( &operation->cipher ); ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_cipher_setkey( &operation->cipher, @@ -144,7 +145,7 @@ psa_status_t test_transparent_cipher_encrypt_setup( key_length * 8, MBEDTLS_ENCRYPT ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); } operation->iv_set = 0; @@ -152,10 +153,10 @@ psa_status_t test_transparent_cipher_encrypt_setup( operation->key_set = 1; /* Allow overriding return value for testing purposes */ - if( test_transparent_cipher_status != PSA_SUCCESS ) + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) mbedtls_cipher_free( &operation->cipher ); - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_decrypt_setup( @@ -164,18 +165,18 @@ psa_status_t test_transparent_cipher_decrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { -const mbedtls_cipher_info_t *cipher_info = NULL; + const mbedtls_cipher_info_t *cipher_info = NULL; int ret = 0; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != 0 ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds, or when the function is called * without first destroying the context object. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) @@ -195,23 +196,23 @@ const mbedtls_cipher_info_t *cipher_info = NULL; ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); if( ret != 0 ) - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); ret = mbedtls_cipher_setkey( &operation->cipher, key, key_length * 8, MBEDTLS_DECRYPT ); if( ret != 0 ) - return mbedtls_to_psa_error( ret ); + return( mbedtls_to_psa_error( ret ) ); operation->iv_set = 0; operation->iv_required = 1; operation->key_set = 1; /* Allow overriding return value for testing purposes */ - if( test_transparent_cipher_status != PSA_SUCCESS ) + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) mbedtls_cipher_free( &operation->cipher ); - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_abort( @@ -226,10 +227,10 @@ psa_status_t test_transparent_cipher_abort( /* write our struct, this will trigger memory corruption failures * in test when we go outside of bounds. */ - memset(operation, 0, sizeof(test_transparent_cipher_operation_t)); + memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); - test_transparent_cipher_hit++; - return PSA_SUCCESS; + test_driver_cipher_hooks.hits++; + return( PSA_SUCCESS ); } psa_status_t test_transparent_cipher_generate_iv( @@ -242,7 +243,7 @@ psa_status_t test_transparent_cipher_generate_iv( mbedtls_test_rnd_pseudo_info rnd_info; memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -258,12 +259,12 @@ psa_status_t test_transparent_cipher_generate_iv( iv, operation->iv_size ) ); if( status != PSA_SUCCESS ) - return status; + return( status ); *iv_length = operation->iv_size; status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); - return status; + return( status ); } psa_status_t test_transparent_cipher_set_iv( @@ -273,10 +274,10 @@ psa_status_t test_transparent_cipher_set_iv( { psa_status_t status; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); if( operation->iv_set || ! operation->iv_required ) return( PSA_ERROR_BAD_STATE ); @@ -290,7 +291,7 @@ psa_status_t test_transparent_cipher_set_iv( if( status == PSA_SUCCESS ) operation->iv_set = 1; - return status; + return( status ); } psa_status_t test_transparent_cipher_update( @@ -304,7 +305,7 @@ psa_status_t test_transparent_cipher_update( size_t expected_output_size; psa_status_t status; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -322,16 +323,18 @@ psa_status_t test_transparent_cipher_update( if( status != PSA_SUCCESS ) return status; - if( test_driver_cipher_forced_output != NULL ) + if( test_driver_cipher_hooks.forced_output != NULL ) { - if( output_size < test_driver_cipher_forced_output_length ) + if( output_size < test_driver_cipher_hooks.forced_output_length ) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; } - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_finish( @@ -343,7 +346,7 @@ psa_status_t test_transparent_cipher_finish( psa_status_t status = PSA_ERROR_GENERIC_ERROR; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - test_transparent_cipher_hit++; + test_driver_cipher_hooks.hits++; if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -372,16 +375,18 @@ psa_status_t test_transparent_cipher_finish( return( PSA_ERROR_BUFFER_TOO_SMALL ); - if( test_driver_cipher_forced_output != NULL ) + if( test_driver_cipher_hooks.forced_output != NULL ) { - if( output_size < test_driver_cipher_forced_output_length ) + if( output_size < test_driver_cipher_hooks.forced_output_length ) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length); - *output_length = test_driver_cipher_forced_output_length; + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; } - return test_transparent_cipher_status; + return( test_driver_cipher_hooks.forced_status ); } /* @@ -403,7 +408,7 @@ psa_status_t test_opaque_cipher_encrypt( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_decrypt( @@ -422,7 +427,7 @@ psa_status_t test_opaque_cipher_decrypt( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_encrypt_setup( @@ -436,7 +441,7 @@ psa_status_t test_opaque_cipher_encrypt_setup( (void) key; (void) key_length; (void) alg; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_decrypt_setup( @@ -450,14 +455,14 @@ psa_status_t test_opaque_cipher_decrypt_setup( (void) key; (void) key_length; (void) alg; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_abort( test_opaque_cipher_operation_t *operation) { (void) operation; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_generate_iv( @@ -470,7 +475,7 @@ psa_status_t test_opaque_cipher_generate_iv( (void) iv; (void) iv_size; (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_set_iv( @@ -481,7 +486,7 @@ psa_status_t test_opaque_cipher_set_iv( (void) operation; (void) iv; (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_update( @@ -498,7 +503,7 @@ psa_status_t test_opaque_cipher_update( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_finish( @@ -511,6 +516,6 @@ psa_status_t test_opaque_cipher_finish( (void) output; (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 0e009911e..1daf9bb3f 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -201,7 +201,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, size_t total_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - test_transparent_cipher_hit = 0; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); @@ -213,12 +213,12 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -228,16 +228,16 @@ void cipher_encrypt( int alg_arg, int key_type_arg, input->x, input->len, output, output_buffer_size, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ); - TEST_EQUAL( test_transparent_cipher_hit, 2); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; @@ -246,8 +246,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, { PSA_ASSERT( psa_cipher_abort( &operation ) ); // driver function should've been called as part of the finish() core routine - TEST_EQUAL( test_transparent_cipher_hit, 0); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); ASSERT_COMPARE( expected_output->x, expected_output->len, output, total_output_length ); } @@ -257,6 +256,7 @@ exit: mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } /* END_CASE */ @@ -280,7 +280,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, size_t total_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - test_transparent_cipher_hit = 0; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); @@ -292,12 +292,12 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -307,8 +307,8 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size, output, output_buffer_size, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; TEST_ASSERT( function_output_length == output1_length ); total_output_length += function_output_length; @@ -318,19 +318,19 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; TEST_ASSERT( function_output_length == output2_length ); total_output_length += function_output_length; PSA_ASSERT( psa_cipher_finish( &operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 2); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + test_driver_cipher_hooks.hits = 0 ; total_output_length += function_output_length; PSA_ASSERT( psa_cipher_abort( &operation ) ); - TEST_EQUAL( test_transparent_cipher_hit, 0); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); ASSERT_COMPARE( expected_output->x, expected_output->len, output, total_output_length ); @@ -340,6 +340,7 @@ exit: mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } /* END_CASE */ @@ -364,7 +365,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, size_t total_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - test_transparent_cipher_hit = 0; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); @@ -376,12 +377,12 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -392,8 +393,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, input->x, first_part_size, output, output_buffer_size, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; TEST_ASSERT( function_output_length == output1_length ); total_output_length += function_output_length; @@ -403,8 +404,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; TEST_ASSERT( function_output_length == output2_length ); total_output_length += function_output_length; @@ -412,11 +413,11 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 2); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; PSA_ASSERT( psa_cipher_abort( &operation ) ); - TEST_EQUAL( test_transparent_cipher_hit, 0); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); ASSERT_COMPARE( expected_output->x, expected_output->len, output, total_output_length ); @@ -426,6 +427,7 @@ exit: mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } /* END_CASE */ @@ -446,7 +448,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, size_t total_output_length = 0; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - test_transparent_cipher_hit = 0; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); PSA_ASSERT( psa_crypto_init( ) ); @@ -458,12 +460,12 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -473,16 +475,16 @@ void cipher_decrypt( int alg_arg, int key_type_arg, input->x, input->len, output, output_buffer_size, &function_output_length ) ); - TEST_EQUAL( test_transparent_cipher_hit, 1); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ); - TEST_EQUAL( test_transparent_cipher_hit, 2); - test_transparent_cipher_hit = 0; + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; TEST_EQUAL( status, expected_status ); @@ -490,7 +492,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, if( expected_status == PSA_SUCCESS ) { PSA_ASSERT( psa_cipher_abort( &operation ) ); - TEST_EQUAL( test_transparent_cipher_hit, 0); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); ASSERT_COMPARE( expected_output->x, expected_output->len, output, total_output_length ); } @@ -500,5 +502,6 @@ exit: mbedtls_free( output ); psa_destroy_key( handle ); PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } /* END_CASE */ From 5240e8b519a95501b84d3724d3274c09e7bf46f2 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 11:51:45 +0200 Subject: [PATCH 197/488] Style and language fixes from review Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 2 +- library/psa_crypto.c | 14 ++-- library/psa_crypto_driver_wrappers.c | 78 +++++++++---------- tests/include/test/drivers/cipher.h | 2 +- tests/src/drivers/cipher.c | 34 ++++---- ..._suite_psa_crypto_driver_wrappers.function | 4 + 6 files changed, 71 insertions(+), 63 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 3ff3f93ef..5ac187504 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -158,7 +158,7 @@ struct psa_cipher_operation_s unsigned int key_set : 1; unsigned int iv_required : 1; unsigned int iv_set : 1; - unsigned int accelerator_set : 1; + unsigned int accelerator_set : 1; /* Indicates a driver is used instead of software fallback. */ uint8_t iv_size; uint8_t block_size; union diff --git a/library/psa_crypto.c b/library/psa_crypto.c index cdae05ec4..4ba9baffe 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4225,7 +4225,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, goto exit; } - if( operation->iv_set || ! operation->iv_required || ! operation->key_set ) + if( operation->iv_set || ! operation->iv_required ) { return( PSA_ERROR_BAD_STATE ); } @@ -4266,7 +4266,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, goto exit; } - if( operation->iv_set || ! operation->iv_required || ! operation->key_set ) + if( operation->iv_set || ! operation->iv_required ) { return( PSA_ERROR_BAD_STATE ); } @@ -4394,7 +4394,11 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, goto exit; } - if( operation->alg == 0 || ! operation->key_set ) + if( operation->alg == 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + if( operation->iv_required && ! operation->iv_set ) { return( PSA_ERROR_BAD_STATE ); } @@ -4466,10 +4470,6 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( status ); } - if( ! operation->key_set ) - { - return( PSA_ERROR_BAD_STATE ); - } if( operation->iv_required && ! operation->iv_set ) { return( PSA_ERROR_BAD_STATE ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 140c3d4b8..11aeef830 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -411,10 +411,10 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( output_length ); /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: @@ -430,7 +430,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return status; + return( status ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) slot; @@ -441,7 +441,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -478,10 +478,10 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( output_length ); /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: @@ -497,7 +497,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return status; + return( status ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) slot; @@ -508,7 +508,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -526,7 +526,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( /* Check for operation already allocated */ if( operation->ctx.driver.ctx != NULL ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); switch( location ) { @@ -554,7 +554,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( operation->ctx.driver.ctx = NULL; } - return status; + return( status ); } else { @@ -563,13 +563,13 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( } #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); if( operation->ctx.driver.ctx == NULL ) - return PSA_ERROR_INSUFFICIENT_MEMORY; + return( PSA_ERROR_INSUFFICIENT_MEMORY ); status = test_opaque_cipher_encrypt_setup( operation->ctx.driver.ctx, &attributes, @@ -584,18 +584,18 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( operation->ctx.driver.ctx = NULL; } - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)operation; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -613,7 +613,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( /* Check for operation already allocated */ if( operation->ctx.driver.ctx != NULL ) - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); switch( location ) { @@ -623,7 +623,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( #if defined(PSA_CRYPTO_DRIVER_TEST) operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); if( operation->ctx.driver.ctx == NULL ) - return PSA_ERROR_INSUFFICIENT_MEMORY; + return( PSA_ERROR_INSUFFICIENT_MEMORY ); status = test_transparent_cipher_decrypt_setup( operation->ctx.driver.ctx, &attributes, @@ -641,7 +641,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( operation->ctx.driver.ctx = NULL; } - return status; + return( status ); } else { @@ -650,7 +650,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( } #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: @@ -671,18 +671,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( operation->ctx.driver.ctx = NULL; } - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)operation; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -695,7 +695,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ if( operation->ctx.driver.ctx == NULL ) - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_INVALID_ARGUMENT ); switch( operation->ctx.driver.id ) { @@ -715,7 +715,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -723,7 +723,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( (void) iv_size; (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -735,7 +735,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ if( operation->ctx.driver.ctx == NULL ) - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_INVALID_ARGUMENT ); switch( operation->ctx.driver.id ) { @@ -753,14 +753,14 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; (void) iv; (void) iv_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -775,7 +775,7 @@ psa_status_t psa_driver_wrapper_cipher_update( #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ if( operation->ctx.driver.ctx == NULL ) - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_INVALID_ARGUMENT ); switch( operation->ctx.driver.id ) { @@ -799,7 +799,7 @@ psa_status_t psa_driver_wrapper_cipher_update( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -809,7 +809,7 @@ psa_status_t psa_driver_wrapper_cipher_update( (void) output_length; (void) output_size; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -822,7 +822,7 @@ psa_status_t psa_driver_wrapper_cipher_finish( #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ if( operation->ctx.driver.ctx == NULL ) - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_INVALID_ARGUMENT ); switch( operation->ctx.driver.id ) { @@ -842,7 +842,7 @@ psa_status_t psa_driver_wrapper_cipher_finish( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -850,7 +850,7 @@ psa_status_t psa_driver_wrapper_cipher_finish( (void) output_size; (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -861,7 +861,7 @@ psa_status_t psa_driver_wrapper_cipher_abort( psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; /* Check for operation already allocated */ if( operation->ctx.driver.ctx == NULL ) - return PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_INVALID_ARGUMENT ); switch( operation->ctx.driver.id ) { @@ -873,7 +873,7 @@ psa_status_t psa_driver_wrapper_cipher_abort( operation->ctx.driver.ctx = NULL; operation->ctx.driver.id = 0; - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: @@ -881,16 +881,16 @@ psa_status_t psa_driver_wrapper_cipher_abort( mbedtls_free( operation->ctx.driver.ctx ); operation->ctx.driver.ctx = NULL; - return status; + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Operation is attached to a driver not known to us */ - return PSA_ERROR_BAD_STATE; + return( PSA_ERROR_BAD_STATE ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)operation; - return PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 96ab29556..ef787f794 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -52,7 +52,7 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the keygen driver functions is called. */ + /* Count the amount of times one of the cipher driver functions is called. */ unsigned long hits; } test_driver_cipher_hooks_t; diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 0a4a347dd..c8eb1d350 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -35,11 +35,11 @@ #include -/* Test driver implements AES-CTR by default when it's status is not overridden. +/* Test driver implements AES-CTR only. Its default behaviour (when its return + * status is not overridden through the hooks) is to take care of all AES-CTR + * operations, and return PSA_ERROR_NOT_SUPPORTED for all others. * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use - * fallback even for AES-CTR. - * Keep in mind this code is only exercised with the crypto drivers test target, - * meaning the other test runs will only test the non-driver implementation. */ + * fallback even for AES-CTR. */ test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; psa_status_t test_transparent_cipher_encrypt( @@ -112,10 +112,11 @@ psa_status_t test_transparent_cipher_encrypt_setup( if( operation->alg != 0 ) return( PSA_ERROR_BAD_STATE ); - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds, or when the function is called - * without first destroying the context object. */ - memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || @@ -173,10 +174,11 @@ psa_status_t test_transparent_cipher_decrypt_setup( if( operation->alg != 0 ) return( PSA_ERROR_BAD_STATE ); - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds, or when the function is called - * without first destroying the context object. */ - memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) @@ -225,9 +227,11 @@ psa_status_t test_transparent_cipher_abort( mbedtls_cipher_free( &operation->cipher ); - /* write our struct, this will trigger memory corruption failures - * in test when we go outside of bounds. */ - memset( operation, 0, sizeof( test_transparent_cipher_operation_t ) ); + /* Wiping the entire struct here, instead of member-by-member. This is useful + * for the test suite, since it gives a chance of catching memory corruption + * errors should the core not have allocated (enough) memory for our context + * struct. */ + memset( operation, 0, sizeof( *operation ) ); test_driver_cipher_hooks.hits++; return( PSA_SUCCESS ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 1daf9bb3f..470c43864 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -236,6 +236,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ); + /* Finish will have called abort as well, so expecting two hits here */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); test_driver_cipher_hooks.hits = 0; @@ -326,6 +327,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); + /* Finish will have called abort as well, so expecting two hits here */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); test_driver_cipher_hooks.hits = 0 ; total_output_length += function_output_length; @@ -413,6 +415,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ) ); + /* Finish will have called abort as well, so expecting two hits here */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; @@ -483,6 +486,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, output + total_output_length, output_buffer_size - total_output_length, &function_output_length ); + /* Finish will have called abort as well, so expecting two hits here */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); test_driver_cipher_hooks.hits = 0; From fb81aa588983f7b338db853af914e17bfdc30561 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 12:01:43 +0200 Subject: [PATCH 198/488] Only pass the driver-relevant portion of the context struct Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 17 ++-- library/psa_crypto.c | 14 +-- library/psa_crypto_driver_wrappers.c | 127 ++++++++++++++------------- library/psa_crypto_driver_wrappers.h | 14 +-- 4 files changed, 89 insertions(+), 83 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 5ac187504..b26588fc5 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -77,6 +77,16 @@ extern "C" { #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +typedef struct { + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_driver_wrappers.h */ + unsigned int id; + /** Context structure for the assigned driver, when id is not zero. */ + void* ctx; +} psa_operation_driver_context_t; + struct psa_hash_operation_s { psa_algorithm_t alg; @@ -165,12 +175,7 @@ struct psa_cipher_operation_s { unsigned dummy; /* Enable easier initializing of the union. */ mbedtls_cipher_context_t cipher; -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) - struct { - unsigned int id; - void* ctx; - } driver; -#endif + psa_operation_driver_context_t driver; } ctx; }; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4ba9baffe..6575ec472 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4093,11 +4093,11 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, /* Try doing this through a driver before using software fallback */ if( cipher_operation == MBEDTLS_ENCRYPT ) - status = psa_driver_wrapper_cipher_encrypt_setup( operation, + status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, slot, alg ); else - status = psa_driver_wrapper_cipher_decrypt_setup( operation, + status = psa_driver_wrapper_cipher_decrypt_setup( &operation->ctx.driver, slot, alg ); @@ -4218,7 +4218,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, if( operation->accelerator_set == 1 ) { - status = psa_driver_wrapper_cipher_generate_iv( operation, + status = psa_driver_wrapper_cipher_generate_iv( &operation->ctx.driver, iv, iv_size, iv_length ); @@ -4260,7 +4260,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, if( operation->accelerator_set == 1 ) { - status = psa_driver_wrapper_cipher_set_iv( operation, + status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, iv, iv_length ); goto exit; @@ -4385,7 +4385,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, if( operation->accelerator_set == 1 ) { - status = psa_driver_wrapper_cipher_update( operation, + status = psa_driver_wrapper_cipher_update( &operation->ctx.driver, input, input_length, output, @@ -4459,7 +4459,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, if( operation->accelerator_set == 1 ) { - status = psa_driver_wrapper_cipher_finish( operation, + status = psa_driver_wrapper_cipher_finish( &operation->ctx.driver, output, output_size, output_length ); @@ -4536,7 +4536,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) return( PSA_ERROR_BAD_STATE ); if( operation->accelerator_set == 1 ) - psa_driver_wrapper_cipher_abort( operation ); + psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); else mbedtls_cipher_free( &operation->ctx.cipher ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 11aeef830..dea9cb588 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -38,7 +38,8 @@ /* Repeat above block for each JSON-declared driver during autogeneration */ -/* Auto-generated values depending on which drivers are registered */ +/* Auto-generated values depending on which drivers are registered. ID 0 is + * reserved for unallocated operations. */ #if defined(PSA_CRYPTO_DRIVER_TEST) #define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1) #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2) @@ -513,7 +514,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( } psa_status_t psa_driver_wrapper_cipher_encrypt_setup( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, psa_key_slot_t *slot, psa_algorithm_t alg ) { @@ -525,7 +526,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( }; /* Check for operation already allocated */ - if( operation->ctx.driver.ctx != NULL ) + if( operation->ctx != NULL || operation->id != 0 ) return( PSA_ERROR_BAD_STATE ); switch( location ) @@ -534,11 +535,11 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); - if( operation->ctx.driver.ctx == NULL ) + operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); + if( operation->ctx == NULL ) return PSA_ERROR_INSUFFICIENT_MEMORY; - status = test_transparent_cipher_encrypt_setup( operation->ctx.driver.ctx, + status = test_transparent_cipher_encrypt_setup( operation->ctx, &attributes, slot->data.key.data, slot->data.key.bytes, @@ -547,19 +548,19 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) { if( status == PSA_SUCCESS ) - operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; else { - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; + mbedtls_free( operation->ctx ); + operation->ctx = NULL; } return( status ); } else { - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; + mbedtls_free( operation->ctx ); + operation->ctx = NULL; } #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ @@ -567,21 +568,21 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( operation->ctx.driver.ctx == NULL ) + operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( operation->ctx == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = test_opaque_cipher_encrypt_setup( operation->ctx.driver.ctx, + status = test_opaque_cipher_encrypt_setup( operation->ctx, &attributes, slot->data.key.data, slot->data.key.bytes, alg ); if( status == PSA_SUCCESS ) - operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; else { - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; + mbedtls_free( operation->ctx ); + operation->ctx = NULL; } return( status ); @@ -600,7 +601,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( } psa_status_t psa_driver_wrapper_cipher_decrypt_setup( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, psa_key_slot_t *slot, psa_algorithm_t alg ) { @@ -612,7 +613,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( }; /* Check for operation already allocated */ - if( operation->ctx.driver.ctx != NULL ) + if( operation->ctx != NULL ) return( PSA_ERROR_BAD_STATE ); switch( location ) @@ -621,11 +622,11 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); - if( operation->ctx.driver.ctx == NULL ) + operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); + if( operation->ctx == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = test_transparent_cipher_decrypt_setup( operation->ctx.driver.ctx, + status = test_transparent_cipher_decrypt_setup( operation->ctx, &attributes, slot->data.key.data, slot->data.key.bytes, @@ -634,19 +635,19 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) { if( status == PSA_SUCCESS ) - operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; else { - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; + mbedtls_free( operation->ctx ); + operation->ctx = NULL; } return( status ); } else { - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; + mbedtls_free( operation->ctx ); + operation->ctx = NULL; } #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ @@ -654,21 +655,21 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( operation->ctx.driver.ctx == NULL ) + operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( operation->ctx == NULL ) return PSA_ERROR_INSUFFICIENT_MEMORY; - status = test_opaque_cipher_decrypt_setup( operation->ctx.driver.ctx, + status = test_opaque_cipher_decrypt_setup( operation->ctx, &attributes, slot->data.key.data, slot->data.key.bytes, alg ); if( status == PSA_SUCCESS ) - operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; else { - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; + mbedtls_free( operation->ctx ); + operation->ctx = NULL; } return( status ); @@ -687,28 +688,28 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( } psa_status_t psa_driver_wrapper_cipher_generate_iv( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ - if( operation->ctx.driver.ctx == NULL ) + if( operation->ctx == NULL ) return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->ctx.driver.id ) + switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_generate_iv( operation->ctx.driver.ctx, + return( test_transparent_cipher_generate_iv( operation->ctx, iv, iv_size, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_generate_iv( operation->ctx.driver.ctx, + return( test_opaque_cipher_generate_iv( operation->ctx, iv, iv_size, iv_length ) ); @@ -728,26 +729,26 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( } psa_status_t psa_driver_wrapper_cipher_set_iv( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, const uint8_t *iv, size_t iv_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ - if( operation->ctx.driver.ctx == NULL ) + if( operation->ctx == NULL ) return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->ctx.driver.id ) + switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx, + return( test_transparent_cipher_set_iv( operation->ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx, + return( test_opaque_cipher_set_iv( operation->ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -765,7 +766,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( } psa_status_t psa_driver_wrapper_cipher_update( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -774,14 +775,14 @@ psa_status_t psa_driver_wrapper_cipher_update( { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ - if( operation->ctx.driver.ctx == NULL ) + if( operation->ctx == NULL ) return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->ctx.driver.id ) + switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_update( operation->ctx.driver.ctx, + return( test_transparent_cipher_update( operation->ctx, input, input_length, output, @@ -790,7 +791,7 @@ psa_status_t psa_driver_wrapper_cipher_update( #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_update( operation->ctx.driver.ctx, + return( test_opaque_cipher_update( operation->ctx, input, input_length, output, @@ -814,28 +815,28 @@ psa_status_t psa_driver_wrapper_cipher_update( } psa_status_t psa_driver_wrapper_cipher_finish( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, uint8_t *output, size_t output_size, size_t *output_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Check for operation already allocated */ - if( operation->ctx.driver.ctx == NULL ) + if( operation->ctx == NULL ) return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->ctx.driver.id ) + switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_finish( operation->ctx.driver.ctx, + return( test_transparent_cipher_finish( operation->ctx, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_finish( operation->ctx.driver.ctx, + return( test_opaque_cipher_finish( operation->ctx, output, output_size, output_length ) ); @@ -855,31 +856,31 @@ psa_status_t psa_driver_wrapper_cipher_finish( } psa_status_t psa_driver_wrapper_cipher_abort( - psa_cipher_operation_t *operation ) + psa_operation_driver_context_t *operation ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; /* Check for operation already allocated */ - if( operation->ctx.driver.ctx == NULL ) + if( operation->ctx == NULL ) return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->ctx.driver.id ) + switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - status = test_transparent_cipher_abort( operation->ctx.driver.ctx ); + status = test_transparent_cipher_abort( operation->ctx ); - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; - operation->ctx.driver.id = 0; + mbedtls_free( operation->ctx ); + operation->ctx = NULL; + operation->id = 0; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - status = test_opaque_cipher_abort( operation->ctx.driver.ctx ); - mbedtls_free( operation->ctx.driver.ctx ); - operation->ctx.driver.ctx = NULL; + status = test_opaque_cipher_abort( operation->ctx ); + mbedtls_free( operation->ctx ); + operation->ctx = NULL; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index a2096048d..0db15d6c3 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -68,28 +68,28 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( size_t *output_length ); psa_status_t psa_driver_wrapper_cipher_encrypt_setup( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, psa_key_slot_t *slot, psa_algorithm_t alg ); psa_status_t psa_driver_wrapper_cipher_decrypt_setup( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, psa_key_slot_t *slot, psa_algorithm_t alg ); psa_status_t psa_driver_wrapper_cipher_generate_iv( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ); psa_status_t psa_driver_wrapper_cipher_set_iv( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, const uint8_t *iv, size_t iv_length ); psa_status_t psa_driver_wrapper_cipher_update( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -97,13 +97,13 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t *output_length ); psa_status_t psa_driver_wrapper_cipher_finish( - psa_cipher_operation_t *operation, + psa_operation_driver_context_t *operation, uint8_t *output, size_t output_size, size_t *output_length ); psa_status_t psa_driver_wrapper_cipher_abort( - psa_cipher_operation_t *operation ); + psa_operation_driver_context_t *operation ); #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ From 150c99b8842877e00bcc247739688e4f19d01069 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 14:32:44 +0200 Subject: [PATCH 199/488] Simplify cipher setup wrapper body Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 32 +++++++--------------------- 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index dea9cb588..268b47c62 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -545,23 +545,15 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( slot->data.key.bytes, alg ); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - { - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; - else - { - mbedtls_free( operation->ctx ); - operation->ctx = NULL; - } - - return( status ); - } + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; else { mbedtls_free( operation->ctx ); operation->ctx = NULL; } + + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return( PSA_ERROR_NOT_SUPPORTED ); @@ -632,23 +624,15 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( slot->data.key.bytes, alg ); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - { - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; - else - { - mbedtls_free( operation->ctx ); - operation->ctx = NULL; - } - - return( status ); - } + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; else { mbedtls_free( operation->ctx ); operation->ctx = NULL; } + + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ return( PSA_ERROR_NOT_SUPPORTED ); From cfeea8fa1e52cfc011031532daec710d1e0eca2a Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 15:09:18 +0200 Subject: [PATCH 200/488] Unify driver context struct handling Added zeroization of the wrapper context on failure/abort, and reliance on the crypto core to not call an uninitialised wrapper. Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 52 +++++++++++++--------------- 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 268b47c62..d41209bbf 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -525,10 +525,6 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( .core = slot->attr }; - /* Check for operation already allocated */ - if( operation->ctx != NULL || operation->id != 0 ) - return( PSA_ERROR_BAD_STATE ); - switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -549,6 +545,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; else { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_transparent_cipher_operation_t ) ); mbedtls_free( operation->ctx ); operation->ctx = NULL; } @@ -573,6 +572,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; else { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_opaque_cipher_operation_t ) ); mbedtls_free( operation->ctx ); operation->ctx = NULL; } @@ -604,10 +606,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( .core = slot->attr }; - /* Check for operation already allocated */ - if( operation->ctx != NULL ) - return( PSA_ERROR_BAD_STATE ); - switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: @@ -628,6 +626,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; else { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_transparent_cipher_operation_t ) ); mbedtls_free( operation->ctx ); operation->ctx = NULL; } @@ -652,6 +653,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; else { + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_opaque_cipher_operation_t ) ); mbedtls_free( operation->ctx ); operation->ctx = NULL; } @@ -678,10 +682,6 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( size_t *iv_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - /* Check for operation already allocated */ - if( operation->ctx == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -718,10 +718,6 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( size_t iv_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - /* Check for operation already allocated */ - if( operation->ctx == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -758,10 +754,6 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t *output_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - /* Check for operation already allocated */ - if( operation->ctx == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -805,10 +797,6 @@ psa_status_t psa_driver_wrapper_cipher_finish( size_t *output_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - /* Check for operation already allocated */ - if( operation->ctx == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); - switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -844,16 +832,20 @@ psa_status_t psa_driver_wrapper_cipher_abort( { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - /* Check for operation already allocated */ - if( operation->ctx == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); + + /* The object has (apparently) been initialized but it is not in use. It's + * ok to call abort on such an object, and there's nothing to do. */ + if( operation->ctx == NULL && operation->id == 0 ) + return( PSA_SUCCESS ); switch( operation->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: status = test_transparent_cipher_abort( operation->ctx ); - + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_transparent_cipher_operation_t ) ); mbedtls_free( operation->ctx ); operation->ctx = NULL; operation->id = 0; @@ -863,8 +855,12 @@ psa_status_t psa_driver_wrapper_cipher_abort( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: status = test_opaque_cipher_abort( operation->ctx ); + mbedtls_platform_zeroize( + operation->ctx, + sizeof( test_opaque_cipher_operation_t ) ); mbedtls_free( operation->ctx ); operation->ctx = NULL; + operation->id = 0; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ From 7df0292f5a62572a92dbdb954c0de8a6265ad4af Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 15:28:49 +0200 Subject: [PATCH 201/488] Check & set operation flags for both driver and software in the core Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 65 ++++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 29 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6575ec472..eb760d438 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4102,10 +4102,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, alg ); if( status == PSA_SUCCESS ) - { operation->accelerator_set = 1; - operation->key_set = 1; - } if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) @@ -4172,7 +4169,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, goto exit; #endif //MBEDTLS_CIPHER_MODE_WITH_PADDING - operation->key_set = 1; operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) ); if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && @@ -4186,10 +4182,17 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->iv_size = 12; #endif + status = PSA_SUCCESS; + exit: - if( status == 0 ) + if( ret != 0 ) status = mbedtls_to_psa_error( ret ); - if( status != 0 ) + if( status == PSA_SUCCESS ) + { + /* Update operation flags for both driver and software implementations */ + operation->key_set = 1; + } + else psa_cipher_abort( operation ); return( status ); } @@ -4215,6 +4218,10 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if( operation->iv_set || ! operation->iv_required ) + { + return( PSA_ERROR_BAD_STATE ); + } if( operation->accelerator_set == 1 ) { @@ -4225,10 +4232,6 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, goto exit; } - if( operation->iv_set || ! operation->iv_required ) - { - return( PSA_ERROR_BAD_STATE ); - } if( iv_size < operation->iv_size ) { status = PSA_ERROR_BUFFER_TOO_SMALL; @@ -4246,7 +4249,9 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, status = psa_cipher_set_iv( operation, iv, *iv_length ); exit: - if( status != PSA_SUCCESS ) + if( status == PSA_SUCCESS ) + operation->iv_set = 1; + else psa_cipher_abort( operation ); return( status ); } @@ -4257,6 +4262,10 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if( operation->iv_set || ! operation->iv_required ) + { + return( PSA_ERROR_BAD_STATE ); + } if( operation->accelerator_set == 1 ) { @@ -4266,10 +4275,6 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, goto exit; } - if( operation->iv_set || ! operation->iv_required ) - { - return( PSA_ERROR_BAD_STATE ); - } if( iv_length != operation->iv_size ) { status = PSA_ERROR_INVALID_ARGUMENT; @@ -4382,6 +4387,14 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; + if( operation->alg == 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + if( operation->iv_required && ! operation->iv_set ) + { + return( PSA_ERROR_BAD_STATE ); + } if( operation->accelerator_set == 1 ) { @@ -4394,15 +4407,6 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, goto exit; } - if( operation->alg == 0 ) - { - return( PSA_ERROR_BAD_STATE ); - } - if( operation->iv_required && ! operation->iv_set ) - { - return( PSA_ERROR_BAD_STATE ); - } - if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) { /* Take the unprocessed partial block left over from previous @@ -4456,6 +4460,14 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, psa_status_t status = PSA_ERROR_GENERIC_ERROR; int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; + if( operation->alg == 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + if( operation->iv_required && ! operation->iv_set ) + { + return( PSA_ERROR_BAD_STATE ); + } if( operation->accelerator_set == 1 ) { @@ -4470,11 +4482,6 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( status ); } - if( operation->iv_required && ! operation->iv_set ) - { - return( PSA_ERROR_BAD_STATE ); - } - if( operation->ctx.cipher.unprocessed_len != 0 ) { if( operation->alg == PSA_ALG_ECB_NO_PADDING || From 16afd3d9b48da2b03fc89af44d2913d6e0b956e7 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 15:36:39 +0200 Subject: [PATCH 202/488] Unify cipher setup function inside test driver Signed-off-by: Steven Cooreman --- tests/src/drivers/cipher.c | 83 ++++++++++++-------------------------- 1 file changed, 25 insertions(+), 58 deletions(-) diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index c8eb1d350..e04fd898c 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -98,7 +98,8 @@ psa_status_t test_transparent_cipher_decrypt( return( test_driver_cipher_hooks.forced_status ); } -psa_status_t test_transparent_cipher_encrypt_setup( +static psa_status_t test_transparent_cipher_setup( + mbedtls_operation_t direction, test_transparent_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -125,7 +126,6 @@ psa_status_t test_transparent_cipher_encrypt_setup( operation->alg = alg; operation->iv_size = 16; - operation->block_size = 16; cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, key_length * 8, @@ -134,7 +134,6 @@ psa_status_t test_transparent_cipher_encrypt_setup( return( PSA_ERROR_NOT_SUPPORTED ); mbedtls_cipher_init( &operation->cipher ); - ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); @@ -143,7 +142,7 @@ psa_status_t test_transparent_cipher_encrypt_setup( ret = mbedtls_cipher_setkey( &operation->cipher, key, - key_length * 8, MBEDTLS_ENCRYPT ); + key_length * 8, direction ); if( ret != 0 ) { mbedtls_cipher_free( &operation->cipher ); return( mbedtls_to_psa_error( ret ) ); @@ -160,61 +159,32 @@ psa_status_t test_transparent_cipher_encrypt_setup( return( test_driver_cipher_hooks.forced_status ); } +psa_status_t test_transparent_cipher_encrypt_setup( + test_transparent_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg) +{ + return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT, + operation, + attributes, + key, + key_length, + alg ) ); +} + psa_status_t test_transparent_cipher_decrypt_setup( test_transparent_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - const mbedtls_cipher_info_t *cipher_info = NULL; - int ret = 0; - - test_driver_cipher_hooks.hits++; - - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); - - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ - memset( operation, 0, sizeof( *operation ) ); - - /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return PSA_ERROR_NOT_SUPPORTED; - - operation->alg = alg; - operation->iv_size = 16; - operation->block_size = 16; - - mbedtls_cipher_init( &operation->cipher ); - - cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, - key_length * 8, - MBEDTLS_MODE_CTR ); - if( cipher_info == NULL ) - return PSA_ERROR_NOT_SUPPORTED; - - ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); - - ret = mbedtls_cipher_setkey( &operation->cipher, - key, - key_length * 8, MBEDTLS_DECRYPT ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); - - operation->iv_set = 0; - operation->iv_required = 1; - operation->key_set = 1; - - /* Allow overriding return value for testing purposes */ - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - mbedtls_cipher_free( &operation->cipher ); - - return( test_driver_cipher_hooks.forced_status ); + return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT, + operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_abort( @@ -306,7 +276,6 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - size_t expected_output_size; psa_status_t status; test_driver_cipher_hooks.hits++; @@ -314,10 +283,8 @@ psa_status_t test_transparent_cipher_update( if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); - expected_output_size = ( operation->cipher.unprocessed_len + input_length ) - / operation->block_size * operation->block_size; - - if( output_size < expected_output_size ) + /* CTR is a stream cipher, so data in and out are always the same size */ + if( output_size < input_length ) return( PSA_ERROR_BUFFER_TOO_SMALL ); status = mbedtls_to_psa_error( From b5e52f2e31dcb0a232d9868569ab73eea14c2b4e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 16:19:34 +0200 Subject: [PATCH 203/488] Remove superfluous call in PSA cipher setup As pointed out by Ronald. The key slot is populated using get_key_from_slot, and after calling the driver the slot is validated to not contain an external key, so calling get_transparent_key is superfluous. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index eb760d438..d8c6c1e6d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4112,11 +4112,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, * available for the given algorithm & key. */ mbedtls_cipher_init( &operation->ctx.cipher ); - status = psa_get_transparent_key( handle, &slot, usage, alg); - if( status != PSA_SUCCESS ) - goto exit; key_bits = psa_get_key_slot_bits( slot ); - cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL ); if( cipher_info == NULL ) { From e55f3e8de4cdb9e2d5580114d303ede28b0af9b3 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 9 Sep 2020 18:41:07 +0200 Subject: [PATCH 204/488] Make sure to not call mbedtls_cipher_free on an uninitialised context As pointed out by Gilles Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d8c6c1e6d..647ca6286 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4101,12 +4101,18 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, slot, alg ); - if( status == PSA_SUCCESS ) - operation->accelerator_set = 1; - if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) + { + /* Indicate this operation is bound to an accelerator. When the driver + * setup succeeded, this indicates to the core to not call any mbedtls_ + * functions for this operation (contexts are not interoperable). + * In case the drivers couldn't setup and there's no way to fallback, + * indicate to the core to not call mbedtls_cipher_free on an + * uninitialised mbed TLS cipher context. */ + operation->accelerator_set = 1; goto exit; + } /* Proceed with initializing mbed TLS cipher context if no accelerator is * available for the given algorithm & key. */ From fe0ab55c615a3471444ac58d137dc0fa8d6a02dd Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 10 Sep 2020 13:07:02 +0200 Subject: [PATCH 205/488] Implement one-shot cipher in test driver Signed-off-by: Steven Cooreman --- tests/src/drivers/cipher.c | 182 +++++++++++++++++++++++++++++-------- 1 file changed, 144 insertions(+), 38 deletions(-) diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index e04fd898c..2915fba68 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -42,6 +42,134 @@ * fallback even for AES-CTR. */ test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT; +static psa_status_t test_transparent_cipher_oneshot( + mbedtls_operation_t direction, + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length) +{ + test_driver_cipher_hooks.hits++; + + /* Test driver supports AES-CTR only, to verify operation calls. */ + if( alg != PSA_ALG_CTR || + psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) + return( PSA_ERROR_NOT_SUPPORTED ); + + /* If test driver response code is not SUCCESS, we can return early */ + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + /* If test driver output is overridden, we don't need to do actual crypto */ + if( test_driver_cipher_hooks.forced_output != NULL ) + { + if( output_size < test_driver_cipher_hooks.forced_output_length ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( output, + test_driver_cipher_hooks.forced_output, + test_driver_cipher_hooks.forced_output_length ); + *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); + } + + /* Run AES-CTR using the cipher module */ + { + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + const mbedtls_cipher_info_t *cipher_info = + mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, + key_length * 8, + MBEDTLS_MODE_CTR ); + mbedtls_cipher_context_t cipher; + int ret = 0; + uint8_t temp_output_buffer[16] = {0}; + size_t temp_output_length = 0; + + if( direction == MBEDTLS_ENCRYPT ) + { + /* Oneshot encrypt needs to prepend the IV to the output */ + if( output_size < ( input_length + 16 ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + else + { + /* Oneshot decrypt has the IV prepended to the input */ + if( output_size < ( input_length - 16 ) ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + } + + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_cipher_init( &cipher ); + ret = mbedtls_cipher_setup( &cipher, cipher_info ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_setkey( &cipher, + key, + key_length * 8, direction ); + if( ret != 0 ) + goto exit; + + if( direction == MBEDTLS_ENCRYPT ) + { + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + ret = mbedtls_test_rnd_pseudo_rand( &rnd_info, + temp_output_buffer, + 16 ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_set_iv( &cipher, temp_output_buffer, 16 ); + } + else + ret = mbedtls_cipher_set_iv( &cipher, input, 16 ); + + if( ret != 0 ) + goto exit; + + if( direction == MBEDTLS_ENCRYPT ) + { + ret = mbedtls_cipher_update( &cipher, + input, input_length, + &output[16], output_length ); + if( ret == 0 ) + { + memcpy( output, temp_output_buffer, 16 ); + *output_length += 16; + } + } + else + ret = mbedtls_cipher_update( &cipher, + &input[16], input_length - 16, + output, output_length ); + + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_finish( &cipher, + temp_output_buffer, + &temp_output_length ); + +exit: + if( ret != 0 ) + { + *output_length = 0; + memset(output, 0, output_size); + } + + mbedtls_cipher_free( &cipher ); + return( mbedtls_to_psa_error( ret ) ); + } +} + psa_status_t test_transparent_cipher_encrypt( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, @@ -49,25 +177,14 @@ psa_status_t test_transparent_cipher_encrypt( const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - test_driver_cipher_hooks.hits++; - - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - if( output_size < test_driver_cipher_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( output, - test_driver_cipher_hooks.forced_output, - test_driver_cipher_hooks.forced_output_length ); - *output_length = test_driver_cipher_hooks.forced_output_length; - - return( test_driver_cipher_hooks.forced_status ); + return ( + test_transparent_cipher_oneshot( + MBEDTLS_ENCRYPT, + attributes, + key, key_length, + alg, + input, input_length, + output, output_size, output_length) ); } psa_status_t test_transparent_cipher_decrypt( @@ -77,25 +194,14 @@ psa_status_t test_transparent_cipher_decrypt( const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) input; - (void) input_length; - test_driver_cipher_hooks.hits++; - - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - if( output_size < test_driver_cipher_hooks.forced_output_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - memcpy( output, - test_driver_cipher_hooks.forced_output, - test_driver_cipher_hooks.forced_output_length ); - *output_length = test_driver_cipher_hooks.forced_output_length; - - return( test_driver_cipher_hooks.forced_status ); + return ( + test_transparent_cipher_oneshot( + MBEDTLS_DECRYPT, + attributes, + key, key_length, + alg, + input, input_length, + output, output_size, output_length) ); } static psa_status_t test_transparent_cipher_setup( From eca33c60f8cf46b4696ba8cd4569a4f77512194b Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 10 Sep 2020 14:32:26 +0200 Subject: [PATCH 206/488] Add testing of fallback to cipher operations Signed-off-by: Steven Cooreman --- .../test_suite_psa_crypto_driver_wrappers.data | 18 +++++++++++++++--- ...t_suite_psa_crypto_driver_wrappers.function | 18 ++++++++++++------ 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index b864daff5..9374f28be 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -42,15 +42,27 @@ generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR PSA symmetric encrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 16 bytes, fallback +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, fallback +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, fallback +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 470c43864..b1a1ae389 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -188,6 +188,7 @@ exit: void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, data_t *input, data_t *expected_output, + int force_status_arg, int expected_status_arg ) { psa_key_handle_t handle = 0; @@ -195,6 +196,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; + psa_status_t force_status = force_status_arg; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -202,6 +204,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + test_driver_cipher_hooks.forced_status = force_status; PSA_ASSERT( psa_crypto_init( ) ); @@ -217,7 +220,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, test_driver_cipher_hooks.hits = 0; PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); - TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; output_buffer_size = ( (size_t) input->len + @@ -228,7 +231,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, input->x, input->len, output, output_buffer_size, &function_output_length ) ); - TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; @@ -237,7 +240,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, output_buffer_size - total_output_length, &function_output_length ); /* Finish will have called abort as well, so expecting two hits here */ - TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) ); test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; @@ -438,6 +441,7 @@ exit: void cipher_decrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, data_t *input, data_t *expected_output, + int force_status_arg, int expected_status_arg ) { psa_key_handle_t handle = 0; @@ -445,6 +449,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; + psa_status_t force_status = force_status_arg; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -452,6 +457,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + test_driver_cipher_hooks.forced_status = force_status; PSA_ASSERT( psa_crypto_init( ) ); @@ -467,7 +473,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, test_driver_cipher_hooks.hits = 0; PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); - TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; output_buffer_size = ( (size_t) input->len + @@ -478,7 +484,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, input->x, input->len, output, output_buffer_size, &function_output_length ) ); - TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; @@ -487,7 +493,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, output_buffer_size - total_output_length, &function_output_length ); /* Finish will have called abort as well, so expecting two hits here */ - TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) ); test_driver_cipher_hooks.hits = 0; total_output_length += function_output_length; From a07b9970c6093418b7f1cecac31f919e55df517b Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 10 Sep 2020 14:54:14 +0200 Subject: [PATCH 207/488] Update semantics around driver context use in psa_cipher_setup Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 2 +- library/psa_crypto.c | 93 ++++++++++++++++++------------------- 2 files changed, 47 insertions(+), 48 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index b26588fc5..861850c84 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -168,7 +168,7 @@ struct psa_cipher_operation_s unsigned int key_set : 1; unsigned int iv_required : 1; unsigned int iv_set : 1; - unsigned int accelerator_set : 1; /* Indicates a driver is used instead of software fallback. */ + unsigned int driver_in_use : 1; /* Indicates a driver is used instead of software fallback. */ uint8_t iv_size; uint8_t block_size; union diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 647ca6286..6b259030b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4037,34 +4037,6 @@ rsa_exit: /* Symmetric cryptography */ /****************************************************************/ -/* Initialize the cipher operation structure. Once this function has been - * called, psa_cipher_abort can run and will do the right thing. */ -static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, - psa_algorithm_t alg ) -{ - if( ! PSA_ALG_IS_CIPHER( alg ) ) - { - memset( operation, 0, sizeof( *operation ) ); - return( PSA_ERROR_INVALID_ARGUMENT ); - } - - operation->alg = alg; - operation->key_set = 0; - operation->iv_set = 0; - if( alg == PSA_ALG_ECB_NO_PADDING ) - { - operation->iv_required = 0; - } - else - { - operation->iv_required = 1; - } - operation->accelerator_set = 0; - operation->iv_size = 0; - operation->block_size = 0; - return( PSA_SUCCESS ); -} - static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg, @@ -4079,19 +4051,36 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, PSA_KEY_USAGE_ENCRYPT : PSA_KEY_USAGE_DECRYPT ); - status = psa_get_key_from_slot( handle, &slot, usage, alg ); - if( status != PSA_SUCCESS ) - goto exit; - /* A context must be freshly initialized before it can be set up. */ if( operation->alg != 0 ) return( PSA_ERROR_BAD_STATE ); - status = psa_cipher_init( operation, alg ); - if( status != PSA_SUCCESS ) - return( status ); + /* The requested algorithm must be one that can be processed by cipher. */ + if( ! PSA_ALG_IS_CIPHER( alg ) ) + { + memset( operation, 0, sizeof( *operation ) ); + return( PSA_ERROR_INVALID_ARGUMENT ); + } - /* Try doing this through a driver before using software fallback */ + /* Reset the operation members to their initial state, except for alg. The + * alg member is used as an indicator that psa_cipher_abort needs to free + * allocated resources, which doesn't happen until later. */ + operation->key_set = 0; + operation->iv_set = 0; + operation->driver_in_use = 0; + operation->iv_size = 0; + operation->block_size = 0; + if( alg == PSA_ALG_ECB_NO_PADDING ) + operation->iv_required = 0; + else + operation->iv_required = 1; + + /* Fetch key material from key storage. */ + status = psa_get_key_from_slot( handle, &slot, usage, alg ); + if( status != PSA_SUCCESS ) + goto exit; + + /* Try doing the operation through a driver before using software fallback. */ if( cipher_operation == MBEDTLS_ENCRYPT ) status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, slot, @@ -4104,20 +4093,30 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) { - /* Indicate this operation is bound to an accelerator. When the driver - * setup succeeded, this indicates to the core to not call any mbedtls_ + /* Indicate this operation is bound to a driver. When the driver setup + * succeeded, this indicates to the core to not call any mbedtls_ * functions for this operation (contexts are not interoperable). * In case the drivers couldn't setup and there's no way to fallback, * indicate to the core to not call mbedtls_cipher_free on an * uninitialised mbed TLS cipher context. */ - operation->accelerator_set = 1; + operation->driver_in_use = 1; + + /* If the wrapper call succeeded, it allocated resources that need to be + * freed using psa_cipher_abort. Indicate this through setting alg. */ + if( status == PSA_SUCCESS ) + operation->alg = alg; + goto exit; } - /* Proceed with initializing mbed TLS cipher context if no accelerator is + /* Proceed with initializing an mbed TLS cipher context if no driver is * available for the given algorithm & key. */ mbedtls_cipher_init( &operation->ctx.cipher ); + /* Once the cipher context is initialised, it needs to be freed using + * psa_cipher_abort. Indicate this through setting alg. */ + operation->alg = alg; + key_bits = psa_get_key_slot_bits( slot ); cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL ); if( cipher_info == NULL ) @@ -4225,7 +4224,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->accelerator_set == 1 ) + if( operation->driver_in_use == 1 ) { status = psa_driver_wrapper_cipher_generate_iv( &operation->ctx.driver, iv, @@ -4269,7 +4268,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->accelerator_set == 1 ) + if( operation->driver_in_use == 1 ) { status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, iv, @@ -4398,7 +4397,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->accelerator_set == 1 ) + if( operation->driver_in_use == 1 ) { status = psa_driver_wrapper_cipher_update( &operation->ctx.driver, input, @@ -4471,7 +4470,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->accelerator_set == 1 ) + if( operation->driver_in_use == 1 ) { status = psa_driver_wrapper_cipher_finish( &operation->ctx.driver, output, @@ -4533,7 +4532,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) { if( operation->alg == 0 ) { - /* The object has (apparently) been initialized but it is not + /* The object has (apparently) been initialized but it is not (yet) * in use. It's ok to call abort on such an object, and there's * nothing to do. */ return( PSA_SUCCESS ); @@ -4544,7 +4543,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) return( PSA_ERROR_BAD_STATE ); - if( operation->accelerator_set == 1 ) + if( operation->driver_in_use == 1 ) psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); else mbedtls_cipher_free( &operation->ctx.cipher ); @@ -4552,7 +4551,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) operation->alg = 0; operation->key_set = 0; operation->iv_set = 0; - operation->accelerator_set = 0; + operation->driver_in_use = 0; operation->iv_size = 0; operation->block_size = 0; operation->iv_required = 0; From 89e54f2edcb7f9c32784eb39a3daa46d50c60867 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 10 Sep 2020 18:07:57 +0200 Subject: [PATCH 208/488] Add mock and negative testing to cipher driver Signed-off-by: Steven Cooreman --- tests/src/drivers/cipher.c | 15 +- ...test_suite_psa_crypto_driver_wrappers.data | 39 +++- ..._suite_psa_crypto_driver_wrappers.function | 175 ++++++++++++++++++ 3 files changed, 222 insertions(+), 7 deletions(-) diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 2915fba68..f9106d171 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -296,6 +296,8 @@ psa_status_t test_transparent_cipher_decrypt_setup( psa_status_t test_transparent_cipher_abort( test_transparent_cipher_operation_t *operation) { + test_driver_cipher_hooks.hits++; + if( operation->alg == 0 ) return( PSA_SUCCESS ); if( operation->alg != PSA_ALG_CTR ) @@ -309,7 +311,6 @@ psa_status_t test_transparent_cipher_abort( * struct. */ memset( operation, 0, sizeof( *operation ) ); - test_driver_cipher_hooks.hits++; return( PSA_SUCCESS ); } @@ -325,6 +326,9 @@ psa_status_t test_transparent_cipher_generate_iv( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -356,6 +360,9 @@ psa_status_t test_transparent_cipher_set_iv( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -386,6 +393,9 @@ psa_status_t test_transparent_cipher_update( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); @@ -425,6 +435,9 @@ psa_status_t test_transparent_cipher_finish( test_driver_cipher_hooks.hits++; + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + if( operation->alg != PSA_ALG_CTR ) return( PSA_ERROR_BAD_STATE ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 9374f28be..7b5d6bd84 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -42,27 +42,51 @@ generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR PSA symmetric encrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 16 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 15 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 16 bytes, fallback w/ fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, fallback w/ fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 16 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS + +PSA symmetric encrypt: AES-CTR, 15 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR +cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS:PSA_SUCCESS +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, fallback w/ fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA symmetric decrypt: AES-CTR, 16 bytes, fake +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR +cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR @@ -135,3 +159,6 @@ cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf715880 PSA symmetric decryption multipart: AES-CTR, 16+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" + +Cipher driver: negative testing on all entry points +cipher_entry_points:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a" diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index b1a1ae389..af0c7eefe 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -188,6 +188,7 @@ exit: void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, data_t *input, data_t *expected_output, + int mock_output_arg, int force_status_arg, int expected_status_arg ) { @@ -227,6 +228,12 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = expected_output->x; + test_driver_cipher_hooks.forced_output_length = expected_output->len; + } + PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, @@ -234,6 +241,12 @@ void cipher_encrypt( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = NULL; + test_driver_cipher_hooks.forced_output_length = 0; + } + total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + total_output_length, @@ -441,6 +454,7 @@ exit: void cipher_decrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, data_t *input, data_t *expected_output, + int mock_output_arg, int force_status_arg, int expected_status_arg ) { @@ -480,6 +494,12 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = expected_output->x; + test_driver_cipher_hooks.forced_output_length = expected_output->len; + } + PSA_ASSERT( psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, @@ -487,6 +507,12 @@ void cipher_decrypt( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) ); test_driver_cipher_hooks.hits = 0; + if( mock_output_arg ) + { + test_driver_cipher_hooks.forced_output = NULL; + test_driver_cipher_hooks.forced_output_length = 0; + } + total_output_length += function_output_length; status = psa_cipher_finish( &operation, output + total_output_length, @@ -515,3 +541,152 @@ exit: test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } /* END_CASE */ + +/* BEGIN_CASE */ +void cipher_entry_points( int alg_arg, int key_type_arg, + data_t *key, data_t *iv, + data_t *input ) +{ + psa_key_handle_t handle = 0; + psa_status_t status; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + unsigned char *output = NULL; + size_t output_buffer_size = 0; + size_t function_output_length = 0; + psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + + /* Test setup call, encrypt */ + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + /* When setup fails, it shouldn't call any further entry points */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + /* Test setup call failure, decrypt */ + status = psa_cipher_decrypt_setup( &operation, + handle, alg ); + /* When setup fails, it shouldn't call any further entry points */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + /* Test IV setting failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + /* When setting the IV fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + + /* Test IV generation failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + ASSERT_ALLOC( output, 16 ); + status = psa_cipher_generate_iv( &operation, output, 16, &output_buffer_size ); + /* When setting the IV fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + mbedtls_free( output ); + output = NULL; + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + + /* Test update failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + ASSERT_ALLOC( output, input->len + 16 ); + output_buffer_size = input->len + 16; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + /* When the update call fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + mbedtls_free( output ); + output = NULL; + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + + /* Test finish failure */ + test_driver_cipher_hooks.forced_status = PSA_SUCCESS; + status = psa_cipher_encrypt_setup( &operation, + handle, alg ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + ASSERT_ALLOC( output, input->len + 16 ); + output_buffer_size = input->len + 16; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + test_driver_cipher_hooks.hits = 0; + + test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; + status = psa_cipher_finish( &operation, + output + function_output_length, + output_buffer_size - function_output_length, + &function_output_length ); + /* When the finish call fails, it should call abort too */ + TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); + TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); + mbedtls_free( output ); + output = NULL; + psa_cipher_abort( &operation ); + test_driver_cipher_hooks.hits = 0; + +exit: + psa_cipher_abort( &operation ); + mbedtls_free( output ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_driver_cipher_hooks = test_driver_cipher_hooks_init(); +} +/* END_CASE */ From ef8575e1bff2c33a97169216170901025451014f Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 11 Sep 2020 11:44:50 +0200 Subject: [PATCH 209/488] Apply review feedback * Reworked the cipher context once again to be more robustly defined * Removed redundant memset * Unified behaviour on failure between driver and software in cipher_finish * Cipher test driver setup function now also returns early when its status is overridden, like the other test driver functions * Removed redundant test cases * Added bad-order checking to verify the driver doesn't get called where the spec says it won't. Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 2 +- library/psa_crypto.c | 105 ++++++++---------- tests/src/drivers/cipher.c | 8 +- ...test_suite_psa_crypto_driver_wrappers.data | 12 -- ..._suite_psa_crypto_driver_wrappers.function | 60 +++++++--- 5 files changed, 93 insertions(+), 94 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 861850c84..a85a9bf4d 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -168,7 +168,7 @@ struct psa_cipher_operation_s unsigned int key_set : 1; unsigned int iv_required : 1; unsigned int iv_set : 1; - unsigned int driver_in_use : 1; /* Indicates a driver is used instead of software fallback. */ + unsigned int mbedtls_in_use : 1; /* Indicates mbed TLS is handling the operation. */ uint8_t iv_size; uint8_t block_size; union diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6b259030b..8383eaeb2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4057,17 +4057,19 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, /* The requested algorithm must be one that can be processed by cipher. */ if( ! PSA_ALG_IS_CIPHER( alg ) ) - { - memset( operation, 0, sizeof( *operation ) ); return( PSA_ERROR_INVALID_ARGUMENT ); - } - /* Reset the operation members to their initial state, except for alg. The - * alg member is used as an indicator that psa_cipher_abort needs to free - * allocated resources, which doesn't happen until later. */ + /* Fetch key material from key storage. */ + status = psa_get_key_from_slot( handle, &slot, usage, alg ); + if( status != PSA_SUCCESS ) + goto exit; + + /* Initialize the operation struct members, except for alg. The alg member + * is used to indicate to psa_cipher_abort that there are resources to free, + * so we only set it after resources have been allocated/initialized. */ operation->key_set = 0; operation->iv_set = 0; - operation->driver_in_use = 0; + operation->mbedtls_in_use = 0; operation->iv_size = 0; operation->block_size = 0; if( alg == PSA_ALG_ECB_NO_PADDING ) @@ -4075,11 +4077,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, else operation->iv_required = 1; - /* Fetch key material from key storage. */ - status = psa_get_key_from_slot( handle, &slot, usage, alg ); - if( status != PSA_SUCCESS ) - goto exit; - /* Try doing the operation through a driver before using software fallback. */ if( cipher_operation == MBEDTLS_ENCRYPT ) status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, @@ -4090,32 +4087,25 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, slot, alg ); + if( status == PSA_SUCCESS ) + /* Once the driver context is initialised, it needs to be freed using + * psa_cipher_abort. Indicate this through setting alg. */ + operation->alg = alg; + if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) - { - /* Indicate this operation is bound to a driver. When the driver setup - * succeeded, this indicates to the core to not call any mbedtls_ - * functions for this operation (contexts are not interoperable). - * In case the drivers couldn't setup and there's no way to fallback, - * indicate to the core to not call mbedtls_cipher_free on an - * uninitialised mbed TLS cipher context. */ - operation->driver_in_use = 1; - - /* If the wrapper call succeeded, it allocated resources that need to be - * freed using psa_cipher_abort. Indicate this through setting alg. */ - if( status == PSA_SUCCESS ) - operation->alg = alg; - goto exit; - } /* Proceed with initializing an mbed TLS cipher context if no driver is * available for the given algorithm & key. */ mbedtls_cipher_init( &operation->ctx.cipher ); /* Once the cipher context is initialised, it needs to be freed using - * psa_cipher_abort. Indicate this through setting alg. */ + * psa_cipher_abort. Indicate there is something to be freed through setting + * alg, and indicate the operation is being done using mbedtls crypto through + * setting mbedtls_in_use. */ operation->alg = alg; + operation->mbedtls_in_use = 1; key_bits = psa_get_key_slot_bits( slot ); cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL ); @@ -4224,7 +4214,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->driver_in_use == 1 ) + if( operation->mbedtls_in_use == 0 ) { status = psa_driver_wrapper_cipher_generate_iv( &operation->ctx.driver, iv, @@ -4268,7 +4258,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->driver_in_use == 1 ) + if( operation->mbedtls_in_use == 0 ) { status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, iv, @@ -4397,7 +4387,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->driver_in_use == 1 ) + if( operation->mbedtls_in_use == 0 ) { status = psa_driver_wrapper_cipher_update( &operation->ctx.driver, input, @@ -4459,7 +4449,6 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; - int cipher_ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; if( operation->alg == 0 ) { @@ -4470,17 +4459,13 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->driver_in_use == 1 ) + if( operation->mbedtls_in_use == 0 ) { status = psa_driver_wrapper_cipher_finish( &operation->ctx.driver, output, output_size, output_length ); - if( status != PSA_SUCCESS ) - goto error; - - (void) psa_cipher_abort( operation ); - return( status ); + goto exit; } if( operation->ctx.cipher.unprocessed_len != 0 ) @@ -4490,18 +4475,16 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) { status = PSA_ERROR_INVALID_ARGUMENT; - goto error; + goto exit; } } - cipher_ret = mbedtls_cipher_finish( &operation->ctx.cipher, - temp_output_buffer, - output_length ); - if( cipher_ret != 0 ) - { - status = mbedtls_to_psa_error( cipher_ret ); - goto error; - } + status = mbedtls_to_psa_error( + mbedtls_cipher_finish( &operation->ctx.cipher, + temp_output_buffer, + output_length ) ); + if( status != PSA_SUCCESS ) + goto exit; if( *output_length == 0 ) ; /* Nothing to copy. Note that output may be NULL in this case. */ @@ -4510,22 +4493,24 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, else { status = PSA_ERROR_BUFFER_TOO_SMALL; - goto error; + goto exit; } - mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); - status = psa_cipher_abort( operation ); +exit: + if( operation->mbedtls_in_use == 1 ) + mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); - return( status ); + if( status == PSA_SUCCESS ) + return( psa_cipher_abort( operation ) ); + else + { + *output_length = 0; -error: + mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); + (void) psa_cipher_abort( operation ); - *output_length = 0; - - mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); - (void) psa_cipher_abort( operation ); - - return( status ); + return( status ); + } } psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) @@ -4543,7 +4528,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) return( PSA_ERROR_BAD_STATE ); - if( operation->driver_in_use == 1 ) + if( operation->mbedtls_in_use == 0 ) psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); else mbedtls_cipher_free( &operation->ctx.cipher ); @@ -4551,7 +4536,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) operation->alg = 0; operation->key_set = 0; operation->iv_set = 0; - operation->driver_in_use = 0; + operation->mbedtls_in_use = 0; operation->iv_size = 0; operation->block_size = 0; operation->iv_required = 0; diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index f9106d171..fa7c6a9e7 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -225,6 +225,10 @@ static psa_status_t test_transparent_cipher_setup( * struct. */ memset( operation, 0, sizeof( *operation ) ); + /* Allow overriding return value for testing purposes */ + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + /* Test driver supports AES-CTR only, to verify operation calls. */ if( alg != PSA_ALG_CTR || psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) @@ -258,10 +262,6 @@ static psa_status_t test_transparent_cipher_setup( operation->iv_required = 1; operation->key_set = 1; - /* Allow overriding return value for testing purposes */ - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - mbedtls_cipher_free( &operation->cipher ); - return( test_driver_cipher_hooks.forced_status ); } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 7b5d6bd84..7abc25692 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -56,14 +56,6 @@ PSA symmetric encrypt: AES-CTR, 15 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS -PSA symmetric encrypt: AES-CTR, 16 bytes, fallback w/ fake -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS - -PSA symmetric encrypt: AES-CTR, 15 bytes, fallback w/ fake -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR -cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS - PSA symmetric encrypt: AES-CTR, 16 bytes, fake depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS @@ -80,10 +72,6 @@ PSA symmetric decrypt: AES-CTR, 16 bytes, fallback depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS -PSA symmetric decrypt: AES-CTR, 16 bytes, fallback w/ fake -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR -cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":1:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS - PSA symmetric decrypt: AES-CTR, 16 bytes, fake depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index af0c7eefe..951670d56 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -558,6 +558,9 @@ void cipher_entry_points( int alg_arg, int key_type_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; test_driver_cipher_hooks = test_driver_cipher_hooks_init(); + ASSERT_ALLOC( output, input->len + 16 ); + output_buffer_size = input->len + 16; + PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); @@ -574,6 +577,9 @@ void cipher_entry_points( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); /* Test setup call failure, decrypt */ status = psa_cipher_decrypt_setup( &operation, @@ -582,6 +588,9 @@ void cipher_entry_points( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; + status = psa_cipher_set_iv( &operation, iv->x, iv->len ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); /* Test IV setting failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; @@ -596,8 +605,15 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* When setting the IV fails, it should call abort too */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); - psa_cipher_abort( &operation ); + /* Failure should prevent further operations from executing on the driver */ test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); /* Test IV generation failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; @@ -608,15 +624,19 @@ void cipher_entry_points( int alg_arg, int key_type_arg, test_driver_cipher_hooks.hits = 0; test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; - ASSERT_ALLOC( output, 16 ); - status = psa_cipher_generate_iv( &operation, output, 16, &output_buffer_size ); - /* When setting the IV fails, it should call abort too */ + status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length ); + /* When generating the IV fails, it should call abort too */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); - mbedtls_free( output ); - output = NULL; - psa_cipher_abort( &operation ); + /* Failure should prevent further operations from executing on the driver */ test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); /* Test update failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; @@ -632,8 +652,6 @@ void cipher_entry_points( int alg_arg, int key_type_arg, test_driver_cipher_hooks.hits = 0; test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; - ASSERT_ALLOC( output, input->len + 16 ); - output_buffer_size = input->len + 16; status = psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, @@ -641,10 +659,15 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* When the update call fails, it should call abort too */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); - mbedtls_free( output ); - output = NULL; - psa_cipher_abort( &operation ); + /* Failure should prevent further operations from executing on the driver */ test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); /* Test finish failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; @@ -659,8 +682,6 @@ void cipher_entry_points( int alg_arg, int key_type_arg, TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; - ASSERT_ALLOC( output, input->len + 16 ); - output_buffer_size = input->len + 16; status = psa_cipher_update( &operation, input->x, input->len, output, output_buffer_size, @@ -677,10 +698,15 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* When the finish call fails, it should call abort too */ TEST_EQUAL( test_driver_cipher_hooks.hits, 2 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); - mbedtls_free( output ); - output = NULL; - psa_cipher_abort( &operation ); + /* Failure should prevent further operations from executing on the driver */ test_driver_cipher_hooks.hits = 0; + status = psa_cipher_update( &operation, + input->x, input->len, + output, output_buffer_size, + &function_output_length ); + TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); + TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); + psa_cipher_abort( &operation ); exit: psa_cipher_abort( &operation ); From 6d81f7e1196faf6c0797110a272970c250fd55c6 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 14 Sep 2020 13:14:31 +0200 Subject: [PATCH 210/488] Final feedback from @ronald-cron-arm Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8383eaeb2..931e2e915 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4088,9 +4088,11 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, alg ); if( status == PSA_SUCCESS ) + { /* Once the driver context is initialised, it needs to be freed using * psa_cipher_abort. Indicate this through setting alg. */ operation->alg = alg; + } if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) @@ -4491,10 +4493,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, else if( output_size >= *output_length ) memcpy( output, temp_output_buffer, *output_length ); else - { status = PSA_ERROR_BUFFER_TOO_SMALL; - goto exit; - } exit: if( operation->mbedtls_in_use == 1 ) @@ -4505,8 +4504,6 @@ exit: else { *output_length = 0; - - mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); (void) psa_cipher_abort( operation ); return( status ); From 5eba579c6cd116e6f13aa7b004fb0b7c17fb6d84 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Sep 2020 08:48:15 +0200 Subject: [PATCH 211/488] Remove unnecessary inline definition Define inline for some compiling environment only in crypto_platform.h. Signed-off-by: Ronald Cron --- include/psa/crypto_types.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 864e93788..ea621c1d3 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -37,11 +37,6 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /** \defgroup error Error codes * @{ */ From 9a2511e78fe72180bb954f91bd27aa0fd9c99dc2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Sep 2020 10:02:56 +0200 Subject: [PATCH 212/488] Fix key owner identifier documentation Signed-off-by: Ronald Cron --- include/mbedtls/config.h | 7 ++----- include/psa/crypto_platform.h | 11 +++++++++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 496ebe968..e76c9be0e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1262,11 +1262,8 @@ * * Enable key identifiers that encode a key owner identifier. * - * This is only meaningful when building the library as part of a - * multi-client service. When you activate this option, you must provide an - * implementation of the type mbedtls_key_owner_id_t and a translation from - * mbedtls_svc_key_id_t to file name in all the storage backends that you - * you wish to support. + * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t + * which is currently hard-coded to be int32_t. * * Note that this option is meant for internal use only and may be removed * without notice. diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 4e2f162ea..c64f61d58 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -54,8 +54,15 @@ typedef uint16_t psa_key_handle_t; #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) -/* Building for the PSA Crypto service on a PSA platform. */ -/* A key owner is a PSA partition identifier. */ +/* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA + * partition identifier. + * + * The function psa_its_identifier_of_slot() in psa_crypto_storage.c that + * translates a key identifier to a key storage file name assumes that + * mbedtls_key_owner_id_t is an 32 bits integer. This function thus needs + * reworking if mbedtls_key_owner_id_t is not defined as a 32 bits integer + * here anymore. + */ typedef int32_t mbedtls_key_owner_id_t; /** Compare two key owner identifiers. From cb54610e9706636cc25ddf1fe7bc8bfe92c0913d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Sep 2020 13:58:59 +0200 Subject: [PATCH 213/488] Set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in baremetal configuration No obvious reason to not enable owner identifier encoding in baremetal as multi-client support is expected to be needed for some embedded platforms. Thus enable it. Signed-off-by: Ronald Cron --- scripts/config.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/config.py b/scripts/config.py index 47a83558b..017bba0aa 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -247,7 +247,6 @@ EXCLUDE_FROM_BAREMETAL = frozenset([ 'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME 'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C 'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem - 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # requires a multi-client service 'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem 'MBEDTLS_THREADING_C', # requires a threading interface 'MBEDTLS_THREADING_PTHREAD', # requires pthread From 7424f0d99809a5e4da5059c1eb047899027ea6f5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Sep 2020 16:17:41 +0200 Subject: [PATCH 214/488] psa: Move key identifier related macros and functions Move key identifier related macros and functions from crypto_types.h to crypto_values.h as the latter is the intended file to put them in. Signed-off-by: Ronald Cron --- include/psa/crypto_types.h | 60 --------------------------------- include/psa/crypto_values.h | 67 +++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 60 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index ea621c1d3..923b02b53 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -233,36 +233,6 @@ typedef uint32_t psa_key_id_t; #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) typedef psa_key_id_t mbedtls_svc_key_id_t; -#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 ) -#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id ) -#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 ) - -/** Utility to initialize a key identifier at runtime. - * - * \param unused Unused parameter. - * \param key_id Identifier of the key. - */ -static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( - unsigned int unused, psa_key_id_t key_id ) -{ - (void)unused; - - return( key_id ); -} - -/** Compare two key identifiers. - * - * \param id1 First key identifier. - * \param id2 Second key identifier. - * - * \return Non-zero if the two key identifier are equal, zero otherwise. - */ -static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, - mbedtls_svc_key_id_t id2 ) -{ - return( id1 == id2 ); -} - #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /* Implementation-specific: The Mbed Cryptography library can be built as * part of a multi-client service that exposes the PSA Cryptograpy API in each @@ -275,36 +245,6 @@ typedef struct mbedtls_key_owner_id_t owner; } mbedtls_svc_key_id_t; -#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } ) -#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id ) -#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner ) - -/** Utility to initialize a key identifier at runtime. - * - * \param owner_id Identifier of the key owner. - * \param key_id Identifier of the key. - */ -static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( - mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id ) -{ - return( (mbedtls_svc_key_id_t){ .key_id = key_id, - .owner = owner_id } ); -} - -/** Compare two key identifiers. - * - * \param id1 First key identifier. - * \param id2 Second key identifier. - * - * \return Non-zero if the two key identifier are equal, zero otherwise. - */ -static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, - mbedtls_svc_key_id_t id2 ) -{ - return( ( id1.key_id == id2.key_id ) && - mbedtls_key_owner_id_equal( id1.owner, id2.owner ) ); -} - #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ /**@}*/ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 02e9c0076..199bcac24 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1647,6 +1647,73 @@ */ #define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff) + +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + +#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 ) +#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id ) +#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 ) + +/** Utility to initialize a key identifier at runtime. + * + * \param unused Unused parameter. + * \param key_id Identifier of the key. + */ +static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( + unsigned int unused, psa_key_id_t key_id ) +{ + (void)unused; + + return( key_id ); +} + +/** Compare two key identifiers. + * + * \param id1 First key identifier. + * \param id2 Second key identifier. + * + * \return Non-zero if the two key identifier are equal, zero otherwise. + */ +static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, + mbedtls_svc_key_id_t id2 ) +{ + return( id1 == id2 ); +} + +#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ + +#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } ) +#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id ) +#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner ) + +/** Utility to initialize a key identifier at runtime. + * + * \param owner_id Identifier of the key owner. + * \param key_id Identifier of the key. + */ +static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( + mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id ) +{ + return( (mbedtls_svc_key_id_t){ .key_id = key_id, + .owner = owner_id } ); +} + +/** Compare two key identifiers. + * + * \param id1 First key identifier. + * \param id2 Second key identifier. + * + * \return Non-zero if the two key identifier are equal, zero otherwise. + */ +static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, + mbedtls_svc_key_id_t id2 ) +{ + return( ( id1.key_id == id2.key_id ) && + mbedtls_key_owner_id_equal( id1.owner, id2.owner ) ); +} + +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ + /**@}*/ /** \defgroup policy Key policies From 61baae7c9fbf62fd8d5b80bf0835a69ddad11040 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 16 Sep 2020 09:24:14 +0100 Subject: [PATCH 215/488] Minor fixes and improvements in TLS 1.3 key schedule documentation Signed-off-by: Hanno Becker --- include/mbedtls/ssl_internal.h | 2 +- library/ssl_tls13_keys.c | 14 +++++++------- library/ssl_tls13_keys.h | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 188b94771..7b78c7310 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -379,7 +379,7 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ); -/* cipher.h exports the maximum IV, key and block length from all +/* cipher.h exports the maximum IV, key and block length from * all ciphers enabled in the config, regardless of whether those * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled * in the default configuration and uses 64 Byte keys, but it is diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 5a6204eda..d641b1620 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -59,15 +59,15 @@ struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = * 255. This allows us to save a few Bytes of code by * hardcoding the writing of the high bytes. * - (label, llen): label + label length, without "tls13 " prefix - * The label length MUST be - * <= MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN - * It is the caller's responsiblity to ensure this. + * The label length MUST be less than or equal to + * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN + * It is the caller's responsibility to ensure this. * All (label, label length) pairs used in TLS 1.3 * can be obtained via MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(). * - (ctx, clen): context + context length - * The context length MUST be - * <= MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN - * It is the caller's responsiblity to ensure this. + * The context length MUST be less than or equal to + * MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN + * It is the caller's responsibility to ensure this. * - dst: Target buffer for HkdfLabel structure, * This MUST be a writable buffer of size * at least SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN Bytes. @@ -296,7 +296,7 @@ int mbedtls_ssl_tls1_3_evolve_secret( hlen = mbedtls_md_get_size( md ); /* For non-initial runs, call Derive-Secret( ., "derived", "") - * on the old secreet. */ + * on the old secret. */ if( secret_old != NULL ) { ret = mbedtls_ssl_tls1_3_derive_secret( diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 7a9e5c94a..73b8aaf1c 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -64,7 +64,7 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \ sizeof( union mbedtls_ssl_tls1_3_labels_union ) -/* The maximum length of HKDF contexts used in the TLS 1.3 standad. +/* The maximum length of HKDF contexts used in the TLS 1.3 standard. * Since contexts are always hashes of message transcripts, this can * be approximated from above by the maximum hash size. */ #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ @@ -94,7 +94,7 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; * This must be a readable buffer of length \p clen Bytes. * \param clen The length of \p context in Bytes. * \param buf The destination buffer to hold the expanded secret. - * This must be a writable buffe of length \p blen Bytes. + * This must be a writable buffer of length \p blen Bytes. * \param blen The desired size of the expanded secret in Bytes. * * \returns \c 0 on success. From 531fe3054ce4bf685a45cfd82e0bd695cb9f5903 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 16 Sep 2020 09:45:27 +0100 Subject: [PATCH 216/488] Comment on hardcoding of maximum HKDF key expansion of 255 Bytes Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 9 ++++++++- library/ssl_tls13_keys.h | 7 ++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index d641b1620..c39e0322b 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -103,7 +103,14 @@ static void ssl_tls1_3_hkdf_encode_label( unsigned char *p = dst; - /* Add total length. */ + /* Add the size of the expanded key material. + * We're hardcoding the high byte to 0 here assuming that we never use + * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ +#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 +#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \ + value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" +#endif + *p++ = 0; *p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF ); diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 73b8aaf1c..7089049ce 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -71,7 +71,12 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; MBEDTLS_MD_MAX_SIZE /* Maximum desired length for expanded key material generated - * by HKDF-Expand-Label. */ + * by HKDF-Expand-Label. + * + * Warning: If this ever needs to be increased, the implementation + * ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be + * adjusted since it currently assumes that HKDF key expansion + * is never used with more than 255 Bytes of output. */ #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255 /** From 2ddec4306fc99bd0785791c3905b87d6c3a64d66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 24 Aug 2020 12:49:23 +0200 Subject: [PATCH 217/488] Use bit operations for constant-flow padding check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous code used comparison operators >= and == that are quite likely to be compiled to branches by some compilers on some architectures (with some optimisation levels). For example, take the following function: void old_update( size_t data_len, size_t *padlen ) { *padlen *= ( data_len >= *padlen + 1 ); } With Clang 3.8, let's compile it for the Arm v6-M architecture: % clang --target=arm-none-eabi -march=armv6-m -Os foo.c -S -o - | sed -n '/^old_update:$/,/\.size/p' old_update: .fnstart @ BB#0: .save {r4, lr} push {r4, lr} ldr r2, [r1] adds r4, r2, #1 movs r3, #0 cmp r4, r0 bls .LBB0_2 @ BB#1: mov r2, r3 .LBB0_2: str r2, [r1] pop {r4, pc} .Lfunc_end0: .size old_update, .Lfunc_end0-old_update We can see an unbalanced secret-dependant branch, resulting in a total execution time depends on the value of the secret (here padlen) in a straightforward way. The new version, based on bit operations, doesn't have this issue: new_update: .fnstart @ BB#0: ldr r2, [r1] subs r0, r0, #1 subs r0, r0, r2 asrs r0, r0, #31 bics r2, r0 str r2, [r1] bx lr .Lfunc_end1: .size new_update, .Lfunc_end1-new_update (As a bonus, it's smaller and uses less stack.) While there's no formal guarantee that the version based on bit operations in C won't be translated using branches by the compiler, experiments tend to show that's the case [1], and it is commonly accepted knowledge in the practical crypto community that if we want to sick to C, bit operations are the safest bet [2]. [1] https://github.com/mpg/ct/blob/master/results [2] https://github.com/veorq/cryptocoding Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 107 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 98 insertions(+), 9 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 2ea35808a..b4e4aea3d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1044,6 +1044,82 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +/* + * Constant-flow mask generation for "less than" comparison: + * - if x < y, return all bits 1, that is (size_t) -1 + * - otherwise, return all bits 0, that is 0 + * + * Use only bit operations to avoid branches that could be used by some + * compilers on some platforms to translate comparison operators. + */ +static size_t mbedtls_ssl_cf_mask_lt(size_t x, size_t y) +{ + /* This has the msb set if and only if x < y */ + const size_t sub = x - y; + + /* sub1 = (x < y) in {0, 1} */ + const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); + + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + /* mask = (x < y) ? 0xff... : 0x00... */ + const size_t mask = -sub1; +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + return( mask ); +} + +/* + * Constant-flow mask generation for "greater or equal" comparison: + * - if x >= y, return all bits 1, that is (size_t) -1 + * - otherwise, return all bits 0, that is 0 + * + * Use only bit operations to avoid branches that could be used by some + * compilers on some platforms to translate comparison operators. + */ +static size_t mbedtls_ssl_cf_mask_ge(size_t x, size_t y) +{ + return( ~mbedtls_ssl_cf_mask_lt(x, y) ); +} + +/* + * Constant-flow boolean "equal" comparison: + * return x == y + * + * Use only bit operations to avoid branches that could be used by some + * compilers on some platforms to translate comparison operators. + */ +static size_t mbedtls_ssl_cf_bool_eq(size_t x, size_t y) +{ + /* diff = 0 if x == y, non-zero otherwise */ + const size_t diff = x ^ y; + + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + + /* diff_msb's most significant bit is equal to x != y */ + const size_t diff_msb = ( diff | -diff ); + +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + /* diff1 = (x != y) in {0, 1} */ + const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); + + return( 1 ^ diff1 ); +} + /* * Constant-flow conditional memcpy: * - if c1 == c2, equivalent to memcpy(dst, src, len), @@ -1071,7 +1147,7 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, /* diff_msb's most significant bit is equal to c1 != c2 */ const size_t diff_msb = ( diff | -diff ); - /* diff1 = c1 != c2 */ + /* diff1 = (c1 != c2) in {0, 1} */ const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); /* mask = c1 != c2 ? 0xff : 0x00 */ @@ -1528,8 +1604,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( auth_done == 1 ) { - correct *= ( rec->data_len >= padlen + 1 ); - padlen *= ( rec->data_len >= padlen + 1 ); + const size_t mask = mbedtls_ssl_cf_mask_ge( + rec->data_len, + padlen + 1 ); + correct &= mask; + padlen &= mask; } else { @@ -1543,8 +1622,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } #endif - correct *= ( rec->data_len >= transform->maclen + padlen + 1 ); - padlen *= ( rec->data_len >= transform->maclen + padlen + 1 ); + const size_t mask = mbedtls_ssl_cf_mask_ge( + rec->data_len, + transform->maclen + padlen + 1 ); + correct &= mask; + padlen &= mask; } padlen++; @@ -1555,6 +1637,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_PROTO_SSL3) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { + /* This is the SSL 3.0 path, we don't have to worry about Lucky + * 13, because there's a strictly worse padding attack built in + * the protocol (known as part of POODLE), so branches are OK. */ if( padlen > transform->ivlen ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) @@ -1578,7 +1663,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * `min(256,plaintext_len)` reads (but take into account * only the last `padlen` bytes for the padding check). */ size_t pad_count = 0; - size_t real_count = 0; volatile unsigned char* const check = data; /* Index of first padding byte; it has been ensured above @@ -1590,10 +1674,15 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, for( idx = start_idx; idx < rec->data_len; idx++ ) { - real_count |= ( idx >= padding_idx ); - pad_count += real_count * ( check[idx] == padlen - 1 ); + /* pad_count += (idx >= padding_idx) && + * (chech[idx] == padlen - 1); + */ + const size_t mask = mbedtls_ssl_cf_mask_ge( idx, padding_idx ); + const size_t equal = mbedtls_ssl_cf_bool_eq( check[idx], + padlen - 1 ); + pad_count += mask & equal; } - correct &= ( pad_count == padlen ); + correct &= mbedtls_ssl_cf_bool_eq( pad_count, padlen ); #if defined(MBEDTLS_SSL_DEBUG_ALL) if( padlen > 0 && correct == 0 ) From 6e2a9a7faaebdb1011152eb41042f6434d6f1f71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Aug 2020 10:01:00 +0200 Subject: [PATCH 218/488] Factor repeated code in ssl_cf functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 65 ++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 37 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index b4e4aea3d..075345d36 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1044,6 +1044,25 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) +/* + * Turn a bit into a mask: + * - if bit == 1, return the all-bits 1 mask, aka (size_t) -1 + * - if bit == 0, return the all-bits 0 mask, aka 0 + */ +static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) +{ + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + return -bit; +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif +} + /* * Constant-flow mask generation for "less than" comparison: * - if x < y, return all bits 1, that is (size_t) -1 @@ -1052,7 +1071,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Use only bit operations to avoid branches that could be used by some * compilers on some platforms to translate comparison operators. */ -static size_t mbedtls_ssl_cf_mask_lt(size_t x, size_t y) +static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) { /* This has the msb set if and only if x < y */ const size_t sub = x - y; @@ -1060,17 +1079,8 @@ static size_t mbedtls_ssl_cf_mask_lt(size_t x, size_t y) /* sub1 = (x < y) in {0, 1} */ const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif /* mask = (x < y) ? 0xff... : 0x00... */ - const size_t mask = -sub1; -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif + const size_t mask = mbedtls_ssl_cf_mask_from_bit( sub1 ); return( mask ); } @@ -1083,9 +1093,9 @@ static size_t mbedtls_ssl_cf_mask_lt(size_t x, size_t y) * Use only bit operations to avoid branches that could be used by some * compilers on some platforms to translate comparison operators. */ -static size_t mbedtls_ssl_cf_mask_ge(size_t x, size_t y) +static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) { - return( ~mbedtls_ssl_cf_mask_lt(x, y) ); + return( ~mbedtls_ssl_cf_mask_lt( x, y ) ); } /* @@ -1095,7 +1105,7 @@ static size_t mbedtls_ssl_cf_mask_ge(size_t x, size_t y) * Use only bit operations to avoid branches that could be used by some * compilers on some platforms to translate comparison operators. */ -static size_t mbedtls_ssl_cf_bool_eq(size_t x, size_t y) +static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) { /* diff = 0 if x == y, non-zero otherwise */ const size_t diff = x ^ y; @@ -1134,32 +1144,13 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, size_t len, size_t c1, size_t c2 ) { - /* diff = 0 if c1 == c2, non-zero otherwise */ - const size_t diff = c1 ^ c2; - - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - /* diff_msb's most significant bit is equal to c1 != c2 */ - const size_t diff_msb = ( diff | -diff ); - - /* diff1 = (c1 != c2) in {0, 1} */ - const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); - - /* mask = c1 != c2 ? 0xff : 0x00 */ - const unsigned char mask = (unsigned char) -diff1; - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif + /* mask = c1 == c2 ? 0xff : 0x00 */ + const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 ); + const unsigned char mask = mbedtls_ssl_cf_mask_from_bit( equal ); /* dst[i] = c1 != c2 ? dst[i] : src[i] */ for( size_t i = 0; i < len; i++ ) - dst[i] = ( dst[i] & mask ) | ( src[i] & ~mask ); + dst[i] = ( dst[i] & ~mask ) | ( src[i] & mask ); } /* From 2a59fb45b545bd8bbe86a4e8de966bb54233a0ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Aug 2020 11:51:46 +0200 Subject: [PATCH 219/488] Add explicit cast when truncating values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MSVC complains about it otherwise. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 075345d36..6091834b6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1146,7 +1146,7 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, { /* mask = c1 == c2 ? 0xff : 0x00 */ const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 ); - const unsigned char mask = mbedtls_ssl_cf_mask_from_bit( equal ); + const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit( equal ); /* dst[i] = c1 != c2 ? dst[i] : src[i] */ for( size_t i = 0; i < len; i++ ) From 822b3729e74580e19d8979e7026f8aefade93e1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 18 Sep 2020 09:54:01 +0200 Subject: [PATCH 220/488] Remove last use of non-bit operations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to https://www.bearssl.org/ctmul.html even single-precision multiplication is not constant-time on some older platforms. An added benefit of the new code is that it removes the somewhat mysterious constant 0x1ff - which was selected because at that point the maximum value of padlen was 256. The new code is perhaps a bit more readable for that reason. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6091834b6..e5def644f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1679,7 +1679,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, if( padlen > 0 && correct == 0 ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); #endif - padlen &= correct * 0x1FF; + padlen &= mbedtls_ssl_cf_mask_from_bit( correct ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ From 22270b5048ff70813e8141924aad718d8fbfe23c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 18 Sep 2020 22:54:51 +0200 Subject: [PATCH 221/488] Fix copypasta punctuation in some function prototypes Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 56e2b29e9..f28e9a8ac 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/08/19 19:47:39 GMT" +Time-stamp: "2020/09/18 20:35:28 GMT" ## Introduction @@ -520,13 +520,13 @@ The key export entry points have the following prototypes for a driver with the ``` psa_status_t acme_export_key(const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length); psa_status_t acme_export_public_key(const psa_key_attributes_t *attributes, const uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length); From 27e69b59a574f82b05b5a0f9ab3bafedd876f7a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 19 Sep 2020 00:35:01 +0200 Subject: [PATCH 222/488] Fix prototypes of opaque key creation entry points The output length parameter was missing. Reported by Steven Cooreman. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index f28e9a8ac..c7dbed3b6 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/09/18 20:35:28 GMT" +Time-stamp: "2020/09/18 22:34:47 GMT" ## Introduction @@ -503,10 +503,12 @@ psa_status_t acme_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, + size_t *key_buffer_length); psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, - size_t key_buffer_size); + size_t key_buffer_size, + size_t *key_buffer_length); ``` If the driver has an [`"allocate_key"` entry point](#key-management-in-a-secure-element-with-storage), the core calls the `"allocate_key"` entry point with the same attributes on the same key buffer before calling the key creation entry point. From a8fc171418cd5f65230f27676a57045998c527cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Sep 2020 13:54:00 +0200 Subject: [PATCH 223/488] Add validate_key entry point Validate transparent keys when they are imported. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 37 ++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index c7dbed3b6..475d3f979 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/09/18 22:34:47 GMT" +Time-stamp: "2020/09/21 11:53:38 GMT" ## Introduction @@ -339,11 +339,32 @@ The format of a key for transparent drivers is the same as in applications. Refe Transparent drivers may provide the following key management entry points: -* `"generate_key"`: called by `psa_generate_key()`, only when generating a key pair (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). -* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()`, only when deriving a key pair (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). +* [`"validate_key"`](#key-validation-with-transparent-drivers): called by `psa_import_key()`, only when importing a key pair or a public key (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). +* `"generate_key"`: called by `psa_generate_key()`, only when generating a key pair (key such that `PSA_KEY_TYPE_IS_KEY_PAIR` is true). +* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()`, only when deriving a key pair (key such that `PSA_KEY_TYPE_IS_KEY_PAIR` is true). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this function at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. -Transparent drivers are not involved when importing, exporting, copying or destroying keys, or when generating or deriving symmetric keys. +Transparent drivers are not involved when exporting, copying or destroying keys, or when importing, generating or deriving symmetric keys. + +#### Key validation with transparent drivers + +When a driver creates a key, it is responsible for ensuring that the key is valid. But when a key is imported, no processing of the key happens: the implementation just stores the key material. (It may store it in an encoded form, but this is an implementation choice which is not visible at the level of PSA specifications.) It is important to validate the incoming key material, to avoid storing a key that will later be unacceptable for operations or that could even cause functional or security issues during operations. + +To avoid delayed problems caused by imported invalid keys, an implementation that supports transparent drivers must validate transparent keys on import. For supported key types, this means: + +* For symmetric key types, check that the key size is suitable for the type. +* For DES (`PSA_KEY_TYPE_DES`), additionally verify the parity bits. +* For RSA (`PSA_KEY_TYPE_RSA_PUBLIC_KEY`, `PSA_KEY_TYPE_RSA_KEY_PAIR`), check the syntax of the key and make sanity checks on its components. TODO: what sanity checks? Value ranges (e.g. p < n), sanity checks such as parity, minimum and maximum size, what else? +* For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: what else? +* For elliptic curve public keys (``), check the size and range, and that the point is on the curve. TODO: what else? + +A driver can provide code to perform the required validation by providing a `"validate_key"` entry point. This entry points returns `PSA_SUCCESS` if the key is valid or an applicable error code if it isn't. + +``` +psa_status_t psa_validate_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length); +``` ### Fallback @@ -675,6 +696,14 @@ ECC key pairs are represented as the private key value only. The public key need The specification doesn't mention when the public key might be calculated. The core may calculate it on creation, on demand, or anything in between. Opaque drivers have a choice of storing the public key in the key context or calculating it on demand and can convey whether the core should store the public key with the `"store_public_key"` property. Is this good enough or should the specification include non-functional requirements? +#### Symmetric key validation with transparent drivers + +Should the entry point be called for symmetric keys as well? + +#### Key validation with opaque drivers + +Are there mandatory validations that an opaque driver must perform on import? + ### Opaque drivers #### Opaque driver persistent state From 95434380e14be572e374e415122a91ff56efa5c0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Sep 2020 20:08:51 +0200 Subject: [PATCH 224/488] Detailed architecture of symbol definitions and header inclusion Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 27 ++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 08306d283..753aaf7b7 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/09/07 08:27:32 GMT" +Time-stamp: "2020/09/21 18:07:09 GMT" ## Introduction @@ -109,7 +109,30 @@ These symbols are not part of the public interface of Mbed TLS towards applicati #### Definition of internal inclusion symbols -The header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. +When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. + +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library, including `psa/crypto_struct.h`. Therefore, * `psa/crypto_struct.h` needs to include `mbedtls/config_psa.h`. + +`mbedtls/config_psa.h` includes two header files: + +* `psa/crypto_config.h` is the user-editable file that defines application requirements. It is only included when `MBEDTLS_PSA_CRYPTO_CONFIG` is set. +* `mbedtls/crypto_drivers.h` is a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback. + +The following table summarized where symbols are defined depending on the configuration mode. + +* (U) indicates a symbol that is defined by the user (application). +* (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS. +* (G) indicates a symbol that is generated from driver descriptions. + +------------------------------------------------------------------------------------------------ +Symbols With `MBEDTLS_PSA_CRYPTO_CONFIG` Without `MBEDTLS_PSA_CRYPTO_CONFIG` +------------------------- -------------------------------- ----------------------------------- +`MBEDTLS_xxx_C` `mbedtls/config.h` (U) or `mbedtls/config.h` (U) + `mbedtls/config_psa.h` (D) +`PSA_WANT_xxx` `psa/crypto_config.h` (U) N/A +`MBEDTLS_PSA_BUILTIN_xxx` `mbedtls/config_psa.h` (D) `mbedtls/config_psa.h` (D) +`MBEDTLS_PSA_ACCEL_xxx` `mbedtls/crypto_drivers` (G) N/A +------------------------------------------------------------------------------------------------ #### Visibility of internal symbols From 9ad4a33a54fb9ebf46734d308ea7c4540babeab4 Mon Sep 17 00:00:00 2001 From: Jens Reimann Date: Tue, 22 Sep 2020 11:57:16 +0200 Subject: [PATCH 225/488] fix return code Signed-off-by: Jens Reimann --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index a106dbe3e..0590f2b05 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -662,7 +662,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if( ret == 0 && *p != end ) - ret = MBEDTLS_ERR_PK_INVALID_PUBKEY + ret = MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; if( ret != 0 ) From 6e33dbe9fd05087f243c2dedd24261ee2ca6baa3 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 17 Sep 2020 21:15:13 -0700 Subject: [PATCH 226/488] Created infrastructure for MBEDTLS_PSA_CRYPTO_CONFIG In order to prepare for PSA cryptographic mechanism for conditional inclusion of various modules, there needs to be some updates to the mbedtls configuration to enable that feature to work. This initial set of changes just lays the ground work and future changes will implement the functional features. Signed-off-by: John Durkop --- include/mbedtls/config.h | 18 +++++++++++++++++ include/mbedtls/config_psa.h | 39 ++++++++++++++++++++++++++++++++++++ include/psa/crypto_config.h | 37 ++++++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+) create mode 100644 include/mbedtls/config_psa.h create mode 100644 include/psa/crypto_config.h diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b77b34b6b..cb84c865d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2019,6 +2019,15 @@ */ //#define MBEDTLS_USE_PSA_CRYPTO +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG + * + * This setting should be used to allow for conditional inclusion of PSA features. + * + * Uncomment this to enable use of PSA Crypto configuration settings. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG + /** * \def MBEDTLS_VERSION_FEATURES * @@ -3811,6 +3820,15 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +/** + * \name SECTION: PSA Crypto settings + * + */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#include "mbedtls/config_psa.h" +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + + #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h new file mode 100644 index 000000000..dde12b82c --- /dev/null +++ b/include/mbedtls/config_psa.h @@ -0,0 +1,39 @@ +/** + * \file mbedtls/config_psa.h + * \brief PSA crypto configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable PSA crypto features selectively. This will aid + * in reducing the size of the library by removing unused code. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_PSA_H +#define MBEDTLS_CONFIG_PSA_H + +#include "psa/crypto_config.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_CONFIG_PSA_H */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h new file mode 100644 index 000000000..fa83f9a11 --- /dev/null +++ b/include/psa/crypto_config.h @@ -0,0 +1,37 @@ +/** + * \file psa/crypto_config.h + * \brief PSA crypto configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable PSA crypto features selectively. This will aid + * in reducing the size of the library by removing unused code. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_CONFIG_H +#define PSA_CRYPTO_CONFIG_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* PSA_CRYPTO_CONFIG_H */ From 7758c858ae4f497a5d83f2dc8af5e7a4429d7e57 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 17 Sep 2020 23:13:42 -0700 Subject: [PATCH 227/488] Update requires for MBEDTLS_PSA_CRYPTO_DRIVERS In order to test various PSA crypto settings the Requires section needed updating to require MBEDTLS_PSA_CRYPTO_C or MBEDTLS_PSA_CRYPTO_CONFIG. Signed-off-by: John Durkop --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index cb84c865d..4e2185d00 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1330,7 +1330,7 @@ * * Enable support for the experimental PSA crypto driver interface. * - * Requires: MBEDTLS_PSA_CRYPTO_C. + * Requires: MBEDTLS_PSA_CRYPTO_C or MBEDTLS_PSA_CRYPTO_CONFIG * * \warning This interface is experimental and may change or be removed * without notice. From d8959390c522ff06843fb9f0401fa42b06309486 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Sun, 20 Sep 2020 23:09:17 -0700 Subject: [PATCH 228/488] Add ECDSA support to PSA crypto configuration Initial changes to PSA crypto core to support configuration of ECDSA algorithm using PSA crypto configuration mechanism. Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have been changed to be based off PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to confirm new settings are working properly. Current code does not pass the tests since built in signature verification is not in place. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 17 +++++++++++++++++ library/psa_crypto.c | 20 ++++++++++---------- tests/scripts/all.sh | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index dde12b82c..376834a22 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -32,6 +32,23 @@ extern "C" { #endif +//#define PSA_WANT_ALG_ECDSA +//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA +//#define PSA_WANT_ALG_ECDSA_DETERMINISTIC +//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC + +#if defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA +#else /* defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)*/ +#define MBEDTLS_ECDSA_C +#endif /* defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)*/ + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA +#else /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ +#define MBEDTLS_ECDSA_DETERMINISTIC +#endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ + #ifdef __cplusplus } #endif diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 931e2e915..fa3cea382 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2256,7 +2256,7 @@ exit: /* Message digests */ /****************************************************************/ -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_DETERMINISTIC) +#if defined(MBEDTLS_RSA_C) || defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) @@ -3530,7 +3530,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(PSA_WANT_ALG_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() * (even though these functions don't modify it). */ @@ -3554,7 +3554,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, goto cleanup; } -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -3567,7 +3567,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, &global_data.ctr_drbg ) ); } else -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +#endif /* PSA_WANT_ALG_ECDSA_DETERMINISTIC */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, @@ -3629,7 +3629,7 @@ cleanup: mbedtls_mpi_free( &s ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_ECDSA_C */ +#endif /* PSA_WANT_ALG_ECDSA */ psa_status_t psa_sign_hash( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3698,9 +3698,9 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_ECDSA_C) +#if defined(PSA_WANT_ALG_ECDSA) if( -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) PSA_ALG_IS_ECDSA( alg ) #else PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) @@ -3723,7 +3723,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( ecp ); } else -#endif /* defined(MBEDTLS_ECDSA_C) */ +#endif /* defined(PSA_WANT_ALG_ECDSA) */ { status = PSA_ERROR_INVALID_ARGUMENT; } @@ -3799,7 +3799,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_ECDSA_C) +#if defined(PSA_WANT_ALG_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { mbedtls_ecp_keypair *ecp = NULL; @@ -3817,7 +3817,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(MBEDTLS_ECDSA_C) */ +#endif /* defined(PSA_WANT_ALG_ECDSA) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 578d03e3e..f07933403 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1290,6 +1290,40 @@ component_test_no_use_psa_crypto_full_cmake_asan() { if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } +component_test_psa_crypto_config_basic() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG, MBEDTLS_PSA_CRYPTO_DRIVERS, + # and PSA_CRYPTO_DRIVER_TEST minus MBEDTLS_USE_PSA_CRYPTO + msg "build: full config plus MBEDTLS_PSA_CRYPTO_CONFIG MBEDTLS_PSA_CRYPTO_DRIVERS" + msg "build: minus MBEDTLS_USE_PSA_CRYPTO" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: psa crypto config basic" + make test +} + +component_test_psa_crypto_config_want_ecdsa() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG, MBEDTLS_PSA_CRYPTO_DRIVERS, + # and PSA_CRYPTO_DRIVER_TEST minus MBEDTLS_USE_PSA_CRYPTO + msg "build: full config plus MBEDTLS_PSA_CRYPTO_CONFIG, MBEDTLS_PSA_CRYPTO_DRIVERS," + msg "build: PSA_CRYPTO_DRIVER_TEST, MBEDTLS_PSA_ACCEL_ALG_ECDSA," + msg "build: PSA_WANT_ALG_ECDSA minus MBEDTLS_USE_PSA_CRYPTO" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_ECDSA_C + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DPSA_WANT_ALG_ECDSA -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: psa crypto config want ECDSA" + make test +} + component_test_check_params_functionality () { msg "build+test: MBEDTLS_CHECK_PARAMS functionality" scripts/config.py full # includes CHECK_PARAMS From 2dfaf9ca23f6c36a3d6824e5572f04a2c75c4288 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 24 Sep 2020 04:30:10 -0700 Subject: [PATCH 229/488] Update how MBEDTLS_PSA_CRYPTO_CONFIG is handled Originally, MBEDTLS_PSA_CRYPTO_CONFIG was being used to allow inclusion of mbedlts/config_psa.h, but that needed to be updated so that mbedtls/config_psa.h is always included and the definitions specific to PSA configuration are now guarded by MBEDTLS_PSA_CRYPTO_CONFIG. This will allow for the standard setup to continue working while new PSA configuration items to also work. Signed-off-by: John Durkop --- include/mbedtls/config.h | 3 --- include/mbedtls/config_psa.h | 23 +++++++++++++---------- include/psa/crypto_config.h | 7 +++++++ 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 4e2185d00..902d0cbe8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3824,10 +3824,7 @@ * \name SECTION: PSA Crypto settings * */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #include "mbedtls/config_psa.h" -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - #include "mbedtls/check_config.h" diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 376834a22..528e21503 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -32,22 +32,25 @@ extern "C" { #endif -//#define PSA_WANT_ALG_ECDSA -//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA -//#define PSA_WANT_ALG_ECDSA_DETERMINISTIC -//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#if defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#if defined(PSA_WANT_ALG_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA -#else /* defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)*/ +#else /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */ #define MBEDTLS_ECDSA_C -#endif /* defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)*/ +#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */ +#endif /* defined(PSA_WANT_ALG_ECDSA) */ -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA -#else /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ +#else /* && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ #define MBEDTLS_ECDSA_DETERMINISTIC -#endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ +#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ +#endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) */ + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #ifdef __cplusplus } diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index fa83f9a11..8e2f40ed8 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -30,6 +30,13 @@ extern "C" { #endif +#define PSA_WANT_ALG_ECDSA + +#define PSA_WANT_ALG_ECDSA_DETERMINISTIC + +//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA +//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC + #ifdef __cplusplus } #endif From 18035635727e165a978e8fd5506fb4e48c7821ac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 24 Sep 2020 16:36:04 +0200 Subject: [PATCH 230/488] Fix "make -C tests/data_files -f ..." The toplevel directory is actually just ../..: the makefile commands are executed in the subdirectory. $(PWD) earlier was wrong because it comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is wrong because it indicates where the makefile is (make -f), not which directory to work in (make -C). Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 9d4cca208..78de76db5 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -14,7 +14,7 @@ OPENSSL ?= openssl FAKETIME ?= faketime -TOP_DIR = $(dir $(firstword $(MAKEFILE_LIST)))/../.. +TOP_DIR = ../.. MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req From e18d09de37a962f47e00a1a30dd6084fec39e9f1 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 22 Sep 2020 10:37:26 -0700 Subject: [PATCH 231/488] fix(programs/psa): commit python3 generated file Python should not be required for the build when the no_test target is used. This commit adds the generated file to the source tree and the check-generated-files script, and removes the generation from (c)make. Fixes #3524 Signed-off-by: Cameron Nemo --- ChangeLog.d/bugfix_3524.txt | 3 + programs/.gitignore | 1 - programs/Makefile | 14 - programs/psa/CMakeLists.txt | 7 - programs/psa/psa_constant_names_generated.c | 400 ++++++++++++++++++++ scripts/generate_psa_constants.py | 2 +- tests/scripts/check-generated-files.sh | 1 + 7 files changed, 405 insertions(+), 23 deletions(-) create mode 100644 ChangeLog.d/bugfix_3524.txt create mode 100644 programs/psa/psa_constant_names_generated.c diff --git a/ChangeLog.d/bugfix_3524.txt b/ChangeLog.d/bugfix_3524.txt new file mode 100644 index 000000000..e03834006 --- /dev/null +++ b/ChangeLog.d/bugfix_3524.txt @@ -0,0 +1,3 @@ +Bugfix + * Include the psa_constant_names generated source code in the source tree + instead of generating it at build time. Fixes #3524. diff --git a/programs/.gitignore b/programs/.gitignore index 53c1ed722..88fb9d52b 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -32,7 +32,6 @@ pkey/rsa_verify_pss psa/crypto_examples psa/key_ladder_demo psa/psa_constant_names -psa/psa_constant_names_generated.c random/gen_entropy random/gen_random_ctr_drbg random/gen_random_havege diff --git a/programs/Makefile b/programs/Makefile index dfe055569..9cbc47167 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -118,8 +118,6 @@ ifdef TEST_CPP APPS += test/cpp_dummy_build$(EXEXT) endif -EXTRA_GENERATED = - .SILENT: .PHONY: all clean list fuzz @@ -141,16 +139,6 @@ $(MBEDLIBS): ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test -ifdef WINDOWS -EXTRA_GENERATED += psa\psa_constant_names_generated.c -else -EXTRA_GENERATED += psa/psa_constant_names_generated.c -endif - -psa/psa_constant_names$(EXEXT): psa/psa_constant_names_generated.c -psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto_values.h ../include/psa/crypto_extra.h - ../scripts/generate_psa_constants.py - aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP) echo " CC aes/aescrypt2.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -371,12 +359,10 @@ clean: ifndef WINDOWS rm -f $(APPS) -rm -f ssl/ssl_pthread_server$(EXEXT) - rm -f $(EXTRA_GENERATED) -rm -f test/cpp_dummy_build$(EXEXT) else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - del /S /Q /F $(EXTRA_GENERATED) endif $(MAKE) -C fuzz clean diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index e519696b1..5cbcf7191 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -12,13 +12,6 @@ endforeach() target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) -add_custom_target( - psa_constant_names_generated - COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../ -) -add_dependencies(psa_constant_names psa_constant_names_generated) - install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c new file mode 100644 index 000000000..a9568f3e9 --- /dev/null +++ b/programs/psa/psa_constant_names_generated.c @@ -0,0 +1,400 @@ +/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ + +static const char *psa_strerror(psa_status_t status) +{ + switch (status) { + case PSA_ERROR_ALREADY_EXISTS: return "PSA_ERROR_ALREADY_EXISTS"; + case PSA_ERROR_BAD_STATE: return "PSA_ERROR_BAD_STATE"; + case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL"; + case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE"; + case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED"; + case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST"; + case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR"; + case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE"; + case PSA_ERROR_INSUFFICIENT_DATA: return "PSA_ERROR_INSUFFICIENT_DATA"; + case PSA_ERROR_INSUFFICIENT_ENTROPY: return "PSA_ERROR_INSUFFICIENT_ENTROPY"; + case PSA_ERROR_INSUFFICIENT_MEMORY: return "PSA_ERROR_INSUFFICIENT_MEMORY"; + case PSA_ERROR_INSUFFICIENT_STORAGE: return "PSA_ERROR_INSUFFICIENT_STORAGE"; + case PSA_ERROR_INVALID_ARGUMENT: return "PSA_ERROR_INVALID_ARGUMENT"; + case PSA_ERROR_INVALID_HANDLE: return "PSA_ERROR_INVALID_HANDLE"; + case PSA_ERROR_INVALID_PADDING: return "PSA_ERROR_INVALID_PADDING"; + case PSA_ERROR_INVALID_SIGNATURE: return "PSA_ERROR_INVALID_SIGNATURE"; + case PSA_ERROR_NOT_PERMITTED: return "PSA_ERROR_NOT_PERMITTED"; + case PSA_ERROR_NOT_SUPPORTED: return "PSA_ERROR_NOT_SUPPORTED"; + case PSA_ERROR_STORAGE_FAILURE: return "PSA_ERROR_STORAGE_FAILURE"; + case PSA_SUCCESS: return "PSA_SUCCESS"; + default: return NULL; + } +} + +static const char *psa_ecc_family_name(psa_ecc_family_t curve) +{ + switch (curve) { + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: return "PSA_ECC_FAMILY_BRAINPOOL_P_R1"; + case PSA_ECC_FAMILY_MONTGOMERY: return "PSA_ECC_FAMILY_MONTGOMERY"; + case PSA_ECC_FAMILY_SECP_K1: return "PSA_ECC_FAMILY_SECP_K1"; + case PSA_ECC_FAMILY_SECP_R1: return "PSA_ECC_FAMILY_SECP_R1"; + case PSA_ECC_FAMILY_SECP_R2: return "PSA_ECC_FAMILY_SECP_R2"; + case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1"; + case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1"; + case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2"; + default: return NULL; + } +} + +static const char *psa_dh_family_name(psa_dh_family_t group) +{ + switch (group) { + case PSA_DH_FAMILY_CUSTOM: return "PSA_DH_FAMILY_CUSTOM"; + case PSA_DH_FAMILY_RFC7919: return "PSA_DH_FAMILY_RFC7919"; + default: return NULL; + } +} + +static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg) +{ + switch (hash_alg) { + case PSA_ALG_ANY_HASH: return "PSA_ALG_ANY_HASH"; + case PSA_ALG_CATEGORY_HASH: return "PSA_ALG_CATEGORY_HASH"; + case PSA_ALG_MD2: return "PSA_ALG_MD2"; + case PSA_ALG_MD4: return "PSA_ALG_MD4"; + case PSA_ALG_MD5: return "PSA_ALG_MD5"; + case PSA_ALG_RIPEMD160: return "PSA_ALG_RIPEMD160"; + case PSA_ALG_SHA3_224: return "PSA_ALG_SHA3_224"; + case PSA_ALG_SHA3_256: return "PSA_ALG_SHA3_256"; + case PSA_ALG_SHA3_384: return "PSA_ALG_SHA3_384"; + case PSA_ALG_SHA3_512: return "PSA_ALG_SHA3_512"; + case PSA_ALG_SHA_1: return "PSA_ALG_SHA_1"; + case PSA_ALG_SHA_224: return "PSA_ALG_SHA_224"; + case PSA_ALG_SHA_256: return "PSA_ALG_SHA_256"; + case PSA_ALG_SHA_384: return "PSA_ALG_SHA_384"; + case PSA_ALG_SHA_512: return "PSA_ALG_SHA_512"; + case PSA_ALG_SHA_512_224: return "PSA_ALG_SHA_512_224"; + case PSA_ALG_SHA_512_256: return "PSA_ALG_SHA_512_256"; + default: return NULL; + } +} + +static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg) +{ + switch (ka_alg) { + case PSA_ALG_CATEGORY_KEY_AGREEMENT: return "PSA_ALG_CATEGORY_KEY_AGREEMENT"; + case PSA_ALG_ECDH: return "PSA_ALG_ECDH"; + case PSA_ALG_FFDH: return "PSA_ALG_FFDH"; + default: return NULL; + } +} + +static int psa_snprint_key_type(char *buffer, size_t buffer_size, + psa_key_type_t type) +{ + size_t required_size = 0; + switch (type) { + case PSA_KEY_TYPE_AES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_AES", 16); break; + case PSA_KEY_TYPE_ARC4: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ARC4", 17); break; + case PSA_KEY_TYPE_CAMELLIA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CAMELLIA", 21); break; + case PSA_KEY_TYPE_CATEGORY_FLAG_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_FLAG_PAIR", 31); break; + case PSA_KEY_TYPE_CATEGORY_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_KEY_PAIR", 30); break; + case PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY", 32); break; + case PSA_KEY_TYPE_CATEGORY_RAW: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_RAW", 25); break; + case PSA_KEY_TYPE_CATEGORY_SYMMETRIC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_SYMMETRIC", 31); break; + case PSA_KEY_TYPE_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CHACHA20", 21); break; + case PSA_KEY_TYPE_DERIVE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DERIVE", 19); break; + case PSA_KEY_TYPE_DES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DES", 16); break; + case PSA_KEY_TYPE_DH_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_KEY_PAIR_BASE", 29); break; + case PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE", 31); break; + case PSA_KEY_TYPE_DSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_KEY_PAIR", 25); break; + case PSA_KEY_TYPE_DSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_PUBLIC_KEY", 27); break; + case PSA_KEY_TYPE_ECC_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_KEY_PAIR_BASE", 30); break; + case PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE", 32); break; + case PSA_KEY_TYPE_HMAC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_HMAC", 17); break; + case PSA_KEY_TYPE_NONE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_NONE", 17); break; + case PSA_KEY_TYPE_RAW_DATA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RAW_DATA", 21); break; + case PSA_KEY_TYPE_RSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_KEY_PAIR", 25); break; + case PSA_KEY_TYPE_RSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_PUBLIC_KEY", 27); break; + default: + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + append_with_curve(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_ECC_KEY_PAIR", 25, + PSA_KEY_TYPE_ECC_GET_FAMILY(type)); + } else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { + append_with_curve(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_ECC_PUBLIC_KEY", 27, + PSA_KEY_TYPE_ECC_GET_FAMILY(type)); + } else if (PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { + append_with_group(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_DH_KEY_PAIR", 24, + PSA_KEY_TYPE_DH_GET_FAMILY(type)); + } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)) { + append_with_group(&buffer, buffer_size, &required_size, + "PSA_KEY_TYPE_DH_PUBLIC_KEY", 26, + PSA_KEY_TYPE_DH_GET_FAMILY(type)); + } else { + return snprintf(buffer, buffer_size, + "0x%04x", (unsigned) type); + } + break; + } + buffer[0] = 0; + return (int) required_size; +} + +#define NO_LENGTH_MODIFIER 0xfffffffflu +static int psa_snprint_algorithm(char *buffer, size_t buffer_size, + psa_algorithm_t alg) +{ + size_t required_size = 0; + psa_algorithm_t core_alg = alg; + unsigned long length_modifier = NO_LENGTH_MODIFIER; + if (PSA_ALG_IS_MAC(alg)) { + core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); + if (core_alg != alg) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_TRUNCATED_MAC(", 22); + length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); + } + } else if (PSA_ALG_IS_AEAD(alg)) { + core_alg = PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg); + if (core_alg == 0) { + /* For unknown AEAD algorithms, there is no "default tag length". */ + core_alg = alg; + } else if (core_alg != alg) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_AEAD_WITH_TAG_LENGTH(", 29); + length_modifier = PSA_AEAD_TAG_LENGTH(alg); + } + } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) && + !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { + core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); + append(&buffer, buffer_size, &required_size, + "PSA_ALG_KEY_AGREEMENT(", 22); + append_with_alg(&buffer, buffer_size, &required_size, + psa_ka_algorithm_name, + PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)); + append(&buffer, buffer_size, &required_size, ", ", 2); + } + switch (core_alg) { + case PSA_ALG_ANY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ANY_HASH", 16); break; + case PSA_ALG_ARC4: append(&buffer, buffer_size, &required_size, "PSA_ALG_ARC4", 12); break; + case PSA_ALG_CATEGORY_AEAD: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_AEAD", 21); break; + case PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION", 38); break; + case PSA_ALG_CATEGORY_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_CIPHER", 23); break; + case PSA_ALG_CATEGORY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_HASH", 21); break; + case PSA_ALG_CATEGORY_KEY_AGREEMENT: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_AGREEMENT", 30); break; + case PSA_ALG_CATEGORY_KEY_DERIVATION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_DERIVATION", 31); break; + case PSA_ALG_CATEGORY_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_MAC", 20); break; + case PSA_ALG_CATEGORY_SIGN: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_SIGN", 21); break; + case PSA_ALG_CBC_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_MAC", 15); break; + case PSA_ALG_CBC_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_NO_PADDING", 22); break; + case PSA_ALG_CBC_PKCS7: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_PKCS7", 17); break; + case PSA_ALG_CCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM", 11); break; + case PSA_ALG_CFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_CFB", 11); break; + case PSA_ALG_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20", 16); break; + case PSA_ALG_CHACHA20_POLY1305: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20_POLY1305", 25); break; + case PSA_ALG_CIPHER_MAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CIPHER_MAC_BASE", 23); break; + case PSA_ALG_CMAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CMAC", 12); break; + case PSA_ALG_CTR: append(&buffer, buffer_size, &required_size, "PSA_ALG_CTR", 11); break; + case PSA_ALG_DETERMINISTIC_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_DSA_BASE", 30); break; + case PSA_ALG_DETERMINISTIC_ECDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_ECDSA_BASE", 32); break; + case PSA_ALG_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DSA_BASE", 16); break; + case PSA_ALG_ECB_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECB_NO_PADDING", 22); break; + case PSA_ALG_ECDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDH", 12); break; + case PSA_ALG_ECDSA_ANY: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDSA_ANY", 17); break; + case PSA_ALG_FFDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_FFDH", 12); break; + case PSA_ALG_GCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_GCM", 11); break; + case PSA_ALG_HKDF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_BASE", 17); break; + case PSA_ALG_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HMAC_BASE", 17); break; + case PSA_ALG_MD2: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD2", 11); break; + case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; + case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; + case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; + case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break; + case PSA_ALG_RSA_OAEP_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP_BASE", 21); break; + case PSA_ALG_RSA_PKCS1V15_CRYPT: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_CRYPT", 26); break; + case PSA_ALG_RSA_PKCS1V15_SIGN_RAW: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_SIGN_RAW", 29); break; + case PSA_ALG_RSA_PSS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PSS_BASE", 20); break; + case PSA_ALG_SHA3_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_224", 16); break; + case PSA_ALG_SHA3_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_256", 16); break; + case PSA_ALG_SHA3_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_384", 16); break; + case PSA_ALG_SHA3_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_512", 16); break; + case PSA_ALG_SHA_1: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_1", 13); break; + case PSA_ALG_SHA_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_224", 15); break; + case PSA_ALG_SHA_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_256", 15); break; + case PSA_ALG_SHA_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_384", 15); break; + case PSA_ALG_SHA_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512", 15); break; + case PSA_ALG_SHA_512_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_224", 19); break; + case PSA_ALG_SHA_512_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_256", 19); break; + case PSA_ALG_TLS12_PRF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PRF_BASE", 22); break; + case PSA_ALG_TLS12_PSK_TO_MS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PSK_TO_MS_BASE", 28); break; + case PSA_ALG_XTS: append(&buffer, buffer_size, &required_size, "PSA_ALG_XTS", 11); break; + default: + if (PSA_ALG_IS_DETERMINISTIC_DSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_DETERMINISTIC_DSA(", 25 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_DETERMINISTIC_ECDSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_DETERMINISTIC_ECDSA(", 27 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RANDOMIZED_DSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_DSA(", 11 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RANDOMIZED_ECDSA(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_ECDSA(", 13 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_HKDF(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_HKDF(", 12 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_HMAC(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_HMAC(", 12 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RSA_OAEP(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_RSA_OAEP(", 16 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_RSA_PKCS1V15_SIGN(", 25 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_RSA_PSS(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_RSA_PSS(", 15 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_TLS12_PRF(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_TLS12_PRF(", 17 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_TLS12_PSK_TO_MS(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_TLS12_PSK_TO_MS(", 23 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); + } else { + append_integer(&buffer, buffer_size, &required_size, + "0x%08lx", (unsigned long) core_alg); + } + break; + } + if (core_alg != alg) { + if (length_modifier != NO_LENGTH_MODIFIER) { + append(&buffer, buffer_size, &required_size, ", ", 2); + append_integer(&buffer, buffer_size, &required_size, + "%lu", length_modifier); + } + append(&buffer, buffer_size, &required_size, ")", 1); + } + buffer[0] = 0; + return (int) required_size; +} + +static int psa_snprint_key_usage(char *buffer, size_t buffer_size, + psa_key_usage_t usage) +{ + size_t required_size = 0; + if (usage == 0) { + if (buffer_size > 1) { + buffer[0] = '0'; + buffer[1] = 0; + } else if (buffer_size == 1) { + buffer[0] = 0; + } + return 1; + } + if (usage & PSA_KEY_USAGE_COPY) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_COPY", 18); + usage ^= PSA_KEY_USAGE_COPY; + } + if (usage & PSA_KEY_USAGE_DECRYPT) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DECRYPT", 21); + usage ^= PSA_KEY_USAGE_DECRYPT; + } + if (usage & PSA_KEY_USAGE_DERIVE) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DERIVE", 20); + usage ^= PSA_KEY_USAGE_DERIVE; + } + if (usage & PSA_KEY_USAGE_ENCRYPT) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_ENCRYPT", 21); + usage ^= PSA_KEY_USAGE_ENCRYPT; + } + if (usage & PSA_KEY_USAGE_EXPORT) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_EXPORT", 20); + usage ^= PSA_KEY_USAGE_EXPORT; + } + if (usage & PSA_KEY_USAGE_SIGN_HASH) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23); + usage ^= PSA_KEY_USAGE_SIGN_HASH; + } + if (usage & PSA_KEY_USAGE_VERIFY_HASH) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25); + usage ^= PSA_KEY_USAGE_VERIFY_HASH; + } + if (usage != 0) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append_integer(&buffer, buffer_size, &required_size, + "0x%08lx", (unsigned long) usage); + } else { + buffer[0] = 0; + } + return (int) required_size; +} + +/* End of automatically generated file. */ diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 95dc4db21..401c2fc12 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -411,7 +411,7 @@ def generate_psa_constants(header_file_names, output_file_name): temp_file_name = output_file_name + '.tmp' with open(temp_file_name, 'w') as output_file: collector.write_file(output_file) - os.rename(temp_file_name, output_file_name) + os.replace(temp_file_name, output_file_name) if __name__ == '__main__': if not os.path.isdir('programs') and os.path.isdir('../programs'): diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 3ab62f8b1..845d1c60c 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -105,3 +105,4 @@ check scripts/generate_errors.pl library/error.c check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check scripts/generate_visualc_files.pl visualc/VS2010 +check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c From 2542c21ba8984ce69c86c413a5c365e3a9d0dae1 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 24 Sep 2020 21:06:35 -0700 Subject: [PATCH 232/488] Add MBEDTLS_PSA_CRYPTO_CONFIG to test program Since the recent changes required the addition of a new definition in mbedtls/config.h, we also need to update query_config.c to account for the new MBEDTLS_PSA_CRYPTO_CONFIG setting. Signed-off-by: John Durkop --- programs/test/query_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 887373434..c35502fa4 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1592,6 +1592,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + if( strcmp( "MBEDTLS_PSA_CRYPTO_CONFIG", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CONFIG ); + return( 0 ); + } +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + #if defined(MBEDTLS_VERSION_FEATURES) if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 ) { From 39e09672a3c33ea0339e9fcfb83e735a774fdcaf Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 24 Sep 2020 21:09:25 -0700 Subject: [PATCH 233/488] Update version_features for new PSA crypto config The version features library needed updating to support the new MBEDTLS_PSA_CRYPTO_CONFIG definition. Signed-off-by: John Durkop --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index 478d8fa25..62b05537c 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -576,6 +576,9 @@ static const char * const features[] = { #if defined(MBEDTLS_USE_PSA_CRYPTO) "MBEDTLS_USE_PSA_CRYPTO", #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) + "MBEDTLS_PSA_CRYPTO_CONFIG", +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #if defined(MBEDTLS_VERSION_FEATURES) "MBEDTLS_VERSION_FEATURES", #endif /* MBEDTLS_VERSION_FEATURES */ From 736eb1de47c112547275ef1ea093461d755645e2 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 24 Sep 2020 21:11:10 -0700 Subject: [PATCH 234/488] Update to VS project file for PSA crypto config The new header files to support PSA crypto config needed to be added to the VS project file. Signed-off-by: John Durkop --- visualc/VS2010/mbedTLS.vcxproj | 2 ++ 1 file changed, 2 insertions(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index b243b73ae..0eaa80824 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -162,6 +162,7 @@ + @@ -223,6 +224,7 @@ + From bf4f40883e487c62ffabcf77ab5fe316ab6c3a41 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 25 Sep 2020 10:45:06 +0200 Subject: [PATCH 235/488] Rework mbedtls_test_param_failed_get_state_buf() Rework mbedtls_test_param_failed_get_state_buf() and its documentation. Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 18 ++++++++++++++---- tests/src/helpers.c | 2 +- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 79a63fbd3..6b423cd54 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -147,7 +147,7 @@ void mbedtls_test_param_failed_expect_call( void ); int mbedtls_test_param_failed_check_expected_call( void ); /** - * \brief Get a pointer to the object of type jmp_buf holding the execution + * \brief Get the address of the object of type jmp_buf holding the execution * state information used by mbedtls_param_failed() to do a long jump. * * \note If a call to mbedtls_param_failed() is not expected in the sense @@ -156,9 +156,19 @@ int mbedtls_test_param_failed_check_expected_call( void ); * execution to the state stored in the jmp_buf object whose address * is returned by the present function. * - * \note The returned pointer is of type void* as its type is opaque, - * implementation dependent (jmp_buf is an array type not the type of - * one element of an array). + * \note This function is intended to provide the parameter of the + * setjmp() function to set-up where mbedtls_param_failed() should + * long-jump if it has to. It is foreseen to be used as: + * + * setjmp( mbedtls_test_param_failed_get_state_buf() ). + * + * \note The type of the returned value is not jmp_buf as jmp_buf is an + * an array type (C specification) and a function cannot return an + * array type. + * + * \note The type of the returned value is not jmp_buf* as then the return + * value couldn't be used by setjmp(), as its parameter's type is + * jmp_buf. * * \return Address of the object of type jmp_buf holding the execution state * information used by mbedtls_param_failed() to do a long jump. diff --git a/tests/src/helpers.c b/tests/src/helpers.c index a963da974..fff065a44 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -211,7 +211,7 @@ int mbedtls_test_param_failed_check_expected_call( void ) void* mbedtls_test_param_failed_get_state_buf( void ) { - return ¶m_failed_ctx.state[0]; + return ¶m_failed_ctx.state; } void mbedtls_test_param_failed_reset_state( void ) From ca8b8e7c31f856e329e03f4857bbeb9cb066d03e Mon Sep 17 00:00:00 2001 From: Peter Kolbus Date: Thu, 24 Sep 2020 11:11:50 -0500 Subject: [PATCH 236/488] Restore retry in rsa_prepare_blinding() Starting with commit 49e94e3, the do/while loop in `rsa_prepare_blinding()` was changed to a `do...while(0)`, which prevents retry from being effective and leaves dead code. Restore the while condition to retry, and lift the calls to finish the computation out of the while loop by by observing that they are performed only when `mbedtls_mpi_inv_mod()` returns zero. Signed-off-by: Peter Kolbus --- ChangeLog.d/fix-rsa-blinding.txt | 6 ++++++ library/rsa.c | 13 ++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 ChangeLog.d/fix-rsa-blinding.txt diff --git a/ChangeLog.d/fix-rsa-blinding.txt b/ChangeLog.d/fix-rsa-blinding.txt new file mode 100644 index 000000000..a13572c9a --- /dev/null +++ b/ChangeLog.d/fix-rsa-blinding.txt @@ -0,0 +1,6 @@ +Bugfix + * Fix rsa_prepare_blinding() to retry when the blinding value is not + invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This + addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)). + Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin). + Fixes #3647. diff --git a/library/rsa.c b/library/rsa.c index 84d87de0d..d6abd65d4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -811,15 +811,14 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, * which one, we just loop and choose new values for both of them. * (Each iteration succeeds with overwhelming probability.) */ ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N ); - if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) - continue; - if( ret != 0 ) + if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; - /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); - } while( 0 ); + } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + + /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); /* Blinding value: Vi = Vf^(-e) mod N * (Vi already contains Vf^-1 at this point) */ From 6d6f8a4b97b945e443a02d87645487bb876f45f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 25 Sep 2020 09:56:53 +0200 Subject: [PATCH 237/488] Clarify descriptions of constant-flow helpers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_msg.c | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e5def644f..981d94e16 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1048,6 +1048,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Turn a bit into a mask: * - if bit == 1, return the all-bits 1 mask, aka (size_t) -1 * - if bit == 0, return the all-bits 0 mask, aka 0 + * + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. */ static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) { @@ -1068,15 +1074,18 @@ static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) * - if x < y, return all bits 1, that is (size_t) -1 * - otherwise, return all bits 0, that is 0 * - * Use only bit operations to avoid branches that could be used by some - * compilers on some platforms to translate comparison operators. + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. */ static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) { - /* This has the msb set if and only if x < y */ + /* This has the most significant bit set if and only if x < y */ const size_t sub = x - y; - /* sub1 = (x < y) in {0, 1} */ + /* sub1 = (x < y) ? 1 : 0 */ const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); /* mask = (x < y) ? 0xff... : 0x00... */ @@ -1090,8 +1099,11 @@ static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) * - if x >= y, return all bits 1, that is (size_t) -1 * - otherwise, return all bits 0, that is 0 * - * Use only bit operations to avoid branches that could be used by some - * compilers on some platforms to translate comparison operators. + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. */ static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) { @@ -1102,8 +1114,12 @@ static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) * Constant-flow boolean "equal" comparison: * return x == y * - * Use only bit operations to avoid branches that could be used by some - * compilers on some platforms to translate comparison operators. + * This function can be used to write constant-time code by replacing branches + * with bit operations - it can be used in conjunction with + * mbedtls_ssl_cf_mask_from_bit(). + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. */ static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) { @@ -1124,7 +1140,7 @@ static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) #pragma warning( pop ) #endif - /* diff1 = (x != y) in {0, 1} */ + /* diff1 = (x != y) ? 1 : 0 */ const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); return( 1 ^ diff1 ); @@ -1136,8 +1152,8 @@ static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) * - otherwise, a no-op, * but with execution flow independent of the values of c1 and c2. * - * Use only bit operations to avoid branches that could be used by some - * compilers on some platforms to translate comparison operators. + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. */ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, const unsigned char *src, @@ -1148,9 +1164,9 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 ); const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit( equal ); - /* dst[i] = c1 != c2 ? dst[i] : src[i] */ + /* dst[i] = c1 == c2 ? src[i] : dst[i] */ for( size_t i = 0; i < len; i++ ) - dst[i] = ( dst[i] & ~mask ) | ( src[i] & mask ); + dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask ); } /* @@ -1630,7 +1646,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, { /* This is the SSL 3.0 path, we don't have to worry about Lucky * 13, because there's a strictly worse padding attack built in - * the protocol (known as part of POODLE), so branches are OK. */ + * the protocol (known as part of POODLE), so we don't care if the + * code is not constant-time, in particular branches are OK. */ if( padlen > transform->ivlen ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) @@ -1666,7 +1683,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, for( idx = start_idx; idx < rec->data_len; idx++ ) { /* pad_count += (idx >= padding_idx) && - * (chech[idx] == padlen - 1); + * (check[idx] == padlen - 1); */ const size_t mask = mbedtls_ssl_cf_mask_ge( idx, padding_idx ); const size_t equal = mbedtls_ssl_cf_bool_eq( check[idx], From 27ed799109be5c00b59fbae29be037d304b9b940 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 01:11:39 +0200 Subject: [PATCH 238/488] Remove changelog entries without a user-visible impact Signed-off-by: Gilles Peskine --- ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt | 2 -- ChangeLog.d/fix-typo.txt | 3 --- 2 files changed, 5 deletions(-) delete mode 100644 ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt delete mode 100644 ChangeLog.d/fix-typo.txt diff --git a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt b/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt deleted file mode 100644 index 2f94c1633..000000000 --- a/ChangeLog.d/comment_typo_in_mbedtls_ssl_set_bio.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Fix comment typo in documentation of mbedtls_ssl_set_bio. diff --git a/ChangeLog.d/fix-typo.txt b/ChangeLog.d/fix-typo.txt deleted file mode 100644 index 8e961d280..000000000 --- a/ChangeLog.d/fix-typo.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Fixes a typo in the example code located in - program/pkey/ecdh_curve25519.c From 3b4edc78df42527eb63d765f54f778545a1d5613 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 01:13:05 +0200 Subject: [PATCH 239/488] We no longer credit contributors in the changelog From now on, external contributions are no longer acknowledged in the changelog file. They of course remain acknowledged in the Git history. Signed-off-by: Gilles Peskine --- ChangeLog.d/00README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md index b559e2336..abe0537ef 100644 --- a/ChangeLog.d/00README.md +++ b/ChangeLog.d/00README.md @@ -49,8 +49,7 @@ Include GitHub issue numbers where relevant. Use the format “#1234” for an Mbed TLS issue. Add other external references such as CVE numbers where applicable. -Credit the author of the contribution if the contribution is not a member of -the Mbed TLS development team. Also credit bug reporters where applicable. +Credit bug reporters where applicable. **Explain why, not how**. Remember that the audience is the users of the library, not its developers. In particular, for a bug fix, explain the From ece00a0cd06f5a49ede2a338567d75af0e433906 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 01:16:59 +0200 Subject: [PATCH 240/488] Explain when to write a changelog entry Signed-off-by: Gilles Peskine --- ChangeLog.d/00README.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md index abe0537ef..ba20db32c 100644 --- a/ChangeLog.d/00README.md +++ b/ChangeLog.d/00README.md @@ -3,6 +3,28 @@ This directory contains changelog entries that have not yet been merged to the changelog file ([`../ChangeLog`](../ChangeLog)). +## What requires a changelog entry? + +Write a changelog entry if there is a user-visible change. This includes: + +* Bug fixes: fixing a security hole, fixing broken behavior, fixing + the build in some configuration or on some platform, ... +* New features in the library or new platform support. +* Changes in existing behavior. These should be rare. Changes in features + that are documented as experimental may or may not be announced, depending + on the extent of the change and how widely we expect the feature to be used. + +We generally don't include changelog entries for: + +* Documentation improvements. +* Performance improvements, unless they are particularly significant. +* Changes that don't impact library users directly, for example new tests or + changes to the test framework. + +Prior to Mbed TLS 2.24, we required changelog entries in more cases. +Looking at older changelog entries is good practice for how to write a +changelog entry, but not for deciding whether to write one. + ## Changelog entry file format A changelog entry file must have the extension `*.txt` and must have the @@ -33,8 +55,7 @@ The permitted changelog entry categories are as follows: Bugfix Changes -Use “Changes” for anything that doesn't fit in the other categories, such as -performance, documentation and test improvements. +Use “Changes” for anything that doesn't fit in the other categories. ## How to write a changelog entry From 714e3a131815f0d4c15f7408c838ca93fb063c53 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 29 Sep 2020 22:07:04 -0700 Subject: [PATCH 241/488] Minor cleanup to fix errors with some unit tests With the new feature MBEDTLS_PSA_CRYPTO_CONFIG, needed to add support that when the feature is disabled, if there are defines like MBEDTLS_ECDSA_C defined, then the PSA_WANT_ equivalent define is also enabled. This ensures the guards in the library psa_crypto will work properly. Also fixed an error return code in the driver wrapper for cipher encrypt setup so it will properly pass unit tests. Ensured config.py full works properly with the new MBEDTLS_PSA_CRYPTO_CONFIG, it should not be set when the full option is used. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 18 +++++++++++++++++- library/psa_crypto_driver_wrappers.c | 2 +- scripts/config.py | 1 + 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 528e21503..8b32378ef 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -26,7 +26,9 @@ #ifndef MBEDTLS_CONFIG_PSA_H #define MBEDTLS_CONFIG_PSA_H +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #include "psa/crypto_config.h" +#endif /* defined(MBEDTLS_PSAY_CRYPTO_CONFIG) */ #ifdef __cplusplus extern "C" { @@ -42,7 +44,7 @@ extern "C" { #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */ #endif /* defined(PSA_WANT_ALG_ECDSA) */ -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA #else /* && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ @@ -50,6 +52,20 @@ extern "C" { #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ #endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) */ +#else /* MBEDTLS_PSA_CRYPTO_CONFIG */ + +/* + * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG + * is not defined + */ +#ifdef MBEDTLS_ECDSA_C +#define PSA_WANT_ALG_ECDSA +#endif /* MBEDTLS_ECDSA_C */ + +#ifdef MBEDTLS_ECDSA_DETERMINISTIC +#define PSA_WANT_ALG_ECDSA_DETERMINISTIC +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #ifdef __cplusplus diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index d41209bbf..140bab626 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -583,7 +583,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_NOT_SUPPORTED ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; diff --git a/scripts/config.py b/scripts/config.py index 017bba0aa..bb3fa1b4a 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -184,6 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature + 'MBEDTLS_PSA_CRYPTO_CONFIG', # used to switch between old/new style config 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature From 76228acfb9f38cae4faec76768b95d3d041c57f4 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 29 Sep 2020 22:33:49 -0700 Subject: [PATCH 242/488] Fix typo in define in comment This fixes error in check-names.sh test. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 8b32378ef..8e76372eb 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -28,7 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #include "psa/crypto_config.h" -#endif /* defined(MBEDTLS_PSAY_CRYPTO_CONFIG) */ +#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ #ifdef __cplusplus extern "C" { From 4bcfe9269fb52683f684ef5f15da0f1f53987c49 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 09:55:27 +0200 Subject: [PATCH 243/488] When to write a changelog: minor improvements Mention sample programs. Signed-off-by: Gilles Peskine --- ChangeLog.d/00README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md index ba20db32c..ec61c525b 100644 --- a/ChangeLog.d/00README.md +++ b/ChangeLog.d/00README.md @@ -7,9 +7,10 @@ to the changelog file ([`../ChangeLog`](../ChangeLog)). Write a changelog entry if there is a user-visible change. This includes: -* Bug fixes: fixing a security hole, fixing broken behavior, fixing - the build in some configuration or on some platform, ... -* New features in the library or new platform support. +* Bug fixes in the library or in sample programs: fixing a security hole, + fixing broken behavior, fixing the build in some configuration or on some + platform, etc. +* New features in the library, new sample programs, or new platform support. * Changes in existing behavior. These should be rare. Changes in features that are documented as experimental may or may not be announced, depending on the extent of the change and how widely we expect the feature to be used. @@ -18,8 +19,8 @@ We generally don't include changelog entries for: * Documentation improvements. * Performance improvements, unless they are particularly significant. -* Changes that don't impact library users directly, for example new tests or - changes to the test framework. +* Changes to parts of the code base that users don't interact with directly, + such as test code and test data. Prior to Mbed TLS 2.24, we required changelog entries in more cases. Looking at older changelog entries is good practice for how to write a From 9c46a60e6c3edc35d6369afdf5252a5c66aef5b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Thu, 3 Sep 2020 16:55:01 +0800 Subject: [PATCH 244/488] Use glibc's getrandom() instead of syscall when glibc > 2.25. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #3432 Signed-off-by: okhowang(王沛文) --- ChangeLog.d/getrandom.txt | 2 ++ library/entropy_poll.c | 20 ++++++++++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/getrandom.txt diff --git a/ChangeLog.d/getrandom.txt b/ChangeLog.d/getrandom.txt new file mode 100644 index 000000000..87a3a6c13 --- /dev/null +++ b/ChangeLog.d/getrandom.txt @@ -0,0 +1,2 @@ +Changes + Use glibc's getrandom() instead of syscall when glibc > 2.25. diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 4bf660e05..0f992f34c 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -18,9 +18,15 @@ */ #if defined(__linux__) +#if !defined(_GNU_SOURCE) /* Ensure that syscall() is available even when compiling with -std=c99 */ #define _GNU_SOURCE #endif +#include +#if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25) +#define HAVE_SYS_RANDOM 1 +#endif +#endif #include "common.h" @@ -86,10 +92,16 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len /* * Test for Linux getrandom() support. - * Since there is no wrapper in the libc yet, use the generic syscall wrapper + * When the C library is GNU libc and its version is greater than 2.25, + * include sys/random.h to use getrandom(), + * otherwise use the generic use the generic syscall wrapper * available in GNU libc and compatible libc's (eg uClibc). */ -#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__)) +#if HAVE_SYS_RANDOM +#include +#include +#define HAVE_GETRANDOM +#elif (defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__) #include #include #if defined(SYS_getrandom) @@ -155,7 +167,11 @@ int mbedtls_platform_entropy_poll( void *data, ((void) data); #if defined(HAVE_GETRANDOM) +#if HAVE_SYS_RANDOM + ret = getrandom(output, len, 0); +#else ret = getrandom_wrapper( output, len, 0 ); +#endif if( ret >= 0 ) { *olen = ret; From 76158ce9b73fdc132867ecb673353c4d3c181f57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Thu, 3 Sep 2020 15:36:36 +0800 Subject: [PATCH 245/488] Use socklen_t on Android and other POSIX-compliant system MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #2977 Signed-off-by: okhowang(王沛文) --- ChangeLog.d/android-socklen_t.txt | 3 +++ library/net_sockets.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/android-socklen_t.txt diff --git a/ChangeLog.d/android-socklen_t.txt b/ChangeLog.d/android-socklen_t.txt new file mode 100644 index 000000000..d795a5274 --- /dev/null +++ b/ChangeLog.d/android-socklen_t.txt @@ -0,0 +1,3 @@ +Bugfix + * Use socklen_t on Android and other POSIX-compliant system + diff --git a/library/net_sockets.c b/library/net_sockets.c index 3f96cabe4..54c2b472f 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -318,7 +318,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ - defined(socklen_t) + defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t type_len = (socklen_t) sizeof( type ); #else From f90e3019dd35da3e9979a337d30c7a14d1be6be7 Mon Sep 17 00:00:00 2001 From: Fredrik Strupe Date: Mon, 28 Sep 2020 16:11:33 +0200 Subject: [PATCH 246/488] Use PSA_ERROR_INVALID_ARGUMENT for invalid cipher input sizes ... as opposed to PSA_ERROR_BAD_STATE. The spec on psa_cipher_finish() states that PSA_ERROR_INVALID_ARGUMENT should be returned when: "The total input size passed to this operation is not valid for this particular algorithm. For example, the algorithm is a based on block cipher and requires a whole number of blocks, but the total input size is not a multiple of the block size." Currently, there is a distinction between encryption and decryption on whether INVALID_ARGUMENT or BAD_STATE is returned, but this is not a part of the spec. This fix ensures that PSA_ERROR_INVALID_ARGUMENT is returned consistently on invalid cipher input sizes. Signed-off-by: Fredrik Strupe --- library/psa_crypto.c | 5 ++--- tests/suites/test_suite_psa_crypto.data | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 931e2e915..08b89d0c3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -199,7 +199,7 @@ psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_CIPHER_INVALID_PADDING: return( PSA_ERROR_INVALID_PADDING ); case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_INVALID_ARGUMENT ); case MBEDTLS_ERR_CIPHER_AUTH_FAILED: return( PSA_ERROR_INVALID_SIGNATURE ); case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: @@ -4473,8 +4473,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, if( operation->ctx.cipher.unprocessed_len != 0 ) { if( operation->alg == PSA_ALG_ECB_NO_PADDING || - ( operation->alg == PSA_ALG_CBC_NO_PADDING && - operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) + operation->alg == PSA_ALG_CBC_NO_PADDING ) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2c6924a4d..8bdc64f38 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1240,7 +1240,7 @@ cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4 PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_BAD_STATE +cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR @@ -1252,7 +1252,7 @@ cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf71588 PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC -cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE +cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC From 326e474a6de5c13fce47220a3259c2fc299dec7b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 17:01:18 +0200 Subject: [PATCH 247/488] Add basic test cases for Curve25519 Test import and key generation, each followed by a key agreement. Only good cases in this commit. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2c6924a4d..cab66cd16 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2549,6 +2549,14 @@ PSA raw key agreement: ECDH brainpoolP512r1 (RFC 7027) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f" +PSA raw key agreement: X25519 (RFC 7748: Alice) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" + +PSA raw key agreement: X25519 (RFC 7748: Bob) +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" + PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160 @@ -2710,6 +2718,10 @@ depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C # doesn't fully relate the curve with its size. generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED +PSA generate key: ECC, Curve25519, good +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED:MBEDTLS_ECDH_C +generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS + PSA generate key: RSA, default e generate_key_rsa:512:"":PSA_SUCCESS From 360e2c41d8211e43ed2a729e4947db6f9d050c31 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 Jul 2020 02:03:20 +0200 Subject: [PATCH 248/488] List Montgomery curves in mbedtls_ecp_curve_list() mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names "x25519" and "x448". These curves support ECDH but not ECDSA. This was meant ever since the introduction of mbedtls_ecdsa_can_do() in 0082f9df6f26b982f74a3301399f66ba7a6eb039, but 2c69d10bac678d0d86615de3d01b3d5bbb4b8c45 had removed the claim that Montgomery curves support ECDH except through Everest. Signed-off-by: Gilles Peskine --- ChangeLog.d/ecp_curve_list.txt | 5 +++++ library/ecp.c | 5 ++++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/ecp_curve_list.txt diff --git a/ChangeLog.d/ecp_curve_list.txt b/ChangeLog.d/ecp_curve_list.txt new file mode 100644 index 000000000..55745d38d --- /dev/null +++ b/ChangeLog.d/ecp_curve_list.txt @@ -0,0 +1,5 @@ +Bugfix + * mbedtls_ecp_curve_list() now lists Curve25519 and Curve448 under the names + "x25519" and "x448". These curves support ECDH but not ECDSA. If you need + only the curves that support ECDSA, filter the list with + mbedtls_ecdsa_can_do(). diff --git a/library/ecp.c b/library/ecp.c index 5d00de5cf..05a0b0175 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -546,8 +546,11 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] = #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { MBEDTLS_ECP_DP_SECP192K1, 18, 192, "secp192k1" }, #endif -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) { MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" }, +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + { MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" }, #endif { MBEDTLS_ECP_DP_NONE, 0, 0, NULL }, }; From 2acbed387d25b3ab40f90d13ce0c0eb389961ff8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 18:55:42 +0200 Subject: [PATCH 249/488] psa_generate_key: remove the bit-size sanity check In psa_generate_key_internal() for ECC keys, remove the check that the bit-size according to Mbed TLS is equal to the requested bit-size. This check was necessary back when the PSA API encoded curves and key sizes independently, in order to reject combinations such as SECP256R1 with a 512-bit size. Since the curve encoding changed to specifying a curve family and a size separately, the Mbed TLS curve id (grp_id) and the curve data (curve_info) are now determined from the size, and checking that (curve_info->bit_size == bits) is now only a redundant sanity check. This check is actually buggy, because PSA Crypto and Mbed TLS don't have exactly the same notion of key size. PSA thinks Curve25519 is 255-bit and secp224k1 is 225-bit, but Mbed TLS thinks they're 256-bit and 224-bit respectively. Removing the check allows key generation to work for these curves. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_generate_key-curve25519.txt | 3 +++ library/psa_crypto.c | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/psa_generate_key-curve25519.txt diff --git a/ChangeLog.d/psa_generate_key-curve25519.txt b/ChangeLog.d/psa_generate_key-curve25519.txt new file mode 100644 index 000000000..24b6fcfe2 --- /dev/null +++ b/ChangeLog.d/psa_generate_key-curve25519.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix psa_generate_key() returning an error when asked to generate + an ECC key pair on Curve25519 or secp244k1. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 931e2e915..3182a0acf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6110,8 +6110,6 @@ static psa_status_t psa_generate_key_internal( return( PSA_ERROR_NOT_SUPPORTED ); if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( curve_info->bit_size != bits ) - return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ecp_keypair_init( &ecp ); ret = mbedtls_ecp_gen_key( grp_id, &ecp, mbedtls_ctr_drbg_random, From e9a1e13d62698b00d1eb60be27da6d362243aada Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 1 Oct 2020 00:35:49 +0200 Subject: [PATCH 250/488] 2.24.0 is still covered by the old policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit “Prior to Mbed TLS 2.24” suggests that 2.24 itself didn't use the old policy anymore, but it did. Change to “Until”, and also give the exact version number “2.24.0”. Signed-off-by: Gilles Peskine --- ChangeLog.d/00README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md index ec61c525b..d2ea73d1c 100644 --- a/ChangeLog.d/00README.md +++ b/ChangeLog.d/00README.md @@ -22,7 +22,7 @@ We generally don't include changelog entries for: * Changes to parts of the code base that users don't interact with directly, such as test code and test data. -Prior to Mbed TLS 2.24, we required changelog entries in more cases. +Until Mbed TLS 2.24.0, we required changelog entries in more cases. Looking at older changelog entries is good practice for how to write a changelog entry, but not for deciding whether to write one. From 9d3391483cc0cf77017adf6962520b78cb5a3ddc Mon Sep 17 00:00:00 2001 From: Fredrik Strupe Date: Thu, 1 Oct 2020 10:44:46 +0200 Subject: [PATCH 251/488] Add changelog entry Signed-off-by: Fredrik Strupe --- ...a_error_invalid_argument_for_invalid_cipher_input_sizes.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt diff --git a/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt new file mode 100644 index 000000000..9d18e5d11 --- /dev/null +++ b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt @@ -0,0 +1,3 @@ +Bugfix + * Consistently return PSA_ERROR_INVALID_ARGUMENT on invalid cipher input + sizes, as opposed to PSA_ERROR_BAD_STATE in some cases. From c6468ee24778e2ff1b30a23c67ca0bf1e1d9c03b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 22:11:13 +0200 Subject: [PATCH 252/488] Revert "Use glibc's getrandom() instead of syscall when glibc > 2.25." This reverts commit 9c46a60e6c3edc35d6369afdf5252a5c66aef5b3. When the library is dynamically linked against Glibc (as is usually the case with Glibc), it now requires a recent Glibc at runtime if it was compiled with a recent Glibc. This is a loss of functionality for no demonstrated benefit. Signed-off-by: Gilles Peskine --- ChangeLog.d/getrandom.txt | 2 -- library/entropy_poll.c | 20 ++------------------ 2 files changed, 2 insertions(+), 20 deletions(-) delete mode 100644 ChangeLog.d/getrandom.txt diff --git a/ChangeLog.d/getrandom.txt b/ChangeLog.d/getrandom.txt deleted file mode 100644 index 87a3a6c13..000000000 --- a/ChangeLog.d/getrandom.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - Use glibc's getrandom() instead of syscall when glibc > 2.25. diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 0f992f34c..4bf660e05 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -18,15 +18,9 @@ */ #if defined(__linux__) -#if !defined(_GNU_SOURCE) /* Ensure that syscall() is available even when compiling with -std=c99 */ #define _GNU_SOURCE #endif -#include -#if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25) -#define HAVE_SYS_RANDOM 1 -#endif -#endif #include "common.h" @@ -92,16 +86,10 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len /* * Test for Linux getrandom() support. - * When the C library is GNU libc and its version is greater than 2.25, - * include sys/random.h to use getrandom(), - * otherwise use the generic use the generic syscall wrapper + * Since there is no wrapper in the libc yet, use the generic syscall wrapper * available in GNU libc and compatible libc's (eg uClibc). */ -#if HAVE_SYS_RANDOM -#include -#include -#define HAVE_GETRANDOM -#elif (defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__) +#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__)) #include #include #if defined(SYS_getrandom) @@ -167,11 +155,7 @@ int mbedtls_platform_entropy_poll( void *data, ((void) data); #if defined(HAVE_GETRANDOM) -#if HAVE_SYS_RANDOM - ret = getrandom(output, len, 0); -#else ret = getrandom_wrapper( output, len, 0 ); -#endif if( ret >= 0 ) { *olen = ret; From a1f9ef061542624eb397dac481e805d678b43ea1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Sep 2020 22:18:13 +0200 Subject: [PATCH 253/488] Fix the build when _GNU_SOURCE is defined to a non-empty value Fix #3432. Signed-off-by: Gilles Peskine --- ChangeLog.d/_GNU_SOURCE-redefined.txt | 3 +++ library/entropy_poll.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/_GNU_SOURCE-redefined.txt diff --git a/ChangeLog.d/_GNU_SOURCE-redefined.txt b/ChangeLog.d/_GNU_SOURCE-redefined.txt new file mode 100644 index 000000000..59c8a153f --- /dev/null +++ b/ChangeLog.d/_GNU_SOURCE-redefined.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value. + Fix #3432. diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 4bf660e05..5250a7bfe 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -17,7 +17,7 @@ * limitations under the License. */ -#if defined(__linux__) +#if defined(__linux__) && !defined(_GNU_SOURCE) /* Ensure that syscall() is available even when compiling with -std=c99 */ #define _GNU_SOURCE #endif From dd9ec1c57329bfdf84725dd6704cb7e620a86df0 Mon Sep 17 00:00:00 2001 From: Fredrik Strupe Date: Thu, 1 Oct 2020 13:22:57 +0200 Subject: [PATCH 254/488] Update changelog entry to mention PSA API compliance Signed-off-by: Fredrik Strupe --- ...a_error_invalid_argument_for_invalid_cipher_input_sizes.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt index 9d18e5d11..85c363bef 100644 --- a/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt +++ b/ChangeLog.d/psa_error_invalid_argument_for_invalid_cipher_input_sizes.txt @@ -1,3 +1,4 @@ Bugfix * Consistently return PSA_ERROR_INVALID_ARGUMENT on invalid cipher input - sizes, as opposed to PSA_ERROR_BAD_STATE in some cases. + sizes (instead of PSA_ERROR_BAD_STATE in some cases) to make the + psa_cipher_* functions compliant with the PSA Crypto API specification. From 233f91d5c1d2b9e2fd52ccc0cccdfd3401f36115 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Oct 2020 17:48:04 +0200 Subject: [PATCH 255/488] Add bits output to validate_key and import_key When importing a key, the code that parses the input needs to determine the key size ("bits" attribute). This is specific to import since other key creation methods require the caller to supply a size. Therefore, add an extra output parameter `bits` to the "import_key" entry point for opaque drivers. Likewise, add a `bits` output parameter to the "validate_key" entry point for transparent drivers. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 42 +++++++++++++++++++++------ 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 475d3f979..7e4d751fc 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/09/21 11:53:38 GMT" +Time-stamp: "2020/10/02 15:59:46 GMT" ## Introduction @@ -360,10 +360,22 @@ To avoid delayed problems caused by imported invalid keys, an implementation tha A driver can provide code to perform the required validation by providing a `"validate_key"` entry point. This entry points returns `PSA_SUCCESS` if the key is valid or an applicable error code if it isn't. +The `"validate_key"` entry point has an additional role, which is to determine the size of a key. +The PSA Cryptography API exposes the key size as part of the key attributes. +When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. +In this case, the core will call the `"validate_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"validate_key"` entry point must return the actual key size in the `bits` output parameter. +The semantics of `bits` is as follows: + +* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"validate_key"` entry point. +* If `*bits == 0`, the driver must determine the key size from the data, and return `PSA_ERROR_INVALID_ARGUMENT` if this is not possible. +* If `*bits != 0`, the driver may either determine the key size from the data and store it in `*bits`, or check the value of `*bits*` against the data and return an error if it does not match. +* If the `"validate_key"` entry point returns `PSA_SUCCESS`, but `psa_get_key_bits(attributes) != 0` and `psa_get_key_bits(attributes) != *bits` on output, the core considers the key as invalid due to the size mismatch. + ``` -psa_status_t psa_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length); +psa_status_t acme_validate_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits); ``` ### Fallback @@ -525,7 +537,8 @@ psa_status_t acme_import_key(const psa_key_attributes_t *attributes, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length); + size_t *key_buffer_length, + size_t *bits); psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, @@ -536,6 +549,21 @@ If the driver has an [`"allocate_key"` entry point](#key-management-in-a-secure- TODO: derivation, copy +#### Key validation and size on import + +The `"import_key"` entry point must validate the key so that if a key is imported successfully, permitted operations on the key will succeed if the input data is valid and enough resources are available. For key types that are defined in the PSA Cryptography specification, opaque drivers must guarantee the properties that transparent drivers guarantee if [`"validate_key"`](#key-validation-with-transparent-drivers) succeeds. + +Rationale: The key must be validated on import to provide in-time feedback when attempting to inject a bad key. The minimum requirement for validation is the same as for `"validate_key"` to set a minimum security baseline (especially for operations such as key agreement where accepting an invalid key could result in leaking secret material). + +The `"import_key"` entry point may need to determine the key size. +The PSA Cryptography API exposes the key size as part of the key attributes. +When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. +In this case, the core will call the `"import_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"import_key"` entry point must return the actual key size in the `bits` output parameter. The semantics of `bits` is as follows: + +* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"import_key"` entry point. +* If `*bits == 0`, the driver must determine the key size from the data, and return `PSA_ERROR_INVALID_ARGUMENT` if this is not possible. +* If `*bits != 0`, the driver must check the value of `*bits*` against the data and return an error if it does not match. + #### Key export entry points in opaque drivers The key export entry points have the following prototypes for a driver with the prefix `"acme"`: @@ -700,10 +728,6 @@ The specification doesn't mention when the public key might be calculated. The c Should the entry point be called for symmetric keys as well? -#### Key validation with opaque drivers - -Are there mandatory validations that an opaque driver must perform on import? - ### Opaque drivers #### Opaque driver persistent state From a9eecf1b19f55c691d9d423203a34d81f123e8da Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 7 Jul 2020 11:11:02 +0200 Subject: [PATCH 256/488] If query_config is used only the config value is printed. The extra code running after the removed return instruction should not generate any output. Only the read config value must be printed. Signed-off-by: gabor-mezei-arm --- programs/ssl/ssl_client2.c | 22 +++++++++++++++----- programs/ssl/ssl_server2.c | 41 ++++++++++++++++++++++++++------------ 2 files changed, 45 insertions(+), 18 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a26dd5146..d62d24ecb 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -149,6 +149,7 @@ int main( void ) #define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG_FILE NULL #define DFL_SKIP_CLOSE_NOTIFY 0 +#define DFL_QUERY_CONFIG_MODE 0 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -539,6 +540,7 @@ struct options * after renegotiation */ int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ + int query_config_mode; /* whether to read config */ } opt; int query_config( const char *config ); @@ -1102,6 +1104,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, int main( int argc, char *argv[] ) { int ret = 0, len, tail_len, i, written, frags, retry_left; + int query_config_ret = 0; mbedtls_net_context server_fd; io_ctx_t io_ctx; @@ -1300,6 +1303,7 @@ int main( int argc, char *argv[] ) opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; + opt.query_config_mode = DFL_QUERY_CONFIG_MODE; for( i = 1; i < argc; i++ ) { @@ -1686,7 +1690,9 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - mbedtls_exit( query_config( q ) ); + opt.query_config_mode = 1; + query_config_ret = query_config( q ); + mbedtls_exit( ret ); } else if( strcmp( p, "serialize") == 0 ) { @@ -3307,7 +3313,7 @@ reconnect: */ exit: #ifdef MBEDTLS_ERROR_C - if( ret != 0 ) + if( ret != 0 && opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); @@ -3366,16 +3372,22 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + { #if defined(_WIN32) - mbedtls_printf( " + Press Enter to exit this program.\n" ); - fflush( stdout ); getchar(); + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); #endif + } // Shell can not handle large exit numbers -> 1 for errors if( ret < 0 ) ret = 1; - mbedtls_exit( ret ); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + mbedtls_exit( ret ); + else + mbedtls_exit( query_config_ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c445ddb04..3bc1712de 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -182,6 +182,7 @@ int main( void ) #define DFL_REPRODUCIBLE 0 #define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG_FILE NULL +#define DFL_QUERY_CONFIG_MODE 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -643,6 +644,7 @@ struct options const char *cid_val_renego; /* the CID to use for incoming messages * after renegotiation */ int reproducible; /* make communication reproducible */ + int query_config_mode; /* whether to read config */ } opt; int query_config( const char *config ); @@ -1723,6 +1725,7 @@ int report_cid_usage( mbedtls_ssl_context *ssl, int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; + int query_config_ret = 0; int version_suites[4][2]; io_ctx_t io_ctx; unsigned char* buf = 0; @@ -1972,6 +1975,7 @@ int main( int argc, char *argv[] ) opt.reproducible = DFL_REPRODUCIBLE; opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; + opt.query_config_mode = DFL_QUERY_CONFIG_MODE; for( i = 1; i < argc; i++ ) { @@ -2386,7 +2390,9 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "query_config" ) == 0 ) { - mbedtls_exit( query_config( q ) ); + opt.query_config_mode = 1; + query_config_ret = query_config( q ); + mbedtls_exit( ret ); } else if( strcmp( p, "serialize") == 0 ) { @@ -4252,17 +4258,20 @@ close_notify: * Cleanup and exit */ exit: -#ifdef MBEDTLS_ERROR_C - if( ret != 0 ) + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) { - char error_buf[100]; - mbedtls_strerror( ret, error_buf, 100 ); - mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf ); - } +#ifdef MBEDTLS_ERROR_C + if( ret != 0 ) + { + char error_buf[100]; + mbedtls_strerror( ret, error_buf, 100 ); + mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf ); + } #endif - mbedtls_printf( " . Cleaning up..." ); - fflush( stdout ); + mbedtls_printf( " . Cleaning up..." ); + fflush( stdout ); + } mbedtls_net_free( &client_fd ); mbedtls_net_free( &listen_fd ); @@ -4347,18 +4356,24 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif - mbedtls_printf( " done.\n" ); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + { + mbedtls_printf( " done.\n" ); #if defined(_WIN32) - mbedtls_printf( " + Press Enter to exit this program.\n" ); - fflush( stdout ); getchar(); + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); #endif + } // Shell can not handle large exit numbers -> 1 for errors if( ret < 0 ) ret = 1; - mbedtls_exit( ret ); + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + mbedtls_exit( ret ); + else + mbedtls_exit( query_config_ret ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C && From 785958577e2b2d34aeb0ab3bd979df96d0523b9d Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 28 Apr 2020 10:40:30 +0200 Subject: [PATCH 257/488] Use goto exit instead of direct return Signed-off-by: gabor-mezei-arm --- programs/ssl/ssl_client2.c | 4 ++-- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d62d24ecb..d624b196c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1692,7 +1692,7 @@ int main( int argc, char *argv[] ) { opt.query_config_mode = 1; query_config_ret = query_config( q ); - mbedtls_exit( ret ); + goto exit; } else if( strcmp( p, "serialize") == 0 ) { @@ -2691,7 +2691,7 @@ int main( int argc, char *argv[] ) { mbedtls_printf( " failed\n ! mbedtls_ssl_set_cid returned %d\n\n", ret ); - return( ret ); + goto exit; } } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3bc1712de..1ccdeaeca 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2392,7 +2392,7 @@ int main( int argc, char *argv[] ) { opt.query_config_mode = 1; query_config_ret = query_config( q ); - mbedtls_exit( ret ); + goto exit; } else if( strcmp( p, "serialize") == 0 ) { From f1f7b29d76ff8198d952a279e9c0a016af7198e8 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 11 Jun 2020 12:18:55 +0200 Subject: [PATCH 258/488] Fix overiding of return value. If MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED is defined, then the return value will be overridden by the extra code running after the removed return instruction. Signed-off-by: gabor-mezei-arm --- programs/ssl/ssl_server2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1ccdeaeca..c8c52d502 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1734,6 +1734,7 @@ int main( int argc, char *argv[] ) psa_algorithm_t alg = 0; psa_key_handle_t psk_slot = 0; #endif /* MBEDTLS_USE_PSA_CRYPTO */ + int psk_free_ret = 0; unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -4301,8 +4302,8 @@ exit: sni_free( sni_info ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( ( ret = psk_free( psk_info ) ) != 0 ) - mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); + if( ( psk_free_ret = psk_free( psk_info ) ) != 0 ) + mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", psk_free_ret ); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) mbedtls_dhm_free( &dhm ); From de47217580846250583045caf5e2a6d2dd13ca7d Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Fri, 4 Sep 2020 14:44:25 +0200 Subject: [PATCH 259/488] Do not print any messages if query_config option is used To preserve the behaviour of the query_config option all message is omitted it it is used. Signed-off-by: gabor-mezei-arm --- programs/ssl/ssl_client2.c | 9 +++++---- programs/ssl/ssl_server2.c | 25 +++++++++++++------------ 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d624b196c..b9047df1d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3313,7 +3313,7 @@ reconnect: */ exit: #ifdef MBEDTLS_ERROR_C - if( ret != 0 && opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + if( ret != 0 ) { char error_buf[100]; mbedtls_strerror( ret, error_buf, 100 ); @@ -3354,7 +3354,8 @@ exit: * immediately because of bad cmd line params, * for example). */ status = psa_destroy_key( slot ); - if( status != PSA_SUCCESS ) + if( ( status != PSA_SUCCESS ) && + ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { mbedtls_printf( "Failed to destroy key slot %u - error was %d", (unsigned) slot, (int) status ); @@ -3372,13 +3373,13 @@ exit: mbedtls_memory_buffer_alloc_free(); #endif +#if defined(_WIN32) if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) { -#if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); -#endif } +#endif // Shell can not handle large exit numbers -> 1 for errors if( ret < 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c8c52d502..a98aec119 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1734,7 +1734,6 @@ int main( int argc, char *argv[] ) psa_algorithm_t alg = 0; psa_key_handle_t psk_slot = 0; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - int psk_free_ret = 0; unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; psk_entry *psk_info = NULL; @@ -4259,17 +4258,17 @@ close_notify: * Cleanup and exit */ exit: - if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) - { #ifdef MBEDTLS_ERROR_C - if( ret != 0 ) - { - char error_buf[100]; - mbedtls_strerror( ret, error_buf, 100 ); - mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf ); - } + if( ret != 0 ) + { + char error_buf[100]; + mbedtls_strerror( ret, error_buf, 100 ); + mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf ); + } #endif + if( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) + { mbedtls_printf( " . Cleaning up..." ); fflush( stdout ); } @@ -4302,8 +4301,9 @@ exit: sni_free( sni_info ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( ( psk_free_ret = psk_free( psk_info ) ) != 0 ) - mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", psk_free_ret ); + ret = psk_free( psk_info ); + if( ( ret != 0 ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) + mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret ); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO) mbedtls_dhm_free( &dhm ); @@ -4318,7 +4318,8 @@ exit: * immediately because of bad cmd line params, * for example). */ status = psa_destroy_key( psk_slot ); - if( status != PSA_SUCCESS ) + if( ( status != PSA_SUCCESS ) && + ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { mbedtls_printf( "Failed to destroy key slot %u - error was %d", (unsigned) psk_slot, (int) status ); From 814dca7069138a38b4cf1066820d9ca69d5ef18d Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 5 Oct 2020 06:31:12 -0700 Subject: [PATCH 260/488] Fix unit tests when MBEDTLS_PSA_CRYPTO_CONFIG is enabled This change fixes the decrypt cipher setup function to return the appropriate error code of PSA_ERROR_NOT_SUPPORTED instead of PSA_ERROR_BAD_STATE for invalid locations when the setup call is made. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 140bab626..dedbf54bf 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -664,7 +664,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_NOT_SUPPORTED ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; From ce48e85db9d8a63922f2274064f4d1d3d127356b Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 5 Oct 2020 16:02:45 +0200 Subject: [PATCH 261/488] Fix PSA crypto inconsistencies in agreement+derivation * #3741 Allow key agreement inside derivation with a key that's allowed for the relevant agreement. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 8 ++++ tests/suites/test_suite_psa_crypto.data | 48 +++++++++++++-------- tests/suites/test_suite_psa_crypto.function | 27 ++++++------ 3 files changed, 50 insertions(+), 33 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 931e2e915..71a505c70 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1084,6 +1084,14 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg, return( ( policy_alg & ~PSA_ALG_HASH_MASK ) == ( requested_alg & ~PSA_ALG_HASH_MASK ) ); } + /* If policy_alg is a generic key agreement operation, then using it for + * a key derivation with that key agreement is also compliant. */ + if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) && + PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) ) + { + return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) == + policy_alg ); + } /* If it isn't permitted, it's forbidden. */ return( 0 ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2c6924a4d..b82e67f41 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -563,39 +563,43 @@ derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KE PSA key policy: agreement + KDF, permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS PSA key policy: agreement + KDF, not permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED PSA key policy: agreement + KDF, wrong agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED PSA key policy: agreement + KDF, wrong KDF algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)):PSA_ERROR_NOT_PERMITTED -PSA key policy: agreement + KDF, key only permits raw agreement +PSA key policy: agreement + KDF, key permits raw agreement depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS PSA key policy: raw agreement, permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_SUCCESS PSA key policy: raw agreement, not permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH +raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED PSA key policy: raw agreement, wrong algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH:PSA_ERROR_NOT_PERMITTED -PSA key policy: raw agreement, key only permits a KDF +PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key policy: raw agreement, key specifies KDF +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED PSA key policy algorithm2: CTR, CBC depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC @@ -2499,31 +2503,39 @@ derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b PSA key agreement setup: ECDH + HKDF-SHA-256: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS + +PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader than required +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDH:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS + +PSA key agreement setup: ECDH + HKDF-SHA-256: key algorithm KDF mismatch +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_512)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_PERMITTED PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ff":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ff":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH + HKDF-SHA-256: public key on different curve depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH + HKDF-SHA-256: public key instead of private key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, unknown KDF depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: bad key agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: KDF instead of a key agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_HKDF(PSA_ALG_SHA_256):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA raw key agreement: ECDH SECP256R1 (RFC 5903) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 45916b91b..fe9c1ccf9 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -2208,13 +2208,15 @@ void agreement_key_policy( int policy_usage, int policy_alg, int key_type_arg, data_t *key_data, - int exercise_alg ) + int exercise_alg, + int expected_status_arg ) { psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; + psa_status_t expected_status = expected_status_arg; PSA_ASSERT( psa_crypto_init( ) ); @@ -2228,11 +2230,7 @@ void agreement_key_policy( int policy_usage, PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); status = key_agreement_with_self( &operation, handle ); - if( policy_alg == exercise_alg && - ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) - PSA_ASSERT( status ); - else - TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); + TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); @@ -2283,13 +2281,15 @@ void raw_agreement_key_policy( int policy_usage, int policy_alg, int key_type_arg, data_t *key_data, - int exercise_alg ) + int exercise_alg, + int expected_status_arg ) { psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; + psa_status_t expected_status = expected_status_arg; PSA_ASSERT( psa_crypto_init( ) ); @@ -2302,11 +2302,7 @@ void raw_agreement_key_policy( int policy_usage, status = raw_key_agreement_with_self( exercise_alg, handle ); - if( policy_alg == exercise_alg && - ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) - PSA_ASSERT( status ); - else - TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); + TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); @@ -5220,12 +5216,13 @@ exit: /* BEGIN_CASE */ void key_agreement_setup( int alg_arg, - int our_key_type_arg, data_t *our_key_data, - data_t *peer_key_data, + int our_key_type_arg, int our_key_alg_arg, + data_t *our_key_data, data_t *peer_key_data, int expected_status_arg ) { psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; + psa_algorithm_t key_alg = our_key_alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -5235,7 +5232,7 @@ void key_agreement_setup( int alg_arg, PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &attributes, alg ); + psa_set_key_algorithm( &attributes, key_alg ); psa_set_key_type( &attributes, our_key_type ); PSA_ASSERT( psa_import_key( &attributes, our_key_data->x, our_key_data->len, From 0ee0d52967ce17b66364246e29a57530a6e07632 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 5 Oct 2020 16:03:42 +0200 Subject: [PATCH 262/488] Fix PSA crypto inconsistencies in agreement+derivation * #3742 After input of a key as SECRET in the derivation, allow the derivation result to be used as key. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 5 +++++ tests/suites/test_suite_psa_crypto.data | 8 ++++++++ tests/suites/test_suite_psa_crypto.function | 17 ++++++++++++++--- 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 71a505c70..69852fa56 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5877,6 +5877,11 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t * shared_secret, shared_secret_length ); + /* If a private key has been added as SECRET, we allow the derived + * key material to be used as a key in PSA Crypto. */ + if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) + operation->can_output_key = 1; + exit: mbedtls_platform_zeroize( shared_secret, shared_secret_length ); return( status ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index b82e67f41..0626097bc 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2221,6 +2221,14 @@ PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes) depends_on:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: ECDH on P256 with HKDF-SHA256, key output +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS + PSA key derivation: HKDF invalid state (double generate + read past capacity) depends_on:MBEDTLS_SHA256_C test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fe9c1ccf9..328508dd2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4729,9 +4729,20 @@ void derive_input( int alg_arg, PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, &handles[i] ) ); - TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], - handles[i] ), - expected_statuses[i] ); + if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) && + steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET ) + { + // When taking a private key as secret input, use key agreement + // to add the shared secret to the derivation + TEST_EQUAL( key_agreement_with_self( &operation, handles[i] ), + expected_statuses[i] ); + } + else + { + TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], + handles[i] ), + expected_statuses[i] ); + } } else { From 949cde682e59372bea93435e01af8518d9bc2ff4 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 5 Oct 2020 16:24:15 +0200 Subject: [PATCH 263/488] Add changelog entries for #3741 and #3742 Signed-off-by: Steven Cooreman --- ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt | 4 ++++ .../support-key-agreement-and-derivation-output-as-key.txt | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt create mode 100644 ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt diff --git a/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt new file mode 100644 index 000000000..842d5ffd3 --- /dev/null +++ b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt @@ -0,0 +1,4 @@ +Features + * In PSA, allow using a key declared with a base key agreement algorithm + in combined key agreement and derivation operations, as long as the key + agreement algorithm in use matches the algorithm the key was declared with. diff --git a/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt b/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt new file mode 100644 index 000000000..3f61481ab --- /dev/null +++ b/ChangeLog.d/support-key-agreement-and-derivation-output-as-key.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix psa_key_derivation_output_key() to allow the output of a combined key + agreement and subsequent key derivation operation to be used as a key + inside of the PSA Crypto core. From 816e0438058d30ab960e12cd344382a60ed4565e Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 5 Oct 2020 21:18:06 -0700 Subject: [PATCH 264/488] Update how test sets PSA_WANT_ALG_* With the introduction of new tests for PSA crypto config features the test needs to now be able to set and unset values from the psa/crypto_config.h file. This change updates from passing the defines as a build arguement to modifying the header files using config.py. Signed-off-by: John Durkop --- tests/scripts/all.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f07933403..814c87f58 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1317,8 +1317,10 @@ component_test_psa_crypto_config_want_ecdsa() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA_DETERMINISTIC # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DPSA_WANT_ALG_ECDSA -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: psa crypto config want ECDSA" make test From 162a1104be6109c72d142e0eb24a541124a86be3 Mon Sep 17 00:00:00 2001 From: Torstein Nesse Date: Wed, 7 Oct 2020 10:50:15 +0200 Subject: [PATCH 265/488] Changes PSA key storage format to include key bits * Stores bits in psa_persistent_key_storage_format. * psa_load_persistent_key_into_slot still imports plaintext keys which ensures that the bits value gets set. * Updates key specification to match new implementation. * Expands persistent store and load tests with to check for bits attribute. * Removes bits storage from psa_se_key_data_storage_t. Signed-off-by: Torstein Nesse --- .../systematically_store_bit_size_3740.txt | 7 ++++ .../mbed-crypto-storage-specification.md | 5 ++- library/psa_crypto.c | 4 --- library/psa_crypto_se.h | 1 - library/psa_crypto_slot_management.c | 2 -- library/psa_crypto_storage.c | 35 +++++++++++++------ .../test_suite_psa_crypto_persistent_key.data | 20 +++++------ ...t_suite_psa_crypto_persistent_key.function | 6 +++- 8 files changed, 51 insertions(+), 29 deletions(-) create mode 100644 ChangeLog.d/systematically_store_bit_size_3740.txt diff --git a/ChangeLog.d/systematically_store_bit_size_3740.txt b/ChangeLog.d/systematically_store_bit_size_3740.txt new file mode 100644 index 000000000..f6688f771 --- /dev/null +++ b/ChangeLog.d/systematically_store_bit_size_3740.txt @@ -0,0 +1,7 @@ +Changes + * Always store key bits attribute in PSA key storage. Previously stored + keys should be augmented with the bits value to be compatible with the + updated version. #3740 + * Removes the stored bits field from the storage format for the + dynamic Secure Element driver. Previously stored keys must be updated to + remove the stored bits field. #3740 diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index afeb29f4b..0d33ba5e6 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -204,6 +204,7 @@ Integrated in Mbed OS TBD. * The layout of a key file now has a lifetime field before the type field. * Key files can store references to keys in a secure element. In such key files, the key material contains the slot number. +* The type field has been split into a type and a bits field of 2 bytes each. ### File namespace on a PSA platform on TBD @@ -244,13 +245,15 @@ The layout of a key file is: * magic (8 bytes): `"PSA\0KEY\0"`. * version (4 bytes): 0. * lifetime (4 bytes): `psa_key_lifetime_t` value. -* type (4 bytes): `psa_key_type_t` value. +* type (2 bytes): `psa_key_type_t` value. +* bits (2 bytes): `psa_key_bits_t` value. * policy usage flags (4 bytes): `psa_key_usage_t` value. * policy usage algorithm (4 bytes): `psa_algorithm_t` value. * policy enrollment algorithm (4 bytes): `psa_algorithm_t` value. * key material length (4 bytes). * key material: * For a transparent key: output of `psa_export_key`. + * For an opaque key (unified driver interface): driver-specific opaque key blob. * For an opaque key (key in a secure element): slot number (8 bytes), in platform endianness. * Any trailing data is rejected on load. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 931e2e915..a35af8e15 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1897,13 +1897,9 @@ static psa_status_t psa_finish_key_creation( static_assert( sizeof( slot->data.se.slot_number ) == sizeof( data.slot_number ), "Slot number size does not match psa_se_key_data_storage_t" ); - static_assert( sizeof( slot->attr.bits ) == sizeof( data.bits ), - "Bit-size size does not match psa_se_key_data_storage_t" ); #endif memcpy( &data.slot_number, &slot->data.se.slot_number, sizeof( slot->data.se.slot_number ) ); - memcpy( &data.bits, &slot->attr.bits, - sizeof( slot->attr.bits ) ); status = psa_save_persistent_key( &slot->attr, (uint8_t*) &data, sizeof( data ) ); diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 56917383c..67fadf896 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -182,7 +182,6 @@ psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ); typedef struct { uint8_t slot_number[sizeof( psa_key_slot_number_t )]; - uint8_t bits[sizeof( psa_key_bits_t )]; } psa_se_key_data_storage_t; #endif /* PSA_CRYPTO_SE_H */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index e5265604c..b7a3c1338 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -137,8 +137,6 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) data = (psa_se_key_data_storage_t *) key_data; memcpy( &slot->data.se.slot_number, &data->slot_number, sizeof( slot->data.se.slot_number ) ); - memcpy( &slot->attr.bits, &data->bits, - sizeof( slot->attr.bits ) ); } else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 46d0b6518..2ab5903a3 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -253,6 +253,25 @@ static psa_status_t psa_crypto_storage_get_data_length( } #endif +/* + * 16-bit integer manipulation macros (little endian) + */ +#ifndef GET_UINT16_LE +#define GET_UINT16_LE( n, b, i ) \ +{ \ + (n) = ( (uint16_t) (b)[(i) ] ) \ + | ( (uint16_t) (b)[(i) + 1] << 8 ); \ +} +#endif + +#ifndef PUT_UINT16_LE +#define PUT_UINT16_LE( n, b, i ) \ +{ \ + (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ + (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ +} +#endif + /** * Persistent key storage magic header. */ @@ -263,9 +282,8 @@ typedef struct { uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH]; uint8_t version[4]; uint8_t lifetime[sizeof( psa_key_lifetime_t )]; - uint8_t type[4]; /* Size=4 for a 2-byte type to keep the structure more - * regular and aligned and to make potential future - * extensibility easier. */ + uint8_t type[2]; + uint8_t bits[2]; uint8_t policy[sizeof( psa_key_policy_t )]; uint8_t data_len[4]; uint8_t key_data[]; @@ -282,7 +300,8 @@ void psa_format_key_data_for_storage( const uint8_t *data, memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ); PUT_UINT32_LE( 0, storage_format->version, 0 ); PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - PUT_UINT32_LE( (uint32_t) attr->type, storage_format->type, 0 ); + PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 ); + PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 ); PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); @@ -308,7 +327,6 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, const psa_persistent_key_storage_format *storage_format = (const psa_persistent_key_storage_format *)storage_data; uint32_t version; - uint32_t type; if( storage_data_length < sizeof(*storage_format) ) return( PSA_ERROR_STORAGE_FAILURE ); @@ -339,11 +357,8 @@ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, } GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - GET_UINT32_LE( type, storage_format->type, 0 ); - if( type <= (psa_key_type_t) -1 ) - attr->type = (psa_key_type_t) type; - else - return( PSA_ERROR_STORAGE_FAILURE ); + GET_UINT16_LE( attr->type, storage_format->type, 0 ); + GET_UINT16_LE( attr->bits, storage_format->bits, 0 ); GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index f65e57e37..4662406b1 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -1,26 +1,26 @@ Format for storage: RSA private key -format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN +format_storage_data_check:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN + +Format for storage: AES-128 key +format_storage_data_check:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0 Parse storage: RSA private key -parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_SUCCESS +parse_storage_data_check:"505341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_SUCCESS Parse storage: AES-128 key -parse_storage_data_check:"505341004b45590000000000010000000024000000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS - -Parse storage: type out of range -parse_storage_data_check:"505341004b45590000000000010000000024010000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:0:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b45590000000000010000000024800000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS Parse storage: wrong version -parse_storage_data_check:"505341004b455900ffffffff0100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b455900ffffffff0100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: data too big -parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: bad magic -parse_storage_data_check:"645341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"645341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: truncated magic -parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE # Not specific to files, but only run this test in an environment where the maximum size could be reached. Save maximum-size persistent raw key diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 9e2fbf6d3..7ee17f9d9 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -41,7 +41,7 @@ typedef struct { /* BEGIN_CASE */ void format_storage_data_check( data_t *key_data, data_t *expected_file_data, - int key_lifetime, int key_type, + int key_lifetime, int key_type, int key_bits, int key_usage, int key_alg, int key_alg2 ) { uint8_t *file_data = NULL; @@ -51,6 +51,7 @@ void format_storage_data_check( data_t *key_data, psa_set_key_lifetime( &attributes, key_lifetime ); psa_set_key_type( &attributes, key_type ); + psa_set_key_bits( &attributes, key_bits ); psa_set_key_usage_flags( &attributes, key_usage ); psa_set_key_algorithm( &attributes, key_alg ); psa_set_key_enrollment_algorithm( &attributes, key_alg2 ); @@ -73,6 +74,7 @@ void parse_storage_data_check( data_t *file_data, data_t *expected_key_data, int expected_key_lifetime, int expected_key_type, + int expected_key_bits, int expected_key_usage, int expected_key_alg, int expected_key_alg2, @@ -95,6 +97,8 @@ void parse_storage_data_check( data_t *file_data, (psa_key_type_t) expected_key_lifetime ); TEST_EQUAL( psa_get_key_type( &attributes ), (psa_key_type_t) expected_key_type ); + TEST_EQUAL( psa_get_key_bits( &attributes ), + (psa_key_bits_t) expected_key_bits ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), (uint32_t) expected_key_usage ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), From 5e940c6068c652b6fcb32f7393e80689561255fe Mon Sep 17 00:00:00 2001 From: Fredrik Strupe Date: Thu, 8 Oct 2020 11:52:50 +0200 Subject: [PATCH 266/488] Fix additional data length field check for CCM The CCM specification (NIST SP 800-38C) mandates that the formatting of the additional data length l(a) changes when it is greater _or equal_ to 2^16 - 2^8 (>= 0xFF00). Since such lengths are not supported in mbed TLS, the operation should fail in such cases. This commit fixes an off-by-one error which allowed encryption/decryption to be executed when l(a) was equal to 0xFF00, resulting in an incorrect/non-standard length format being used. Fixes #3719. Signed-off-by: Fredrik Strupe --- ChangeLog.d/fix_ccm_add_length_check.txt | 5 +++++ library/ccm.c | 2 +- tests/suites/test_suite_ccm.data | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/fix_ccm_add_length_check.txt diff --git a/ChangeLog.d/fix_ccm_add_length_check.txt b/ChangeLog.d/fix_ccm_add_length_check.txt new file mode 100644 index 000000000..259399fd4 --- /dev/null +++ b/ChangeLog.d/fix_ccm_add_length_check.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix an off-by-one error in the additional data length check for + CCM, which allowed encryption with a non-standard length field. + Fixes #3719. + diff --git a/library/ccm.c b/library/ccm.c index e6ca588ba..424ee77b6 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -175,7 +175,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, if( iv_len < 7 || iv_len > 13 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - if( add_len > 0xFF00 ) + if( add_len >= 0xFF00 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); q = 16 - 1 - (unsigned char) iv_len; diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 46c172bbb..9ad3b5db6 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -41,9 +41,9 @@ ccm_lengths:5:10:5:18:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #6 tag length not even ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT -CCM lengths #7 AD too long (2^16 - 2^8 + 1) +CCM lengths #7 AD too long (2^16 - 2^8) depends_on:!MBEDTLS_CCM_ALT -ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT +ccm_lengths:5:10:65280:8:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #8 msg too long for this IV length (2^16, q = 2) ccm_lengths:65536:13:5:8:MBEDTLS_ERR_CCM_BAD_INPUT From 55687646c84239efc5ce58873b71bdbc2ef4a53f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Oct 2020 23:23:52 +0200 Subject: [PATCH 267/488] PSA_WANT_xxx needs to be defined in the old-style config mechanism Without MBEDTLS_PSA_CRYPTO_CONFIG, PSA_WANT_xxx needs to be defined, for the sake of code that calls the PSA API (TLS code, tests, sample apps). Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 753aaf7b7..5212c59a3 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/09/21 18:07:09 GMT" +Time-stamp: "2020/10/12 21:23:39 GMT" ## Introduction @@ -129,7 +129,7 @@ Symbols With `MBEDTLS_PSA_CRYPTO_CONFIG` Without `MBEDTLS_PS ------------------------- -------------------------------- ----------------------------------- `MBEDTLS_xxx_C` `mbedtls/config.h` (U) or `mbedtls/config.h` (U) `mbedtls/config_psa.h` (D) -`PSA_WANT_xxx` `psa/crypto_config.h` (U) N/A +`PSA_WANT_xxx` `psa/crypto_config.h` (U) `mbedtls/config_psa.h (D) `MBEDTLS_PSA_BUILTIN_xxx` `mbedtls/config_psa.h` (D) `mbedtls/config_psa.h` (D) `MBEDTLS_PSA_ACCEL_xxx` `mbedtls/crypto_drivers` (G) N/A ------------------------------------------------------------------------------------------------ From e4cbb2bb73d37fa3b523dd28afc3fd6a164060a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 12 Oct 2020 23:39:18 +0200 Subject: [PATCH 268/488] Minor clarifications Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 7e4d751fc..ef92c693b 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/10/02 15:59:46 GMT" +Time-stamp: "2020/10/12 21:34:43 GMT" ## Introduction @@ -348,9 +348,9 @@ Transparent drivers are not involved when exporting, copying or destroying keys, #### Key validation with transparent drivers -When a driver creates a key, it is responsible for ensuring that the key is valid. But when a key is imported, no processing of the key happens: the implementation just stores the key material. (It may store it in an encoded form, but this is an implementation choice which is not visible at the level of PSA specifications.) It is important to validate the incoming key material, to avoid storing a key that will later be unacceptable for operations or that could even cause functional or security issues during operations. +When a driver creates a key, it is responsible for ensuring that the key is valid. But when a key is imported, no processing of the key happens: the PSA Cryptography implementation just stores the key material. (It may store it in an encoded form, but this is an implementation choice which is not visible at the level of PSA specifications.) It is important to validate the incoming key material, to avoid storing a key that will later be unacceptable for operations or that could even cause functional or security issues during operations. -To avoid delayed problems caused by imported invalid keys, an implementation that supports transparent drivers must validate transparent keys on import. For supported key types, this means: +To avoid delayed problems caused by imported invalid keys, a PSA Cryptography implementation that supports transparent drivers must validate transparent keys on import. For supported key types, this means: * For symmetric key types, check that the key size is suitable for the type. * For DES (`PSA_KEY_TYPE_DES`), additionally verify the parity bits. @@ -358,7 +358,7 @@ To avoid delayed problems caused by imported invalid keys, an implementation tha * For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: what else? * For elliptic curve public keys (``), check the size and range, and that the point is on the curve. TODO: what else? -A driver can provide code to perform the required validation by providing a `"validate_key"` entry point. This entry points returns `PSA_SUCCESS` if the key is valid or an applicable error code if it isn't. +A driver can provide code to perform the required validation by providing a `"validate_key"` entry point. This entry point returns `PSA_SUCCESS` if the key is valid or an applicable error code if it isn't. The `"validate_key"` entry point has an additional role, which is to determine the size of a key. The PSA Cryptography API exposes the key size as part of the key attributes. From 185764f5f4d352bf9b0f9dccc10b47be88aadfd4 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 12 Oct 2020 21:32:12 -0700 Subject: [PATCH 269/488] Enhance description for MBEDTLS_PSA_CRYPTO_CONFIG Provided detailed description for MBEDTLS_PSA_CRYPTO_CONFIG so that it is more clear to the user when the feature should be enabled or disabled. It also mentions where to look for PSA crypto config settings; include/psa/crypto_config.h. Removed some other related comments that were not necessary. Signed-off-by: John Durkop --- include/mbedtls/config.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 902d0cbe8..6fbaeed0c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1330,7 +1330,7 @@ * * Enable support for the experimental PSA crypto driver interface. * - * Requires: MBEDTLS_PSA_CRYPTO_C or MBEDTLS_PSA_CRYPTO_CONFIG + * Requires: MBEDTLS_PSA_CRYPTO_C * * \warning This interface is experimental and may change or be removed * without notice. @@ -2022,9 +2022,14 @@ /** * \def MBEDTLS_PSA_CRYPTO_CONFIG * - * This setting should be used to allow for conditional inclusion of PSA features. + * This setting allows support for cryptographic mechanisms through the PSA + * API to be configured separately from support through the mbedtls API. * - * Uncomment this to enable use of PSA Crypto configuration settings. + * Uncomment this to enable use of PSA Crypto configuration settings which + * can be found in include/psa/crypto_config.h + * + * This feature is still experimental and is not ready for production since + * it is not completed. */ //#define MBEDTLS_PSA_CRYPTO_CONFIG @@ -3820,10 +3825,6 @@ #include MBEDTLS_USER_CONFIG_FILE #endif -/** - * \name SECTION: PSA Crypto settings - * - */ #include "mbedtls/config_psa.h" #include "mbedtls/check_config.h" From 348188229acdbb7297e021d8f6371200b77ed0df Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 12 Oct 2020 21:36:22 -0700 Subject: [PATCH 270/488] Correct inclusion of MBEDTLS_XXX based on PSA_WANT_XXX Provied a more detailed description for the config_psa.h header file. This new description makes it clear that the file should not be edited by users or integrators. Relevant changes should be made to psa/crypto_config.h instead. Fixed the logic for the inclusion of MBEDTLS_PSA_BUILTIN_XXX to be set when PSA_WANT_ALG_XXX and MBEDTLS_PSA_ACCEL_ALG_XXX is not defined, otherwise the MBEDTLS_XXX should be set. Ensure that MBEDTLS_PSA_BUILTIN_XXX is set to 1 and not simply defined per specification. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 8e76372eb..02bdfb1b0 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -2,9 +2,13 @@ * \file mbedtls/config_psa.h * \brief PSA crypto configuration options (set of defines) * - * This set of compile-time options may be used to enable - * or disable PSA crypto features selectively. This will aid - * in reducing the size of the library by removing unused code. + * This set of compile-time options takes settings defined in + * include/mbedtls/config.h and include/psa/crypto_config.h and uses + * those definitions to define symbols used in the library code. + * + * Users and integrators should not edit this file, please edit + * include/mbedtls/config.h for MBETLS_XXX settings or + * include/psa/crypto_config.h for PSA_WANT_XXX settings. */ /* * Copyright The Mbed TLS Contributors @@ -38,19 +42,17 @@ extern "C" { #if defined(PSA_WANT_ALG_ECDSA) #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA -#else /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */ +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 #define MBEDTLS_ECDSA_C -#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */ -#endif /* defined(PSA_WANT_ALG_ECDSA) */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ +#endif /* PSA_WANT_ALG_ECDSA */ #if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) -#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA -#else /* && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 #define MBEDTLS_ECDSA_DETERMINISTIC -#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ -#endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) */ +#endif /* MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC */ +#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ @@ -58,11 +60,11 @@ extern "C" { * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG * is not defined */ -#ifdef MBEDTLS_ECDSA_C +#if defined(MBEDTLS_ECDSA_C) #define PSA_WANT_ALG_ECDSA #endif /* MBEDTLS_ECDSA_C */ -#ifdef MBEDTLS_ECDSA_DETERMINISTIC +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) #define PSA_WANT_ALG_ECDSA_DETERMINISTIC #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ From c7c03b7d173b416e1d20157776e65b935eaa52a2 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 12 Oct 2020 21:42:03 -0700 Subject: [PATCH 271/488] Enhanced documentation for crypto_config.h Provided more detailed documentation for crypto_config.h file so it is clear to users can enable cryptographic mechanisms using PSA_WANT_XXX. If MBEDTLS_PSA_CRYPTO_CONFIG is not set the settings in this file are not used. Ensure that defines used in this file are set to 1 and not simply defined per the specification. Also removed the __cplusplus guards since they are not needed for this file. Signed-off-by: John Durkop --- include/psa/crypto_config.h | 46 +++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 8e2f40ed8..808c68a57 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -2,10 +2,34 @@ * \file psa/crypto_config.h * \brief PSA crypto configuration options (set of defines) * - * This set of compile-time options may be used to enable - * or disable PSA crypto features selectively. This will aid - * in reducing the size of the library by removing unused code. +*/ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +/** + * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h, + * this file determines which cryptographic mechanisms are enabled + * through the PSA Cryptography API (\c psa_xxx() functions). + * + * To enable a cryptographic mechanism, uncomment the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * To disable a cryptographic mechanism, comment out the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * The names of cryptographic mechanisms correspond to values + * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead + * of \c PSA_. + * + * Note that many cryptographic mechanisms involve two symbols: one for + * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm + * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve + * additional symbols. */ +#else +/** + * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in config.h, + * this file is not used, and cryptographic mechanisms are supported + * through the PSA API if and only if they are supported through the + * mbedtls_xxx API. + */ +#endif /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -26,19 +50,7 @@ #ifndef PSA_CRYPTO_CONFIG_H #define PSA_CRYPTO_CONFIG_H -#ifdef __cplusplus -extern "C" { -#endif - -#define PSA_WANT_ALG_ECDSA - -#define PSA_WANT_ALG_ECDSA_DETERMINISTIC - -//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA -//#define MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC - -#ifdef __cplusplus -} -#endif +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_ECDSA_DETERMINISTIC 1 #endif /* PSA_CRYPTO_CONFIG_H */ From dd544e1463fd1f5daab3e02629eb739d88ccd469 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 12 Oct 2020 21:47:19 -0700 Subject: [PATCH 272/488] Fixed comments and test message output for new PSA tests Provided a clearer comment for the description for ignoring MBEDTLS_PSA_CRYPTO_CONFIG for full build setting. Updated message output for test_psa_crypto_config_basic and test_psa_want_ecdsa_disabled_software so it is more clear and concise in what the test is doing. Removed inclusion of the MBEDTLS_PSA_ACCEL_ALG_ECDSA since it should not have been used for that particular tests. Signed-off-by: John Durkop --- scripts/config.py | 2 +- tests/scripts/all.sh | 18 +++++++----------- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index bb3fa1b4a..6c299818f 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -184,7 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature - 'MBEDTLS_PSA_CRYPTO_CONFIG', # used to switch between old/new style config + 'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 814c87f58..fe50134cc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1291,10 +1291,8 @@ component_test_no_use_psa_crypto_full_cmake_asan() { } component_test_psa_crypto_config_basic() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG, MBEDTLS_PSA_CRYPTO_DRIVERS, - # and PSA_CRYPTO_DRIVER_TEST minus MBEDTLS_USE_PSA_CRYPTO - msg "build: full config plus MBEDTLS_PSA_CRYPTO_CONFIG MBEDTLS_PSA_CRYPTO_DRIVERS" - msg "build: minus MBEDTLS_USE_PSA_CRYPTO" + # full plus MBEDTLS_PSA_CRYPTO_CONFIG + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS @@ -1306,12 +1304,10 @@ component_test_psa_crypto_config_basic() { make test } -component_test_psa_crypto_config_want_ecdsa() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG, MBEDTLS_PSA_CRYPTO_DRIVERS, - # and PSA_CRYPTO_DRIVER_TEST minus MBEDTLS_USE_PSA_CRYPTO - msg "build: full config plus MBEDTLS_PSA_CRYPTO_CONFIG, MBEDTLS_PSA_CRYPTO_DRIVERS," - msg "build: PSA_CRYPTO_DRIVER_TEST, MBEDTLS_PSA_ACCEL_ALG_ECDSA," - msg "build: PSA_WANT_ALG_ECDSA minus MBEDTLS_USE_PSA_CRYPTO" +component_test_psa_want_ecdsa_disabled_software() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA + # without MBEDTLS_ECDSA_C + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS @@ -1320,7 +1316,7 @@ component_test_psa_crypto_config_want_ecdsa() { scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA_DETERMINISTIC # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: psa crypto config want ECDSA" make test From 7b453130e26d1579b93c254a986216c90c216c52 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 12 Oct 2020 21:56:26 -0700 Subject: [PATCH 273/488] Updates to fix check-names and all.sh tests after review Need to make sure the new MBEDTLS_PSA_ACCEL_XXX defines are not checked since they should be defined by the PSA driver. Updated the list-macros.sh script to modify the instances of those found to match the corresponding MBEDTLS_PSA_BUILTIN_XXX that are defined in config_psa.h Fixed definition of MBEDTLS_PSA_BUILTIN_ALG_ECDSA_DETERMINISTIC, name was incorrect. Also fixed a missing space in the comments of crypto_config.h Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 2 +- include/psa/crypto_config.h | 2 +- tests/scripts/list-macros.sh | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 02bdfb1b0..87c092a17 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -49,7 +49,7 @@ extern "C" { #if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) -#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA_DETERMINISTIC 1 #define MBEDTLS_ECDSA_DETERMINISTIC #endif /* MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC */ #endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 808c68a57..28702ebfa 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -2,7 +2,7 @@ * \file psa/crypto_config.h * \brief PSA crypto configuration options (set of defines) * -*/ + */ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /** * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h, diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 15d2590c1..a8617a083 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -30,4 +30,10 @@ sed -n -e 's/.*#define \([a-zA-Z0-9_]*\).*/\1/p' $HEADERS \ | egrep -v '^(asm|inline|EMIT|_CRT_SECURE_NO_DEPRECATE)$|^MULADDC_' \ | sort -u > macros +# For include/mbedtls/config_psa.h need to ignore the MBEDTLS_xxx define +# in that file since they may not be defined in include/psa/crypto_config.h +# This line renames the potentially missing defines to ones that should +# be present. +sed -ne 's/^MBEDTLS_PSA_BUILTIN_/MBEDTLS_PSA_ACCEL_/p' >macros + wc -l macros From 48584b589f5a7171c6f124af1fde4ea185403e46 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Oct 2020 19:07:02 +0200 Subject: [PATCH 274/488] Editorial fixes Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 5212c59a3..6267f103c 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/10/12 21:23:39 GMT" +Time-stamp: "2020/10/13 17:05:02 GMT" ## Introduction @@ -51,9 +51,9 @@ The current model is difficult to adapt to the PSA interface for several reasons ### PSA Crypto configuration file -The PSA crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` . The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below. +The PSA crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` describes the feature that the symbol enables. The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below. -The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/config.h` determines whether `psa/crypto_config.h`. is used. +The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/config.h` determines whether `psa/crypto_config.h` is used. * If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, things are as they are today: the PSA subsystem includes generic code unconditionally, and includes support for specific mechanisms conditionally based on the existing `MBEDTLS_xxx_` symbols. * If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`. From fdf337965c1f712fb08bf87d5e184ac6c68f120a Mon Sep 17 00:00:00 2001 From: Peter Toft Date: Wed, 14 Oct 2020 17:19:02 +0200 Subject: [PATCH 275/488] Add fix for cmake control of CMAKE_BUILD_TYPE only if mbedtls is the root project Signed-off-by: Peter Toft --- CMakeLists.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5af4c8124..27590ef08 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -112,9 +112,12 @@ option: \n\ endif() endif() -set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} - CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" - FORCE) +# If this is the root project add longer list of available CMAKE_BUILD_TYPE values +if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) + set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} + CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull" + FORCE) +endif() # Create a symbolic link from ${base_name} in the binary directory # to the corresponding path in the source directory. From 2e680348adea694dfc27f46d5a0de950bcb00325 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 15 Oct 2020 14:00:40 +0100 Subject: [PATCH 276/488] Fix memory allocation in ccm tests The ccm tests were previously relying on unspecified behaviour in the underlying implementation (i.e. that it rejects certain buffer sizes without reading the buffer). Signed-off-by: Dave Rodgman --- tests/suites/helpers.function | 1 + tests/suites/test_suite_ccm.data | 3 +++ tests/suites/test_suite_ccm.function | 5 +++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 80d47c85f..aafcf5c18 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -121,6 +121,7 @@ typedef struct data_tag TEST_ASSERT( ( expr1 ) == ( expr2 ) ) /** Allocate memory dynamically and fail the test case if this fails. + * The allocated memory will be filled with zeros. * * You must set \p pointer to \c NULL before calling this macro and * put `mbedtls_free( pointer )` in the test's cleanup code. diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 46c172bbb..fd555eb2a 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -51,6 +51,9 @@ ccm_lengths:65536:13:5:8:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #9 tag length 0 ccm_lengths:5:10:5:0:MBEDTLS_ERR_CCM_BAD_INPUT +CCM lengths #10 Large AD +ccm_lengths:5:10:32768:8:0 + CCM* fixed tag lengths #1 all OK ccm_star_lengths:5:10:5:8:0 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 9507b59fd..faa7e130a 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -41,17 +41,17 @@ void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) unsigned char key[16]; unsigned char msg[10]; unsigned char iv[14]; - unsigned char add[10]; + unsigned char *add = NULL; unsigned char out[10]; unsigned char tag[18]; int decrypt_ret; mbedtls_ccm_init( &ctx ); + ASSERT_ALLOC_WEAK( add, add_len ); memset( key, 0, sizeof( key ) ); memset( msg, 0, sizeof( msg ) ); memset( iv, 0, sizeof( iv ) ); - memset( add, 0, sizeof( add ) ); memset( out, 0, sizeof( out ) ); memset( tag, 0, sizeof( tag ) ); @@ -70,6 +70,7 @@ void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) TEST_ASSERT( decrypt_ret == res ); exit: + mbedtls_free( add ); mbedtls_ccm_free( &ctx ); } /* END_CASE */ From 0ea39e0ee49267df3f6dfcf412e2a4c97c85e98b Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 13 Oct 2020 19:58:20 -0700 Subject: [PATCH 277/488] Correct use of MBEDTLS_PSA_BUILTIN_ALG_xxx in crypto library The psa crypto library was generically using PSA_WANT_ALG_xxx, but should have been using the correct MBEDTLS_PSA_BUILTIN_ALG_xxx definition since that code is the builtin version. There were also a couple of spots that needed to ensure the code block was enabled for either ECDSA or DETERMINISTIC_ECDSA, not just one of them. Fixed all the new ALG_ECDSA_DETERMINISTIC names to be ALG_DETERMINISTIC_ECDSA instead. Fixed test to use correct definitions. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 12 ++++++------ include/psa/crypto_config.h | 4 ++-- library/psa_crypto.c | 22 +++++++++++----------- tests/scripts/all.sh | 2 +- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 87c092a17..9a1a1efba 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -47,11 +47,11 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ #endif /* PSA_WANT_ALG_ECDSA */ -#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA_DETERMINISTIC 1 +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 #define MBEDTLS_ECDSA_DETERMINISTIC -#endif /* MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC */ +#endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ #endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ @@ -61,11 +61,11 @@ extern "C" { * is not defined */ #if defined(MBEDTLS_ECDSA_C) -#define PSA_WANT_ALG_ECDSA +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#define PSA_WANT_ALG_ECDSA_DETERMINISTIC +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 28702ebfa..8dbb18d50 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -50,7 +50,7 @@ #ifndef PSA_CRYPTO_CONFIG_H #define PSA_CRYPTO_CONFIG_H -#define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_ECDSA_DETERMINISTIC 1 +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fa3cea382..a73c6c7bc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2256,7 +2256,7 @@ exit: /* Message digests */ /****************************************************************/ -#if defined(MBEDTLS_RSA_C) || defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) +#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) @@ -2299,7 +2299,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) return( NULL ); } } -#endif +#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) { @@ -3530,7 +3530,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, } #endif /* MBEDTLS_RSA_C */ -#if defined(PSA_WANT_ALG_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() * (even though these functions don't modify it). */ @@ -3554,7 +3554,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, goto cleanup; } -#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -3567,7 +3567,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, &global_data.ctr_drbg ) ); } else -#endif /* PSA_WANT_ALG_ECDSA_DETERMINISTIC */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, @@ -3629,7 +3629,7 @@ cleanup: mbedtls_mpi_free( &s ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* PSA_WANT_ALG_ECDSA */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */ psa_status_t psa_sign_hash( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3698,9 +3698,9 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(PSA_WANT_ALG_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) if( -#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) PSA_ALG_IS_ECDSA( alg ) #else PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) @@ -3723,7 +3723,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( ecp ); } else -#endif /* defined(PSA_WANT_ALG_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */ { status = PSA_ERROR_INVALID_ARGUMENT; } @@ -3799,7 +3799,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(PSA_WANT_ALG_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { mbedtls_ecp_keypair *ecp = NULL; @@ -3817,7 +3817,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(PSA_WANT_ALG_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fe50134cc..d42c6816b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1314,7 +1314,7 @@ component_test_psa_want_ecdsa_disabled_software() { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA_DETERMINISTIC + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_DETERMINISTIC_ECDSA # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" From fa5e631d238b9dc9b10c4b3b6b37d35115b47de4 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 15 Oct 2020 17:07:12 +0200 Subject: [PATCH 278/488] Apply review feedback Signed-off-by: Steven Cooreman --- ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt | 2 ++ library/psa_crypto.c | 16 +++++++++------- tests/suites/test_suite_psa_crypto.function | 4 ++-- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt index 842d5ffd3..6660dc3d5 100644 --- a/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt +++ b/ChangeLog.d/support-ecdh-kdf-with-ecdh-key.txt @@ -2,3 +2,5 @@ Features * In PSA, allow using a key declared with a base key agreement algorithm in combined key agreement and derivation operations, as long as the key agreement algorithm in use matches the algorithm the key was declared with. + This is currently non-standard behaviour, but expected to make it into a + future revision of the PSA Crypto standard. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 69852fa56..ad6f052af 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1085,7 +1085,8 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg, ( requested_alg & ~PSA_ALG_HASH_MASK ) ); } /* If policy_alg is a generic key agreement operation, then using it for - * a key derivation with that key agreement is also compliant. */ + * a key derivation with that key agreement should also be allowed. This + * behaviour is expected to be defined in a future specification version. */ if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) && PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) ) { @@ -5876,12 +5877,6 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t * PSA_KEY_TYPE_DERIVE, shared_secret, shared_secret_length ); - - /* If a private key has been added as SECRET, we allow the derived - * key material to be used as a key in PSA Crypto. */ - if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) - operation->can_output_key = 1; - exit: mbedtls_platform_zeroize( shared_secret, shared_secret_length ); return( status ); @@ -5906,6 +5901,13 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o peer_key, peer_key_length ); if( status != PSA_SUCCESS ) psa_key_derivation_abort( operation ); + else + { + /* If a private key has been added as SECRET, we allow the derived + * key material to be used as a key in PSA Crypto. */ + if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) + operation->can_output_key = 1; + } return( status ); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 328508dd2..fc563cb15 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -5233,7 +5233,7 @@ void key_agreement_setup( int alg_arg, { psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; - psa_algorithm_t key_alg = our_key_alg_arg; + psa_algorithm_t our_key_alg = our_key_alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -5243,7 +5243,7 @@ void key_agreement_setup( int alg_arg, PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &attributes, key_alg ); + psa_set_key_algorithm( &attributes, our_key_alg ); psa_set_key_type( &attributes, our_key_type ); PSA_ASSERT( psa_import_key( &attributes, our_key_data->x, our_key_data->len, From 2c61835ec82294688d27739181c02b955350425c Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 22 Sep 2020 06:54:01 -0700 Subject: [PATCH 279/488] Add support for PSA crypto driver size_function Updated get_expected_key_size in psa_crypto_driver_wrappers to properly handle using the new size_function from PSA crypto drivers. Created initial infrastructure to support size_function for the PSA crypto drivers. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 58 ++++++++++++---- tests/include/test/drivers/size.h | 87 ++++++++++++++++++++++++ tests/include/test/drivers/test_driver.h | 1 + tests/src/drivers/size.c | 47 +++++++++++++ 4 files changed, 178 insertions(+), 15 deletions(-) create mode 100644 tests/include/test/drivers/size.h create mode 100644 tests/src/drivers/size.c diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index d41209bbf..a8dcc064d 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -256,23 +256,51 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute size_t *expected_size ) { size_t buffer_size = 0; - if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE ) - { - buffer_size = PSA_KEY_EXPORT_MAX_SIZE( attributes->core.type, - attributes->core.bits ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + psa_key_type_t key_type = attributes->core.type; + size_t key_bits = attributes->core.bits; - if( buffer_size == 0 ) + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + buffer_size = PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ); + + if( buffer_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + *expected_size = buffer_size; + return( PSA_SUCCESS ); + +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + /* TBD: opaque driver support: need to calculate size through a + * driver-defined size function, since the size of an opaque (wrapped) + * key will be different for each implementation. */ +#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION + *expected_size = test_size_function( key_type, key_bits ); + return( PSA_SUCCESS ); +#else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ + if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) + { + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; + } + else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) ) + { + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * ( ( key_bits + 7 ) / 8 ); + } + else + { + return( PSA_ERROR_NOT_SUPPORTED ); + } + return( PSA_SUCCESS ); +#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ +#endif /* PSA_CRYPTO_DRIVER_TEST */ + + default: return( PSA_ERROR_NOT_SUPPORTED ); - - *expected_size = buffer_size; - return( PSA_SUCCESS ); - } - else - { - /* TBD: opaque driver support: need to calculate size through a - * driver-defined size function, since the size of an opaque (wrapped) - * key will be different for each implementation. */ - return( PSA_ERROR_NOT_SUPPORTED ); } } #endif /* PSA_CRYPTO_DRIVER_PRESENT */ diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h new file mode 100644 index 000000000..4e5b5918e --- /dev/null +++ b/tests/include/test/drivers/size.h @@ -0,0 +1,87 @@ +/* + * Test driver for context size functions + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_SIZE_H +#define PSA_CRYPTO_TEST_DRIVERS_SIZE_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + unsigned int context; +} test_driver_key_context_t; + +/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + * + * This macro returns the base size for the key context. It should include + * the size for any driver context information stored with each key. + */ +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof(test_driver_key_context_t) + +/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE + * + * Number of bytes included in every key context for a key pair. + */ + +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + * + * Number of bytes included in every key context for a public key. + */ +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * + * Every key context for a symmetric key includes this many times the key size. + */ +#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY + * + * If this is true for a key pair, the key context includes space for the public key. + * If this is false, no additional space is added for the public key. + */ +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 0 + +/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + * + * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver + * provides a size_function entry point, otherwise, it does not. + * + * Some opaque drivers have the need to support a custom size for the storage + * of key and context information. The size_function provides the ability to + * provide that customization. + */ +//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION + +#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ); +#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 7ee8e5eea..ee5974217 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -25,5 +25,6 @@ #include "test/drivers/signature.h" #include "test/drivers/keygen.h" #include "test/drivers/cipher.h" +#include "test/drivers/size.h" #endif /* PSA_CRYPTO_TEST_DRIVER_H */ diff --git a/tests/src/drivers/size.c b/tests/src/drivers/size.c new file mode 100644 index 000000000..05f8a986a --- /dev/null +++ b/tests/src/drivers/size.c @@ -0,0 +1,47 @@ +/* + * Test driver for retrieving key context size. + * Only used by opaque drivers. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa/crypto.h" +#include "psa_crypto_core.h" +#include "mbedtls/error.h" + +#include "test/drivers/size.h" + +#include + +#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION +size_t test_size_function( + const psa_key_type_t key_type, + const size_t key_bits ) +{ + (void) key_type; + (void) key_bits; + return 0; +} +#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */ + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 9a689844f4056b0976a8574ba0a5e2229d682bc1 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 22 Sep 2020 07:39:28 -0700 Subject: [PATCH 280/488] Add new size.h to vs2010 project New file is needed for vs2010 project. Signed-off-by: John Durkop --- visualc/VS2010/mbedTLS.vcxproj | 1 + 1 file changed, 1 insertion(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index b243b73ae..3e9d14a29 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -241,6 +241,7 @@ + From 750d0e4b72fcd11a2d9c7ef53d57222b2c68886c Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 25 Sep 2020 06:18:33 -0700 Subject: [PATCH 281/488] Remove obsolete comment Removed TBD comment that is no longer relevant since that portion of the code has been updated. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index a8dcc064d..262070c6a 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -273,9 +273,6 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - /* TBD: opaque driver support: need to calculate size through a - * driver-defined size function, since the size of an opaque (wrapped) - * key will be different for each implementation. */ #ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION *expected_size = test_size_function( key_type, key_bits ); return( PSA_SUCCESS ); From badd89f525ed1410477ad37b36d67bc11599f5be Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 9 Oct 2020 07:06:29 -0700 Subject: [PATCH 282/488] Added specific key size values for a test driver Replaced generic values for the test driver with specific ones for a 256-bit ECC private/public key pair. Signed-off-by: John Durkop --- tests/include/test/drivers/size.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h index 4e5b5918e..831adbbd7 100644 --- a/tests/include/test/drivers/size.h +++ b/tests/include/test/drivers/size.h @@ -38,20 +38,26 @@ typedef struct { * This macro returns the base size for the key context. It should include * the size for any driver context information stored with each key. */ -#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof(test_driver_key_context_t) +#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) /** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE * * Number of bytes included in every key context for a key pair. + * + * This pair size is for an ECC 256-bit private/public key pair. + * Based on this value, the size of the private key can be derived by + * subtracting the public key size below from this one. */ -#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 0 +#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65 /** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE * * Number of bytes included in every key context for a public key. + * + * For ECC public keys, it needs 257 bits so 33 bytes. */ -#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 0 +#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33 /** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR * @@ -63,8 +69,10 @@ typedef struct { * * If this is true for a key pair, the key context includes space for the public key. * If this is false, no additional space is added for the public key. + * + * For this instance, store the public key with the private one. */ -#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 0 +#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1 /** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION * From ac93e3b43ca4374d46102c2f8861fb19df0ab547 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 16 Oct 2020 06:48:55 -0700 Subject: [PATCH 283/488] Fix guard for test_size_function() Previous guard was using original naming and did not get updated to the new name. Guard is now using correct definition of TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 262070c6a..f905ea4f9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -273,7 +273,7 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: -#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION +#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION *expected_size = test_size_function( key_type, key_bits ); return( PSA_SUCCESS ); #else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ From 135ce69361d4b0c83072a3afaff6ce9dfbc9da92 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 19 Oct 2020 07:12:28 -0700 Subject: [PATCH 284/488] Updated value of expected key size when not using test_size_function The calculation of the expected key size when not using the test_size_function was not correct. The function has now been updated to handle all cases properly to ensure the expected key size is correct for key pairs, public keys, and symmetric keys. Cleaned up some comments and removed unused includes. Signed-off-by: John Durkop --- library/psa_crypto_driver_wrappers.c | 13 +++++++++++-- tests/include/test/drivers/size.h | 6 +++--- tests/src/drivers/size.c | 5 ----- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index f905ea4f9..f19f55920 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -278,11 +278,20 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute return( PSA_SUCCESS ); #else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) + { + int public_key_overhead = ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ? + PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) : 0 ); + *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + + public_key_overhead; + } + else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) ) { *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; } - else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) ) + else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) && + !PSA_KEY_TYPE_IS_PUBLIC_KEY ( attributes->core.type ) ) { *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR @@ -300,7 +309,7 @@ static psa_status_t get_expected_key_size( const psa_key_attributes_t *attribute return( PSA_ERROR_NOT_SUPPORTED ); } } -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ) diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h index 831adbbd7..4bfe986a2 100644 --- a/tests/include/test/drivers/size.h +++ b/tests/include/test/drivers/size.h @@ -35,8 +35,8 @@ typedef struct { /** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE * - * This macro returns the base size for the key context. It should include - * the size for any driver context information stored with each key. + * This macro returns the base size for the key context. It is the size of the + * driver specific information stored in each key context. */ #define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t ) @@ -92,4 +92,4 @@ size_t test_size_function( #endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */ diff --git a/tests/src/drivers/size.c b/tests/src/drivers/size.c index 05f8a986a..16a86922a 100644 --- a/tests/src/drivers/size.c +++ b/tests/src/drivers/size.c @@ -25,14 +25,9 @@ #endif #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) -#include "psa/crypto.h" -#include "psa_crypto_core.h" -#include "mbedtls/error.h" #include "test/drivers/size.h" -#include - #ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION size_t test_size_function( const psa_key_type_t key_type, From 995c66f702db3a004be1e3d822ffad64b2ad125f Mon Sep 17 00:00:00 2001 From: Raef Coles Date: Tue, 13 Oct 2020 16:30:41 +0100 Subject: [PATCH 285/488] Build: Add MBEDTLS_TARGET_PREFIX Allows required targets to have prefixes added to them, so that external projects can avoid target names clashing. Signed-off-by: Raef Coles --- CMakeLists.txt | 6 +- .../add_MBEDTLS_TARGET_PREFIX_to_cmake.txt | 6 ++ library/CMakeLists.txt | 55 ++++++++++++------- programs/aes/CMakeLists.txt | 2 +- programs/fuzz/CMakeLists.txt | 2 +- programs/hash/CMakeLists.txt | 2 +- programs/pkey/CMakeLists.txt | 4 +- programs/psa/CMakeLists.txt | 2 +- programs/random/CMakeLists.txt | 2 +- programs/ssl/CMakeLists.txt | 2 +- programs/test/CMakeLists.txt | 4 +- programs/test/cmake_subproject/CMakeLists.txt | 12 ++-- programs/util/CMakeLists.txt | 2 +- programs/x509/CMakeLists.txt | 4 +- tests/CMakeLists.txt | 4 +- 15 files changed, 69 insertions(+), 40 deletions(-) create mode 100644 ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index 5af4c8124..e4f318b3c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,6 +14,10 @@ # CMake files. It is related to ZLIB support which is planned to be removed. # When the support is removed, the associated include_directories command # will be removed as well as this note. +# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling +# CMake in order to avoid target name clashes, via the use of +# MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the +# mbedtls, mbedx509, mbedcrypto and apidoc targets. # cmake_minimum_required(VERSION 2.6) @@ -273,7 +277,7 @@ if(ENABLE_PROGRAMS) add_subdirectory(programs) endif() -ADD_CUSTOM_TARGET(apidoc +ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}apidoc COMMAND doxygen mbedtls.doxyfile WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen) diff --git a/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt b/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt new file mode 100644 index 000000000..533f309ab --- /dev/null +++ b/ChangeLog.d/add_MBEDTLS_TARGET_PREFIX_to_cmake.txt @@ -0,0 +1,6 @@ +Features + * Add MBEDTLS_TARGET_PREFIX CMake variable, which is prefixed to the mbedtls, + mbedcrypto, mbedx509 and apidoc CMake target names. This can be used by + external CMake projects that include this one to avoid CMake target name + clashes. The default value of this variable is "", so default target names + are unchanged. diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 4444b984e..f0315f721 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -150,18 +150,31 @@ if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) message(FATAL_ERROR "Need to choose static or shared mbedtls build!") endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) -set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") +set(mbedtls_target "${MBEDTLS_TARGET_PREFIX}mbedtls") +set(mbedx509_target "${MBEDTLS_TARGET_PREFIX}mbedx509") +set(mbedcrypto_target "${MBEDTLS_TARGET_PREFIX}mbedcrypto") + +set(mbedtls_target ${mbedtls_target} PARENT_SCOPE) +set(mbedx509_target ${mbedx509_target} PARENT_SCOPE) +set(mbedcrypto_target ${mbedcrypto_target} PARENT_SCOPE) + +if (USE_STATIC_MBEDTLS_LIBRARY) + set(mbedtls_static_target ${mbedtls_target}) + set(mbedx509_static_target ${mbedx509_target}) + set(mbedcrypto_static_target ${mbedcrypto_target}) +endif() + +set(target_libraries ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target}) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - set(mbedtls_static_target "mbedtls_static") - set(mbedx509_static_target "mbedx509_static") - set(mbedcrypto_static_target "mbedcrypto_static") + string(APPEND mbedtls_static_target "_static") + string(APPEND mbedx509_static_target "_static") + string(APPEND mbedcrypto_static_target "_static") + list(APPEND target_libraries - "mbedcrypto_static" "mbedx509_static" "mbedtls_static") -elseif(USE_STATIC_MBEDTLS_LIBRARY) - set(mbedtls_static_target "mbedtls") - set(mbedx509_static_target "mbedx509") - set(mbedcrypto_static_target "mbedcrypto") + ${mbedcrypto_static_target} + ${mbedx509_static_target} + ${mbedtls_static_target}) endif() if(USE_STATIC_MBEDTLS_LIBRARY) @@ -179,17 +192,17 @@ if(USE_STATIC_MBEDTLS_LIBRARY) endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) - add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.24.0 SOVERSION 5) - target_link_libraries(mbedcrypto ${libs}) + add_library(${mbedcrypto_target} SHARED ${src_crypto}) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.24.0 SOVERSION 5) + target_link_libraries(${mbedcrypto_target} ${libs}) - add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.24.0 SOVERSION 1) - target_link_libraries(mbedx509 ${libs} mbedcrypto) + add_library(${mbedx509_target} SHARED ${src_x509}) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.24.0 SOVERSION 1) + target_link_libraries(${mbedx509_target} ${libs} ${mbedcrypto_target}) - add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.24.0 SOVERSION 13) - target_link_libraries(mbedtls ${libs} mbedx509) + add_library(${mbedtls_target} SHARED ${src_tls}) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.24.0 SOVERSION 13) + target_link_libraries(${mbedtls_target} ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) @@ -210,7 +223,9 @@ foreach(target IN LISTS target_libraries) PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endforeach(target) -add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) +set(lib_target "${MBEDTLS_TARGET_PREFIX}lib") + +add_custom_target(${lib_target} DEPENDS ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target}) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) - add_dependencies(lib mbedcrypto_static mbedx509_static mbedtls_static) + add_dependencies(${lib_target} ${mbedcrypto_static_target} ${mbedx509_static_target} ${mbedtls_static_target}) endif() diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 2309789a6..6b8ce2ab4 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables} diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index e2b0eace2..35512c79a 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedtls + ${mbedtls_target} ) if(USE_PKCS11_HELPER_LIBRARY) diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index ae294798b..b2f2a1f5c 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables} diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index b4b3d3042..9c6fe7d49 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables_mbedtls foreach(exe IN LISTS executables_mbedtls) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedtls) + target_link_libraries(${exe} ${mbedtls_target}) endforeach() set(executables_mbedcrypto @@ -31,7 +31,7 @@ set(executables_mbedcrypto foreach(exe IN LISTS executables_mbedcrypto) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 5cbcf7191..23e85fea7 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -6,7 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index 95acb7e10..8df836580 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -6,7 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endforeach() install(TARGETS ${executables} diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 28fbfc5a7..ca0a6a429 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -2,7 +2,7 @@ set(THREADS_USE_PTHREADS_WIN32 true) find_package(Threads) set(libs - mbedtls + ${mbedtls_target} ) if(USE_PKCS11_HELPER_LIBRARY) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 0df0becd9..217741bf9 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedtls + ${mbedtls_target} ) if(USE_PKCS11_HELPER_LIBRARY) @@ -33,7 +33,7 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) if (${exe_index} GREATER -1) target_link_libraries(${exe} ${libs}) else() - target_link_libraries(${exe} mbedcrypto) + target_link_libraries(${exe} ${mbedcrypto_target}) endif() endforeach() diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index 3e32c5fc3..a9fcfde29 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -1,5 +1,8 @@ cmake_minimum_required(VERSION 2.6) +# Test the target renaming support by adding a prefix to the targets built +set(MBEDTLS_TARGET_PREFIX subproject_test_) + # We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other # projects that use Mbed TLS as a subproject are likely to add by their own # relative paths. @@ -8,11 +11,12 @@ set(MBEDTLS_DIR ../../../) # Add Mbed TLS as a subdirectory. add_subdirectory(${MBEDTLS_DIR} build) -# Link against all the Mbed TLS libraries. +# Link against all the Mbed TLS libraries. Verifies that the targets have been +# created using the specified prefix set(libs - mbedcrypto - mbedx509 - mbedtls + subproject_test_mbedcrypto + subproject_test_mbedx509 + subproject_test_mbedtls ) add_executable(cmake_subproject cmake_subproject.c) diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index cb14a3ee6..2a11212ec 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedcrypto + ${mbedcrypto_target} ) set(executables diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index f7b5fe1d9..29cbeb800 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedx509 + ${mbedx509_target} ) if(USE_PKCS11_HELPER_LIBRARY) @@ -23,7 +23,7 @@ foreach(exe IN LISTS executables) target_link_libraries(${exe} ${libs}) endforeach() -target_link_libraries(cert_app mbedtls) +target_link_libraries(cert_app ${mbedtls_target}) install(TARGETS ${executables} DESTINATION "bin" diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index cc6866309..580d936c0 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,5 +1,5 @@ set(libs - mbedtls + ${mbedtls_target} ) # Set the project root directory if it's not already defined, as may happen if @@ -43,7 +43,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py ${mbedtls_target} ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) From 4762eddfb3e17d50b471cf6dda491047cbd712d6 Mon Sep 17 00:00:00 2001 From: Raef Coles Date: Tue, 13 Oct 2020 16:31:41 +0100 Subject: [PATCH 286/488] Build: Use new-style syntax in link-libraries Migrate to new syntax where the PUBLIC attribute is explicitly defined. Avoids issues caused sometimes where cmake does not allow the mixing of old-style and new-style syntax Signed-off-by: Raef Coles --- library/CMakeLists.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f0315f721..89625558a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -180,29 +180,29 @@ endif() if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) - target_link_libraries(${mbedcrypto_static_target} ${libs}) + target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) - target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) + target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) add_library(${mbedtls_static_target} STATIC ${src_tls}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) - target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) + target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target}) endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(${mbedcrypto_target} SHARED ${src_crypto}) set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.24.0 SOVERSION 5) - target_link_libraries(${mbedcrypto_target} ${libs}) + target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) add_library(${mbedx509_target} SHARED ${src_x509}) set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.24.0 SOVERSION 1) - target_link_libraries(${mbedx509_target} ${libs} ${mbedcrypto_target}) + target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.24.0 SOVERSION 13) - target_link_libraries(${mbedtls_target} ${libs} ${mbedx509_target}) + target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) From a817ea449a16c2a724478492996c157979300035 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Oct 2020 15:20:23 +0100 Subject: [PATCH 287/488] Check presence of DTLS timers only once Mbed TLS requires users of DTLS to configure timer callbacks needed to implement the wait-and-retransmit logic of DTLS. Previously, the presence of these timer callbacks was checked at every invocation of `mbedtls_ssl_fetch_input()`, so lowest layer of the messaging stack interfacing with the underlying transport. This commit removes this recurring check and instead checks the presence of timers once at the beginning of the handshake. The main rationale for this change is that it is a step towards separating the various layers of the messaging stack more cleanly: datagram layer, record layer, message layer, retransmission layer. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 8 -------- library/ssl_tls.c | 13 +++++++++++++ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 981d94e16..bdf882d87 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2018,14 +2018,6 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { uint32_t timeout; - /* Just to be sure */ - if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " - "mbedtls_ssl_set_timer_cb() for DTLS" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - /* * The point is, we need to always read a full datagram at once, so we * sometimes read more then requested, and handle the additional data. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7062d53b7..34953f269 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5682,11 +5682,24 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) { int ret = 0; + /* Sanity checks */ + if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " + "mbedtls_ssl_set_timer_cb() for DTLS" ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); + /* Main handshake loop */ while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { ret = mbedtls_ssl_handshake_step( ssl ); From d696e7d91e42a190d06760279d2e396392143454 Mon Sep 17 00:00:00 2001 From: Nayna Jain Date: Thu, 13 Aug 2020 19:17:53 +0000 Subject: [PATCH 288/488] programs/ssl: Fix incorrect EOF check in ssl_context_info.c In `read_next_b64_code()`, the result of fgetc() is stored into a char, but later compared against EOF, which is generally -1. On platforms where char is unsigned, this generates a compiler warning/error that the comparison will never be true (causing a build failure). The value will never match, with the function ultimately bailing with a "Too many bad symbols are detected" error. On platforms with signed char, EOF is detected, but a file containing a 0xFF character will causes a premature end of file exit of the loop. Fix this by changing the result to an int. Fixes #3794. Signed-off-by: Nayna Jain Signed-off-by: David Brown --- ChangeLog.d/bugfix_3794.txt | 4 ++++ programs/ssl/ssl_context_info.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/bugfix_3794.txt diff --git a/ChangeLog.d/bugfix_3794.txt b/ChangeLog.d/bugfix_3794.txt new file mode 100644 index 000000000..a483ea76a --- /dev/null +++ b/ChangeLog.d/bugfix_3794.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix handling of EOF against 0xff bytes and on platforms with + unsigned chars. Fixes a build failure on platforms where char is + unsigned. Fixes #3794. diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index df8819a80..d109c1e6f 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -377,13 +377,13 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len ) int valid_balance = 0; /* balance between valid and invalid characters */ size_t len = 0; char pad = 0; - char c = 0; + int c = 0; while( EOF != c ) { char c_valid = 0; - c = (char) fgetc( b64_file ); + c = fgetc( b64_file ); if( pad > 0 ) { From 3bea9f61e61ed3307b2471634afcfc9b80fd3706 Mon Sep 17 00:00:00 2001 From: David Brown Date: Fri, 16 Oct 2020 13:15:59 -0600 Subject: [PATCH 289/488] Add a context-info.sh test for 0xFF chars Add a non-regression test for ssl_context_info to ensure the base64 decoder doesn't stop processing when it encounters a 0xFF character. Signed-off-by: David Brown --- tests/context-info.sh | 5 +++++ tests/data_files/base64/def_b64_ff.bin | 5 +++++ 2 files changed, 10 insertions(+) create mode 100644 tests/data_files/base64/def_b64_ff.bin diff --git a/tests/context-info.sh b/tests/context-info.sh index 150584b5d..68614ff40 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -430,6 +430,11 @@ run_test "Binary file instead of text file" \ -u "Too many bad symbols detected. File check aborted" \ -n "Deserializing" +run_test "Decoder continues past 0xff character" \ + "def_b64_ff.bin" \ + -n "No valid base64" \ + -u "ciphersuite.* TLS-" + # End of tests diff --git a/tests/data_files/base64/def_b64_ff.bin b/tests/data_files/base64/def_b64_ff.bin new file mode 100644 index 000000000..66aa8271c --- /dev/null +++ b/tests/data_files/base64/def_b64_ff.bin @@ -0,0 +1,5 @@ +// Ensure that the b64 parser continues after encountering a 0xFF +// character. Note that this byte is invalid UTF-8, making this +// entire file invalid UTF-8. Use care when editing. +// -> <- +AhUAAH8AAA4AAABtAAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAACAAAAAAAAAAAAAAAAAAV6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== From c74441802ad5359ba7fbf8151b4bd0280c735d5a Mon Sep 17 00:00:00 2001 From: David Brown Date: Fri, 16 Oct 2020 13:19:49 -0600 Subject: [PATCH 290/488] Add context-info.sh to linked tests Add context-info.sh to the test scripts linked into the cmake build directory, so that these tests are available as well. Signed-off-by: David Brown --- tests/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index cc6866309..7d85adb29 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -166,6 +166,7 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(seedfile) endif() link_to_source(compat.sh) + link_to_source(context-info.sh) link_to_source(data_files) link_to_source(scripts) link_to_source(ssl-opt.sh) From d9246559cabf0e3481a2cecb0edefef3629eee2f Mon Sep 17 00:00:00 2001 From: Torstein Nesse Date: Wed, 21 Oct 2020 09:27:37 +0200 Subject: [PATCH 291/488] Update changelog entry, format specification, and correct test vectors Signed-off-by: Torstein Nesse --- .../systematically_store_bit_size_3740.txt | 12 +++--- .../mbed-crypto-storage-specification.md | 37 +++++++++++++++++-- .../test_suite_psa_crypto_persistent_key.data | 4 +- 3 files changed, 42 insertions(+), 11 deletions(-) diff --git a/ChangeLog.d/systematically_store_bit_size_3740.txt b/ChangeLog.d/systematically_store_bit_size_3740.txt index f6688f771..20a332723 100644 --- a/ChangeLog.d/systematically_store_bit_size_3740.txt +++ b/ChangeLog.d/systematically_store_bit_size_3740.txt @@ -1,7 +1,7 @@ Changes - * Always store key bits attribute in PSA key storage. Previously stored - keys should be augmented with the bits value to be compatible with the - updated version. #3740 - * Removes the stored bits field from the storage format for the - dynamic Secure Element driver. Previously stored keys must be updated to - remove the stored bits field. #3740 + * PSA persistent storage format is updated to always store the key bits + attribute. No automatic upgrade path is provided. Previously stored keys + must be erased, or manually upgraded based on the key storage format + specification (mbed-crypto-storage-specification.md). The storage format + for the dynamic Secure Element driver has also been updated. Previously + stored keys must be erased, or manually upgraded. #3740 diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index 0d33ba5e6..914bca3bb 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -204,7 +204,6 @@ Integrated in Mbed OS TBD. * The layout of a key file now has a lifetime field before the type field. * Key files can store references to keys in a secure element. In such key files, the key material contains the slot number. -* The type field has been split into a type and a bits field of 2 bytes each. ### File namespace on a PSA platform on TBD @@ -245,8 +244,7 @@ The layout of a key file is: * magic (8 bytes): `"PSA\0KEY\0"`. * version (4 bytes): 0. * lifetime (4 bytes): `psa_key_lifetime_t` value. -* type (2 bytes): `psa_key_type_t` value. -* bits (2 bytes): `psa_key_bits_t` value. +* type (4 bytes): `psa_key_type_t` value. * policy usage flags (4 bytes): `psa_key_usage_t` value. * policy usage algorithm (4 bytes): `psa_algorithm_t` value. * policy enrollment algorithm (4 bytes): `psa_algorithm_t` value. @@ -283,3 +281,36 @@ The layout of a transaction file is: * The slot in the secure element designated by the slot number. * The file containing the key metadata designated by the key identifier. * The driver persistent data. + +Mbed Crypto TBD +--------------- + +Tags: TBD + +Released in TBD 2020.
+Integrated in Mbed OS TBD. + +### Changes introduced in TBD + +* The type field has been split into a type and a bits field of 2 bytes each. + +### Key file format for TBD + +All integers are encoded in little-endian order in 8-bit bytes except where otherwise indicated. + +The layout of a key file is: + +* magic (8 bytes): `"PSA\0KEY\0"`. +* version (4 bytes): 0. +* lifetime (4 bytes): `psa_key_lifetime_t` value. +* type (2 bytes): `psa_key_type_t` value. +* bits (2 bytes): `psa_key_bits_t` value. +* policy usage flags (4 bytes): `psa_key_usage_t` value. +* policy usage algorithm (4 bytes): `psa_algorithm_t` value. +* policy enrollment algorithm (4 bytes): `psa_algorithm_t` value. +* key material length (4 bytes). +* key material: + * For a transparent key: output of `psa_export_key`. + * For an opaque key (unified driver interface): driver-specific opaque key blob. + * For an opaque key (key in a secure element): slot number (8 bytes), in platform endianness. +* Any trailing data is rejected on load. diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 4662406b1..91b741546 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -11,13 +11,13 @@ Parse storage: AES-128 key parse_storage_data_check:"505341004b45590000000000010000000024800000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS Parse storage: wrong version -parse_storage_data_check:"505341004b455900ffffffff0100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b455900ffffffff0100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: data too big parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: bad magic -parse_storage_data_check:"645341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"645341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: truncated magic parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE From 70e20622183ed69af3c6f2e3c4fb11e80095b407 Mon Sep 17 00:00:00 2001 From: Peter Toft Date: Wed, 21 Oct 2020 12:48:52 +0200 Subject: [PATCH 292/488] Updated minimum cmake requirement down to 2.8.12 * As described in issue #3801 the upcoming cmake 3.19 will not support cmake 2.6 any more * This PR updates the mimimum required cmake version to 2.8.12, which will not give a warning with cmake 3.19 but still compatible with MbedTLS support of RHEL/CentOS 7 LTS * Adding ChangeLog.d/bugfix_PR3802.txt Signed-off-by: Peter Toft --- CMakeLists.txt | 2 +- ChangeLog.d/minimum_cmake_version_PR3802.txt | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/minimum_cmake_version_PR3802.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index 5af4c8124..822186d58 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -16,7 +16,7 @@ # will be removed as well as this note. # -cmake_minimum_required(VERSION 2.6) +cmake_minimum_required(VERSION 2.8.12) if(TEST_CPP) project("mbed TLS" C CXX) else() diff --git a/ChangeLog.d/minimum_cmake_version_PR3802.txt b/ChangeLog.d/minimum_cmake_version_PR3802.txt new file mode 100644 index 000000000..549f9b1ac --- /dev/null +++ b/ChangeLog.d/minimum_cmake_version_PR3802.txt @@ -0,0 +1,3 @@ +Requirement changes +* Update the minimum required CMake version to 2.8.12. +* This silences a warning on CMake 3.19.0. #3801 From 8c31025310b2d2d8eced26ce4cc3bcfbfa58e7de Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 22 Oct 2020 10:43:45 +0200 Subject: [PATCH 293/488] Add missing bracket for CPP guard Signed-off-by: Steven Cooreman --- library/psa_crypto_its.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 93c4ce981..b671d63a5 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -142,4 +142,8 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, */ psa_status_t psa_its_remove(psa_storage_uid_t uid); +#ifdef __cplusplus +} +#endif + #endif /* PSA_CRYPTO_ITS_H */ From 88ebb2d7d09e6ec60c1f1597a398528d77dce4be Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 22 Oct 2020 11:55:50 +0200 Subject: [PATCH 294/488] Include public and public-ish PSA headers in CPP check Signed-off-by: Steven Cooreman --- programs/test/cpp_dummy_build.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index 09c527300..c69cd2bd7 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -109,6 +109,12 @@ #include "mbedtls/memory_buffer_alloc.h" #endif +#include "psa/crypto.h" +#include "psa/crypto_se_driver.h" +#include "psa/crypto_entropy_driver.h" +#include "psa/crypto_accel_driver.h" +#include "../library/psa_crypto_its.h" + int main() { mbedtls_platform_context *ctx = NULL; From ce1494b6eebaae626778dde4a718d7d2145c994b Mon Sep 17 00:00:00 2001 From: Torstein Nesse Date: Wed, 21 Oct 2020 13:42:23 +0200 Subject: [PATCH 295/488] Update ChangeLog.d/systematically_store_bit_size_3740.txt Signed-off-by: Torstein Nesse Co-authored-by: Gilles Peskine --- ChangeLog.d/systematically_store_bit_size_3740.txt | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/systematically_store_bit_size_3740.txt b/ChangeLog.d/systematically_store_bit_size_3740.txt index 20a332723..9e63bbc3e 100644 --- a/ChangeLog.d/systematically_store_bit_size_3740.txt +++ b/ChangeLog.d/systematically_store_bit_size_3740.txt @@ -1,7 +1,5 @@ Changes - * PSA persistent storage format is updated to always store the key bits + * The PSA persistent storage format is updated to always store the key bits attribute. No automatic upgrade path is provided. Previously stored keys must be erased, or manually upgraded based on the key storage format - specification (mbed-crypto-storage-specification.md). The storage format - for the dynamic Secure Element driver has also been updated. Previously - stored keys must be erased, or manually upgraded. #3740 + specification (docs/architecture/mbed-crypto-storage-specification.md). #3740 From 28baa1f141c21d9a700e4e79d7df7571c5ccb5bf Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 23 Oct 2020 00:51:52 -0700 Subject: [PATCH 296/488] Fixed test_psa_want_ecdsa_disabled_software to use proper macros Updated the test_psa_want_ecdsa_disabled_software to enable and disable the correct macros to accomplish the desired test. The previous version left out the disabling of additional macros to ensure items related to MBEDTLS_ECDSA_C were also unset. The test was also missing the setting of the accelerators MBEDTLS_PSA_ACCEL_ALG_ECDSA and DETERMINISTIC_ECDSA. With the accelerators enabled the test portion had to be temporarily disabled until the accelerator code is completed so the test will work properly. Updated the signature driver source to fix a compiler warning when MBEDTLS_ECDSA_C is unset. Signed-off-by: John Durkop --- tests/scripts/all.sh | 13 ++++++++----- tests/src/drivers/signature.c | 2 ++ 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d42c6816b..1ac97b641 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1307,19 +1307,22 @@ component_test_psa_crypto_config_basic() { component_test_psa_want_ecdsa_disabled_software() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA # without MBEDTLS_ECDSA_C + # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already + # set in include/psa/crypto_config.h msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" - msg "test: psa crypto config want ECDSA" - make test + # This should be added back in once the accelerator ECDSA code is in place and ready to test. + #msg "test: psa crypto config want ECDSA" + #make test } component_test_check_params_functionality () { diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 028d24a09..cea035190 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -262,6 +262,8 @@ cleanup: (void) alg; (void) hash; (void) hash_length; + (void) signature; + (void) signature_length; #endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) */ From 6dff93ff9b7d7b6f0817f63d4aace0fb4531c94c Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 23 Oct 2020 01:22:58 -0700 Subject: [PATCH 297/488] Ensure dependent features also included by config_psa.h When the PSA crypto features need to be setup based on the PSA_WANT_xxx macros, the dependent features also need to be enabled. This change corrects that for the MBEDTLS_ECDSA_DETERMINISTIC. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 9a1a1efba..d9cc4018b 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -51,6 +51,8 @@ extern "C" { #if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 #define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C #endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ #endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ From 4377bf747937e2963bc1d0f1aae893045b0f71d1 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 23 Oct 2020 01:26:57 -0700 Subject: [PATCH 298/488] Added new PSA crypto config test with no test driver Added a new test to all.sh to confirm that using MBEDTLS_PSA_CRYPTO_CONFIG with no test driver and the library is configured with normal configurations that the test works. Minor updates to other PSA crypto tests to cleanup msg output for consistency. Signed-off-by: John Durkop --- tests/scripts/all.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1ac97b641..74c3998dd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1300,7 +1300,21 @@ component_test_psa_crypto_config_basic() { # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" - msg "test: psa crypto config basic" + msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG" + make test +} + +component_test_psa_crypto_config_no_driver() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" make test } @@ -1321,7 +1335,7 @@ component_test_psa_want_ecdsa_disabled_software() { make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" # This should be added back in once the accelerator ECDSA code is in place and ready to test. - #msg "test: psa crypto config want ECDSA" + #msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" #make test } From 8ac0b80e9bec41f1123f141aca902bb090a108b2 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 23 Oct 2020 01:32:15 -0700 Subject: [PATCH 299/488] Rename test_psa_want_ecdsa_disabled_softare Changed the test name from test_ to build_ to better reflect what the test is currently performing. Signed-off-by: John Durkop --- tests/scripts/all.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 74c3998dd..d967d572e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1318,7 +1318,8 @@ component_test_psa_crypto_config_no_driver() { make test } -component_test_psa_want_ecdsa_disabled_software() { +# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. +component_build_psa_want_ecdsa_disabled_software() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA # without MBEDTLS_ECDSA_C # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already @@ -1333,10 +1334,6 @@ component_test_psa_want_ecdsa_disabled_software() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" - - # This should be added back in once the accelerator ECDSA code is in place and ready to test. - #msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C" - #make test } component_test_check_params_functionality () { From 821f291d77768b36400f79ee61b56be01f2c11da Mon Sep 17 00:00:00 2001 From: Torstein Nesse Date: Sat, 24 Oct 2020 09:46:49 +0200 Subject: [PATCH 300/488] Ensure that all test vectors only contain one error. Signed-off-by: Torstein Nesse --- tests/suites/test_suite_psa_crypto_persistent_key.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 91b741546..98db74d34 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -11,13 +11,13 @@ Parse storage: AES-128 key parse_storage_data_check:"505341004b45590000000000010000000024800000030000021040060000000010000000404142434445464748494a4b4c4d4e4f":"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:0:PSA_SUCCESS Parse storage: wrong version -parse_storage_data_check:"505341004b455900ffffffff0100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"505341004b455900ffffffff0100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: data too big parse_storage_data_check:"505341004b455900000000000100000001700000010000000000001200000010ffffffff3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: bad magic -parse_storage_data_check:"645341004b455900000000000100000001700000010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE +parse_storage_data_check:"645341004b455900000000000100000001700004010000000000001200000010620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE Parse storage: truncated magic parse_storage_data_check:"505341004b4559":"":PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION:PSA_ALG_CATEGORY_SIGN:PSA_ERROR_STORAGE_FAILURE From 95db3012c8d97b3ca7ff848ff4c9c1a30a7c8de7 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 26 Oct 2020 11:35:23 +0100 Subject: [PATCH 301/488] Make the aes xts methods independent from MBEDTLS_AES_SETKEY_DEC_ALT This is fix for the MBEDTLS_AES_SETKEY_DEC_ALT macro switch is including the aes xts methods and building with a custom mbedtls_aes_setkey_dec function will disable the aes xts methods. The fix is separating the aes xts methods and the MBEDTLS_AES_SETKEY_DEC_ALT can only switch the presence of the mbedtls_aes_setkey_dec function. Signed-off-by: gabor-mezei-arm --- library/aes.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/aes.c b/library/aes.c index ed48b24d3..b538664c5 100644 --- a/library/aes.c +++ b/library/aes.c @@ -730,6 +730,7 @@ exit: return( ret ); } +#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) static int mbedtls_aes_xts_decode_keys( const unsigned char *key, @@ -808,8 +809,6 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ - #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ do \ { \ From 398aee57421706ffdb7c90d9d4397a0f1adc1bd0 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 13 Oct 2020 14:35:45 +0200 Subject: [PATCH 302/488] Rework psa_copy_key_material There's no need for calling export-and-import when the key is guaranteed to have been stored in export representation. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ddb03fc32..5a5dc8d4e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2179,26 +2179,16 @@ exit: static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, psa_key_slot_t *target ) { - psa_status_t status; - uint8_t *buffer = NULL; - size_t buffer_size = 0; - size_t length; - - buffer_size = PSA_KEY_EXPORT_MAX_SIZE( source->attr.type, - psa_get_key_slot_bits( source ) ); - buffer = mbedtls_calloc( 1, buffer_size ); - if( buffer == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_internal_export_key( source, buffer, buffer_size, &length, 0 ); + psa_status_t status = psa_allocate_buffer_to_slot( target, + source->data.key.bytes ); if( status != PSA_SUCCESS ) - goto exit; - target->attr.type = source->attr.type; - status = psa_import_key_into_slot( target, buffer, length ); + return( status ); -exit: - mbedtls_platform_zeroize( buffer, buffer_size ); - mbedtls_free( buffer ); - return( status ); + memcpy( target->data.key.data, source->data.key.data, source->data.key.bytes ); + target->attr.type = source->attr.type; + target->attr.bits = source->attr.bits; + + return( PSA_SUCCESS ); } psa_status_t psa_copy_key( psa_key_handle_t source_handle, From 0452476eacbc4989a337942b697194dd77b8dbd7 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 13 Oct 2020 17:43:44 +0200 Subject: [PATCH 303/488] Implement, plug in and test validate_key driver entry point Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 3 +- library/psa_crypto_driver_wrappers.c | 28 +++++ library/psa_crypto_driver_wrappers.h | 9 ++ tests/include/test/drivers/keygen.h | 7 +- tests/src/drivers/keygen.c | 112 +++++++++++++++++- ...test_suite_psa_crypto_driver_wrappers.data | 19 +++ ..._suite_psa_crypto_driver_wrappers.function | 34 ++++++ 7 files changed, 208 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5a5dc8d4e..ddb2faa3c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -977,6 +977,7 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, size_t data_length ) { psa_status_t status = PSA_SUCCESS; + size_t bit_size; /* zero-length keys are never supported. */ if( data_length == 0 ) @@ -984,7 +985,7 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, if( key_type_is_raw_bytes( slot->attr.type ) ) { - size_t bit_size = PSA_BYTES_TO_BITS( data_length ); + bit_size = PSA_BYTES_TO_BITS( data_length ); /* Ensure that the bytes-to-bits conversion hasn't overflown. */ if( data_length > SIZE_MAX / 8 ) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index f19f55920..2bda2a6cb 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -410,6 +410,34 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } +psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ) +{ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + /* Try accelerators in turn */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_validate_key( attributes, + data, + data_length, + bits ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + + return( PSA_ERROR_NOT_SUPPORTED ); +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + (void) attributes; + (void) data; + (void) data_length; + (void) bits; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_DRIVER_PRESENT */ +} + /* * Cipher functions */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 0db15d6c3..b0b483bb5 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -43,9 +43,18 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, const uint8_t *signature, size_t signature_length ); +/* + * Key handling functions + */ + psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot ); +psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ); + /* * Cipher functions */ diff --git a/tests/include/test/drivers/keygen.h b/tests/include/test/drivers/keygen.h index b72c65c78..e5a5e4700 100644 --- a/tests/include/test/drivers/keygen.h +++ b/tests/include/test/drivers/keygen.h @@ -1,5 +1,5 @@ /* - * Test driver for generating keys. + * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -57,5 +57,10 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); +psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/keygen.c index f15a4bc9a..84fc98a37 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/keygen.c @@ -1,6 +1,6 @@ /* - * Test driver for generating keys. - * Currently only supports generating ECC keys. + * Test driver for generating and verifying keys. + * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -122,4 +122,112 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } +psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits) +{ + ++test_driver_keygen_hooks.hits; + + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); + +#if defined(MBEDTLS_ECP_C) + psa_key_type_t type = psa_get_key_type( attributes ); + if ( PSA_KEY_TYPE_IS_ECC( type ) ) + { + // Code mostly copied from psa_load_ecp_representation + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); + mbedtls_ecp_group_id grp_id; + mbedtls_ecp_keypair ecp; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if( *bits == 0 ) + { + // Attempt auto-detect of curve bit size + size_t curve_size = data_length; + + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) && + PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY ) + { + /* A Weierstrass public key is represented as: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. + * So its data length is 2m+1 where n is the key size in bits. + */ + if( ( data_length & 1 ) == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + curve_size = data_length / 2; + + /* Montgomery public keys are represented in compressed format, meaning + * their curve_size is equal to the amount of input. */ + + /* Private keys are represented in uncompressed private random integer + * format, meaning their curve_size is equal to the amount of input. */ + } + + grp_id = mbedtls_ecc_group_of_psa( curve, curve_size ); + } + else + { + grp_id = mbedtls_ecc_group_of_psa( curve, + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + } + + const mbedtls_ecp_curve_info *curve_info = + mbedtls_ecp_curve_info_from_grp_id( grp_id ); + + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + *bits = curve_info->bit_size; + + mbedtls_ecp_keypair_init( &ecp ); + + status = mbedtls_to_psa_error( + mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Load the key material. */ + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) + { + /* Load the public value. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, + data, + data_length ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Check that the point is on the curve. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_check_pubkey( &ecp.grp, &ecp.Q ) ); + } + else + { + /* Load and validate the secret value. */ + status = mbedtls_to_psa_error( + mbedtls_ecp_read_key( ecp.grp.id, + &ecp, + data, + data_length ) ); + } + +ecp_exit: + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } + return( PSA_ERROR_NOT_SUPPORTED ); +#else + (void) data; + (void) data_length; + (void) bits; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* MBEDTLS_ECP_C */ +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 7abc25692..1f1ee39cd 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -40,6 +40,25 @@ generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS generate_key through transparent driver: error generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR +validate key through transparent driver: good private key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS + +validate key through transparent driver: good public key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_SUCCESS:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS + +validate key through transparent driver: fallback private key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS + +validate key through transparent driver: fallback public key +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS + +validate key through transparent driver: error +validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR + PSA symmetric encrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 951670d56..3cecbfc67 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -184,6 +184,40 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void validate_key( int force_status_arg, + int key_type_arg, + data_t *key_input, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_type_t key_type = key_type_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t actual_status; + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + + psa_set_key_type( &attributes, + key_type ); + psa_set_key_bits( &attributes, 0 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); + + test_driver_keygen_hooks.forced_status = force_status; + + PSA_ASSERT( psa_crypto_init( ) ); + + actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &handle ); + TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); + TEST_EQUAL( actual_status, expected_status ); +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); +} +/* END_CASE */ + /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, From f7cebd4a2b636059e97061aa18d095a2731b23a3 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 13 Oct 2020 20:27:40 +0200 Subject: [PATCH 304/488] Add internal helper function to load prevalidated key material Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 24 +++++++++++++++++------- library/psa_crypto_core.h | 21 +++++++++++++++++++++ 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ddb2faa3c..afe09af02 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -969,6 +969,19 @@ static psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot, return( PSA_SUCCESS ); } +psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, + const uint8_t* data, + size_t data_length ) +{ + psa_status_t status = psa_allocate_buffer_to_slot( slot, + data_length ); + if( status != PSA_SUCCESS ) + return( status ); + + memcpy( slot->data.key.data, data, data_length ); + return( PSA_SUCCESS ); +} + /** Import key data into a slot. `slot->attr.type` must have been set * previously. This function assumes that the slot does not contain * any key material yet. On failure, the slot content is unchanged. */ @@ -1001,13 +1014,10 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, return( status ); /* Allocate memory for the key */ - status = psa_allocate_buffer_to_slot( slot, data_length ); + status = psa_copy_key_material_into_slot( slot, data, data_length ); if( status != PSA_SUCCESS ) return( status ); - /* copy key into allocated buffer */ - memcpy( slot->data.key.data, data, data_length ); - /* Write the actual key size to the slot. * psa_start_key_creation() wrote the size declared by the * caller, which may be 0 (meaning unspecified) or wrong. */ @@ -2180,12 +2190,12 @@ exit: static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, psa_key_slot_t *target ) { - psa_status_t status = psa_allocate_buffer_to_slot( target, - source->data.key.bytes ); + psa_status_t status = psa_copy_key_material_into_slot( target, + source->data.key.data, + source->data.key.bytes ); if( status != PSA_SUCCESS ) return( status ); - memcpy( target->data.key.data, source->data.key.data, source->data.key.bytes ); target->attr.type = source->attr.type; target->attr.bits = source->attr.bits; diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 6ee17fce0..4943eb1a7 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -161,6 +161,27 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, const uint8_t *data, size_t data_length ); +/** Copy key data (in export format) into an empty key slot. + * + * This function assumes that the slot does not contain + * any key material yet. On failure, the slot content is unchanged. + * + * \param[in,out] slot Key slot to copy the key into. + * \param[in] data Buffer containing the key material. + * \param data_length Size of the key buffer. + * + * \retval #PSA_SUCCESS + * The key has been copied successfully. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * Not enough memory was available for allocation of the + * copy buffer. + * \retval #PSA_ERROR_ALREADY_EXISTS + * There was other key material already present in the slot. + */ +psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, + const uint8_t *data, + size_t data_length ); + /** Convert an mbed TLS error code to a PSA error code * From 3ea0ce450ff1cf72396b0e0fae64255a9f071a09 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 23 Oct 2020 11:37:05 +0200 Subject: [PATCH 305/488] Separate 'import' from 'load into slot' Now that there's a validate_key entry point for drivers, it becomes much more important to separate the import action (where a key needs to be validated) from the load action (where a key has been previously validated, and thus re-validating it would be a waste of time). This also exposes why not storing the 'bits' attribute persistently was a bad idea. The only reason there's a rather large function to detect bit size is because loading from persistent storage requires it. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 262 ++++++++++++++++++++++++--- library/psa_crypto_core.h | 42 ++--- library/psa_crypto_slot_management.c | 6 +- 3 files changed, 263 insertions(+), 47 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index afe09af02..1901281c5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -739,7 +739,7 @@ static psa_status_t psa_load_ecp_representation( psa_key_type_t type, * - The byte 0x04; * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * So its data length is 2m+1 where n is the key size in bits. + * So its data length is 2m+1 where m is the curve size in bits. */ if( ( data_length & 1 ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -982,12 +982,197 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, return( PSA_SUCCESS ); } -/** Import key data into a slot. `slot->attr.type` must have been set - * previously. This function assumes that the slot does not contain - * any key material yet. On failure, the slot content is unchanged. */ -psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, - const uint8_t *data, - size_t data_length ) +psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot ) +{ + if( slot->attr.bits != 0 ) + return( PSA_SUCCESS ); + + if( key_type_is_raw_bytes( slot->attr.type ) ) + { + slot->attr.bits = + (psa_key_bits_t) PSA_BYTES_TO_BITS( slot->data.key.bytes ); + return( PSA_SUCCESS ); + } + else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + { + /* Keys are stored in export format, and we are currently + * restricted to known curves, so do the reverse lookup based + * on data length. */ + size_t byte_length = slot->data.key.bytes; + if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) && + PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) != + PSA_ECC_FAMILY_MONTGOMERY ) + { + /* A Weierstrass public key is represented as: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. + * So its data length is 2m+1 where m is the curve size in bits. + */ + if( ( byte_length & 1 ) == 0 ) + return( PSA_ERROR_BAD_STATE ); + byte_length = byte_length / 2; + + /* Montgomery public keys are represented in compressed format, + * meaning their curve_size is equal to the amount of input. */ + + /* Private keys are represented in uncompressed private random + * integer format, meaning their curve_size is equal to the + * amount of input. */ + } + + switch( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) ) + { + case PSA_ECC_FAMILY_SECP_R1: + switch( byte_length ) + { + case PSA_BITS_TO_BYTES( 192 ): + slot->attr.bits = 192; + break; + case PSA_BITS_TO_BYTES( 224 ): + slot->attr.bits = 224; + break; + case PSA_BITS_TO_BYTES( 256 ): + slot->attr.bits = 256; + break; + case PSA_BITS_TO_BYTES( 384 ): + slot->attr.bits = 384; + break; + case PSA_BITS_TO_BYTES( 521 ): + slot->attr.bits = 521; + break; + default: + return( PSA_ERROR_BAD_STATE ); + } + break; + + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: + switch( byte_length ) + { + case PSA_BITS_TO_BYTES( 256 ): + slot->attr.bits = 256; + break; + case PSA_BITS_TO_BYTES( 384 ): + slot->attr.bits = 384; + break; + case PSA_BITS_TO_BYTES( 512 ): + slot->attr.bits = 512; + break; + default: + return( PSA_ERROR_BAD_STATE ); + } + break; + + case PSA_ECC_FAMILY_MONTGOMERY: + switch( byte_length ) + { + case PSA_BITS_TO_BYTES( 255 ): + slot->attr.bits = 255; + break; + case PSA_BITS_TO_BYTES( 448 ): + slot->attr.bits = 448; + break; + default: + return( PSA_ERROR_BAD_STATE ); + } + break; + + case PSA_ECC_FAMILY_SECP_K1: + switch( byte_length ) + { + case PSA_BITS_TO_BYTES( 192 ): + slot->attr.bits = 192; + break; + case PSA_BITS_TO_BYTES( 224 ): + slot->attr.bits = 224; + break; + case PSA_BITS_TO_BYTES( 256 ): + slot->attr.bits = 256; + break; + default: + return( PSA_ERROR_BAD_STATE ); + } + break; + + default: + return( PSA_ERROR_BAD_STATE ); + } + + return( PSA_SUCCESS ); + } + else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) + { + /* There's no easy way of figuring out the RSA bit size from + * the data length of the export representation. For now, use + * the mbed TLS software implementation to figure it out. */ + psa_key_attributes_t attributes = { + .core = slot->attr + }; + size_t bits; + psa_status_t status = psa_driver_wrapper_validate_key( + &attributes, + slot->data.key.data, + slot->data.key.bytes, + &bits ); + if( status == PSA_SUCCESS ) + slot->attr.bits = (psa_key_bits_t) bits; + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); + + /* If no accelerator was able to figure it out, try software. */ +#if defined(MBEDTLS_RSA_C) + mbedtls_rsa_context *rsa = NULL; + + /* Parse input */ + status = psa_load_rsa_representation( slot->attr.type, + slot->data.key.data, + slot->data.key.bytes, + &rsa ); + if( status != PSA_SUCCESS ) + { + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + return( status ); + } + + slot->attr.bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( + mbedtls_rsa_get_len( rsa ) ); + + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( PSA_SUCCESS ); +#else + return( PSA_ERROR_NOT_SUPPORTED ); +#endif + } + else + return( PSA_ERROR_NOT_SUPPORTED ); +} + +/** Import key data into a slot. + * + * `slot->type` must have been set previously. + * This function assumes that the slot does not contain any key material yet. + * On failure, the slot content is unchanged. + * + * Persistent storage is not affected. + * + * \param[in,out] slot The key slot to import data into. + * Its `type` field must have previously been set to + * the desired key type. + * It must not contain any key material yet. + * \param[in] data Buffer containing the key material to parse and import. + * \param data_length Size of \p data in bytes. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, + const uint8_t *data, + size_t data_length ) { psa_status_t status = PSA_SUCCESS; size_t bit_size; @@ -1023,32 +1208,65 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, * caller, which may be 0 (meaning unspecified) or wrong. */ slot->attr.bits = (psa_key_bits_t) bit_size; } - else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + else if( PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) ) { + /* Try validation through accelerators first. */ + bit_size = slot->attr.bits; + psa_key_attributes_t attributes = { + .core = slot->attr + }; + status = psa_driver_wrapper_validate_key( &attributes, + data, + data_length, + &bit_size ); + if( status == PSA_SUCCESS ) + { + /* Key has been validated successfully by an accelerator. + * Copy key material into slot. */ + status = psa_copy_key_material_into_slot( slot, data, data_length ); + if( status != PSA_SUCCESS ) + return( status ); + + slot->attr.bits = (psa_key_bits_t) bit_size; + return( PSA_SUCCESS ); + } + else if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); + + /* Key format is not supported by any accelerator, try software fallback + * if present. */ + if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + { #if defined(MBEDTLS_ECP_C) - status = psa_import_ecp_key( slot, - data, data_length ); + status = psa_import_ecp_key( slot, + data, data_length ); #else - /* No drivers have been implemented yet, so without mbed TLS backing - * there's no way to do ECP with the current library. */ - return( PSA_ERROR_NOT_SUPPORTED ); + /* No drivers have been implemented yet, so without mbed TLS backing + * there's no way to do ECP with the current library. */ + status = PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_ECP_C) */ - } - else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) - { + } + else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) + { #if defined(MBEDTLS_RSA_C) - status = psa_import_rsa_key( slot, - data, data_length ); + status = psa_import_rsa_key( slot, + data, data_length ); #else - /* No drivers have been implemented yet, so without mbed TLS backing - * there's no way to do RSA with the current library. */ - status = PSA_ERROR_NOT_SUPPORTED; + /* No drivers have been implemented yet, so without mbed TLS backing + * there's no way to do RSA with the current library. */ + status = PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_RSA_C) */ + } + else + { + /* Unsupported asymmetric key type */ + status = PSA_ERROR_NOT_SUPPORTED; + } } else { /* Unknown key type */ - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; } return( status ); diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 4943eb1a7..2786b7993 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -137,30 +137,6 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot, */ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ); -/** Import key data into a slot. - * - * `slot->type` must have been set previously. - * This function assumes that the slot does not contain any key material yet. - * On failure, the slot content is unchanged. - * - * Persistent storage is not affected. - * - * \param[in,out] slot The key slot to import data into. - * Its `type` field must have previously been set to - * the desired key type. - * It must not contain any key material yet. - * \param[in] data Buffer containing the key material to parse and import. - * \param data_length Size of \p data in bytes. - * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INVALID_ARGUMENT - * \retval PSA_ERROR_NOT_SUPPORTED - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - */ -psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, - const uint8_t *data, - size_t data_length ); - /** Copy key data (in export format) into an empty key slot. * * This function assumes that the slot does not contain @@ -182,6 +158,24 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, const uint8_t *data, size_t data_length ); +/** Detect the key bit size for a key in a slot where bit size + * is unset. + * + * This function assumes that the slot contains key material in + * export format. + * + * \param[in,out] slot Key slot to detect and set the bit size in. + * + * \retval #PSA_SUCCESS + * The key bit size was already set, or has been detected + * and set accordingly. + * \retval #PSA_ERROR_BAD_STATE + * The size of the key material in the slot doesn't match + * with the declared key type. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key type is unknown to the implementation. + */ +psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot ); /** Convert an mbed TLS error code to a PSA error code * diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index b7a3c1338..f33c4f2ef 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -141,7 +141,11 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ { - status = psa_import_key_into_slot( slot, key_data, key_data_length ); + status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_detect_bit_size_in_slot( slot ); } exit: From 36a82e5a6b7265d152523a09b0f7e2c8a2c5d40a Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 26 Oct 2020 09:39:05 -0700 Subject: [PATCH 306/488] Ensure MBEDTLS_ECDSA_C is set when DETERMINISTIC_ECDSA is used Ensure that MBEDTLS_ECDSA_C is set when PSA_WANT_ALG_DETERMINISTIC_ECDSA is requested. Also added MBEDTLS_ECDSA_C to the requirements comment in config.h for MBEDTLS_ECDSA_DETERMINISTIC. Signed-off-by: John Durkop --- include/mbedtls/config.h | 2 +- include/mbedtls/config_psa.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6fbaeed0c..48e8855e8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -864,7 +864,7 @@ * may result in a compromise of the long-term signing key. This is avoided by * the deterministic variant. * - * Requires: MBEDTLS_HMAC_DRBG_C + * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C * * Comment this macro to disable deterministic ECDSA. */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index d9cc4018b..31c5e1d99 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -51,6 +51,7 @@ extern "C" { #if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 #define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_ECDSA_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ From e7012c7725e614ea3ced8f8af546b1b91e2447a0 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 26 Oct 2020 09:55:01 -0700 Subject: [PATCH 307/488] Cleaned up test_psa_crypto_config_no_driver based on review comments Removed comment referencing test driver header path and the inclusion of the test driver directory from the build since it is not required for that test. Signed-off-by: John Durkop --- tests/scripts/all.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d967d572e..71f0f8e54 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1311,8 +1311,7 @@ component_test_psa_crypto_config_no_driver() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" make test From 12760595e7e6c8415b48526362f3eea282daa5dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 26 Oct 2020 18:07:01 +0100 Subject: [PATCH 308/488] Replace validate_key by import_key When importing a transparent key, the key needs to be not only validated, but also possibly converted, if it is not already in the canonical representation. So change the validate_key entry point to an import_key entry point. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 60 +++++++++++++++++---------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index ef92c693b..0a7f71ffb 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/10/12 21:34:43 GMT" +Time-stamp: "2020/10/26 16:54:57 GMT" ## Introduction @@ -339,13 +339,45 @@ The format of a key for transparent drivers is the same as in applications. Refe Transparent drivers may provide the following key management entry points: -* [`"validate_key"`](#key-validation-with-transparent-drivers): called by `psa_import_key()`, only when importing a key pair or a public key (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). +* [`"import_key"`](#key-import-with-transparent-drivers): called by `psa_import_key()`, only when importing a key pair or a public key (key such that `PSA_KEY_TYPE_IS_ASYMMETRIC` is true). * `"generate_key"`: called by `psa_generate_key()`, only when generating a key pair (key such that `PSA_KEY_TYPE_IS_KEY_PAIR` is true). * `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()`, only when deriving a key pair (key such that `PSA_KEY_TYPE_IS_KEY_PAIR` is true). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this function at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. Transparent drivers are not involved when exporting, copying or destroying keys, or when importing, generating or deriving symmetric keys. +#### Key import with transparent drivers + +The key import entry points has the following prototype for a driver with the prefix `"acme"`: +``` +psa_status_t acme_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); +``` + +This entry point has several roles: + +1. Parse the key data in the input buffer `data`. The driver must support the export format for the key types that the entry point is declared for. It may support additional formats as specified in the description of [`psa_import_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) in the PSA Cryptography API specification. +2. Validate the key data. The necessary validation is described in the section [“Key validation with transparent drivers”](#key-validation-with-transparent-drivers) below. +3. [Determine the key size](#key-size-determination-on-import) and output it through `*bits`. +4. Copy the validated key data from `data` to `key_buffer`. The output must be in the canonical format documented for [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) or [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key), so if the input is not in this format, the entry point must convert it. + +#### Key size determination on import + +The PSA Cryptography API exposes the key size as part of the key attributes. +When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. +In this case, the core will call the `"import_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"import_key"` entry point must return the actual key size in the `bits` output parameter. +The semantics of `bits` is as follows: + +* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"import_key"` entry point. +* If `*bits == 0`, the driver must determine the key size from the data, and return `PSA_ERROR_INVALID_ARGUMENT` if this is not possible. +* If `*bits != 0`, the driver may either determine the key size from the data and store it in `*bits`, or check the value of `*bits*` against the data and return an error if it does not match. +* If the `"import_key"` entry point returns `PSA_SUCCESS`, but `psa_get_key_bits(attributes) != 0` and `psa_get_key_bits(attributes) != *bits` on output, the core considers the key as invalid due to the size mismatch. + #### Key validation with transparent drivers When a driver creates a key, it is responsible for ensuring that the key is valid. But when a key is imported, no processing of the key happens: the PSA Cryptography implementation just stores the key material. (It may store it in an encoded form, but this is an implementation choice which is not visible at the level of PSA specifications.) It is important to validate the incoming key material, to avoid storing a key that will later be unacceptable for operations or that could even cause functional or security issues during operations. @@ -358,25 +390,7 @@ To avoid delayed problems caused by imported invalid keys, a PSA Cryptography im * For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: what else? * For elliptic curve public keys (``), check the size and range, and that the point is on the curve. TODO: what else? -A driver can provide code to perform the required validation by providing a `"validate_key"` entry point. This entry point returns `PSA_SUCCESS` if the key is valid or an applicable error code if it isn't. - -The `"validate_key"` entry point has an additional role, which is to determine the size of a key. -The PSA Cryptography API exposes the key size as part of the key attributes. -When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. -In this case, the core will call the `"validate_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"validate_key"` entry point must return the actual key size in the `bits` output parameter. -The semantics of `bits` is as follows: - -* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"validate_key"` entry point. -* If `*bits == 0`, the driver must determine the key size from the data, and return `PSA_ERROR_INVALID_ARGUMENT` if this is not possible. -* If `*bits != 0`, the driver may either determine the key size from the data and store it in `*bits`, or check the value of `*bits*` against the data and return an error if it does not match. -* If the `"validate_key"` entry point returns `PSA_SUCCESS`, but `psa_get_key_bits(attributes) != 0` and `psa_get_key_bits(attributes) != *bits` on output, the core considers the key as invalid due to the size mismatch. - -``` -psa_status_t acme_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits); -``` +A driver can provide code to perform the required validation by providing an `"import_key"` entry point. This entry point returns `PSA_SUCCESS` if the key is valid or an applicable error code if it isn't. ### Fallback @@ -551,9 +565,9 @@ TODO: derivation, copy #### Key validation and size on import -The `"import_key"` entry point must validate the key so that if a key is imported successfully, permitted operations on the key will succeed if the input data is valid and enough resources are available. For key types that are defined in the PSA Cryptography specification, opaque drivers must guarantee the properties that transparent drivers guarantee if [`"validate_key"`](#key-validation-with-transparent-drivers) succeeds. +The `"import_key"` entry point must validate the key so that if a key is imported successfully, permitted operations on the key will succeed if the input data is valid and enough resources are available. For key types that are defined in the PSA Cryptography specification, opaque drivers must guarantee the properties that transparent drivers guarantee if [`"import_key"`](#key-validation-with-transparent-drivers) succeeds. -Rationale: The key must be validated on import to provide in-time feedback when attempting to inject a bad key. The minimum requirement for validation is the same as for `"validate_key"` to set a minimum security baseline (especially for operations such as key agreement where accepting an invalid key could result in leaking secret material). +Rationale: The key must be validated on import to provide in-time feedback when attempting to inject a bad key. The minimum requirement for validation sets a minimum security baseline (especially for operations such as key agreement where accepting an invalid key could result in leaking secret material). The `"import_key"` entry point may need to determine the key size. The PSA Cryptography API exposes the key size as part of the key attributes. From f87e3aea167df8061067ca87992f485297c0c876 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 26 Oct 2020 15:25:23 -0700 Subject: [PATCH 309/488] Update guards in PSA crypto library for ECDSA and DETERMINISTIC support In the PSA crypto library, the code for verification of ECDSA is the same for both MBEDTLS_PSA_BUILTIN_ALG_ECDSA and MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA. So, the guards should allow for either one to enable the code blocks. The original implementation only had the check for ECDSA. In order to make this work, config_psa.h was updated to ensure when MBEDTLS_CRYPTO_CONFIG is disabled, the setting for DETERMINISTIC is only updated if MBEDTLS_ECDSA_C is also enabled. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 4 +++- library/psa_crypto.c | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 31c5e1d99..6af4d1999 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -65,12 +65,14 @@ extern "C" { */ #if defined(MBEDTLS_ECDSA_C) #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA -#endif /* MBEDTLS_ECDSA_C */ +// Only add in DETERMINISTIC support if ECDSA is also enabled #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +#endif /* MBEDTLS_ECDSA_C */ + #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #ifdef __cplusplus diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a73c6c7bc..45b689007 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3530,7 +3530,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() * (even though these functions don't modify it). */ @@ -3629,7 +3629,7 @@ cleanup: mbedtls_mpi_free( &s ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */ psa_status_t psa_sign_hash( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3799,7 +3799,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { mbedtls_ecp_keypair *ecp = NULL; @@ -3817,7 +3817,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } From d61ed3c52f3e0316bbccbe68c409295aec6c0078 Mon Sep 17 00:00:00 2001 From: Fredrik Strupe Date: Tue, 27 Oct 2020 11:18:44 +0100 Subject: [PATCH 310/488] PSA Crypto: Add zero-length input test vectors for ChaChaPoly Signed-off-by: Fredrik Strupe --- tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2c6924a4d..aff70511f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1654,6 +1654,10 @@ PSA AEAD encrypt: ChaCha20-Poly1305 (RFC7539) depends_on:MBEDTLS_CHACHAPOLY_C aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" +PSA AEAD encrypt: ChaCha20-Poly1305 (zero-length input) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"":"a0784d7a4716f3feb4f64e7f4b39bf04" + PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) depends_on:MBEDTLS_CHACHAPOLY_C aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS @@ -1662,6 +1666,10 @@ PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) depends_on:MBEDTLS_CHACHAPOLY_C aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE +PSA AEAD decrypt: ChaCha20-Poly1305 (good tag, zero-length input) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"":"a0784d7a4716f3feb4f64e7f4b39bf04":"":PSA_SUCCESS + PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED From ce3ec6ffd6ed3d6b8ea37df9178f80ae8fe74f82 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 27 Oct 2020 18:31:50 +0100 Subject: [PATCH 311/488] Unify the sections on key creation Now that transparent drivers have an "import_key" entry point, the key creation interfaces for transparent drivers and opaque drivers are very similar. Unify the sections that describe their behavior, including key validation and key size determination. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 106 +++++++++++++++----------- 1 file changed, 63 insertions(+), 43 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 0a7f71ffb..b193d1ca1 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/10/26 16:54:57 GMT" +Time-stamp: "2020/10/27 17:31:13 GMT" ## Introduction @@ -189,6 +189,11 @@ The signature of a driver entry point generally looks like the signature of the * For entry points that involve a multi-part operation, the operation state type (`psa_XXX_operation_t`) is replaced by a driver-specific operation state type (*prefix*`_XXX_operation_t`). +* For entry points that are involved in key creation, the `psa_key_id_t *` output parameter is replaced by a sequence of parameters that convey the key context: + 1. `const uint8_t *key_buffer`: a buffer for the key material or key context. + 2. `size_t key_buffer_size`: the size of the key buffer in bytes. + 2. `size_t *key_buffer_length`: the length of the data written to the key buffer in bytes. + Some entry points are grouped in families that must be implemented as a whole. If a driver supports an entry point family, it must provide all the entry points in the family. #### General considerations on driver entry point parameters @@ -311,7 +316,63 @@ TODO ### Driver entry points for key management -The driver entry points for key management differs significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-transparent-drivers). Refer to the applicable section for each driver type. +The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-transparent-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. + +The entry points that create or format key data have the following prototypes for a driver with the prefix `"acme"`: + +``` +psa_status_t acme_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); +psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length); +``` + +TODO: derivation, copy + +* The key attributes (`attributes`) have the same semantics as in the PSA Cryptography application interface. +* For the `"import_key"` entry point, the input in the `data` buffer is either the export format or an implementation-specific format that the core documents as an acceptable input format for `psa_import_key()`. +* The size of the key data buffer is sufficient for the internal representation of the key. For a transparent driver, this is the key's [export format](#key-format-for-transparent-drivers). For an opaque driver, this is the size determined from the driver description and the key attributes, as specified in the section [“Key format for opaque drivers”](#key-format-for-opaque-drivers). +* For an opaque driver with an `"allocate_key"` entry point, the content of the key data buffer on entry is the output of that entry point. +* The `"import_key"` entry point must determine or validate the key size and set `*bits` as described in the section [“Key size determination on import”](#key-size-determination-on-import) below. + +All key creation entry points must ensure that the resulting key is valid as specified in the section [“Key validation”](#key-validation) below. This is primarily important for import entry points since the key data comes from the application. + +#### Key size determination on import + +The `"import_key"` entry point may need to determine the key size. +The PSA Cryptography API exposes the key size as part of the key attributes. +When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. +In this case, the core will call the `"import_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"import_key"` entry point must return the actual key size in the `bits` output parameter. The semantics of `bits` is as follows: + +* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"import_key"` entry point. +* If `*bits == 0`, the driver must determine the key size from the data and set `*bits` to this size. If the key size cannot be determined from the data, the driver must return `PSA_ERROR_INVALID_ARGUMENT` (as of version 1.0 of the PSA Cryptography API specification, it is possible to determine the key size for all standard key types). +* If `*bits != 0`, the driver must check the value of `*bits` against the data and return an error if it does not match. If the driver entry point changes `*bits` to a different value but returns `PSA_SUCCESS`, the core will consider the key as invalid and the import will fail. + +#### Key validation + +Key creation entry points must produce valid key data. Key data is _valid_ if operations involving the key are guaranteed to work functionally and not to cause indirect security loss. Operation functions are supposed to receive valid keys, and should not have to check and report invalid keys. For example: + +* If a cryptographic mechanism is defined as having keying material of a certain size, or if the keying material involves integers that have to be in a certain range, key creation must ensure that the keying material has an appropriate size and falls within an appropriate range. +* If a cryptographic operation involves a division by an integer which is provided as part of a key, key creation must ensure that this integer is nonzero. +* If a cryptographic operation involves two keys A and B (or more), then the creation of A must ensure that using it does not risk compromising B. This applies even if A's policy does not explicitly allow a problematic operation, but A is exportable. In particular, public keys that can potentially be used for key agreement are considered invalid and must not be created if they risk compromising the private key.. +* On the other hand, it is acceptable for import to accept a key that cannot be verified as valid if using this key would at most compromise the key itself and material that is secured with this key. For example, RSA key import does not need to verify that the primes are actually prime. Key import may accept an insecure key if the consequences of the insecurity are no worse than a leak of the key prior to its import. + +With opaque drivers, the key context can only be used by code from the same driver, so key validity is primarily intended to report key creation errors at creation time rather than during an operation. With transparent drivers, the key context can potentially be used by code from a different provider, so key validity is critical for interoperability. + +This section describes some minimal validity requirements for standard key types. + +* For symmetric key types, check that the key size is suitable for the type. +* For DES (`PSA_KEY_TYPE_DES`), additionally verify the parity bits. +* For RSA (`PSA_KEY_TYPE_RSA_PUBLIC_KEY`, `PSA_KEY_TYPE_RSA_KEY_PAIR`), check the syntax of the key and make sanity checks on its components. TODO: what sanity checks? Value ranges (e.g. p < n), sanity checks such as parity, minimum and maximum size, what else? +* For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: what else? +* For elliptic curve public keys (`PSA_KEY_TYPE_ECC_PUBLIC_KEY`), check the size and range, and that the point is on the curve. TODO: what else? ### Miscellaneous driver entry points @@ -366,32 +427,6 @@ This entry point has several roles: 3. [Determine the key size](#key-size-determination-on-import) and output it through `*bits`. 4. Copy the validated key data from `data` to `key_buffer`. The output must be in the canonical format documented for [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) or [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key), so if the input is not in this format, the entry point must convert it. -#### Key size determination on import - -The PSA Cryptography API exposes the key size as part of the key attributes. -When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. -In this case, the core will call the `"import_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"import_key"` entry point must return the actual key size in the `bits` output parameter. -The semantics of `bits` is as follows: - -* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"import_key"` entry point. -* If `*bits == 0`, the driver must determine the key size from the data, and return `PSA_ERROR_INVALID_ARGUMENT` if this is not possible. -* If `*bits != 0`, the driver may either determine the key size from the data and store it in `*bits`, or check the value of `*bits*` against the data and return an error if it does not match. -* If the `"import_key"` entry point returns `PSA_SUCCESS`, but `psa_get_key_bits(attributes) != 0` and `psa_get_key_bits(attributes) != *bits` on output, the core considers the key as invalid due to the size mismatch. - -#### Key validation with transparent drivers - -When a driver creates a key, it is responsible for ensuring that the key is valid. But when a key is imported, no processing of the key happens: the PSA Cryptography implementation just stores the key material. (It may store it in an encoded form, but this is an implementation choice which is not visible at the level of PSA specifications.) It is important to validate the incoming key material, to avoid storing a key that will later be unacceptable for operations or that could even cause functional or security issues during operations. - -To avoid delayed problems caused by imported invalid keys, a PSA Cryptography implementation that supports transparent drivers must validate transparent keys on import. For supported key types, this means: - -* For symmetric key types, check that the key size is suitable for the type. -* For DES (`PSA_KEY_TYPE_DES`), additionally verify the parity bits. -* For RSA (`PSA_KEY_TYPE_RSA_PUBLIC_KEY`, `PSA_KEY_TYPE_RSA_KEY_PAIR`), check the syntax of the key and make sanity checks on its components. TODO: what sanity checks? Value ranges (e.g. p < n), sanity checks such as parity, minimum and maximum size, what else? -* For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: what else? -* For elliptic curve public keys (``), check the size and range, and that the point is on the curve. TODO: what else? - -A driver can provide code to perform the required validation by providing an `"import_key"` entry point. This entry point returns `PSA_SUCCESS` if the key is valid or an applicable error code if it isn't. - ### Fallback Sometimes cryptographic accelerators only support certain cryptographic mechanisms partially. The capability description language allows specifying some restrictions, including restrictions on key sizes, but it cannot cover all the possibilities that may arise in practice. Furthermore, it may be desirable to deploy the same binary image on different devices, only some of which have a cryptographic accelerators. @@ -563,21 +598,6 @@ If the driver has an [`"allocate_key"` entry point](#key-management-in-a-secure- TODO: derivation, copy -#### Key validation and size on import - -The `"import_key"` entry point must validate the key so that if a key is imported successfully, permitted operations on the key will succeed if the input data is valid and enough resources are available. For key types that are defined in the PSA Cryptography specification, opaque drivers must guarantee the properties that transparent drivers guarantee if [`"import_key"`](#key-validation-with-transparent-drivers) succeeds. - -Rationale: The key must be validated on import to provide in-time feedback when attempting to inject a bad key. The minimum requirement for validation sets a minimum security baseline (especially for operations such as key agreement where accepting an invalid key could result in leaking secret material). - -The `"import_key"` entry point may need to determine the key size. -The PSA Cryptography API exposes the key size as part of the key attributes. -When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. -In this case, the core will call the `"import_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"import_key"` entry point must return the actual key size in the `bits` output parameter. The semantics of `bits` is as follows: - -* The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"import_key"` entry point. -* If `*bits == 0`, the driver must determine the key size from the data, and return `PSA_ERROR_INVALID_ARGUMENT` if this is not possible. -* If `*bits != 0`, the driver must check the value of `*bits*` against the data and return an error if it does not match. - #### Key export entry points in opaque drivers The key export entry points have the following prototypes for a driver with the prefix `"acme"`: From b62bb51affcd576f6bbcd20da7038bf831de77f7 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 3 Dec 2015 21:56:45 +0100 Subject: [PATCH 312/488] Add RFC5764 - SRTP key generation during DTLS handshake Signed-off-by: Johan Pascal --- include/mbedtls/config.h | 11 +++ include/mbedtls/ssl.h | 59 ++++++++++++++ library/ssl_cli.c | 163 +++++++++++++++++++++++++++++++++++++++ library/ssl_srv.c | 137 ++++++++++++++++++++++++++++++++ library/ssl_tls.c | 79 +++++++++++++++++++ 5 files changed, 449 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 48e8855e8..2ed3ec29e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1812,6 +1812,17 @@ */ #define MBEDTLS_SSL_DTLS_HELLO_VERIFY +/** + * \def MBEDTLS_SSL_DTLS_SRTP + * + * Enable support for DTLS-SRTP, RFC5764 + * + * Requires: MBEDTLS_SSL_PROTO_DTLS + * + * Comment this to disable support for DTLS-SRTP. + */ +#define MBEDTLS_SSL_DTLS_SRTP + /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a0912614f..55eeb182f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -393,6 +393,8 @@ #define MBEDTLS_TLS_EXT_SIG_ALG 13 +#define MBEDTLS_TLS_EXT_USE_SRTP 14 + #define MBEDTLS_TLS_EXT_ALPN 16 #define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC 22 /* 0x16 */ @@ -409,6 +411,14 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 +/* + * use_srtp extension protection profiles values as defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + */ +#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE 0x0001 +#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE 0x0002 +#define MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE 0x0005 +#define MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE 0x0006 + /* * Size defines */ @@ -851,6 +861,19 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +/* + * List of SRTP profiles for DTLS-SRTP + */ +enum mbedtls_DTLS_SRTP_protection_profiles { + MBEDTLS_SRTP_UNSET_PROFILE, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32, +}; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * This structure is used for storing current session data. * @@ -1298,6 +1321,17 @@ struct mbedtls_ssl_context const char *alpn_chosen; /*!< negotiated protocol */ #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* + * use_srtp extension + */ + enum mbedtls_DTLS_SRTP_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */ + size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */ + enum mbedtls_DTLS_SRTP_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated profil */ + unsigned char *dtls_srtp_keys; /*dtls_srtp_profiles_list == NULL) || (ssl->dtls_srtp_profiles_list_len == 0) ) + { + return; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) ); + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + + /* RFC5764 section 4.1.1 + * uint8 SRTPProtectionProfile[2]; + * + * struct { + * SRTPProtectionProfiles SRTPProtectionProfiles; + * opaque srtp_mki<0..255>; + * } UseSRTPData; + + * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; + * + * Note: srtp_mki is not supported + */ + + /* Extension length = 2bytes for profiles lenght, ssl->dtls_srtp_profiles_list_len*2 (each profile is 2 bytes length ) + 1 byte for the non implemented srtp_mki vector length (always 0) */ + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->dtls_srtp_profiles_list_len) + 1 ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->dtls_srtp_profiles_list_len) + 1 ) ) & 0xFF ); + + + /* protection profile length: 2*(ssl->dtls_srtp_profiles_list_len) */ + *p++ = (unsigned char)( ( ( 2*(ssl->dtls_srtp_profiles_list_len) ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( 2*(ssl->dtls_srtp_profiles_list_len) ) & 0xFF ); + + for( protection_profiles_index=0; protection_profiles_index < ssl->dtls_srtp_profiles_list_len; protection_profiles_index++ ) + { + switch (ssl->dtls_srtp_profiles_list[protection_profiles_index]) { + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: + *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); + *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); + break; + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: + *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); + *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: + *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); + *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: + *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); + *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); + break; + default: + /* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->dtls_srtp_profiles_list[protection_profiles_index]) ); + break; + } + } + + *p++ = 0x00; /* non implemented srtp_mki vector length is always 0 */ + /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ + *olen = 2 + 2 + 2 + 2*(ssl->dtls_srtp_profiles_list_len) + 1; +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Generate random bytes for ClientHello */ @@ -1277,6 +1350,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; +#endif + #if defined(MBEDTLS_SSL_SESSION_TICKETS) if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) @@ -1710,6 +1788,81 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len ) +{ + enum mbedtls_DTLS_SRTP_protection_profiles server_protection = MBEDTLS_SRTP_UNSET_PROFILE; + size_t i; + uint16_t server_protection_profile_value = 0; + + /* If use_srtp is not configured, just ignore the extension */ + if( ( ssl->dtls_srtp_profiles_list == NULL ) || ( ssl->dtls_srtp_profiles_list_len == 0 ) ) + return( 0 ); + + /* RFC5764 section 4.1.1 + * uint8 SRTPProtectionProfile[2]; + * + * struct { + * SRTPProtectionProfiles SRTPProtectionProfiles; + * opaque srtp_mki<0..255>; + * } UseSRTPData; + + * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; + * + * Note: srtp_mki is not supported + */ + + /* Length is 5 : one protection profile(2 bytes) + length(2 bytes) and potential srtp_mki which won't be parsed */ + if( len < 5 ) + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + + /* + * get the server protection profile + */ + if (((uint16_t)(buf[0]<<8 | buf[1])) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */ + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } else { + server_protection_profile_value = buf[2]<<8 | buf[3]; + } + + /* + * Check we have the server profile in our list + */ + for( i=0; i < ssl->dtls_srtp_profiles_list_len; i++) + { + switch ( server_protection_profile_value ) { + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: + server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; + break; + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE: + server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE: + server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE: + server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; + break; + default: + server_protection = MBEDTLS_SRTP_UNSET_PROFILE; + break; + } + + if (server_protection == ssl->dtls_srtp_profiles_list[i]) { + ssl->chosen_dtls_srtp_profile = ssl->dtls_srtp_profiles_list[i]; + return 0; + } + } + + /* If we get there, no match was found : server problem, it shall never answer with incompatible profile */ + ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Parse HelloVerifyRequest. Only called after verifying the HS type. */ @@ -2278,6 +2431,16 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + case MBEDTLS_TLS_EXT_USE_SRTP: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + + if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) + return( ret ); + + break; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + default: MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", ext_id ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2e63fced3..a14ec8664 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -776,6 +776,78 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len ) +{ + enum mbedtls_DTLS_SRTP_protection_profiles client_protection = MBEDTLS_SRTP_UNSET_PROFILE; + size_t i,j; + uint16_t profile_length; + + /* If use_srtp is not configured, just ignore the extension */ + if( ( ssl->dtls_srtp_profiles_list == NULL ) || ( ssl->dtls_srtp_profiles_list_len == 0 ) ) + return( 0 ); + + /* RFC5764 section 4.1.1 + * uint8 SRTPProtectionProfile[2]; + * + * struct { + * SRTPProtectionProfiles SRTPProtectionProfiles; + * opaque srtp_mki<0..255>; + * } UseSRTPData; + + * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; + * + * Note: srtp_mki is not supported + */ + + /* Min length is 5 : at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */ + if( len < 5 ) + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + + /* + * Use our order of preference + */ + profile_length = buf[0]<<8|buf[1]; /* first 2 bytes are protection profile length(in bytes) */ + for( i=0; i < ssl->dtls_srtp_profiles_list_len; i++) + { + /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ + for (j=0; jdtls_srtp_profiles_list[i]) { + ssl->chosen_dtls_srtp_profile = ssl->dtls_srtp_profiles_list[i]; + return 0; + } + } + } + + /* If we get there, no match was found */ + ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Auxiliary functions for ServerHello parsing and related actions */ @@ -1942,6 +2014,15 @@ read_record_header: break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + case MBEDTLS_TLS_EXT_USE_SRTP: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); + if ( ret != 0 ) + return( ret ); + break; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + default: MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", ext_id ) ); @@ -2500,6 +2581,57 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_SSL_DTLS_SRTP ) +static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, size_t *olen ) +{ + if( ssl->chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) + { + *olen = 0; + return; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); + + /* extension */ + buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); + buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + /* total length (5: only one profile(2 bytes) and length(2bytes) and srtp_mki not supported so zero length(1byte) ) */ + buf[2] = 0x00; + buf[3] = 0x05; + + /* protection profile length: 2 */ + buf[4] = 0x00; + buf[5] = 0x02; + switch (ssl->chosen_dtls_srtp_profile) { + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); + break; + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); + break; + default: + *olen = 0; + return; + break; + } + + buf[8] = 0x00; /* unsupported srtp_mki variable length vector set to 0 */ + + *olen = 9; +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) { @@ -2788,6 +2920,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen); + ext_len += olen; +#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); if( ext_len > 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 34953f269..d739dfc71 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -871,6 +871,30 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, (void) ssl; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* check if we have a chosen srtp protection profile */ + if (ssl->chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE) { + /* derive key material for srtp session RFC5764 section 4.2 */ + /* master key and master salt are respectively 128 bits and 112 bits for all currently available modes : + * SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32 + * SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32 + * So we must export 2*(128 + 112) = 480 bits + */ + ssl->dtls_srtp_keys_len = 60; + + ssl->dtls_srtp_keys = (unsigned char *)mbedtls_calloc(1, ssl->dtls_srtp_keys_len); + + ret = handshake->tls_prf( session->master, 48, "EXTRACTOR-dtls_srtp", + handshake->randbytes, 64, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len ); + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "dtls srtp prf", ret ); + return( ret ); + } + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Some data just needs copying into the structure */ @@ -3859,6 +3883,14 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, mbedtls_ssl_reset_in_out_pointers( ssl ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + ssl->dtls_srtp_profiles_list = NULL; + ssl->dtls_srtp_profiles_list_len = 0; + ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + ssl->dtls_srtp_keys = NULL; + ssl->dtls_srtp_keys_len = 0; +#endif + if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) goto error; @@ -4685,6 +4717,48 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) +int mbedtls_ssl_set_dtls_srtp_protection_profiles( mbedtls_ssl_context *ssl, const enum mbedtls_DTLS_SRTP_protection_profiles *profiles, size_t profiles_number) +{ + size_t i; + /* check in put validity : must be a list of profiles from enumeration */ + /* maximum length is 4 as only 4 protection profiles are defined */ + if (profiles_number>4) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + mbedtls_free(ssl->dtls_srtp_profiles_list); + ssl->dtls_srtp_profiles_list = (enum mbedtls_DTLS_SRTP_protection_profiles *)mbedtls_calloc(1, profiles_number*sizeof(enum mbedtls_DTLS_SRTP_protection_profiles)); + + for (i=0; idtls_srtp_profiles_list[i] = profiles[i]; + break; + default: + mbedtls_free(ssl->dtls_srtp_profiles_list); + ssl->dtls_srtp_profiles_list = NULL; + ssl->dtls_srtp_profiles_list_len = 0; + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + } + + /* assign array length */ + ssl->dtls_srtp_profiles_list_len = profiles_number; + + return( 0 ); +} + +enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl) +{ + return( ssl->chosen_dtls_srtp_profile); +} + +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) { conf->max_major_ver = major; @@ -6782,6 +6856,11 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) mbedtls_free( ssl->cli_id ); #endif +#if defined (MBEDTLS_SSL_DTLS_SRTP) + mbedtls_free( ssl->dtls_srtp_profiles_list ); + mbedtls_free( ssl->dtls_srtp_keys ); +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); /* Actually clear after last debug message */ From bbc057af735d5961183a7cbeb396673e43201e6e Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 4 Feb 2016 22:07:32 +0100 Subject: [PATCH 313/488] Move available dtls srtp profile list to ssl_config Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 16 +++++++++++----- library/ssl_cli.c | 30 +++++++++++++++--------------- library/ssl_srv.c | 8 ++++---- library/ssl_tls.c | 24 +++++++++++++----------- 4 files changed, 43 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 55eeb182f..4ba83380b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1080,6 +1080,14 @@ struct mbedtls_ssl_config const char **alpn_list; /*!< ordered list of protocols */ #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* + * use_srtp extension + */ + enum mbedtls_DTLS_SRTP_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */ + size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */ +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + /* * Numerical settings (int then char) */ @@ -1325,9 +1333,7 @@ struct mbedtls_ssl_context /* * use_srtp extension */ - enum mbedtls_DTLS_SRTP_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */ - size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */ - enum mbedtls_DTLS_SRTP_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated profil */ + enum mbedtls_DTLS_SRTP_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ unsigned char *dtls_srtp_keys; /*dtls_srtp_profiles_list == NULL) || (ssl->dtls_srtp_profiles_list_len == 0) ) + if( (ssl->conf->dtls_srtp_profiles_list == NULL) || (ssl->conf->dtls_srtp_profiles_list_len == 0) ) { return; } @@ -788,18 +788,18 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * Note: srtp_mki is not supported */ - /* Extension length = 2bytes for profiles lenght, ssl->dtls_srtp_profiles_list_len*2 (each profile is 2 bytes length ) + 1 byte for the non implemented srtp_mki vector length (always 0) */ - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->dtls_srtp_profiles_list_len) + 1 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->dtls_srtp_profiles_list_len) + 1 ) ) & 0xFF ); + /* Extension length = 2bytes for profiles lenght, ssl->conf->dtls_srtp_profiles_list_len*2 (each profile is 2 bytes length ) + 1 byte for the non implemented srtp_mki vector length (always 0) */ + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1 ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1 ) ) & 0xFF ); - /* protection profile length: 2*(ssl->dtls_srtp_profiles_list_len) */ - *p++ = (unsigned char)( ( ( 2*(ssl->dtls_srtp_profiles_list_len) ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( 2*(ssl->dtls_srtp_profiles_list_len) ) & 0xFF ); + /* protection profile length: 2*(ssl->conf->dtls_srtp_profiles_list_len) */ + *p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profiles_list_len) ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profiles_list_len) ) & 0xFF ); - for( protection_profiles_index=0; protection_profiles_index < ssl->dtls_srtp_profiles_list_len; protection_profiles_index++ ) + for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profiles_list_len; protection_profiles_index++ ) { - switch (ssl->dtls_srtp_profiles_list[protection_profiles_index]) { + switch (ssl->conf->dtls_srtp_profiles_list[protection_profiles_index]) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); @@ -818,14 +818,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, break; default: /* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->dtls_srtp_profiles_list[protection_profiles_index]) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profiles_list[protection_profiles_index]) ); break; } } *p++ = 0x00; /* non implemented srtp_mki vector length is always 0 */ /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ - *olen = 2 + 2 + 2 + 2*(ssl->dtls_srtp_profiles_list_len) + 1; + *olen = 2 + 2 + 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1797,7 +1797,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, uint16_t server_protection_profile_value = 0; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->dtls_srtp_profiles_list == NULL ) || ( ssl->dtls_srtp_profiles_list_len == 0 ) ) + if( ( ssl->conf->dtls_srtp_profiles_list == NULL ) || ( ssl->conf->dtls_srtp_profiles_list_len == 0 ) ) return( 0 ); /* RFC5764 section 4.1.1 @@ -1829,7 +1829,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* * Check we have the server profile in our list */ - for( i=0; i < ssl->dtls_srtp_profiles_list_len; i++) + for( i=0; i < ssl->conf->dtls_srtp_profiles_list_len; i++) { switch ( server_protection_profile_value ) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: @@ -1849,8 +1849,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, break; } - if (server_protection == ssl->dtls_srtp_profiles_list[i]) { - ssl->chosen_dtls_srtp_profile = ssl->dtls_srtp_profiles_list[i]; + if (server_protection == ssl->conf->dtls_srtp_profiles_list[i]) { + ssl->chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profiles_list[i]; return 0; } } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a14ec8664..ee2ae89bc 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -785,7 +785,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, uint16_t profile_length; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->dtls_srtp_profiles_list == NULL ) || ( ssl->dtls_srtp_profiles_list_len == 0 ) ) + if( ( ssl->conf->dtls_srtp_profiles_list == NULL ) || ( ssl->conf->dtls_srtp_profiles_list_len == 0 ) ) return( 0 ); /* RFC5764 section 4.1.1 @@ -809,7 +809,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Use our order of preference */ profile_length = buf[0]<<8|buf[1]; /* first 2 bytes are protection profile length(in bytes) */ - for( i=0; i < ssl->dtls_srtp_profiles_list_len; i++) + for( i=0; i < ssl->conf->dtls_srtp_profiles_list_len; i++) { /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ for (j=0; jdtls_srtp_profiles_list[i]) { - ssl->chosen_dtls_srtp_profile = ssl->dtls_srtp_profiles_list[i]; + if (client_protection == ssl->conf->dtls_srtp_profiles_list[i]) { + ssl->chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profiles_list[i]; return 0; } } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d739dfc71..09a1409a6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3884,8 +3884,6 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, mbedtls_ssl_reset_in_out_pointers( ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl->dtls_srtp_profiles_list = NULL; - ssl->dtls_srtp_profiles_list_len = 0; ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; ssl->dtls_srtp_keys = NULL; ssl->dtls_srtp_keys_len = 0; @@ -4718,7 +4716,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -int mbedtls_ssl_set_dtls_srtp_protection_profiles( mbedtls_ssl_context *ssl, const enum mbedtls_DTLS_SRTP_protection_profiles *profiles, size_t profiles_number) +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const enum mbedtls_DTLS_SRTP_protection_profiles *profiles, size_t profiles_number) { size_t i; /* check in put validity : must be a list of profiles from enumeration */ @@ -4727,8 +4725,8 @@ int mbedtls_ssl_set_dtls_srtp_protection_profiles( mbedtls_ssl_context *ssl, con return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - mbedtls_free(ssl->dtls_srtp_profiles_list); - ssl->dtls_srtp_profiles_list = (enum mbedtls_DTLS_SRTP_protection_profiles *)mbedtls_calloc(1, profiles_number*sizeof(enum mbedtls_DTLS_SRTP_protection_profiles)); + mbedtls_free(conf->dtls_srtp_profiles_list); + conf->dtls_srtp_profiles_list = (enum mbedtls_DTLS_SRTP_protection_profiles *)mbedtls_calloc(1, profiles_number*sizeof(enum mbedtls_DTLS_SRTP_protection_profiles)); for (i=0; idtls_srtp_profiles_list[i] = profiles[i]; + conf->dtls_srtp_profiles_list[i] = profiles[i]; break; default: - mbedtls_free(ssl->dtls_srtp_profiles_list); - ssl->dtls_srtp_profiles_list = NULL; - ssl->dtls_srtp_profiles_list_len = 0; + mbedtls_free(conf->dtls_srtp_profiles_list); + conf->dtls_srtp_profiles_list = NULL; + conf->dtls_srtp_profiles_list_len = 0; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } } /* assign array length */ - ssl->dtls_srtp_profiles_list_len = profiles_number; + conf->dtls_srtp_profiles_list_len = profiles_number; return( 0 ); } @@ -6857,7 +6855,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) #endif #if defined (MBEDTLS_SSL_DTLS_SRTP) - mbedtls_free( ssl->dtls_srtp_profiles_list ); + mbedtls_zeroize( ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len ); mbedtls_free( ssl->dtls_srtp_keys ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -7114,6 +7112,10 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) ssl_key_cert_free( conf->key_cert ); #endif +#if defined (MBEDTLS_SSL_DTLS_SRTP) + mbedtls_free( conf->dtls_srtp_profiles_list ); +#endif + mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); } From 2d9470be76fc4907635d1d973ae2f7cb6c2842b2 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Mon, 8 Feb 2016 22:35:41 +0100 Subject: [PATCH 314/488] Improve DTLS SRTP API with a dedicated function to get generated keys Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 16 +++++++++++++++- library/ssl_tls.c | 13 +++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4ba83380b..cee2ba80f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3180,9 +3180,23 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co * * \param ssl SSL context * - * \return Protection Profile enum member, SRTP_UNSET_PROFILE if no protocol was negotiated. + * \return Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. */ enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl); + +/** + * \brief Get the generated DTLS-SRTP key material. + * This function should be called after the handshake is + * completed. It shall returns 80 bytes of key material generated according to RFC5764 + * + * \param ssl SSL context + * \param key Buffer to hold the generated key material + * \param key_buffer_len Length in bytes of the key buffer + * \param key_len Actual length of data written in the key buffer + * + * \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key + */ +int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 09a1409a6..2b9f78a94 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4755,6 +4755,19 @@ enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_ return( ssl->chosen_dtls_srtp_profile); } +int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ) { + *key_len = 0; + + /* check output buffer size */ + if ( key_buffer_len < ssl->dtls_srtp_keys_len) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + } + + memcpy( key, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len); + *key_len = ssl->dtls_srtp_keys_len; + + return 0; +} #endif /* MBEDTLS_SSL_DTLS_SRTP */ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) From c28f1f600e238854827ef86da821d73e1fbec9b3 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 9 Feb 2017 08:55:16 +0700 Subject: [PATCH 315/488] Fix typos in documentation Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cee2ba80f..e93617c96 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1334,8 +1334,8 @@ struct mbedtls_ssl_context * use_srtp extension */ enum mbedtls_DTLS_SRTP_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ - unsigned char *dtls_srtp_keys; /* Date: Thu, 9 Feb 2017 09:56:05 +0700 Subject: [PATCH 316/488] Comply with mbedtls naming rules Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 14 ++++++++------ library/ssl_cli.c | 2 +- library/ssl_srv.c | 2 +- library/ssl_tls.c | 6 +++--- library/version_features.c | 3 +++ 5 files changed, 16 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e93617c96..e3459cd56 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -865,13 +865,15 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); /* * List of SRTP profiles for DTLS-SRTP */ -enum mbedtls_DTLS_SRTP_protection_profiles { +typedef enum +{ MBEDTLS_SRTP_UNSET_PROFILE, MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, MBEDTLS_SRTP_NULL_HMAC_SHA1_80, MBEDTLS_SRTP_NULL_HMAC_SHA1_32, -}; +} +mbedtls_dtls_srtp_protection_profiles; #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* @@ -1084,7 +1086,7 @@ struct mbedtls_ssl_config /* * use_srtp extension */ - enum mbedtls_DTLS_SRTP_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */ + mbedtls_dtls_srtp_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */ size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */ #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1333,7 +1335,7 @@ struct mbedtls_ssl_context /* * use_srtp extension */ - enum mbedtls_DTLS_SRTP_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ + mbedtls_dtls_srtp_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ unsigned char *dtls_srtp_keys; /*!< master keys and master salt for SRTP generated during handshake */ size_t dtls_srtp_keys_len; /*!< length in bytes of master keys and master salt for SRTP generated during handshake */ #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -3171,7 +3173,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const enum mbedtls_DTLS_SRTP_protection_profiles *profiles, size_t profiles_number); +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_dtls_srtp_protection_profiles *profiles, size_t profiles_number); /** * \brief Get the negotiated DTLS-SRTP Protection Profile. @@ -3182,7 +3184,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co * * \return Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. */ -enum mbedtls_DTLS_SRTP_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl); +mbedtls_dtls_srtp_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl); /** * \brief Get the generated DTLS-SRTP key material. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 50bc5e39a..a15bb3033 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1792,7 +1792,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - enum mbedtls_DTLS_SRTP_protection_profiles server_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_dtls_srtp_protection_profiles server_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i; uint16_t server_protection_profile_value = 0; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ee2ae89bc..1336848e7 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -780,7 +780,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - enum mbedtls_DTLS_SRTP_protection_profiles client_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_dtls_srtp_protection_profiles client_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i,j; uint16_t profile_length; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2b9f78a94..18ad50446 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4716,7 +4716,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const enum mbedtls_DTLS_SRTP_protection_profiles *profiles, size_t profiles_number) +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_dtls_srtp_protection_profiles *profiles, size_t profiles_number) { size_t i; /* check in put validity : must be a list of profiles from enumeration */ @@ -4726,7 +4726,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co } mbedtls_free(conf->dtls_srtp_profiles_list); - conf->dtls_srtp_profiles_list = (enum mbedtls_DTLS_SRTP_protection_profiles *)mbedtls_calloc(1, profiles_number*sizeof(enum mbedtls_DTLS_SRTP_protection_profiles)); + conf->dtls_srtp_profiles_list = (mbedtls_dtls_srtp_protection_profiles *)mbedtls_calloc(1, profiles_number*sizeof(mbedtls_dtls_srtp_protection_profiles)); for (i=0; ichosen_dtls_srtp_profile); } diff --git a/library/version_features.c b/library/version_features.c index 62b05537c..42ccaf954 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -534,6 +534,9 @@ static const char * const features[] = { #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) "MBEDTLS_SSL_DTLS_HELLO_VERIFY", #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + "MBEDTLS_SSL_DTLS_SRTP", +#endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */ From 34790789b67e0724b296130c85fde03ff1654afd Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 9 Feb 2017 10:14:09 +0700 Subject: [PATCH 317/488] Remove compilation warning Signed-off-by: Johan Pascal --- library/ssl_srv.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1336848e7..caefaa5d6 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2623,7 +2623,6 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, default: *olen = 0; return; - break; } buf[8] = 0x00; /* unsupported srtp_mki variable length vector set to 0 */ From 3adb9928f32a1b94f012591f869ec60cd4188e73 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 21 Dec 2017 10:15:08 +0200 Subject: [PATCH 318/488] Add mki value and some review comments 1. Add check for prerequisites in check_config.h 2. Add mki value to use_srtp extension 3. address some review comments Signed-off-by: Johan Pascal --- include/mbedtls/check_config.h | 4 +++ include/mbedtls/ssl.h | 36 ++++++++++++++++--------- library/ssl_cli.c | 49 +++++++++++++++++++++------------- library/ssl_srv.c | 24 ++++++++--------- library/ssl_tls.c | 46 +++++++++++++++---------------- 5 files changed, 91 insertions(+), 68 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 120c1d32f..fd979db84 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -871,6 +871,10 @@ #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) ) +#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index e3459cd56..3c84bb7d0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -862,6 +862,9 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #if defined(MBEDTLS_SSL_DTLS_SRTP) + +#define MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 +#define MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH 255 /* * List of SRTP profiles for DTLS-SRTP */ @@ -873,7 +876,17 @@ typedef enum MBEDTLS_SRTP_NULL_HMAC_SHA1_80, MBEDTLS_SRTP_NULL_HMAC_SHA1_32, } -mbedtls_dtls_srtp_protection_profiles; +mbedtls_ssl_srtp_profile; + +typedef struct mbedtls_dtls_srtp_info_t +{ + mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ + unsigned char dtls_srtp_keys[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; /*!< master keys and master salt for SRTP generated during handshake */ + size_t dtls_srtp_keys_len; /*!< length in bytes of master keys and master salt for SRTP generated during handshake */ + unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; /* opaque srtp_mki<0..255> */ + size_t mki_len; +}mbedtls_dtls_srtp_info; + #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* @@ -1083,11 +1096,8 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* - * use_srtp extension - */ - mbedtls_dtls_srtp_protection_profiles *dtls_srtp_profiles_list; /*!< ordered list of supported srtp profile */ - size_t dtls_srtp_profiles_list_len; /*!< number of supported profiles */ + mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; /*!< ordered list of supported srtp profile */ + size_t dtls_srtp_profile_list_len; /*!< number of supported profiles */ #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* @@ -1170,9 +1180,12 @@ struct mbedtls_ssl_config * record with unexpected CID * should lead to failure. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + unsigned int dtls_srtp_mki_support : 1; /* support having mki_value + in the use_srtp extension */ +#endif }; - struct mbedtls_ssl_context { const mbedtls_ssl_config *conf; /*!< configuration information */ @@ -1335,9 +1348,7 @@ struct mbedtls_ssl_context /* * use_srtp extension */ - mbedtls_dtls_srtp_protection_profiles chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ - unsigned char *dtls_srtp_keys; /*!< master keys and master salt for SRTP generated during handshake */ - size_t dtls_srtp_keys_len; /*!< length in bytes of master keys and master salt for SRTP generated during handshake */ + mbedtls_dtls_srtp_info dtls_srtp_info; #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* @@ -3173,8 +3184,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_dtls_srtp_protection_profiles *profiles, size_t profiles_number); - +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number); /** * \brief Get the negotiated DTLS-SRTP Protection Profile. * This function should be called after the handshake is @@ -3184,7 +3194,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co * * \return Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. */ -mbedtls_dtls_srtp_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl); +mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl); /** * \brief Get the generated DTLS-SRTP key material. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a15bb3033..17cd4828b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -765,7 +765,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( (ssl->conf->dtls_srtp_profiles_list == NULL) || (ssl->conf->dtls_srtp_profiles_list_len == 0) ) + if( (ssl->conf->dtls_srtp_profile_list == NULL) || (ssl->conf->dtls_srtp_profile_list_len == 0) ) { return; } @@ -788,44 +788,52 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * Note: srtp_mki is not supported */ - /* Extension length = 2bytes for profiles lenght, ssl->conf->dtls_srtp_profiles_list_len*2 (each profile is 2 bytes length ) + 1 byte for the non implemented srtp_mki vector length (always 0) */ - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1 ) ) & 0xFF ); + /* Extension length = 2bytes for profiles lenght, ssl->conf->dtls_srtp_profile_list_len*2 (each profile is 2 bytes length ) + 1 byte for the non implemented srtp_mki vector length (always 0) */ + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 ) ) & 0xFF ); - /* protection profile length: 2*(ssl->conf->dtls_srtp_profiles_list_len) */ - *p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profiles_list_len) ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profiles_list_len) ) & 0xFF ); + /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ + *p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) & 0xFF ); - for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profiles_list_len; protection_profiles_index++ ) + for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ ) { - switch (ssl->conf->dtls_srtp_profiles_list[protection_profiles_index]) { + switch (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) ); *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); break; case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) ); *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", + MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) ); *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", + MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) ); *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); break; default: /* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profiles_list[protection_profiles_index]) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) ); break; } } *p++ = 0x00; /* non implemented srtp_mki vector length is always 0 */ /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ - *olen = 2 + 2 + 2 + 2*(ssl->conf->dtls_srtp_profiles_list_len) + 1; + *olen = 2 + 2 + 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1351,8 +1359,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; + } #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) @@ -1792,12 +1803,12 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_dtls_srtp_protection_profiles server_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i; uint16_t server_protection_profile_value = 0; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->dtls_srtp_profiles_list == NULL ) || ( ssl->conf->dtls_srtp_profiles_list_len == 0 ) ) + if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) return( 0 ); /* RFC5764 section 4.1.1 @@ -1829,7 +1840,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* * Check we have the server profile in our list */ - for( i=0; i < ssl->conf->dtls_srtp_profiles_list_len; i++) + for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { switch ( server_protection_profile_value ) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: @@ -1849,14 +1860,14 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, break; } - if (server_protection == ssl->conf->dtls_srtp_profiles_list[i]) { - ssl->chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profiles_list[i]; + if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; return 0; } } /* If we get there, no match was found : server problem, it shall never answer with incompatible profile */ - ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index caefaa5d6..68afcbaef 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -780,12 +780,12 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_dtls_srtp_protection_profiles client_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i,j; uint16_t profile_length; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->dtls_srtp_profiles_list == NULL ) || ( ssl->conf->dtls_srtp_profiles_list_len == 0 ) ) + if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) return( 0 ); /* RFC5764 section 4.1.1 @@ -809,7 +809,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Use our order of preference */ profile_length = buf[0]<<8|buf[1]; /* first 2 bytes are protection profile length(in bytes) */ - for( i=0; i < ssl->conf->dtls_srtp_profiles_list_len; i++) + for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ for (j=0; jconf->dtls_srtp_profiles_list[i]) { - ssl->chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profiles_list[i]; + if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) { + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; return 0; } } } /* If we get there, no match was found */ - ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + // mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + // MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -2581,11 +2581,11 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_SSL_DTLS_SRTP ) +#if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS) static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { - if( ssl->chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) { *olen = 0; return; @@ -2603,7 +2603,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, /* protection profile length: 2 */ buf[4] = 0x00; buf[5] = 0x02; - switch (ssl->chosen_dtls_srtp_profile) { + switch (ssl->dtls_srtp_info.chosen_dtls_srtp_profile) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF ); buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 18ad50446..48ddd9a67 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -873,19 +873,19 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ - if (ssl->chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE) { + if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE) { /* derive key material for srtp session RFC5764 section 4.2 */ /* master key and master salt are respectively 128 bits and 112 bits for all currently available modes : * SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32 * SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32 * So we must export 2*(128 + 112) = 480 bits */ - ssl->dtls_srtp_keys_len = 60; + ssl->dtls_srtp_info.dtls_srtp_keys_len = MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH; - ssl->dtls_srtp_keys = (unsigned char *)mbedtls_calloc(1, ssl->dtls_srtp_keys_len); + //ssl->dtls_srtp_info.dtls_srtp_keys = (unsigned char *)mbedtls_calloc(1, ssl->dtls_srtp_info.dtls_srtp_keys_len); - ret = handshake->tls_prf( session->master, 48, "EXTRACTOR-dtls_srtp", - handshake->randbytes, 64, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len ); + ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp", + randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len ); if( ret != 0 ) { @@ -3884,9 +3884,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, mbedtls_ssl_reset_in_out_pointers( ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl->chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; - ssl->dtls_srtp_keys = NULL; - ssl->dtls_srtp_keys_len = 0; + memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) ); #endif if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) @@ -4716,7 +4714,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_dtls_srtp_protection_profiles *profiles, size_t profiles_number) +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number) { size_t i; /* check in put validity : must be a list of profiles from enumeration */ @@ -4725,8 +4723,8 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - mbedtls_free(conf->dtls_srtp_profiles_list); - conf->dtls_srtp_profiles_list = (mbedtls_dtls_srtp_protection_profiles *)mbedtls_calloc(1, profiles_number*sizeof(mbedtls_dtls_srtp_protection_profiles)); + mbedtls_free(conf->dtls_srtp_profile_list); + conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile *)mbedtls_calloc(1, profiles_number*sizeof(mbedtls_ssl_srtp_profile)); for (i=0; idtls_srtp_profiles_list[i] = profiles[i]; + conf->dtls_srtp_profile_list[i] = profiles[i]; break; default: - mbedtls_free(conf->dtls_srtp_profiles_list); - conf->dtls_srtp_profiles_list = NULL; - conf->dtls_srtp_profiles_list_len = 0; + mbedtls_free(conf->dtls_srtp_profile_list); + conf->dtls_srtp_profile_list = NULL; + conf->dtls_srtp_profile_list_len = 0; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } } /* assign array length */ - conf->dtls_srtp_profiles_list_len = profiles_number; + conf->dtls_srtp_profile_list_len = profiles_number; return( 0 ); } -mbedtls_dtls_srtp_protection_profiles mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl) +mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl) { - return( ssl->chosen_dtls_srtp_profile); + return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile); } int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ) { *key_len = 0; /* check output buffer size */ - if ( key_buffer_len < ssl->dtls_srtp_keys_len) { + if ( key_buffer_len < ssl->dtls_srtp_info.dtls_srtp_keys_len) { return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - memcpy( key, ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len); - *key_len = ssl->dtls_srtp_keys_len; + memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len); + *key_len = ssl->dtls_srtp_info.dtls_srtp_keys_len; return 0; } @@ -6868,8 +6866,8 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) #endif #if defined (MBEDTLS_SSL_DTLS_SRTP) - mbedtls_zeroize( ssl->dtls_srtp_keys, ssl->dtls_srtp_keys_len ); - mbedtls_free( ssl->dtls_srtp_keys ); + mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len ); + //mbedtls_free( ssl->dtls_srtp_keys ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); @@ -7126,7 +7124,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) #endif #if defined (MBEDTLS_SSL_DTLS_SRTP) - mbedtls_free( conf->dtls_srtp_profiles_list ); + mbedtls_free( conf->dtls_srtp_profile_list ); #endif mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); From 591f162bed106f5a225de4f6e193f19f3565273d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 22 Jan 2018 12:30:04 +0200 Subject: [PATCH 319/488] support mki value Add support mki value in the DTLS-SRTP Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 28 ++++++++++- library/ssl_cli.c | 72 +++++++++++++++++++-------- library/ssl_srv.c | 111 +++++++++++++++++++++++++++--------------- library/ssl_tls.c | 18 +++++++ 4 files changed, 168 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3c84bb7d0..72ba687d3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -214,6 +214,9 @@ #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 +#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 +#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 + /* * Default range for DTLS retransmission timer value, in milliseconds. * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. @@ -1182,7 +1185,7 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_DTLS_SRTP) unsigned int dtls_srtp_mki_support : 1; /* support having mki_value - in the use_srtp extension */ + in the use_srtp extension */ #endif }; @@ -3174,6 +3177,16 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) +/** + * \brief Add support for mki value in use_srtp extension + * (Default: MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) + * + * \param conf SSL configuration + * \param truncate Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED or + * MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) + */ +void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ); + /** * \brief Set the supported DTLS-SRTP protection profiles. * @@ -3185,6 +3198,17 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number); + +/** + * \brief Set the mki_value for the current dtls session. + * + * \param ssl SSL context + * \param mki_value MKI value to set + * \param mki_len MKI length + * + * \return 0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA or MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE + */ +int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char* mki_value, size_t mki_len ); /** * \brief Get the negotiated DTLS-SRTP Protection Profile. * This function should be called after the handshake is @@ -3194,7 +3218,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co * * \return Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. */ -mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl); +mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl ); /** * \brief Get the generated DTLS-SRTP key material. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 17cd4828b..8b9f2f0f7 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -762,6 +762,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, { unsigned char *p = buf; size_t protection_profiles_index = 0; + size_t mki_len = 0, i; *olen = 0; @@ -785,12 +786,15 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; * - * Note: srtp_mki is not supported */ - - /* Extension length = 2bytes for profiles lenght, ssl->conf->dtls_srtp_profile_list_len*2 (each profile is 2 bytes length ) + 1 byte for the non implemented srtp_mki vector length (always 0) */ - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 ) ) & 0xFF ); + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && + ssl->dtls_srtp_info.mki_len != 0 ) + { + mki_len = ssl->dtls_srtp_info.mki_len; + } + /* Extension length = 2bytes for profiles length, ssl->conf->dtls_srtp_profile_list_len*2 (each profile is 2 bytes length ) + 1 byte for srtp_mki vector length and the mki_len value */ + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) ) & 0xFF ); /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ @@ -831,9 +835,18 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, } } - *p++ = 0x00; /* non implemented srtp_mki vector length is always 0 */ + *p++ = mki_len & 0xFF; + + if( mki_len != 0 ) + { + for( i=0; i < mki_len; i++ ) + { + *p++ = ssl->dtls_srtp_info.mki_value[i]; + } + } + /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ - *olen = 2 + 2 + 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1; + *olen = 2 + 2 + 2 + 2*( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1804,7 +1817,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE; - size_t i; + size_t i, mki_len = 0; uint16_t server_protection_profile_value = 0; /* If use_srtp is not configured, just ignore the extension */ @@ -1821,22 +1834,28 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; * - * Note: srtp_mki is not supported */ + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && + ssl->dtls_srtp_info.mki_len != 0 ) + { + mki_len = ssl->dtls_srtp_info.mki_len; + } - /* Length is 5 : one protection profile(2 bytes) + length(2 bytes) and potential srtp_mki which won't be parsed */ - if( len < 5 ) + /* Length is 5 and optional mki_value : one protection profile(2 bytes) + length(2 bytes) and srtp_mki */ + if( ( len != 5 ) && ( len != ( 5 + mki_len ) ) ) return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); /* * get the server protection profile */ - if (((uint16_t)(buf[0]<<8 | buf[1])) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */ + if (((uint16_t)( ( buf[0]<<8 ) | buf[1] ) ) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } else { - server_protection_profile_value = buf[2]<<8 | buf[3]; + server_protection_profile_value = ( buf[2]<<8 ) | buf[3]; } + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + /* * Check we have the server profile in our list */ @@ -1862,15 +1881,30 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - return 0; + break; } } - /* If we get there, no match was found : server problem, it shall never answer with incompatible profile */ - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + /* If no match was found : server problem, it shall never answer with incompatible profile */ + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + /* RFC5764: + * If the client detects a nonzero-length MKI in the server's response + * that is different than the one the client offered, then the client + * MUST abort the handshake and SHOULD send an invalid_parameter alert. + */ + if( len > 5 && + ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + return 0; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 68afcbaef..f5229efb4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -782,7 +782,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i,j; - uint16_t profile_length; + size_t profile_length; /* If use_srtp is not configured, just ignore the extension */ if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) @@ -798,53 +798,71 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; * - * Note: srtp_mki is not supported */ /* Min length is 5 : at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */ if( len < 5 ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); - /* - * Use our order of preference - */ - profile_length = buf[0]<<8|buf[1]; /* first 2 bytes are protection profile length(in bytes) */ - for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + + profile_length = ( buf[0]<<8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */ + + + /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ + for( j=0; j < profile_length; j+=2 ) { - /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ - for (j=0; jconf->dtls_srtp_profile_list[i]) { + switch ( protection_profile_value ) + { + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: + client_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; + break; + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE: + client_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE: + client_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE: + client_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; + break; + default: + client_protection = MBEDTLS_SRTP_UNSET_PROFILE; + break; + } + /* check if suggested profile is in our list */ + for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) + { + if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) + { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - return 0; + break; } } + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + break; + } + if( ( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) && + ( len > ( profile_length + 2 ) ) ) + { + ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ]; + if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + ssl->dtls_srtp_info.mki_len = 0; + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ ) + { + ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + i ]; + } } - /* If we get there, no match was found */ - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; - // mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - // MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( 0 ); + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -2585,6 +2603,8 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { + size_t mki_len = 0, ext_len = 0, i; + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) { *olen = 0; @@ -2593,12 +2613,19 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && + ssl->dtls_srtp_info.mki_len != 0 ) + { + mki_len = ssl->dtls_srtp_info.mki_len; + } + /* extension */ buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); - /* total length (5: only one profile(2 bytes) and length(2bytes) and srtp_mki not supported so zero length(1byte) ) */ - buf[2] = 0x00; - buf[3] = 0x05; + /* total length 5 and mki value: only one profile(2 bytes) and length(2 bytes) and srtp_mki ) */ + ext_len = 5 + mki_len; + buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + buf[3] = (unsigned char)( ext_len & 0xFF ); /* protection profile length: 2 */ buf[4] = 0x00; @@ -2625,9 +2652,13 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, return; } - buf[8] = 0x00; /* unsupported srtp_mki variable length vector set to 0 */ + buf[8] = mki_len & 0xFF; + for( i=0; i < mki_len; i++ ) + { + buf[ 9 + i ] = ssl->dtls_srtp_info.mki_value[i]; + } - *olen = 9; + *olen = 9 + mki_len; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 48ddd9a67..ecdd4f636 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4714,6 +4714,24 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) +void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ) +{ + conf->dtls_srtp_mki_support = support_mki_value; +} + +int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char* mki_value, size_t mki_len ) +{ + if ( mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ) + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + + memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len ); + ssl->dtls_srtp_info.mki_len = mki_len; + return 0; +} + int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number) { size_t i; From a37326abb1d39346ea134351405e1e3935c87733 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 29 Mar 2018 18:26:30 +0300 Subject: [PATCH 320/488] Make keyu material length in \ out Make the key material length in mbedtls_ssl_get_dtls_srtp_key_material to be in\out, like it is done all over the library Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 72ba687d3..de92897f5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3232,7 +3232,7 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbe * * \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key */ -int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ); +int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ecdd4f636..9f55db439 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4771,11 +4771,11 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbe return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile); } -int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, const size_t key_buffer_len, size_t *key_len ) { +int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ) { *key_len = 0; /* check output buffer size */ - if ( key_buffer_len < ssl->dtls_srtp_info.dtls_srtp_keys_len) { + if ( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len) { return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } From 349877e9480ccdda729c399a515df0075bb251d3 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 29 Mar 2018 18:35:09 +0300 Subject: [PATCH 321/488] Fix idetifier check script error Fix script error for identifier check Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index de92897f5..d37b390a2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -888,7 +888,8 @@ typedef struct mbedtls_dtls_srtp_info_t size_t dtls_srtp_keys_len; /*!< length in bytes of master keys and master salt for SRTP generated during handshake */ unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; /* opaque srtp_mki<0..255> */ size_t mki_len; -}mbedtls_dtls_srtp_info; +} +mbedtls_dtls_srtp_info; #endif /* MBEDTLS_SSL_DTLS_SRTP */ From 9e9096476e96226549468b9dc632609f74190675 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 1 Apr 2018 17:35:07 +0300 Subject: [PATCH 322/488] Fix doxygen script errors Fix errors raised by doxygen.sh test script Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d37b390a2..83f2f425f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3179,11 +3179,11 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) /** - * \brief Add support for mki value in use_srtp extension - * (Default: MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) + * \brief Add support for mki value in use_srtp extension + * (Default: MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) * - * \param conf SSL configuration - * \param truncate Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED or + * \param conf SSL configuration + * \param support_mki_value Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED or * MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) */ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ); @@ -3228,8 +3228,7 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbe * * \param ssl SSL context * \param key Buffer to hold the generated key material - * \param key_buffer_len Length in bytes of the key buffer - * \param key_len Actual length of data written in the key buffer + * \param key_len [in/out] key buffer size. outputs the actual number of bytes written * * \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key */ From 57cc70ec8193ee7a118d852c425b2551c0b22588 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 2 Apr 2018 18:25:16 +0300 Subject: [PATCH 323/488] Enforce SRTP mandatory HS messages Enforce CertificateRequest, client and server Certificates, and CertificateVerify messages, which are mandatory in DTLS-SRTP, as defined in RFC 5764 section 4.1 Signed-off-by: Johan Pascal --- library/ssl_cli.c | 32 +++++++++++++++++++++++++++----- library/ssl_srv.c | 23 +++++++++++++++++++++-- library/ssl_tls.c | 33 +++++++++++++++++++++++++++------ 3 files changed, 75 insertions(+), 13 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8b9f2f0f7..c7798eb0e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3454,8 +3454,20 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->client_auth == 0 ) { - /* Current message is probably the ServerHelloDone */ - ssl->keep_current_message = 1; +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* check if we have a chosen srtp protection profile */ + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } + else + { +#endif + /* MBEDTLS_SSL_DTLS_SRTP */ + /* Current message is probably the ServerHelloDone */ + ssl->keep_current_message = 1; +#if defined(MBEDTLS_SSL_DTLS_SRTP) + } +#endif goto exit; } @@ -4102,9 +4114,19 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); - ssl->state++; - return( 0 ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* check if we have a chosen srtp protection profile */ + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + } + else + { +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + ssl->state++; + return( 0 ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + } +#endif } if( mbedtls_ssl_own_key( ssl ) == NULL ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f5229efb4..1f497aea5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3018,14 +3018,33 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) authmode = ssl->handshake->sni_authmode; else +#endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* check if we have a chosen srtp protection profile */ + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + authmode = MBEDTLS_SSL_VERIFY_REQUIRED; + } + else #endif authmode = ssl->conf->authmode; if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) || authmode == MBEDTLS_SSL_VERIFY_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); - return( 0 ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* check if we have a chosen srtp protection profile */ + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) ); + return ( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + } + else + { +#endif + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); + return( 0 ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + } +#endif } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9f55db439..987b33024 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -873,7 +873,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ - if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE) { + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { /* derive key material for srtp session RFC5764 section 4.2 */ /* master key and master salt are respectively 128 bits and 112 bits for all currently available modes : * SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32 @@ -2112,9 +2112,20 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); - ssl->state++; - return( 0 ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + /* check if we have a chosen srtp protection profile */ + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + } + else + { +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + ssl->state++; + return( 0 ); +#if defined(MBEDTLS_SSL_DTLS_SRTP) + } +#endif } #if defined(MBEDTLS_SSL_CLI_C) @@ -2739,9 +2750,20 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ? ssl->handshake->sni_authmode +#if defined(MBEDTLS_SSL_DTLS_SRTP) + : ssl->dtls_srtp_info.chosen_dtls_srtp_profile != + MBEDTLS_SRTP_UNSET_PROFILE + ? MBEDTLS_SSL_VERIFY_REQUIRED +#endif /* MBEDTLS_SSL_DTLS_SRTP */ : ssl->conf->authmode; #else - const int authmode = ssl->conf->authmode; + const int authmode = +#if defined(MBEDTLS_SSL_DTLS_SRTP) + ssl->dtls_srtp_info.chosen_dtls_srtp_profile != + MBEDTLS_SRTP_UNSET_PROFILE ? + MBEDTLS_SSL_VERIFY_REQUIRED : +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + ssl->conf->authmode; #endif void *rs_ctx = NULL; mbedtls_x509_crt *chain = NULL; @@ -4772,7 +4794,6 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbe } int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ) { - *key_len = 0; /* check output buffer size */ if ( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len) { From 4cbe69332ab1d79f94b32c2b68afbba664537126 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 3 Apr 2018 18:29:25 +0300 Subject: [PATCH 324/488] Add ChangeLog Add ChangLog item, describing the feature Signed-off-by: Johan Pascal --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 594c3cf4a..69e094ce4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -730,6 +730,10 @@ Changes * Ciphersuites based on 3DES now have the lowest priority by default when they are enabled. +Features + * Add support for DTLS-SRTP as defined in RFC 5764. Based on contribution done + by Johan Pascal in #361. + = mbed TLS 2.16.0 branch released 2018-12-21 Features From 9d36d311e3adddabdabdc6bfa839c45d3e958158 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 1 Jul 2018 15:27:22 +0300 Subject: [PATCH 325/488] Fix failure in ssl-opts.sh Return a debg message that was removed in previous commit, Whic is searched in the ssl-opts.sh test. Signed-off-by: Johan Pascal --- library/ssl_cli.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c7798eb0e..4073f89bd 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -4122,6 +4122,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) else { #endif /* MBEDTLS_SSL_DTLS_SRTP */ + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); ssl->state++; return( 0 ); #if defined(MBEDTLS_SSL_DTLS_SRTP) From 6ea64518ad7d7a1d52b3d4a8f3d07a2b4b7047dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 2 Jul 2018 10:08:07 +0300 Subject: [PATCH 326/488] Add dtls-srtp to client and server examples Add dtls-srtp to `ssl_client2` and `ssl_server2` examples, for reference and for allowing in tests. Signed-off-by: Johan Pascal --- programs/ssl/ssl_client2.c | 91 ++++++++++++++++++++++++++++++++++++- programs/ssl/ssl_server2.c | 92 +++++++++++++++++++++++++++++++++++++- 2 files changed, 180 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b9047df1d..d9d5cad36 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -150,6 +150,9 @@ int main( void ) #define DFL_NSS_KEYLOG_FILE NULL #define DFL_SKIP_CLOSE_NOTIFY 0 #define DFL_QUERY_CONFIG_MODE 0 +#define DFL_USE_SRTP 0 +#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE +#define DFL_SRTP_MKI "" #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -321,6 +324,20 @@ int main( void ) #define USAGE_DTLS "" #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) +#define USAGE_SRTP \ + " use_srtp=%%d default: 0 (disabled)\n" \ + " srtp_force_profile=%%d default: all enabled\n" \ + " available profiles:\n" \ + " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ + " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ + " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ + " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ + " mki=%%s default: \"\" (in hex, without 0x)\n" +#else +#define USAGE_SRTP "" +#endif + #if defined(MBEDTLS_SSL_FALLBACK_SCSV) #define USAGE_FALLBACK \ " fallback=0/1 default: (library default: off)\n" @@ -407,6 +424,7 @@ int main( void ) "\n" \ USAGE_DTLS \ USAGE_CID \ + USAGE_SRTP \ "\n" #define USAGE2 \ " auth_mode=%%s default: (library default: none)\n" \ @@ -541,6 +559,9 @@ struct options int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ int query_config_mode; /* whether to read config */ + int use_srtp; /* Support SRTP */ + int force_srtp_profile; /* SRTP protection profile to use or all */ + const char* mki; /* The dtls mki value to use */ } opt; int query_config( const char *config ); @@ -1134,6 +1155,10 @@ int main( int argc, char *argv[] ) mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE]; const mbedtls_ecp_curve_info *curve_cur; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; + size_t mki_len = 0; +#endif const char *pers = "ssl_client2"; @@ -1304,6 +1329,9 @@ int main( int argc, char *argv[] ) opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY; opt.query_config_mode = DFL_QUERY_CONFIG_MODE; + opt.use_srtp = DFL_USE_SRTP; + opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; + opt.mki = DFL_SRTP_MKI; for( i = 1; i < argc; i++ ) { @@ -1729,6 +1757,18 @@ int main( int argc, char *argv[] ) opt.skip_close_notify = atoi( q ); if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 ) goto usage; + } + else if( strcmp( p, "use_srtp" ) == 0 ) + { + opt.use_srtp = atoi ( q ); + } + else if( strcmp( p, "srtp_force_profile" ) == 0 ) + { + opt.force_srtp_profile = atoi( q ); + } + else if( strcmp( p, "mki" ) == 0 ) + { + opt.mki = q; } else goto usage; @@ -1837,7 +1877,6 @@ int main( int argc, char *argv[] ) opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; } - #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.psk_opaque != 0 ) { @@ -2240,6 +2279,37 @@ int main( int argc, char *argv[] ) } #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( opt.use_srtp != DFL_USE_SRTP ) + { + if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + { + const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); + } + else + { + const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); + } + + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret ); + goto exit; + } + + } + else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + { + mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); + goto exit; + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); @@ -2476,6 +2546,25 @@ int main( int argc, char *argv[] ) mbedtls_ecp_set_max_ops( opt.ec_max_ops ); #endif + #if defined(MBEDTLS_SSL_DTLS_SRTP) + if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) + { + if( mbedtls_test_unhexify( mki, sizeof( mki ), + opt.mki,&mki_len ) != 0 ) + { + mbedtls_printf( "mki value not valid hex\n" ); + goto exit; + } + + mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); + if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, strlen( mki )) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); + goto exit; + } + } +#endif + mbedtls_printf( " ok\n" ); /* diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a98aec119..be45e5463 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -183,6 +183,9 @@ int main( void ) #define DFL_NSS_KEYLOG 0 #define DFL_NSS_KEYLOG_FILE NULL #define DFL_QUERY_CONFIG_MODE 0 +#define DFL_USE_SRTP 0 +#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE +#define DFL_SRTP_MKI "" #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -411,6 +414,20 @@ int main( void ) #define USAGE_DTLS "" #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) +#define USAGE_SRTP \ + " use_srtp=%%d default: 0 (disabled)\n" \ + " srtp_force_profile=%%d default: all enabled\n" \ + " available profiles:\n" \ + " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ + " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ + " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ + " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ + " mki=%%s default: \"\" (in hex, without 0x)\n" +#else +#define USAGE_SRTP "" +#endif + #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #define USAGE_EMS \ " extended_ms=0/1 default: (library default: on)\n" @@ -490,6 +507,7 @@ int main( void ) " read_timeout=%%d default: 0 ms (no timeout)\n" \ "\n" \ USAGE_DTLS \ + USAGE_SRTP \ USAGE_COOKIES \ USAGE_ANTI_REPLAY \ USAGE_BADMAC_LIMIT \ @@ -645,6 +663,9 @@ struct options * after renegotiation */ int reproducible; /* make communication reproducible */ int query_config_mode; /* whether to read config */ + int use_srtp; /* Support SRTP */ + int force_srtp_profile; /* SRTP protection profile to use or all */ + const char* mki; /* The dtls mki value to use */ } opt; int query_config( const char *config ); @@ -1792,7 +1813,6 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) unsigned char alloc_buf[MEMORY_HEAP_SIZE]; #endif - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX]; unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX]; @@ -1804,6 +1824,10 @@ int main( int argc, char *argv[] ) size_t context_buf_len = 0; #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; + size_t mki_len = 0; +#endif int i; char *p, *q; const int *list; @@ -1976,6 +2000,9 @@ int main( int argc, char *argv[] ) opt.nss_keylog = DFL_NSS_KEYLOG; opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE; opt.query_config_mode = DFL_QUERY_CONFIG_MODE; + opt.use_srtp = DFL_USE_SRTP; + opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; + opt.mki = DFL_SRTP_MKI; for( i = 1; i < argc; i++ ) { @@ -2424,6 +2451,18 @@ int main( int argc, char *argv[] ) { opt.nss_keylog_file = q; } + else if( strcmp( p, "use_srtp" ) == 0 ) + { + opt.use_srtp = atoi ( q ); + } + else if( strcmp( p, "srtp_force_profile" ) == 0 ) + { + opt.force_srtp_profile = atoi( q ); + } + else if( strcmp( p, "mki" ) == 0 ) + { + opt.mki = q; + } else goto usage; } @@ -3028,7 +3067,7 @@ int main( int argc, char *argv[] ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret ); goto exit; - }; + } #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -3058,6 +3097,37 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( opt.use_srtp != DFL_USE_SRTP ) + { + if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + { + const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); + } + else + { + const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); + } + + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret ); + goto exit; + } + + } + else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + { + mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); + goto exit; + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) if( opt.trunc_hmac != DFL_TRUNC_HMAC ) mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac ); @@ -3464,6 +3534,24 @@ int main( int argc, char *argv[] ) mbedtls_timing_get_delay ); #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) + { + if( unhexify( mki, opt.mki, &mki_len ) != 0 ) + { + mbedtls_printf( "mki value not valid hex\n" ); + goto exit; + } + + mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); + if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, mki_len) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); + goto exit; + } + } +#endif + mbedtls_printf( " ok\n" ); reset: From 12c6eaddd505919160852d98291d3d4f390b7479 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 3 Jul 2018 15:08:32 +0300 Subject: [PATCH 327/488] Fix mki issues 1. Set correct mki from the `use_srtp` extension. 2. Use mki value received from the client as the mki used by server. 3. Use `mbedtls_ssl_dtls_srtp_set_mki_value()` as a client API only. Signed-off-by: Johan Pascal --- library/ssl_cli.c | 2 +- library/ssl_srv.c | 7 ++++--- programs/ssl/ssl_server2.c | 35 +++++++++++------------------------ 3 files changed, 16 insertions(+), 28 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4073f89bd..7d9c9c317 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1851,7 +1851,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if (((uint16_t)( ( buf[0]<<8 ) | buf[1] ) ) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */ return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } else { - server_protection_profile_value = ( buf[2]<<8 ) | buf[3]; + server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; } ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1f497aea5..82baeca10 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -800,13 +800,13 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * */ - /* Min length is 5 : at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */ + /* Min length is 5: at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */ if( len < 5 ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; - profile_length = ( buf[0]<<8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */ + profile_length = ( buf[0] << 8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */ /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ @@ -856,9 +856,10 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } + ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ]; for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ ) { - ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + i ]; + ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ]; } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index be45e5463..2db5887d2 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -185,7 +185,7 @@ int main( void ) #define DFL_QUERY_CONFIG_MODE 0 #define DFL_USE_SRTP 0 #define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE -#define DFL_SRTP_MKI "" +#define DFL_SRTP_SUPPORT_MKI 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -423,7 +423,7 @@ int main( void ) " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ - " mki=%%s default: \"\" (in hex, without 0x)\n" + " support_mki=%%d default: 0 (not supported)\n" #else #define USAGE_SRTP "" #endif @@ -665,7 +665,7 @@ struct options int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ - const char* mki; /* The dtls mki value to use */ + int support_mki; /* The dtls mki mki support */ } opt; int query_config( const char *config ); @@ -2002,7 +2002,7 @@ int main( int argc, char *argv[] ) opt.query_config_mode = DFL_QUERY_CONFIG_MODE; opt.use_srtp = DFL_USE_SRTP; opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; - opt.mki = DFL_SRTP_MKI; + opt.support_mki = DFL_SRTP_SUPPORT_MKI; for( i = 1; i < argc; i++ ) { @@ -2459,9 +2459,9 @@ int main( int argc, char *argv[] ) { opt.force_srtp_profile = atoi( q ); } - else if( strcmp( p, "mki" ) == 0 ) + else if( strcmp( p, "support_mki" ) == 0 ) { - opt.mki = q; + opt.support_mki = atoi( q ); } else goto usage; @@ -3120,6 +3120,11 @@ int main( int argc, char *argv[] ) goto exit; } + mbedtls_ssl_conf_srtp_mki_value_supported( &conf, + opt.support_mki ? + MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED : + MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ); + } else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) { @@ -3534,24 +3539,6 @@ int main( int argc, char *argv[] ) mbedtls_timing_get_delay ); #endif -#if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) - { - if( unhexify( mki, opt.mki, &mki_len ) != 0 ) - { - mbedtls_printf( "mki value not valid hex\n" ); - goto exit; - } - - mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); - if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, mki_len) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); - goto exit; - } - } -#endif - mbedtls_printf( " ok\n" ); reset: From 1c399bdffe2054b8b0ad9729f9e218f8eb469492 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 4 Jul 2018 18:45:27 +0300 Subject: [PATCH 328/488] Set authmode to optional, if not set Set authmode to `MBEDTLS_SSL_VERIFY_REQUIRED` when using dtls-srtp, in case authmode was not set. This is to support self signed certificates received by the server, which is the case with webRTC. Certificate fingerprints are verified outside the dtls stack, as defined in RFC 5763. Signed-off-by: Johan Pascal --- library/ssl_srv.c | 6 +++--- library/ssl_tls.c | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 82baeca10..00549649c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3021,9 +3021,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) else #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { - authmode = MBEDTLS_SSL_VERIFY_REQUIRED; + /* check if we have a chosen srtp protection profile, force verify mode to be at least OPTIONAL */ + if ( ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) && ( ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) ) { + authmode = MBEDTLS_SSL_VERIFY_OPTIONAL; } else #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 987b33024..02efcb412 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2753,6 +2753,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_SRTP) : ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE + && ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ? MBEDTLS_SSL_VERIFY_REQUIRED #endif /* MBEDTLS_SSL_DTLS_SRTP */ : ssl->conf->authmode; @@ -2760,8 +2761,9 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) const int authmode = #if defined(MBEDTLS_SSL_DTLS_SRTP) ssl->dtls_srtp_info.chosen_dtls_srtp_profile != - MBEDTLS_SRTP_UNSET_PROFILE ? - MBEDTLS_SSL_VERIFY_REQUIRED : + MBEDTLS_SRTP_UNSET_PROFILE && + ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ? + MBEDTLS_SSL_VERIFY_REQUIRED : #endif /* MBEDTLS_SSL_DTLS_SRTP */ ssl->conf->authmode; #endif From b465539476fc9191c24fa9e839fb84cafb3036ef Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 5 Jul 2018 18:25:39 +0300 Subject: [PATCH 329/488] Add tests and code to support 1. Add DTLS-SRTP tests in `ssl-opts.sh` 2. Add logs for the tests to filter. 3. Add function to get the profile informations. Signed-off-by: Johan Pascal --- library/ssl_cli.c | 14 ++++++ library/ssl_srv.c | 9 ++++ library/ssl_tls.c | 24 +++++++++ tests/ssl-opt.sh | 125 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 172 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 7d9c9c317..d6b429df2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -843,6 +843,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, { *p++ = ssl->dtls_srtp_info.mki_value[i]; } + MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); } /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ @@ -1819,6 +1820,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i, mki_len = 0; uint16_t server_protection_profile_value = 0; + const mbedtls_ssl_srtp_profile_info * profile_info; /* If use_srtp is not configured, just ignore the extension */ if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) @@ -1878,9 +1880,15 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, server_protection = MBEDTLS_SRTP_UNSET_PROFILE; break; } + profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( server_protection ); + if( profile_info != NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); + } if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); break; } } @@ -1904,6 +1912,12 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } +#if defined (MBEDTLS_DEBUG_C) + if( len > 5) + { + MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); + } +#endif return 0; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 00549649c..4c59e5b40 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -783,6 +783,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i,j; size_t profile_length; + const mbedtls_ssl_srtp_profile_info * profile_info; /* If use_srtp is not configured, just ignore the extension */ if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) @@ -832,12 +833,18 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, client_protection = MBEDTLS_SRTP_UNSET_PROFILE; break; } + profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( client_protection ); + if( profile_info != NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); + } /* check if suggested profile is in our list */ for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); break; } } @@ -861,6 +868,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ]; } + + MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); } return( 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 02efcb412..18c86a5ce 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4738,6 +4738,30 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) +static const mbedtls_ssl_srtp_profile_info srtp_profile_definitions[] = +{ + { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" }, + { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" }, + { MBEDTLS_SRTP_NULL_HMAC_SHA1_80, "MBEDTLS_SRTP_NULL_HMAC_SHA1_80" }, + { MBEDTLS_SRTP_NULL_HMAC_SHA1_32, "MBEDTLS_SRTP_NULL_HMAC_SHA1_32" }, + { MBEDTLS_SRTP_UNSET_PROFILE, "" } +}; + +const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( mbedtls_ssl_srtp_profile profile ) +{ + const mbedtls_ssl_srtp_profile_info *cur = srtp_profile_definitions; + + while( cur->profile != MBEDTLS_SRTP_UNSET_PROFILE ) + { + if( cur->profile == profile ) + return( cur ); + + cur++; + } + + return( NULL ); +} + void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ) { conf->dtls_srtp_mki_support = support_mki_value; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 653d88da7..ada4dbeb1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8713,6 +8713,131 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ 0 \ -s "fragmenting handshake message" +# Tests for DTLS-SRTP (RFC 5764) +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported" \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=3 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -s "server hello, adding use_srtp extension" \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports one profile. Client supports profiles." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "server hello, adding use_srtp extension" \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one matching profile." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "server hello, adding use_srtp extension" \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one different profile." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -S "selected srtp profile" \ + -S "server hello, adding use_srtp extension" \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server doesn't support use_srtp extension." \ + "$P_SRV dtls=1 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -S "server hello, adding use_srtp extension" \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. mki used" \ + "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -s "dumping 'using mki' (8 bytes)" \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -c "dumping 'sending mki' (8 bytes)" \ + -c "dumping 'received mki' (8 bytes)" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -S "dumping 'using mki' (8 bytes)" \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -c "dumping 'sending mki' (8 bytes)" \ + -C "dumping 'received mki' (8 bytes)" \ + -C "error" + # Tests for specific things with "unreliable" UDP connection not_with_valgrind # spurious resend due to timeout From 311b95aafee86fa2f4c5fec81a9618069c757cc4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 8 Jul 2018 08:50:31 +0300 Subject: [PATCH 330/488] Fix compilation errors Fix compilation errors when `MBEDTLS_DTLS_SRTP` not set 1. Add file missed in previous commmit. 2. In sample applications, set `DFL_FORCE_SRTP_PROFILE` to 0. Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 16 ++++++++++++++++ programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 83f2f425f..698334739 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -881,6 +881,13 @@ typedef enum } mbedtls_ssl_srtp_profile; +typedef struct +{ + const mbedtls_ssl_srtp_profile profile; + const char *name; +} +mbedtls_ssl_srtp_profile_info; + typedef struct mbedtls_dtls_srtp_info_t { mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ @@ -3233,6 +3240,15 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbe * \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key */ int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ); + +/** + * \brief Utility function to get information on dtls srtp profile. + * + * \param profile The dtls-srtp profile id to get info on. + * + * \return mbedtls_ssl_srtp_profile_info* on success, NULL if not found + */ +const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( mbedtls_ssl_srtp_profile profile ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d9d5cad36..4ae740c63 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -151,7 +151,7 @@ int main( void ) #define DFL_SKIP_CLOSE_NOTIFY 0 #define DFL_QUERY_CONFIG_MODE 0 #define DFL_USE_SRTP 0 -#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE +#define DFL_SRTP_FORCE_PROFILE 0 #define DFL_SRTP_MKI "" #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 2db5887d2..137838c77 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -184,7 +184,7 @@ int main( void ) #define DFL_NSS_KEYLOG_FILE NULL #define DFL_QUERY_CONFIG_MODE 0 #define DFL_USE_SRTP 0 -#define DFL_SRTP_FORCE_PROFILE MBEDTLS_SRTP_UNSET_PROFILE +#define DFL_SRTP_FORCE_PROFILE 0 #define DFL_SRTP_SUPPORT_MKI 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ From 3c6a44bed8719c3b3336ee4779c4d2a048a9ea00 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 10 Jul 2018 10:32:10 +0300 Subject: [PATCH 331/488] Add interop tests Add some interoperability tests with openssl and gnutls, in ssl-opts.sh. Signed-off-by: Johan Pascal --- tests/ssl-opt.sh | 332 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 331 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ada4dbeb1..cd2e7c74f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8745,7 +8745,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile." -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP -run_test "DTLS-SRTP server supports one profile. Client supports profiles." \ +run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ @@ -8838,6 +8838,336 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -C "dumping 'received mki' (8 bytes)" \ -C "error" +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -S "selected srtp profile" \ + -S "server hello, adding use_srtp extension" \ + -C "SRTP Extension negotiated, profile" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ + "$P_SRV dtls=1 debug_level=3" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -S "server hello, adding use_srtp extension" \ + -C "SRTP Extension negotiated, profile" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. openssl server" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ + "$O_SRV -dtls1" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -c "dumping 'sending mki' (8 bytes)" \ + -C "dumping 'received mki' (8 bytes)" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. gnutls client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP profile: SRTP_NULL_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -s "selected srtp profile" \ + -s "server hello, adding use_srtp extension" \ + -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -s "found srtp profile" \ + -S "selected srtp profile" \ + -S "server hello, adding use_srtp extension" \ + -C "SRTP profile:" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ + "$P_SRV dtls=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + 0 \ + -s "found use_srtp extension" \ + -S "server hello, adding use_srtp extension" \ + -C "SRTP profile:" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. gnutls server" \ + "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ + "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ + "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ + "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ + "$P_CLI dtls=1 use_srtp=30 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ + "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ + "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ + "$G_SRV -u" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -C "found use_srtp extension" \ + -C "found srtp profile" \ + -C "selected srtp profile" \ + -C "error" + +requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ + "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ + 0 \ + -c "client hello, adding use_srtp extension" \ + -c "found use_srtp extension" \ + -c "found srtp profile" \ + -c "selected srtp profile" \ + -c "dumping 'sending mki' (8 bytes)" \ + -c "dumping 'received mki' (8 bytes)" \ + -C "error" + # Tests for specific things with "unreliable" UDP connection not_with_valgrind # spurious resend due to timeout From 2b3dfe41af9fc8a6d61aa662f6585073367fc0e1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 11 Jul 2018 11:53:37 +0300 Subject: [PATCH 332/488] Force IPv6 for DTLS interop tests with gnutls-cli Since `gnutls-cli` resolves `localhost` as an IPv6 address, and the server is bound to IPv4 address, gnutl-cli fails to negotiate DTLS sessions. Force the server to bind to IPv6 address, as a workaround. Signed-off-by: Johan Pascal --- tests/ssl-opt.sh | 42 +++++++++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index cd2e7c74f..ad38f5d26 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9003,9 +9003,13 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl -C "dumping 'received mki' (8 bytes)" \ -C "error" +# gnutls-cli resolves localhost as an IPv6 address, when enabled, +# and fails to send messagges over UDP, causing DTLS negotiation to fail. +# Force server to bind to IPv6 address +requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP all profiles supported. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3 server_addr=::1" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 0 \ -s "found use_srtp extension" \ @@ -9014,9 +9018,13 @@ run_test "DTLS-SRTP all profiles supported. gnutls client." \ -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" +# gnutls-cli resolves localhost as an IPv6 address, when enabled, +# and fails to send messagges over UDP, causing DTLS negotiation to fail. +# Force server to bind to IPv6 address +requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3 server_addr=::1" \ "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32" \ 0 \ -s "found use_srtp extension" \ @@ -9025,9 +9033,13 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" +# gnutls-cli resolves localhost as an IPv6 address, when enabled, +# and fails to send messagges over UDP, causing DTLS negotiation to fail. +# Force server to bind to IPv6 address +requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3 server_addr=::1" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 0 \ -s "found use_srtp extension" \ @@ -9036,9 +9048,13 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" +# gnutls-cli resolves localhost as an IPv6 address, when enabled, +# and fails to send messagges over UDP, causing DTLS negotiation to fail. +# Force server to bind to IPv6 address +requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3 server_addr=::1" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 0 \ -s "found use_srtp extension" \ @@ -9047,9 +9063,13 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_NULL_SHA1_32" +# gnutls-cli resolves localhost as an IPv6 address, when enabled, +# and fails to send messagges over UDP, causing DTLS negotiation to fail. +# Force server to bind to IPv6 address +requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3 server_addr=::1" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 0 \ -s "found use_srtp extension" \ @@ -9058,9 +9078,13 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" +# gnutls-cli resolves localhost as an IPv6 address, when enabled, +# and fails to send messagges over UDP, causing DTLS negotiation to fail. +# Force server to bind to IPv6 address +requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3 server_addr=::1" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 0 \ -s "found use_srtp extension" \ @@ -9069,9 +9093,13 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl -S "server hello, adding use_srtp extension" \ -C "SRTP profile:" +# gnutls-cli resolves localhost as an IPv6 address, when enabled, +# and fails to send messagges over UDP, causing DTLS negotiation to fail. +# Force server to bind to IPv6 address +requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ - "$P_SRV dtls=1 debug_level=3" \ + "$P_SRV dtls=1 debug_level=3 server_addr=::1" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 0 \ -s "found use_srtp extension" \ From ef72faf2bbcdac7df981a598bb25d3961b33f839 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jul 2018 11:54:20 +0300 Subject: [PATCH 333/488] Style fixes 1. Adjust to 80 colums where possible. 2. Add \ remove spaces where needed. 3. Fix alignments. Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 36 +++++++---- library/ssl_cli.c | 121 ++++++++++++++++++++++++------------- library/ssl_srv.c | 87 ++++++++++++++++---------- library/ssl_tls.c | 66 +++++++++++--------- programs/ssl/ssl_client2.c | 13 ++-- programs/ssl/ssl_server2.c | 8 ++- 6 files changed, 212 insertions(+), 119 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 698334739..f60fc9940 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3190,10 +3190,11 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); * (Default: MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) * * \param conf SSL configuration - * \param support_mki_value Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED or - * MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) + * \param support_mki_value Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED + * or MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) */ -void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ); +void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, + int support_mki_value ); /** * \brief Set the supported DTLS-SRTP protection profiles. @@ -3205,7 +3206,9 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int su * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number); +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles, + size_t profiles_number ); /** * \brief Set the mki_value for the current dtls session. @@ -3214,9 +3217,12 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co * \param mki_value MKI value to set * \param mki_len MKI length * - * \return 0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA or MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE + * \return 0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * or MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE on failure */ -int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char* mki_value, size_t mki_len ); +int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, + unsigned char *mki_value, + size_t mki_len ); /** * \brief Get the negotiated DTLS-SRTP Protection Profile. * This function should be called after the handshake is @@ -3224,22 +3230,28 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char * * \param ssl SSL context * - * \return Protection Profile enum member, MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. + * \return Protection Profile enum member, + * MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. */ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl ); /** * \brief Get the generated DTLS-SRTP key material. * This function should be called after the handshake is - * completed. It shall returns 80 bytes of key material generated according to RFC5764 + * completed. It shall returns 80 bytes of key material + * generated according to RFC5764 * * \param ssl SSL context * \param key Buffer to hold the generated key material - * \param key_len [in/out] key buffer size. outputs the actual number of bytes written + * \param key_len [in/out] key buffer size. outputs the actual number + * of bytes written * - * \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer is too small to hold the generated key + * \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer + * is too small to hold the generated key */ -int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ); +int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, + unsigned char *key, + size_t *key_len ); /** * \brief Utility function to get information on dtls srtp profile. @@ -3267,7 +3279,7 @@ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) */ -void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); +void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf,int major, int minor ); /** * \brief Set the minimum accepted SSL/TLS protocol version diff --git a/library/ssl_cli.c b/library/ssl_cli.c index d6b429df2..8335f0033 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -766,7 +766,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( (ssl->conf->dtls_srtp_profile_list == NULL) || (ssl->conf->dtls_srtp_profile_list_len == 0) ) + if( (ssl->conf->dtls_srtp_profile_list == NULL) || + (ssl->conf->dtls_srtp_profile_list_len == 0) ) { return; } @@ -785,52 +786,69 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * } UseSRTPData; * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - * */ if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - ssl->dtls_srtp_info.mki_len != 0 ) + ssl->dtls_srtp_info.mki_len != 0 ) { mki_len = ssl->dtls_srtp_info.mki_len; } - /* Extension length = 2bytes for profiles length, ssl->conf->dtls_srtp_profile_list_len*2 (each profile is 2 bytes length ) + 1 byte for srtp_mki vector length and the mki_len value */ - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( 2 + 2*(ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len ) ) & 0xFF ); - + /* Extension length = 2 bytes for profiles length, + * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ), + * 1 byte for srtp_mki vector length and the mki_len value + */ + *p++ = (unsigned char)( ( ( 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + + 1 + mki_len ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ( 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len ) + + 1 + mki_len ) ) & 0xFF ); /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ - *p++ = (unsigned char)( ( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( 2*(ssl->conf->dtls_srtp_profile_list_len) ) & 0xFF ); + *p++ = (unsigned char)( ( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) ) + >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) ) + & 0xFF ); - for( protection_profiles_index=0; protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ ) + for( protection_profiles_index=0; + protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; + protection_profiles_index++ ) { switch (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); - *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); + *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) + >> 8 ) & 0xFF ); + *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) + & 0xFF ); break; case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); - *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); + *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) + >> 8 ) & 0xFF ); + *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) + & 0xFF ); break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) & 0xFF); - *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF); + *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) + & 0xFF ) ; + *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) & 0xFF); - *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF); + *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) + & 0xFF ); + *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); break; default: - /* Note: we shall never arrive here as protection profiles is checked by ssl_set_dtls_srtp_protection_profiles function */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) ); + /* + * Note: we shall never arrive here as protection profiles + * is checked by ssl_set_dtls_srtp_protection_profiles function + */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", + ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) ); break; } } @@ -843,11 +861,18 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, { *p++ = ssl->dtls_srtp_info.mki_value[i]; } - MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); } - /* total extension length: extension type (2 bytes) + extension length (2 bytes) + protection profile length (2 bytes) + 2*nb protection profiles + srtp_mki vector length(1 byte)*/ - *olen = 2 + 2 + 2 + 2*( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; + /* + * total extension length: extension type (2 bytes) + * + extension length (2 bytes) + * + protection profile length (2 bytes) + * + 2 * number of protection profiles + * + srtp_mki vector length(1 byte) + */ + *olen = 2 + 2 + 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1815,7 +1840,8 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_SRTP) static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) + const unsigned char *buf, + size_t len ) { mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i, mki_len = 0; @@ -1823,7 +1849,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const mbedtls_ssl_srtp_profile_info * profile_info; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) + if( ssl->conf->dtls_srtp_profile_list == NULL || + ssl->conf->dtls_srtp_profile_list_len == 0 ) return( 0 ); /* RFC5764 section 4.1.1 @@ -1838,21 +1865,32 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * */ if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - ssl->dtls_srtp_info.mki_len != 0 ) + ssl->dtls_srtp_info.mki_len != 0 ) { mki_len = ssl->dtls_srtp_info.mki_len; } - /* Length is 5 and optional mki_value : one protection profile(2 bytes) + length(2 bytes) and srtp_mki */ + /* + * Length is 5 and optional mki_value : one protection profile(2 bytes) + * + length(2 bytes) and srtp_mki + */ if( ( len != 5 ) && ( len != ( 5 + mki_len ) ) ) return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); /* * get the server protection profile */ - if (((uint16_t)( ( buf[0]<<8 ) | buf[1] ) ) != 0x0002) { /* protection profile length must be 0x0002 as we must have only one protection profile in server Hello */ + + /* + * protection profile length must be 0x0002 as we must have only + * one protection profile in server Hello + */ + if( ( (uint16_t)( ( buf[0] << 8 ) | buf[1] ) ) != 0x0002 ) + { return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); - } else { + } + else + { server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; } @@ -1863,7 +1901,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, */ for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { - switch ( server_protection_profile_value ) { + switch( server_protection_profile_value ) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; break; @@ -1886,7 +1924,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); } - if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { + if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); break; @@ -1897,10 +1935,11 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - /* RFC5764: + /* + * RFC5764: * If the client detects a nonzero-length MKI in the server's response * that is different than the one the client offered, then the client * MUST abort the handshake and SHOULD send an invalid_parameter alert. @@ -1913,9 +1952,10 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } #if defined (MBEDTLS_DEBUG_C) - if( len > 5) + if( len > 5 ) { - MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); } #endif return 0; @@ -3469,14 +3509,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->client_auth == 0 ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + /* check if we have a chosen srtp protection profile */ + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } else { -#endif - /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_DTLS_SRTP */ /* Current message is probably the ServerHelloDone */ ssl->keep_current_message = 1; #if defined(MBEDTLS_SSL_DTLS_SRTP) @@ -4129,8 +4168,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + /* check if we have a chosen srtp protection profile */ + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); } else diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 4c59e5b40..38908c840 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -778,15 +778,17 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_SRTP) static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) + const unsigned char *buf, + size_t len ) { mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i,j; size_t profile_length; - const mbedtls_ssl_srtp_profile_info * profile_info; + const mbedtls_ssl_srtp_profile_info *profile_info; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) + if( ssl->conf->dtls_srtp_profile_list == NULL || + ssl->conf->dtls_srtp_profile_list_len == 0 ) return( 0 ); /* RFC5764 section 4.1.1 @@ -798,22 +800,28 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * } UseSRTPData; * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; - * */ - /* Min length is 5: at least one protection profile(2 bytes) and length(2 bytes) + srtp_mki length(1 byte) */ + /* + * Min length is 5: at least one protection profile(2 bytes) + * and length(2 bytes) + srtp_mki length(1 byte) + */ if( len < 5 ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; - profile_length = ( buf[0] << 8 ) | buf[1]; /* first 2 bytes are protection profile length(in bytes) */ + /* first 2 bytes are protection profile length(in bytes) */ + profile_length = ( buf[0] << 8 ) | buf[1]; - - /* parse the extension list values are defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ - for( j=0; j < profile_length; j+=2 ) + /* + * parse the extension list values are defined in + * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + */ + for( j=0; j < profile_length; j += 2 ) { - uint16_t protection_profile_value = buf[j+2]<<8 | buf[j+3]; /* +2 to skip the length field */ + /* + 2 to skip the length field */ + uint16_t protection_profile_value = buf[j + 2] << 8 | buf[j+3]; switch ( protection_profile_value ) { @@ -854,7 +862,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if( ( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) && ( len > ( profile_length + 2 ) ) ) { - ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ]; + ssl->dtls_srtp_info.mki_len = buf[profile_length + 2]; if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -863,13 +871,14 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - ssl->dtls_srtp_info.mki_len = buf[ profile_length + 2 ]; + ssl->dtls_srtp_info.mki_len = buf[profile_length + 2]; for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ ) { - ssl->dtls_srtp_info.mki_value[i] = buf[ profile_length + 2 + 1 + i ]; + ssl->dtls_srtp_info.mki_value[i] = buf[profile_length + 2 + 1 + i]; } - MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); } return( 0 ); @@ -2611,7 +2620,8 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS) static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) + unsigned char *buf, + size_t *olen ) { size_t mki_len = 0, ext_len = 0, i; @@ -2624,7 +2634,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - ssl->dtls_srtp_info.mki_len != 0 ) + ssl->dtls_srtp_info.mki_len != 0 ) { mki_len = ssl->dtls_srtp_info.mki_len; } @@ -2632,7 +2642,10 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, /* extension */ buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); - /* total length 5 and mki value: only one profile(2 bytes) and length(2 bytes) and srtp_mki ) */ + /* + * total length 5 and mki value: only one profile(2 bytes) + * and length(2 bytes) and srtp_mki ) + */ ext_len = 5 + mki_len; buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); buf[3] = (unsigned char)( ext_len & 0xFF ); @@ -2642,20 +2655,28 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, buf[5] = 0x02; switch (ssl->dtls_srtp_info.chosen_dtls_srtp_profile) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8 ) + & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) + & 0xFF ); break; case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8 ) + & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) + & 0xFF ); break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8) & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8 ) + & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) + & 0xFF ); break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8) & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); + buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8 ) + & 0xFF ); + buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) + & 0xFF ); break; default: *olen = 0; @@ -2665,7 +2686,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, buf[8] = mki_len & 0xFF; for( i=0; i < mki_len; i++ ) { - buf[ 9 + i ] = ssl->dtls_srtp_info.mki_value[i]; + buf[9 + i] = ssl->dtls_srtp_info.mki_value[i]; } *olen = 9 + mki_len; @@ -2961,7 +2982,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen); + ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; #endif @@ -3030,11 +3051,15 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) else #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile, force verify mode to be at least OPTIONAL */ - if ( ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) && ( ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) ) { + /* + * check if we have a chosen srtp protection profile, + * force verify mode to be at least OPTIONAL + */ + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE && + ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) { authmode = MBEDTLS_SSL_VERIFY_OPTIONAL; } - else + else #endif authmode = ssl->conf->authmode; @@ -3045,7 +3070,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) /* check if we have a chosen srtp protection profile */ if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) ); - return ( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } else { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 18c86a5ce..3a0fbfc8a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -873,19 +873,19 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { - /* derive key material for srtp session RFC5764 section 4.2 */ - /* master key and master salt are respectively 128 bits and 112 bits for all currently available modes : + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + /* derive key material for srtp session RFC5764 section 4.2 + * master key and master salt are respectively 128 bits and 112 bits + * for all currently available modes : * SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32 * SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32 * So we must export 2*(128 + 112) = 480 bits */ ssl->dtls_srtp_info.dtls_srtp_keys_len = MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH; - //ssl->dtls_srtp_info.dtls_srtp_keys = (unsigned char *)mbedtls_calloc(1, ssl->dtls_srtp_info.dtls_srtp_keys_len); - - ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp", - randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len ); + ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp", + randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys, + ssl->dtls_srtp_info.dtls_srtp_keys_len ); if( ret != 0 ) { @@ -2113,9 +2113,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { - return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + /* check if we have a chosen srtp protection profile */ + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); } else { @@ -2754,7 +2754,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) : ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE && ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE - ? MBEDTLS_SSL_VERIFY_REQUIRED + ? MBEDTLS_SSL_VERIFY_OPTIONAL #endif /* MBEDTLS_SSL_DTLS_SRTP */ : ssl->conf->authmode; #else @@ -2763,7 +2763,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE && ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ? - MBEDTLS_SSL_VERIFY_REQUIRED : + MBEDTLS_SSL_VERIFY_OPTIONAL : #endif /* MBEDTLS_SSL_DTLS_SRTP */ ssl->conf->authmode; #endif @@ -4762,12 +4762,15 @@ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( return( NULL ); } -void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ) +void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, + int support_mki_value ) { conf->dtls_srtp_mki_support = support_mki_value; } -int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char* mki_value, size_t mki_len ) +int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, + unsigned char *mki_value, + size_t mki_len ) { if ( mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -4780,20 +4783,22 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char return 0; } -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, const mbedtls_ssl_srtp_profile *profiles, size_t profiles_number) +int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles, + size_t profiles_number ) { size_t i; /* check in put validity : must be a list of profiles from enumeration */ /* maximum length is 4 as only 4 protection profiles are defined */ - if (profiles_number>4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + if( profiles_number > 4 ) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - mbedtls_free(conf->dtls_srtp_profile_list); - conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile *)mbedtls_calloc(1, profiles_number*sizeof(mbedtls_ssl_srtp_profile)); + mbedtls_free( conf->dtls_srtp_profile_list ); + conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, profiles_number * sizeof( mbedtls_ssl_srtp_profile ) ); - for (i=0; idtls_srtp_profile_list[i] = profiles[i]; break; default: - mbedtls_free(conf->dtls_srtp_profile_list); + mbedtls_free( conf->dtls_srtp_profile_list ); conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -4814,19 +4819,22 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, co return( 0 ); } -mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl) +mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl ) { - return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile); + return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); } -int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ) { +int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, + unsigned char *key, + size_t *key_len ) { /* check output buffer size */ - if ( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len) { + if( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) { return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; } - memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len); + memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, + ssl->dtls_srtp_info.dtls_srtp_keys_len ); *key_len = ssl->dtls_srtp_info.dtls_srtp_keys_len; return 0; @@ -6931,8 +6939,8 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) #endif #if defined (MBEDTLS_SSL_DTLS_SRTP) - mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len ); - //mbedtls_free( ssl->dtls_srtp_keys ); + mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys, + ssl->dtls_srtp_info.dtls_srtp_keys_len ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 4ae740c63..062fa11f6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -561,7 +561,7 @@ struct options int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ - const char* mki; /* The dtls mki value to use */ + const char *mki; /* The dtls mki value to use */ } opt; int query_config( const char *config ); @@ -2285,7 +2285,9 @@ int main( int argc, char *argv[] ) if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) { const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, + forced_profile, + sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); } else { @@ -2293,7 +2295,9 @@ int main( int argc, char *argv[] ) MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, MBEDTLS_SRTP_NULL_HMAC_SHA1_80, MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, + default_profiles, + sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); } if( ret != 0 ) @@ -2557,7 +2561,8 @@ int main( int argc, char *argv[] ) } mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); - if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, strlen( mki )) ) != 0 ) + if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, + strlen( mki ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); goto exit; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 137838c77..f3c359042 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3103,7 +3103,9 @@ int main( int argc, char *argv[] ) if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) { const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile, sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, + forced_profile, + sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); } else { @@ -3111,7 +3113,9 @@ int main( int argc, char *argv[] ) MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, MBEDTLS_SRTP_NULL_HMAC_SHA1_80, MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, + default_profiles, + sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); } if( ret != 0 ) From a978804a1bded30adcbcc16aca4a229b0a59f601 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 5 Dec 2018 11:04:31 +0200 Subject: [PATCH 334/488] Style fixes 1. Fix indentations. 2. Remove redundant whitespaces. 3. Keep short lines. 4. Grammar fixes. 5. Rephrase function description. Signed-off-by: Johan Pascal --- ChangeLog | 4 +- include/mbedtls/ssl.h | 84 +++++++++++++++++++++++--------------- library/ssl_cli.c | 29 ++++++------- library/ssl_srv.c | 12 +++--- library/ssl_tls.c | 44 +++++++++++++------- programs/ssl/ssl_client2.c | 23 ++++++----- 6 files changed, 116 insertions(+), 80 deletions(-) diff --git a/ChangeLog b/ChangeLog index 69e094ce4..83b566bdb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -731,8 +731,8 @@ Changes they are enabled. Features - * Add support for DTLS-SRTP as defined in RFC 5764. Based on contribution done - by Johan Pascal in #361. + * Add support for DTLS-SRTP as defined in RFC 5764. Based on #361 contributed + by Johan Pascal. = mbed TLS 2.16.0 branch released 2018-12-21 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f60fc9940..1f8d1769c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -415,7 +415,8 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 /* - * use_srtp extension protection profiles values as defined in http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + * Use_srtp extension protection profiles values as defined in + * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ #define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE 0x0001 #define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE 0x0002 @@ -890,10 +891,17 @@ mbedtls_ssl_srtp_profile_info; typedef struct mbedtls_dtls_srtp_info_t { - mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; /*!< negotiated SRTP profile */ - unsigned char dtls_srtp_keys[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; /*!< master keys and master salt for SRTP generated during handshake */ - size_t dtls_srtp_keys_len; /*!< length in bytes of master keys and master salt for SRTP generated during handshake */ - unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; /* opaque srtp_mki<0..255> */ + /*! The SRTP profile that was negotiated*/ + mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; + /*! master keys and master salt for SRTP generated during handshake */ + unsigned char dtls_srtp_keys[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + /*! length in bytes of master keys and master salt for + * SRTP generated during handshake + */ + size_t dtls_srtp_keys_len; + /*! The mki_value used, with max size of 256 bytes */ + unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; + /*! The length of mki_value */ size_t mki_len; } mbedtls_dtls_srtp_info; @@ -1107,8 +1115,10 @@ struct mbedtls_ssl_config #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; /*!< ordered list of supported srtp profile */ - size_t dtls_srtp_profile_list_len; /*!< number of supported profiles */ + /*! ordered list of supported srtp profile */ + mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; + /*! number of supported profiles */ + size_t dtls_srtp_profile_list_len; #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* @@ -3186,12 +3196,14 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) /** - * \brief Add support for mki value in use_srtp extension - * (Default: MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) + * \brief Add support for mki value in use_srtp extension. + * The default value is + * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. * * \param conf SSL configuration - * \param support_mki_value Enable or disable (MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED - * or MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) + * \param support_mki_value Enable or disable mki usage. Values are + * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED + * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. */ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ); @@ -3204,21 +3216,22 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * in decreasing preference order. * \param profiles_number Number of supported profiles. * - * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. + * \return 0 on success, or #MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles, - size_t profiles_number ); +int mbedtls_ssl_conf_dtls_srtp_protection_profiles + ( mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles, + size_t profiles_number ); /** - * \brief Set the mki_value for the current dtls session. + * \brief Set the mki_value for the current DTLS-SRTP session. * - * \param ssl SSL context - * \param mki_value MKI value to set - * \param mki_len MKI length + * \param ssl SSL context to use. + * \param mki_value The MKI value to set. + * \param mki_len The length of the MKI value. * - * \return 0 on success, MBEDTLS_ERR_SSL_BAD_INPUT_DATA - * or MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE on failure + * \return 0 on success, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * or #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE on failure */ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, @@ -3231,36 +3244,39 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * \param ssl SSL context * * \return Protection Profile enum member, - * MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. + * #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. */ -mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl ); +mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile + ( const mbedtls_ssl_context *ssl ); /** * \brief Get the generated DTLS-SRTP key material. * This function should be called after the handshake is - * completed. It shall returns 80 bytes of key material - * generated according to RFC5764 + * completed. It shall returns 60 bytes of key material + * generated according to RFC 5764 * - * \param ssl SSL context - * \param key Buffer to hold the generated key material + * \param ssl SSL context tobe used. + * \param key Buffer to hold the generated key material. * \param key_len [in/out] key buffer size. outputs the actual number - * of bytes written + * of bytes written. * - * \return 0 on succes, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if the key buffer - * is too small to hold the generated key + * \return 0 on success, #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if + * the key buffer is too small to hold the generated key. */ int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, size_t *key_len ); /** - * \brief Utility function to get information on dtls srtp profile. + * \brief Utility function to get information on DTLS-SRTP profile. * * \param profile The dtls-srtp profile id to get info on. * - * \return mbedtls_ssl_srtp_profile_info* on success, NULL if not found + * \return Address of the SRTP profile information structure on + * success,NULL if not found. */ -const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( mbedtls_ssl_srtp_profile profile ); +const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id + ( mbedtls_ssl_srtp_profile profile ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** @@ -3279,7 +3295,7 @@ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) */ -void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf,int major, int minor ); +void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); /** * \brief Set the minimum accepted SSL/TLS protocol version diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 8335f0033..13547ce8a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -756,9 +756,9 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_ALPN */ -#if defined (MBEDTLS_SSL_DTLS_SRTP) +#if defined(MBEDTLS_SSL_DTLS_SRTP) static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) + unsigned char *buf, size_t *olen ) { unsigned char *p = buf; size_t protection_profiles_index = 0; @@ -766,8 +766,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( (ssl->conf->dtls_srtp_profile_list == NULL) || - (ssl->conf->dtls_srtp_profile_list_len == 0) ) + if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || + ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) { return; } @@ -777,14 +777,13 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); - /* RFC5764 section 4.1.1 + /* RFC 5764 section 4.1.1 * uint8 SRTPProtectionProfile[2]; * * struct { * SRTPProtectionProfiles SRTPProtectionProfiles; * opaque srtp_mki<0..255>; * } UseSRTPData; - * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; */ if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && @@ -811,7 +810,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ ) { - switch (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) { + switch( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) ); @@ -848,7 +847,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * is checked by ssl_set_dtls_srtp_protection_profiles function */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", - ssl->conf->dtls_srtp_profile_list[protection_profiles_index]) ); + ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) ); break; } } @@ -1853,7 +1852,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, ssl->conf->dtls_srtp_profile_list_len == 0 ) return( 0 ); - /* RFC5764 section 4.1.1 + /* RFC 5764 section 4.1.1 * uint8 SRTPProtectionProfile[2]; * * struct { @@ -1954,11 +1953,11 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, #if defined (MBEDTLS_DEBUG_C) if( len > 5 ) { - MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); } #endif - return 0; + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -3510,7 +3509,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + { ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; } else @@ -4169,7 +4169,8 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + { return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); } else diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 38908c840..fae8f6063 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -847,7 +847,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); } /* check if suggested profile is in our list */ - for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) + for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) { @@ -860,7 +860,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, break; } if( ( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) && - ( len > ( profile_length + 2 ) ) ) + ( len > ( profile_length + 2 ) ) ) { ssl->dtls_srtp_info.mki_len = buf[profile_length + 2]; if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) @@ -3056,7 +3056,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) * force verify mode to be at least OPTIONAL */ if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE && - ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) { + ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) + { authmode = MBEDTLS_SSL_VERIFY_OPTIONAL; } else @@ -3067,8 +3068,9 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) authmode == MBEDTLS_SSL_VERIFY_NONE ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + /* check if we have a chosen srtp protection profile */ + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + { MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3a0fbfc8a..0ec29135d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -873,10 +873,11 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + { /* derive key material for srtp session RFC5764 section 4.2 * master key and master salt are respectively 128 bits and 112 bits - * for all currently available modes : + * for all currently available modes: * SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32 * SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32 * So we must export 2*(128 + 112) = 480 bits @@ -2114,7 +2115,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + { return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); } else @@ -4773,14 +4775,18 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, size_t mki_len ) { if ( mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) + { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ) + { return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + } memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len ); ssl->dtls_srtp_info.mki_len = mki_len; - return 0; + return( 0 ); } int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, @@ -4788,14 +4794,19 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, size_t profiles_number ) { size_t i; - /* check in put validity : must be a list of profiles from enumeration */ - /* maximum length is 4 as only 4 protection profiles are defined */ - if( profiles_number > 4 ) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + /* + * Check input validity : must be a list of profiles from enumeration. + * Maximum length is 4 as only 4 protection profiles are defined. + */ + if( profiles_number > 4 ) + { + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } mbedtls_free( conf->dtls_srtp_profile_list ); - conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, profiles_number * sizeof( mbedtls_ssl_srtp_profile ) ); + conf->dtls_srtp_profile_list = + (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, + profiles_number * sizeof( mbedtls_ssl_srtp_profile ) ); for( i=0; i < profiles_number; i++ ) { switch( profiles[i] ) { @@ -4809,7 +4820,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, mbedtls_free( conf->dtls_srtp_profile_list ); conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } } @@ -4819,25 +4830,28 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( 0 ); } -mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl ) +mbedtls_ssl_srtp_profile + mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl ) { return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); } int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, - size_t *key_len ) { + size_t *key_len ) +{ /* check output buffer size */ - if( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + if( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) + { + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len ); *key_len = ssl->dtls_srtp_info.dtls_srtp_keys_len; - return 0; + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 062fa11f6..8bfd0c329 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2285,19 +2285,22 @@ int main( int argc, char *argv[] ) if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) { const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, - forced_profile, - sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles + ( &conf, + forced_profile, + sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); } else { - const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, - default_profiles, - sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); + const mbedtls_ssl_srtp_profile default_profiles[] = + { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles + ( &conf, + default_profiles, + sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); } if( ret != 0 ) From 089c9fe9fa0eb7419b0c40b9b52b4349f8cb26c5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 6 Dec 2018 17:12:49 +0200 Subject: [PATCH 335/488] Improve readability Improve readability of the code: 1. move common code to `ssl_internal.h` as `static inline`. 2. Add comments. 3. Use local variables for extension size. 4. Change function signature, by adding buffer size and output length. 5. Take server srtp profile out of the loop. Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 7 +- include/mbedtls/ssl_internal.h | 48 +++++++++++++ library/ssl_cli.c | 125 +++++++++++++++------------------ library/ssl_srv.c | 58 ++++----------- library/ssl_tls.c | 7 +- 5 files changed, 123 insertions(+), 122 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1f8d1769c..6bcb5ecb9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3257,15 +3257,16 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile * * \param ssl SSL context tobe used. * \param key Buffer to hold the generated key material. - * \param key_len [in/out] key buffer size. outputs the actual number - * of bytes written. + * \param key_buffer_len Key buffer size. + * \param olen the actual number of bytes written to key. * * \return 0 on success, #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if * the key buffer is too small to hold the generated key. */ int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, - size_t *key_len ); + size_t key_buffer_len, + size_t *olen ); /** * \brief Utility function to get information on DTLS-SRTP profile. diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 7b78c7310..c3923ee9d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1095,6 +1095,54 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, mbedtls_md_type_t md ); #endif +#if defined(MBEDTLS_SSL_DTLS_SRTP) +static inline uint16_t mbedtls_ssl_get_srtp_profile_iana_value + ( mbedtls_ssl_srtp_profile profile ) +{ + uint16_t profile_value = 0xffff; + switch( profile ) + { + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: + profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE; + break; + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: + profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: + profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: + profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE; + break; + default: break; + } + return( profile_value ); +} + +static inline mbedtls_ssl_srtp_profile mbedtls_ssl_get_srtp_profile_value + ( uint16_t srtp_iana_value ) +{ + mbedtls_ssl_srtp_profile profile_value = MBEDTLS_SRTP_UNSET_PROFILE; + switch( srtp_iana_value ) + { + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: + profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; + break; + case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE: + profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE: + profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; + break; + case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE: + profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; + break; + default: break; + } + return( profile_value ); +} +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) { diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 13547ce8a..261fb2f83 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -763,6 +763,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, unsigned char *p = buf; size_t protection_profiles_index = 0; size_t mki_len = 0, i; + size_t ext_len = 0; + uint16_t profile_value = 0; *olen = 0; @@ -795,10 +797,10 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ), * 1 byte for srtp_mki vector length and the mki_len value */ - *p++ = (unsigned char)( ( ( 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) - + 1 + mki_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len ) - + 1 + mki_len ) ) & 0xFF ); + ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; + + *p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ext_len & 0xFF ); /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ *p++ = (unsigned char)( ( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) ) @@ -810,45 +812,23 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ ) { - switch( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) - >> 8 ) & 0xFF ); - *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) - & 0xFF ); - break; - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) - >> 8 ) & 0xFF ); - *p++ = ( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) - & 0xFF ); - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", - MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) >> 8 ) - & 0xFF ) ; - *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) & 0xFF ); - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", - MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) ); - *p++ = ( ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) >> 8 ) - & 0xFF ); - *p++ = ( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) & 0xFF ); - break; - default: - /* - * Note: we shall never arrive here as protection profiles - * is checked by ssl_set_dtls_srtp_protection_profiles function - */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", - ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) ); - break; + profile_value = mbedtls_ssl_get_srtp_profile_iana_value + ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ); + if( profile_value != 0xFFFF ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", + profile_value ) ); + *p++ = ( ( profile_value >> 8 ) & 0xFF ); + *p++ = ( profile_value & 0xFF ); + } + else + { + /* + * Note: we shall never arrive here as protection profiles + * is checked by ssl_set_dtls_srtp_protection_profiles function + */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", + ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) ); } } @@ -1884,13 +1864,17 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * protection profile length must be 0x0002 as we must have only * one protection profile in server Hello */ - if( ( (uint16_t)( ( buf[0] << 8 ) | buf[1] ) ) != 0x0002 ) + if( ( buf[0] != 0 ) || ( buf[1] != 2 ) ) { return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - else + + server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; + server_protection = mbedtls_ssl_get_srtp_profile_value( server_protection_profile_value ); + profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( server_protection ); + if( profile_info != NULL ) { - server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); } ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; @@ -1900,29 +1884,6 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, */ for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { - switch( server_protection_profile_value ) { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: - server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE: - server_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE: - server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE: - server_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; - break; - default: - server_protection = MBEDTLS_SRTP_UNSET_PROFILE; - break; - } - profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( server_protection ); - if( profile_info != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); - } - if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); @@ -4168,7 +4129,31 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) { #if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ + /* + * Check if we have a chosen srtp protection profile. + * According to RFC 5764 section 4.1 client certificate in dtls srtp + * is mandatory: + * Client Server + * + * ClientHello + use_srtp --------> + * ServerHello + use_srtp + * Certificate* + * ServerKeyExchange* + * ertificateRequest* + * <-------- ServerHelloDone + * Certificate* + * ClientKeyExchange + * CertificateVerify* + * [ChangeCipherSpec] + * Finished --------> + * [ChangeCipherSpec] + * <-------- Finished + * SRTP packets <-------> SRTP packets + * + * Note that '*' indicates messages that are not always sent in DTLS. + * The CertificateRequest, client and server Certificates, and + * CertificateVerify will be sent in DTLS-SRTP. + */ if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) { return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fae8f6063..fa1c94c7c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -822,25 +822,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { /* + 2 to skip the length field */ uint16_t protection_profile_value = buf[j + 2] << 8 | buf[j+3]; + client_protection = mbedtls_ssl_get_srtp_profile_value( protection_profile_value ); - switch ( protection_profile_value ) - { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: - client_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE: - client_protection = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE: - client_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE: - client_protection = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; - break; - default: - client_protection = MBEDTLS_SRTP_UNSET_PROFILE; - break; - } profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( client_protection ); if( profile_info != NULL ) { @@ -2624,6 +2607,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, size_t *olen ) { size_t mki_len = 0, ext_len = 0, i; + uint16_t profile_value = 0; if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) { @@ -2653,34 +2637,16 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, /* protection profile length: 2 */ buf[4] = 0x00; buf[5] = 0x02; - switch (ssl->dtls_srtp_info.chosen_dtls_srtp_profile) { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE >> 8 ) - & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE ) - & 0xFF ); - break; - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE >> 8 ) - & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE ) - & 0xFF ); - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE >> 8 ) - & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE ) - & 0xFF ); - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - buf[6] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE >> 8 ) - & 0xFF ); - buf[7] = (unsigned char)( ( MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE ) - & 0xFF ); - break; - default: - *olen = 0; - return; + profile_value = mbedtls_ssl_get_srtp_profile_iana_value( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); + if( profile_value != 0xFFFF ) + { + buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); + buf[7] = (unsigned char)( profile_value & 0xFF ); + } + else + { + *olen = 0; + return; } buf[8] = mki_len & 0xFF; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0ec29135d..b15df14d6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4838,18 +4838,19 @@ mbedtls_ssl_srtp_profile int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, unsigned char *key, - size_t *key_len ) + size_t key_buffer_len, + size_t *olen ) { /* check output buffer size */ - if( *key_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) + if( key_buffer_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) { return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, ssl->dtls_srtp_info.dtls_srtp_keys_len ); - *key_len = ssl->dtls_srtp_info.dtls_srtp_keys_len; + *olen = ssl->dtls_srtp_info.dtls_srtp_keys_len; return( 0 ); } From f0f7c19457eb9bc05661b41cf246a66bcb13c5dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 6 Dec 2018 17:21:52 +0200 Subject: [PATCH 336/488] Add comment describing the feature Add a comment that describes that the feature only supportes the `use_srtp` extension, and not hte full DTLS-SRTP RFC. Signed-off-by: Johan Pascal --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2ed3ec29e..cd7c073b3 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1815,7 +1815,10 @@ /** * \def MBEDTLS_SSL_DTLS_SRTP * - * Enable support for DTLS-SRTP, RFC5764 + * Enable support for DTLS-SRTP, RFC5764, use_srtp extension. + * \note Only the dtls-srtp key material negotiation is supported. + * Once negotiated, the key should be extracted, and data should be transmitted + * via an SRTP stack. * * Requires: MBEDTLS_SSL_PROTO_DTLS * From 75870ec6a7ad82a60a0faceeb4f2aca321e28cec Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 6 Dec 2018 17:31:55 +0200 Subject: [PATCH 337/488] Change byte copy to memcpy Change setting the mki value byte after byte with `memcpy()`. Signed-off-by: Johan Pascal --- library/ssl_cli.c | 7 ++----- library/ssl_srv.c | 7 ++----- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 261fb2f83..a6940f994 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -762,7 +762,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, { unsigned char *p = buf; size_t protection_profiles_index = 0; - size_t mki_len = 0, i; + size_t mki_len = 0; size_t ext_len = 0; uint16_t profile_value = 0; @@ -836,10 +836,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, if( mki_len != 0 ) { - for( i=0; i < mki_len; i++ ) - { - *p++ = ssl->dtls_srtp_info.mki_value[i]; - } + memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fa1c94c7c..38cdd91a2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2606,7 +2606,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { - size_t mki_len = 0, ext_len = 0, i; + size_t mki_len = 0, ext_len = 0; uint16_t profile_value = 0; if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) @@ -2650,10 +2650,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, } buf[8] = mki_len & 0xFF; - for( i=0; i < mki_len; i++ ) - { - buf[9 + i] = ssl->dtls_srtp_info.mki_value[i]; - } + memcpy( &buf[9], ssl->dtls_srtp_info.mki_value, mki_len ); *olen = 9 + mki_len; } From 313d7b5d744866078bb9db579833b261930251c5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 10 Dec 2018 14:56:21 +0200 Subject: [PATCH 338/488] Add variable validation 1. Check allocation success. 2. Check parameter correctness in the use_srtp extension in server and client. Signed-off-by: Johan Pascal --- library/ssl_cli.c | 16 ++++++++++------ library/ssl_srv.c | 18 +++++++++++++++--- library/ssl_tls.c | 2 ++ 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a6940f994..fd177acaf 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -837,6 +837,10 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, if( mki_len != 0 ) { memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len ); + /* + * Increment p to point to the current position. + */ + p += mki_len; MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); } @@ -847,8 +851,9 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * + protection profile length (2 bytes) * + 2 * number of protection profiles * + srtp_mki vector length(1 byte) + * + mki value */ - *olen = 2 + 2 + 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; + *olen = p - buf; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1848,7 +1853,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* * Length is 5 and optional mki_value : one protection profile(2 bytes) - * + length(2 bytes) and srtp_mki + * + length(2 bytes) + mki_len(1 byte) + * and optional srtp_mki */ if( ( len != 5 ) && ( len != ( 5 + mki_len ) ) ) return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); @@ -1862,9 +1868,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * one protection profile in server Hello */ if( ( buf[0] != 0 ) || ( buf[1] != 2 ) ) - { return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); - } server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; server_protection = mbedtls_ssl_get_srtp_profile_value( server_protection_profile_value ); @@ -1901,8 +1905,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * that is different than the one the client offered, then the client * MUST abort the handshake and SHOULD send an invalid_parameter alert. */ - if( len > 5 && - ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) + if( len > 5 && ( buf[4] != mki_len || + ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 38cdd91a2..56e0cbf55 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -785,6 +785,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, size_t i,j; size_t profile_length; const mbedtls_ssl_srtp_profile_info *profile_info; + /*! 2 bytes for profile length and 1 byte for mki len */ + const size_t size_of_lengths = 3; /* If use_srtp is not configured, just ignore the extension */ if( ssl->conf->dtls_srtp_profile_list == NULL || @@ -806,14 +808,24 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Min length is 5: at least one protection profile(2 bytes) * and length(2 bytes) + srtp_mki length(1 byte) */ - if( len < 5 ) + if( len < size_of_lengths + 2 ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; /* first 2 bytes are protection profile length(in bytes) */ profile_length = ( buf[0] << 8 ) | buf[1]; + if( profile_length > len - size_of_lengths ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } /* * parse the extension list values are defined in * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml @@ -846,7 +858,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, ( len > ( profile_length + 2 ) ) ) { ssl->dtls_srtp_info.mki_len = buf[profile_length + 2]; - if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) + if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH || + ssl->dtls_srtp_info.mki_len + profile_length + size_of_lengths != len ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); @@ -854,7 +867,6 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - ssl->dtls_srtp_info.mki_len = buf[profile_length + 2]; for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ ) { ssl->dtls_srtp_info.mki_value[i] = buf[profile_length + 2 + 1 + i]; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b15df14d6..1b4779b4f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4807,6 +4807,8 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, conf->dtls_srtp_profile_list = (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, profiles_number * sizeof( mbedtls_ssl_srtp_profile ) ); + if( conf->dtls_srtp_profile_list == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); for( i=0; i < profiles_number; i++ ) { switch( profiles[i] ) { From 9cfb5ebff19c586fc063e9ed9a08105b7807ac0b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 10 Dec 2018 15:30:14 +0200 Subject: [PATCH 339/488] Disable SRTP by default Disable `MBEDTLS_SSL_DTLS_SRTP` by default in the configuration file. Signed-off-by: Johan Pascal --- include/mbedtls/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index cd7c073b3..7a1a2b1e5 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1822,9 +1822,9 @@ * * Requires: MBEDTLS_SSL_PROTO_DTLS * - * Comment this to disable support for DTLS-SRTP. + * Uncomment this to enable support for use_srtp extension. */ -#define MBEDTLS_SSL_DTLS_SRTP +//#define MBEDTLS_SSL_DTLS_SRTP /** * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE From 5d991c954903dcbf4162b07f6866d60a91f490c1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 15 Jan 2019 18:54:03 +0200 Subject: [PATCH 340/488] Force IPv4 in gnutls_cli srtp tests Force using IPv4 in the GNU_CLI SRTP tests, as introduced for other tests in #1918. Signed-off-by: Johan Pascal --- tests/ssl-opt.sh | 71 ++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 42 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ad38f5d26..bb31a3cde 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9003,14 +9003,11 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl -C "dumping 'received mki' (8 bytes)" \ -C "error" -# gnutls-cli resolves localhost as an IPv6 address, when enabled, -# and fails to send messagges over UDP, causing DTLS negotiation to fail. -# Force server to bind to IPv6 address -requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP all profiles supported. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3 server_addr=::1" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -9018,14 +9015,11 @@ run_test "DTLS-SRTP all profiles supported. gnutls client." \ -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" -# gnutls-cli resolves localhost as an IPv6 address, when enabled, -# and fails to send messagges over UDP, causing DTLS negotiation to fail. -# Force server to bind to IPv6 address -requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3 server_addr=::1" \ - "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32" \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -9033,14 +9027,11 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" -# gnutls-cli resolves localhost as an IPv6 address, when enabled, -# and fails to send messagges over UDP, causing DTLS negotiation to fail. -# Force server to bind to IPv6 address -requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 debug_level=3 server_addr=::1" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ @@ -9048,14 +9039,11 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" -# gnutls-cli resolves localhost as an IPv6 address, when enabled, -# and fails to send messagges over UDP, causing DTLS negotiation to fail. -# Force server to bind to IPv6 address -requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3 server_addr=::1" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -9063,14 +9051,11 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_NULL_SHA1_32" -# gnutls-cli resolves localhost as an IPv6 address, when enabled, -# and fails to send messagges over UDP, causing DTLS negotiation to fail. -# Force server to bind to IPv6 address -requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3 server_addr=::1" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -9078,14 +9063,11 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls -s "server hello, adding use_srtp extension" \ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" -# gnutls-cli resolves localhost as an IPv6 address, when enabled, -# and fails to send messagges over UDP, causing DTLS negotiation to fail. -# Force server to bind to IPv6 address -requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3 server_addr=::1" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -9093,20 +9075,18 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl -S "server hello, adding use_srtp extension" \ -C "SRTP profile:" -# gnutls-cli resolves localhost as an IPv6 address, when enabled, -# and fails to send messagges over UDP, causing DTLS negotiation to fail. -# Force server to bind to IPv6 address -requires_ipv6 requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ - "$P_SRV dtls=1 debug_level=3 server_addr=::1" \ - "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ + "$P_SRV dtls=1 debug_level=3" \ + "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ -C "SRTP profile:" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP all profiles supported. gnutls server" \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -9118,6 +9098,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -9129,6 +9110,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -9140,6 +9122,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ "$P_CLI dtls=1 use_srtp=30 debug_level=3" \ @@ -9151,6 +9134,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -9162,6 +9146,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ @@ -9173,6 +9158,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ "$G_SRV -u" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -9184,6 +9170,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP +requires_gnutls run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ From 65b56ef87f3222fff7dc599dd23e6c2aa5491419 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 26 Sep 2019 16:40:48 +0300 Subject: [PATCH 341/488] Change key derivation for srtp Use the export keys functionality, to call the public API `mbedtls_ssl_tls_prf()`, and remove the function `mbedtls_ssl_get_dtls_srtp_key_material()`. Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 25 -------- library/ssl_tls.c | 49 --------------- programs/ssl/ssl_client2.c | 126 ++++++++++++++++++++++++++++++------- programs/ssl/ssl_server2.c | 123 +++++++++++++++++++++++++++++------- 4 files changed, 204 insertions(+), 119 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6bcb5ecb9..a85909377 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -893,12 +893,6 @@ typedef struct mbedtls_dtls_srtp_info_t { /*! The SRTP profile that was negotiated*/ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; - /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_keys[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; - /*! length in bytes of master keys and master salt for - * SRTP generated during handshake - */ - size_t dtls_srtp_keys_len; /*! The mki_value used, with max size of 256 bytes */ unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; /*! The length of mki_value */ @@ -3249,25 +3243,6 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile ( const mbedtls_ssl_context *ssl ); -/** - * \brief Get the generated DTLS-SRTP key material. - * This function should be called after the handshake is - * completed. It shall returns 60 bytes of key material - * generated according to RFC 5764 - * - * \param ssl SSL context tobe used. - * \param key Buffer to hold the generated key material. - * \param key_buffer_len Key buffer size. - * \param olen the actual number of bytes written to key. - * - * \return 0 on success, #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if - * the key buffer is too small to hold the generated key. - */ -int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, - unsigned char *key, - size_t key_buffer_len, - size_t *olen ); - /** * \brief Utility function to get information on DTLS-SRTP profile. * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1b4779b4f..5d98caa2a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -871,31 +871,6 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, (void) ssl; #endif -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) - { - /* derive key material for srtp session RFC5764 section 4.2 - * master key and master salt are respectively 128 bits and 112 bits - * for all currently available modes: - * SRTP_AES128_CM_HMAC_SHA1_80, SRTP_AES128_CM_HMAC_SHA1_32 - * SRTP_NULL_HMAC_SHA1_80, SRTP_NULL_HMAC_SHA1_32 - * So we must export 2*(128 + 112) = 480 bits - */ - ssl->dtls_srtp_info.dtls_srtp_keys_len = MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH; - - ret = tls_prf( master, 48, "EXTRACTOR-dtls_srtp", - randbytes, 64, ssl->dtls_srtp_info.dtls_srtp_keys, - ssl->dtls_srtp_info.dtls_srtp_keys_len ); - - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "dtls srtp prf", ret ); - return( ret ); - } - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - /* * Some data just needs copying into the structure */ @@ -4837,25 +4812,6 @@ mbedtls_ssl_srtp_profile { return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); } - -int mbedtls_ssl_get_dtls_srtp_key_material( const mbedtls_ssl_context *ssl, - unsigned char *key, - size_t key_buffer_len, - size_t *olen ) -{ - - /* check output buffer size */ - if( key_buffer_len < ssl->dtls_srtp_info.dtls_srtp_keys_len ) - { - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - - memcpy( key, ssl->dtls_srtp_info.dtls_srtp_keys, - ssl->dtls_srtp_info.dtls_srtp_keys_len ); - *olen = ssl->dtls_srtp_info.dtls_srtp_keys_len; - - return( 0 ); -} #endif /* MBEDTLS_SSL_DTLS_SRTP */ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) @@ -6955,11 +6911,6 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) mbedtls_free( ssl->cli_id ); #endif -#if defined (MBEDTLS_SSL_DTLS_SRTP) - mbedtls_platform_zeroize( ssl->dtls_srtp_info.dtls_srtp_keys, - ssl->dtls_srtp_info.dtls_srtp_keys_len ); -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); /* Actually clear after last debug message */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 8bfd0c329..448f1572a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -257,10 +257,26 @@ int main( void ) " This cannot be used with eap_tls=1\n" #define USAGE_NSS_KEYLOG_FILE \ " nss_keylog_file=%%s\n" -#else +#if defined(MBEDTLS_SSL_DTLS_SRTP) +#define USAGE_SRTP \ + " use_srtp=%%d default: 0 (disabled)\n" \ + " This cannot be used with eap_tls=1 or "\ + " nss_keylog=1\n" \ + " srtp_force_profile=%%d default: all enabled\n" \ + " available profiles:\n" \ + " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ + " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ + " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ + " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ + " mki=%%s default: \"\" (in hex, without 0x)\n" +#else /* MBEDTLS_SSL_DTLS_SRTP */ +#define USAGE_SRTP "" +#endif +#else /* MBEDTLS_SSL_EXPORT_KEYS */ #define USAGE_EAP_TLS "" #define USAGE_NSS_KEYLOG "" #define USAGE_NSS_KEYLOG_FILE "" +#define USAGE_SRTP "" #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) @@ -324,20 +340,6 @@ int main( void ) #define USAGE_DTLS "" #endif -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#define USAGE_SRTP \ - " use_srtp=%%d default: 0 (disabled)\n" \ - " srtp_force_profile=%%d default: all enabled\n" \ - " available profiles:\n" \ - " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ - " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ - " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ - " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ - " mki=%%s default: \"\" (in hex, without 0x)\n" -#else -#define USAGE_SRTP "" -#endif - #if defined(MBEDTLS_SSL_FALLBACK_SCSV) #define USAGE_FALLBACK \ " fallback=0/1 default: (library default: off)\n" @@ -676,7 +678,43 @@ exit: sizeof( nss_keylog_line ) ); return( ret ); } -#endif + +#if defined( MBEDTLS_SSL_DTLS_SRTP ) +typedef struct dtls_srtp_keys +{ + unsigned char master_secret[48]; + unsigned char randbytes[64]; + mbedtls_tls_prf_types tls_prf_type; +} dtls_srtp_keys; + +static int dtls_srtp_key_derivation( void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) +{ + dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey; + + ( ( void ) kb ); + memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + memcpy( keys->randbytes, client_random, 32 ); + memcpy( keys->randbytes + 32, server_random, 32 ); + keys->tls_prf_type = tls_prf_type; + + if( opt.debug_level > 2 ) + { + mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); + mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); + mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); + } + return( 0 ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ static void my_debug( void *ctx, int level, const char *file, int line, @@ -1157,7 +1195,6 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; - size_t mki_len = 0; #endif const char *pers = "ssl_client2"; @@ -1202,7 +1239,13 @@ int main( int argc, char *argv[] ) unsigned char eap_tls_iv[8]; const char* eap_tls_label = "client EAP encryption"; eap_tls_keys eap_tls_keying; -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + /*! master keys and master salt for SRTP generated during handshake */ + unsigned char dtls_srtp_key_material[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; + dtls_srtp_keys dtls_srtp_keying; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); @@ -2344,7 +2387,14 @@ int main( int argc, char *argv[] ) nss_keylog_export, NULL ); } -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation, + &dtls_srtp_keying ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) if( opt.recsplit != DFL_RECSPLIT ) @@ -2553,7 +2603,7 @@ int main( int argc, char *argv[] ) mbedtls_ecp_set_max_ops( opt.ec_max_ops ); #endif - #if defined(MBEDTLS_SSL_DTLS_SRTP) +#if defined(MBEDTLS_SSL_DTLS_SRTP) if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) { if( mbedtls_test_unhexify( mki, sizeof( mki ), @@ -2565,7 +2615,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, - strlen( mki ) ) ) != 0 ) + strlen( opt.mki ) / 2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); goto exit; @@ -2694,7 +2744,39 @@ int main( int argc, char *argv[] ) } mbedtls_printf("\n"); } -#endif + +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + size_t j = 0; + + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + -ret ); + goto exit; + } + + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + } + + mbedtls_printf("\n"); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ if( opt.reconnect != 0 ) { mbedtls_printf(" . Saving session for reuse..." ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f3c359042..93fea686c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -328,10 +328,24 @@ int main( void ) " This cannot be used with eap_tls=1\n" #define USAGE_NSS_KEYLOG_FILE \ " nss_keylog_file=%%s\n" -#else +#if defined(MBEDTLS_SSL_DTLS_SRTP) +#define USAGE_SRTP \ + " use_srtp=%%d default: 0 (disabled)\n" \ + " srtp_force_profile=%%d default: all enabled\n" \ + " available profiles:\n" \ + " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ + " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ + " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ + " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ + " support_mki=%%d default: 0 (not supported)\n" +#else /* MBEDTLS_SSL_DTLS_SRTP */ +#define USAGE_SRTP "" +#endif +#else /* MBEDTLS_SSL_EXPORT_KEYS */ #define USAGE_EAP_TLS "" #define USAGE_NSS_KEYLOG "" #define USAGE_NSS_KEYLOG_FILE "" +#define USAGE_SRTP "" #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_CACHE_C) @@ -414,20 +428,6 @@ int main( void ) #define USAGE_DTLS "" #endif -#if defined(MBEDTLS_SSL_DTLS_SRTP) -#define USAGE_SRTP \ - " use_srtp=%%d default: 0 (disabled)\n" \ - " srtp_force_profile=%%d default: all enabled\n" \ - " available profiles:\n" \ - " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ - " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ - " 3 - SRTP_NULL_HMAC_SHA1_80\n" \ - " 4 - SRTP_NULL_HMAC_SHA1_32\n" \ - " support_mki=%%d default: 0 (not supported)\n" -#else -#define USAGE_SRTP "" -#endif - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #define USAGE_EMS \ " extended_ms=0/1 default: (library default: on)\n" @@ -781,7 +781,43 @@ exit: return( ret ); } -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) +typedef struct dtls_srtp_keys +{ + unsigned char master_secret[48]; + unsigned char randbytes[64]; + mbedtls_tls_prf_types tls_prf_type; +} dtls_srtp_keys; + +static int dtls_srtp_key_derivation( void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) +{ + dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey; + + ( ( void ) kb ); + memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + memcpy( keys->randbytes, client_random, 32 ); + memcpy( keys->randbytes + 32, server_random, 32 ); + keys->tls_prf_type = tls_prf_type; + + if( opt.debug_level > 2 ) + { + mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); + mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); + mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); + } + return( 0 ); +} +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ static void my_debug( void *ctx, int level, const char *file, int line, @@ -1824,10 +1860,6 @@ int main( int argc, char *argv[] ) size_t context_buf_len = 0; #endif -#if defined(MBEDTLS_SSL_DTLS_SRTP) - unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; - size_t mki_len = 0; -#endif int i; char *p, *q; const int *list; @@ -1839,7 +1871,13 @@ int main( int argc, char *argv[] ) unsigned char eap_tls_iv[8]; const char* eap_tls_label = "client EAP encryption"; eap_tls_keys eap_tls_keying; -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + /*! master keys and master salt for SRTP generated during handshake */ + unsigned char dtls_srtp_key_material[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; + dtls_srtp_keys dtls_srtp_keying; +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); @@ -3164,7 +3202,14 @@ int main( int argc, char *argv[] ) nss_keylog_export, NULL ); } -#endif +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + mbedtls_ssl_conf_export_keys_ext_cb( &conf, dtls_srtp_key_derivation, + &dtls_srtp_keying ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) @@ -3810,7 +3855,39 @@ handshake: } mbedtls_printf("\n"); } -#endif + +#if defined( MBEDTLS_SSL_DTLS_SRTP ) + else if( opt.use_srtp != 0 ) + { + size_t j = 0; + + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + -ret ); + goto exit; + } + + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + } + + mbedtls_printf("\n"); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ret = report_cid_usage( &ssl, "initial handshake" ); From 8f284c1b05fb79785f4e20f1f47901853f8e0cca Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 26 Sep 2019 16:43:03 +0300 Subject: [PATCH 342/488] Add the SRTP configuration to query_config Add the DTLS_SRTP configuration to `query_config`. Signed-off-by: Johan Pascal --- programs/test/query_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index c35502fa4..1345b11fe 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1480,6 +1480,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ +#if defined(MBEDTLS_SSL_DTLS_SRTP) + if( strcmp( "MBEDTLS_SSL_DTLS_SRTP", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_SRTP ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_DTLS_SRTP */ + #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) if( strcmp( "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", config ) == 0 ) { From 44c0a0a60a00bddd4ef45263f8f777bb31189cc3 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Fri, 24 Apr 2020 02:11:42 +0700 Subject: [PATCH 343/488] Stick to ChangeLog rules Signed-off-by: Johan Pascal --- ChangeLog | 4 ---- ChangeLog.d/feature-dtls-srtp.txt | 2 ++ 2 files changed, 2 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/feature-dtls-srtp.txt diff --git a/ChangeLog b/ChangeLog index 83b566bdb..594c3cf4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -730,10 +730,6 @@ Changes * Ciphersuites based on 3DES now have the lowest priority by default when they are enabled. -Features - * Add support for DTLS-SRTP as defined in RFC 5764. Based on #361 contributed - by Johan Pascal. - = mbed TLS 2.16.0 branch released 2018-12-21 Features diff --git a/ChangeLog.d/feature-dtls-srtp.txt b/ChangeLog.d/feature-dtls-srtp.txt new file mode 100644 index 000000000..8b9186bb9 --- /dev/null +++ b/ChangeLog.d/feature-dtls-srtp.txt @@ -0,0 +1,2 @@ +Features +* Add support for DTLS-SRTP as defined in RFC 5764. Contributed by Johan Pascal, improved by Ron Eldor. From b64eab76562c57fda78935dd90fd9175f93fc7f0 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Fri, 24 Apr 2020 02:53:49 +0700 Subject: [PATCH 344/488] fix style Signed-off-by: Johan Pascal --- library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5d98caa2a..63244a1eb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2091,7 +2091,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_SRTP) /* check if we have a chosen srtp protection profile */ if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) - { + { return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); } else diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 448f1572a..6a377bd1c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1800,7 +1800,7 @@ int main( int argc, char *argv[] ) opt.skip_close_notify = atoi( q ); if( opt.skip_close_notify < 0 || opt.skip_close_notify > 1 ) goto usage; - } + } else if( strcmp( p, "use_srtp" ) == 0 ) { opt.use_srtp = atoi ( q ); From 1d957e61eb577a78fdc2053d4ac695f21d1c7db6 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 7 May 2020 04:20:15 +0700 Subject: [PATCH 345/488] Fix build warning Signed-off-by: Johan Pascal --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6a377bd1c..c34390f88 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2761,7 +2761,7 @@ int main( int argc, char *argv[] ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 93fea686c..dd365b7f0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3872,7 +3872,7 @@ handshake: != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - -ret ); + (unsigned int) -ret ); goto exit; } From 48f62e98a83b2099e1f4da55591952f20a1a181d Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Sat, 22 Aug 2020 22:04:20 +0200 Subject: [PATCH 346/488] Fix ssl_client2 after rebase Signed-off-by: Johan Pascal --- programs/ssl/ssl_client2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c34390f88..82627ff72 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1195,6 +1195,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; + size_t mki_len=0; #endif const char *pers = "ssl_client2"; From 8526957cd5e463e9617f703bb6bb1d93912cd92c Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 25 Aug 2020 10:01:54 +0200 Subject: [PATCH 347/488] Minor style modifications Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 38 ++++++++++++++++++++-------------- include/mbedtls/ssl_internal.h | 16 +++++++------- library/ssl_srv.c | 8 ++++++- library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 4 ++-- programs/ssl/ssl_server2.c | 2 +- 6 files changed, 41 insertions(+), 29 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a85909377..a1056b773 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -418,10 +418,10 @@ * Use_srtp extension protection profiles values as defined in * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ -#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE 0x0001 -#define MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE 0x0002 -#define MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE 0x0005 -#define MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE 0x0006 +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 0x0001 +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 0x0002 +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 0x0005 +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 0x0006 /* * Size defines @@ -867,8 +867,8 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) -#define MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 -#define MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH 255 +#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 +#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 /* * List of SRTP profiles for DTLS-SRTP */ @@ -894,7 +894,7 @@ typedef struct mbedtls_dtls_srtp_info_t /*! The SRTP profile that was negotiated*/ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; /*! The mki_value used, with max size of 256 bytes */ - unsigned char mki_value[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; + unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; /*! The length of mki_value */ size_t mki_len; } @@ -3190,7 +3190,9 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) /** - * \brief Add support for mki value in use_srtp extension. + * \brief Add support for mki(master key id) value in use_srtp extension. + * MKI is an optional part of SRTP used for key management and + * re-keying. See RFC3711 section 3.1 for details * The default value is * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. * @@ -3210,7 +3212,8 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * in decreasing preference order. * \param profiles_number Number of supported profiles. * - * \return 0 on success, or #MBEDTLS_ERR_SSL_BAD_INPUT_DATA. + * \return 0 on success + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of protection profiles is incorrect */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles ( mbedtls_ssl_config *conf, @@ -3224,8 +3227,9 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles * \param mki_value The MKI value to set. * \param mki_len The length of the MKI value. * - * \return 0 on success, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA - * or #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE on failure + * \return 0 on success + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE */ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, @@ -3235,10 +3239,11 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * This function should be called after the handshake is * completed. * - * \param ssl SSL context + * \param ssl The SSL context to query * - * \return Protection Profile enum member, - * #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated. + * \return The DTLS SRTP protection profile in use + * \return #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated or the handshake is still on + * early stage */ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile ( const mbedtls_ssl_context *ssl ); @@ -3246,10 +3251,11 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile /** * \brief Utility function to get information on DTLS-SRTP profile. * - * \param profile The dtls-srtp profile id to get info on. + * \param profile The DTLS-SRTP profile id to get info on. * * \return Address of the SRTP profile information structure on - * success,NULL if not found. + * success + * \return \c NULL if not found. */ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id ( mbedtls_ssl_srtp_profile profile ); diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index c3923ee9d..a4c0467df 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1103,16 +1103,16 @@ static inline uint16_t mbedtls_ssl_get_srtp_profile_iana_value switch( profile ) { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE; + profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80; break; case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE; + profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32; break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE; + profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80; break; case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE; + profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32; break; default: break; } @@ -1125,16 +1125,16 @@ static inline mbedtls_ssl_srtp_profile mbedtls_ssl_get_srtp_profile_value mbedtls_ssl_srtp_profile profile_value = MBEDTLS_SRTP_UNSET_PROFILE; switch( srtp_iana_value ) { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80_IANA_VALUE: + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; break; - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32_IANA_VALUE: + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80_IANA_VALUE: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32_IANA_VALUE: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; break; default: break; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 56e0cbf55..0c7e6fdee 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -791,7 +791,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* If use_srtp is not configured, just ignore the extension */ if( ssl->conf->dtls_srtp_profile_list == NULL || ssl->conf->dtls_srtp_profile_list_len == 0 ) + { return( 0 ); + } /* RFC5764 section 4.1.1 * uint8 SRTPProtectionProfile[2]; @@ -841,6 +843,10 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); } + else + { + continue; + } /* check if suggested profile is in our list */ for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { @@ -858,7 +864,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, ( len > ( profile_length + 2 ) ) ) { ssl->dtls_srtp_info.mki_len = buf[profile_length + 2]; - if( ssl->dtls_srtp_info.mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH || + if( ssl->dtls_srtp_info.mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || ssl->dtls_srtp_info.mki_len + profile_length + size_of_lengths != len ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 63244a1eb..4872b6974 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4749,7 +4749,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, size_t mki_len ) { - if ( mki_len > MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH ) + if ( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 82627ff72..644cafad6 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1194,7 +1194,7 @@ int main( int argc, char *argv[] ) const mbedtls_ecp_curve_info *curve_cur; #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - unsigned char mki[MBEDTLS_DTLS_SRTP_MAX_MKI_LENGTH]; + unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; size_t mki_len=0; #endif @@ -1242,7 +1242,7 @@ int main( int argc, char *argv[] ) eap_tls_keys eap_tls_keying; #if defined( MBEDTLS_SSL_DTLS_SRTP ) /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index dd365b7f0..069bd4406 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1873,7 +1873,7 @@ int main( int argc, char *argv[] ) eap_tls_keys eap_tls_keying; #if defined( MBEDTLS_SSL_DTLS_SRTP ) /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_DTLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; #endif /* MBEDTLS_SSL_DTLS_SRTP */ From a89ca8679f79bd1d15cae77550c954c92d6c847f Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 25 Aug 2020 10:03:19 +0200 Subject: [PATCH 348/488] The client shall not enforce the use of client certificate with use_srtp extension This is server's task to request it if needed Signed-off-by: Johan Pascal --- library/ssl_cli.c | 58 ++++------------------------------------------- 1 file changed, 5 insertions(+), 53 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index fd177acaf..5bd303a38 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3469,20 +3469,8 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->client_auth == 0 ) { -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) - { - ret = MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; - } - else - { -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - /* Current message is probably the ServerHelloDone */ - ssl->keep_current_message = 1; -#if defined(MBEDTLS_SSL_DTLS_SRTP) - } -#endif + /* Current message is probably the ServerHelloDone */ + ssl->keep_current_message = 1; goto exit; } @@ -4129,45 +4117,9 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) { -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* - * Check if we have a chosen srtp protection profile. - * According to RFC 5764 section 4.1 client certificate in dtls srtp - * is mandatory: - * Client Server - * - * ClientHello + use_srtp --------> - * ServerHello + use_srtp - * Certificate* - * ServerKeyExchange* - * ertificateRequest* - * <-------- ServerHelloDone - * Certificate* - * ClientKeyExchange - * CertificateVerify* - * [ChangeCipherSpec] - * Finished --------> - * [ChangeCipherSpec] - * <-------- Finished - * SRTP packets <-------> SRTP packets - * - * Note that '*' indicates messages that are not always sent in DTLS. - * The CertificateRequest, client and server Certificates, and - * CertificateVerify will be sent in DTLS-SRTP. - */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) - { - return ( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); - } - else - { -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); - ssl->state++; - return( 0 ); -#if defined(MBEDTLS_SSL_DTLS_SRTP) - } -#endif + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + ssl->state++; + return( 0 ); } if( mbedtls_ssl_own_key( ssl ) == NULL ) From 042d4568321c49ce263a298d7057591da3f577db Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 25 Aug 2020 12:14:02 +0200 Subject: [PATCH 349/488] Improve client Hello use_srtp parsing Signed-off-by: Johan Pascal --- library/ssl_srv.c | 48 +++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0c7e6fdee..270700fac 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -783,7 +783,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; size_t i,j; - size_t profile_length; + size_t profile_length,mki_length; const mbedtls_ssl_srtp_profile_info *profile_info; /*! 2 bytes for profile length and 1 byte for mki len */ const size_t size_of_lengths = 3; @@ -809,8 +809,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* * Min length is 5: at least one protection profile(2 bytes) * and length(2 bytes) + srtp_mki length(1 byte) + * Check here that we have at least 2 bytes of protection profiles length */ - if( len < size_of_lengths + 2 ) + if( len < 2 ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); @@ -821,8 +822,11 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* first 2 bytes are protection profile length(in bytes) */ profile_length = ( buf[0] << 8 ) | buf[1]; + buf += 2; - if( profile_length > len - size_of_lengths ) + /* check the buffer size: at least profiles + profile and mki length */ + if( profile_length + size_of_lengths > len || + profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */ { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); @@ -834,8 +838,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, */ for( j=0; j < profile_length; j += 2 ) { - /* + 2 to skip the length field */ - uint16_t protection_profile_value = buf[j + 2] << 8 | buf[j+3]; + uint16_t protection_profile_value = buf[j] << 8 | buf[j+1]; client_protection = mbedtls_ssl_get_srtp_profile_value( protection_profile_value ); profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( client_protection ); @@ -860,29 +863,34 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) break; } - if( ( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) && - ( len > ( profile_length + 2 ) ) ) - { - ssl->dtls_srtp_info.mki_len = buf[profile_length + 2]; - if( ssl->dtls_srtp_info.mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || - ssl->dtls_srtp_info.mki_len + profile_length + size_of_lengths != len ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - ssl->dtls_srtp_info.mki_len = 0; - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); - } + buf += profile_length; /* buf points to the mki length */ + mki_length = *buf; + buf++; - for( i=0; i < ssl->dtls_srtp_info.mki_len; i++ ) + if( mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || + mki_length + profile_length + size_of_lengths != len ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* Parse the mki only if present and mki is supported locally */ + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && + mki_length > 0 ) + { + ssl->dtls_srtp_info.mki_len = mki_length; + + for( i=0; i < mki_length; i++ ) { - ssl->dtls_srtp_info.mki_value[i] = buf[profile_length + 2 + 1 + i]; + ssl->dtls_srtp_info.mki_value[i] = buf[i]; } MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); } - return( 0 ); + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ From 8f70fba988d9c25d8d461e68b2c0c9285e0bc401 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 2 Sep 2020 10:32:06 +0200 Subject: [PATCH 350/488] Check the server hello output buffer size when writing the use_srtp ext Signed-off-by: Johan Pascal --- library/ssl_srv.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 270700fac..d07050534 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2634,10 +2634,12 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, { size_t mki_len = 0, ext_len = 0; uint16_t profile_value = 0; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + + *olen = 0; if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) { - *olen = 0; return; } @@ -2649,6 +2651,12 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, mki_len = ssl->dtls_srtp_info.mki_len; } + if( end < buf + mki_len + 9 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + /* extension */ buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); @@ -2671,7 +2679,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, } else { - *olen = 0; + MBEDTLS_SSL_DEBUG_MSG( 1, ( "use_srtp extension invalid profile" ) ); return; } From 9bc97ca19d388ae0e155ba6302787acd2bcd4c36 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Mon, 21 Sep 2020 23:44:45 +0200 Subject: [PATCH 351/488] SRTP-DTLS protection profile configuration list not copied into ssl_config + improve test + minor style fix Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 40 +++++++++-------- library/ssl_cli.c | 3 +- library/ssl_srv.c | 8 ++++ library/ssl_tls.c | 14 +----- programs/ssl/ssl_client2.c | 88 ++++++++++++++++++++++---------------- programs/ssl/ssl_server2.c | 73 +++++++++++++++++-------------- tests/ssl-opt.sh | 50 +++++++++++++++++++++- 7 files changed, 173 insertions(+), 103 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a1056b773..44530cb24 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -891,12 +891,12 @@ mbedtls_ssl_srtp_profile_info; typedef struct mbedtls_dtls_srtp_info_t { - /*! The SRTP profile that was negotiated*/ + /*! The SRTP profile that was negotiated. */ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; - /*! The mki_value used, with max size of 256 bytes */ + /*! The mki_value used, with max size of 256 bytes. */ unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; - /*! The length of mki_value */ - size_t mki_len; + /*! The length of mki_value. */ + size_t mki_len; } mbedtls_dtls_srtp_info; @@ -1110,7 +1110,7 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_DTLS_SRTP) /*! ordered list of supported srtp profile */ - mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; + const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; /*! number of supported profiles */ size_t dtls_srtp_profile_list_len; #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -3190,13 +3190,14 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) /** - * \brief Add support for mki(master key id) value in use_srtp extension. - * MKI is an optional part of SRTP used for key management and - * re-keying. See RFC3711 section 3.1 for details + * \brief Manage support for mki(master key id) value + * in use_srtp extension. + * MKI is an optional part of SRTP used for key management + * and re-keying. See RFC3711 section 3.1 for details. * The default value is * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. * - * \param conf SSL configuration + * \param conf The SSL configuration to manage mki support. * \param support_mki_value Enable or disable mki usage. Values are * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. @@ -3210,10 +3211,15 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * \param conf SSL configuration * \param profiles List of supported protection profiles, * in decreasing preference order. + * The pointer to the list is + * recorded by the library for later reference as required, + * so the lifetime of the table must be at least as long + * as the lifetime of the SSL configuration structure. * \param profiles_number Number of supported profiles. * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of protection profiles is incorrect + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of + * protection profiles is incorrect. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles ( mbedtls_ssl_config *conf, @@ -3239,11 +3245,11 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * This function should be called after the handshake is * completed. * - * \param ssl The SSL context to query + * \param ssl The SSL context to query. * - * \return The DTLS SRTP protection profile in use - * \return #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated or the handshake is still on - * early stage + * \return The DTLS SRTP protection profile in use. + * \return #MBEDTLS_SRTP_UNSET_PROFILE if the use of SRTP was not negotiated + * or peer's Hello packet was not parsed yet. */ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile ( const mbedtls_ssl_context *ssl ); @@ -3253,9 +3259,9 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile * * \param profile The DTLS-SRTP profile id to get info on. * - * \return Address of the SRTP profile information structure on - * success - * \return \c NULL if not found. + * \return The address of the SRTP profile information structure on + * success. + * \return \c NULL if the protection profile \p profile was not found. */ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id ( mbedtls_ssl_srtp_profile profile ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5bd303a38..b8acc7562 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -788,8 +788,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * } UseSRTPData; * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - ssl->dtls_srtp_info.mki_len != 0 ) + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) { mki_len = ssl->dtls_srtp_info.mki_len; } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index d07050534..6dc219bdd 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2651,6 +2651,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, mki_len = ssl->dtls_srtp_info.mki_len; } + /* The extension total size is 9 bytes : + * - 2 bytes for the extension tag + * - 2 bytes for the total size + * - 2 bytes for the protection profile length + * - 2 bytes for the protection profile + * - 1 byte for the mki length + * + the actual mki length + * Check we have enough room in the output buffer */ if( end < buf + mki_len + 9 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4872b6974..93b60cc9b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4778,12 +4778,6 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - mbedtls_free( conf->dtls_srtp_profile_list ); - conf->dtls_srtp_profile_list = - (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, - profiles_number * sizeof( mbedtls_ssl_srtp_profile ) ); - if( conf->dtls_srtp_profile_list == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); for( i=0; i < profiles_number; i++ ) { switch( profiles[i] ) { @@ -4791,17 +4785,15 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - conf->dtls_srtp_profile_list[i] = profiles[i]; break; default: - mbedtls_free( conf->dtls_srtp_profile_list ); conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } } - /* assign array length */ + conf->dtls_srtp_profile_list = profiles; conf->dtls_srtp_profile_list_len = profiles_number; return( 0 ); @@ -7164,10 +7156,6 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) ssl_key_cert_free( conf->key_cert ); #endif -#if defined (MBEDTLS_SSL_DTLS_SRTP) - mbedtls_free( conf->dtls_srtp_profile_list ); -#endif - mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 644cafad6..6adaf9216 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -262,7 +262,7 @@ int main( void ) " use_srtp=%%d default: 0 (disabled)\n" \ " This cannot be used with eap_tls=1 or "\ " nss_keylog=1\n" \ - " srtp_force_profile=%%d default: all enabled\n" \ + " srtp_force_profile=%%d default: 0 (all enabled)\n" \ " available profiles:\n" \ " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ @@ -707,9 +707,9 @@ static int dtls_srtp_key_derivation( void *p_expkey, if( opt.debug_level > 2 ) { - mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); - mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); - mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); + mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen ); + mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen ); + mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen ); } return( 0 ); } @@ -1242,9 +1242,15 @@ int main( int argc, char *argv[] ) eap_tls_keys eap_tls_keying; #if defined( MBEDTLS_SSL_DTLS_SRTP ) /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; - const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; - dtls_srtp_keys dtls_srtp_keying; + unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; + dtls_srtp_keys dtls_srtp_keying; + const mbedtls_ssl_srtp_profile default_profiles[] = { + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -2324,9 +2330,9 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP ) + if( opt.use_srtp == 1 ) { - if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + if( opt.force_srtp_profile != 0 ) { const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles @@ -2336,11 +2342,6 @@ int main( int argc, char *argv[] ) } else { - const mbedtls_ssl_srtp_profile default_profiles[] = - { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles, @@ -2349,12 +2350,14 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! " + "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", + ret ); goto exit; } } - else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + else if( opt.force_srtp_profile != 0 ) { mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); goto exit; @@ -2605,13 +2608,13 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) + if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) { if( mbedtls_test_unhexify( mki, sizeof( mki ), opt.mki,&mki_len ) != 0 ) { mbedtls_printf( "mki value not valid hex\n" ); - goto exit; + goto exit; } mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); @@ -2751,30 +2754,39 @@ int main( int argc, char *argv[] ) { size_t j = 0; - if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof( dtls_srtp_keying.master_secret ), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof( dtls_srtp_keying.randbytes ), - dtls_srtp_key_material, - sizeof( dtls_srtp_key_material ) ) ) - != 0 ) + if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + == MBEDTLS_SRTP_UNSET_PROFILE ) ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret ); - goto exit; + mbedtls_printf( " DTLS-SRTP unable to negotiate " + "protection profile\n" ); } - - mbedtls_printf( " DTLS-SRTP key material is:" ); - for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + else { - if( j % 8 == 0 ) - mbedtls_printf("\n "); - mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); - } + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + (unsigned int) -ret ); + goto exit; + } - mbedtls_printf("\n"); + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + } + + mbedtls_printf("\n"); + } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 069bd4406..350d8ca51 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -331,7 +331,7 @@ int main( void ) #if defined(MBEDTLS_SSL_DTLS_SRTP) #define USAGE_SRTP \ " use_srtp=%%d default: 0 (disabled)\n" \ - " srtp_force_profile=%%d default: all enabled\n" \ + " srtp_force_profile=%%d default: 0 (all enabled)\n" \ " available profiles:\n" \ " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ @@ -809,9 +809,9 @@ static int dtls_srtp_key_derivation( void *p_expkey, if( opt.debug_level > 2 ) { - mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); - mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); - mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); + mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen ); + mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen ); + mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen ); } return( 0 ); } @@ -1876,6 +1876,12 @@ int main( int argc, char *argv[] ) unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; + const mbedtls_ssl_srtp_profile default_profiles[] = { + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -3136,9 +3142,9 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP ) + if( opt.use_srtp == 1 ) { - if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + if( opt.force_srtp_profile != 0 ) { const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, @@ -3147,10 +3153,6 @@ int main( int argc, char *argv[] ) } else { - const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); @@ -3168,7 +3170,7 @@ int main( int argc, char *argv[] ) MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ); } - else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + else if( opt.force_srtp_profile != 0 ) { mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); goto exit; @@ -3861,30 +3863,39 @@ handshake: { size_t j = 0; - if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof( dtls_srtp_keying.master_secret ), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof( dtls_srtp_keying.randbytes ), - dtls_srtp_key_material, - sizeof( dtls_srtp_key_material ) ) ) - != 0 ) + if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + == MBEDTLS_SRTP_UNSET_PROFILE ) ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret ); - goto exit; + mbedtls_printf( " DTLS-SRTP unable to negotiate " + "protection profile\n" ); } - - mbedtls_printf( " DTLS-SRTP key material is:" ); - for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + else { - if( j % 8 == 0 ) - mbedtls_printf("\n "); - mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); - } + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + (unsigned int) -ret ); + goto exit; + } - mbedtls_printf("\n"); + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + } + + mbedtls_printf("\n"); + } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bb31a3cde..b820a735b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1074,7 +1074,7 @@ P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" -O_CLI="$O_CLI -connect localhost:+SRV_PORT" +O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT" @@ -8723,10 +8723,12 @@ run_test "DTLS-SRTP all profiles supported" \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8738,10 +8740,12 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile." -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8753,10 +8757,12 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles." -s "found srtp profile" \ -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8768,10 +8774,12 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8783,10 +8791,12 @@ run_test "DTLS-SRTP server and Client support only one different profile." \ -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8796,10 +8806,12 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension." \ 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8812,12 +8824,14 @@ run_test "DTLS-SRTP all profiles supported. mki used" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "dumping 'using mki' (8 bytes)" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ -c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'received mki' (8 bytes)" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8829,11 +8843,13 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -S "dumping 'using mki' (8 bytes)" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ -C "error" @@ -8847,6 +8863,7 @@ run_test "DTLS-SRTP all profiles supported. openssl client." \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8858,6 +8875,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8869,6 +8887,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8880,6 +8899,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8891,6 +8911,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8902,6 +8923,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens -s "found srtp profile" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP Extension negotiated, profile" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8911,6 +8933,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP Extension negotiated, profile" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8922,6 +8945,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8933,6 +8957,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8944,6 +8969,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8955,6 +8981,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8966,6 +8993,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8977,6 +9005,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8988,6 +9017,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8999,6 +9029,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ -C "error" @@ -9013,6 +9044,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls client." \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9025,6 +9057,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9037,6 +9070,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9049,6 +9083,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -s "found srtp profile" \ -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_NULL_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9061,6 +9096,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9073,6 +9109,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl -s "found srtp profile" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP profile:" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9083,6 +9120,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP profile:" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9095,6 +9133,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9107,6 +9146,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9119,18 +9159,20 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ - "$P_CLI dtls=1 use_srtp=30 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9143,6 +9185,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9155,6 +9198,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9167,6 +9211,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9179,6 +9224,7 @@ run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'received mki' (8 bytes)" \ -C "error" From d576fdb1d63a3e2b315362710d08b5439747a9a6 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 10:39:53 +0200 Subject: [PATCH 352/488] Style + fix bound check in write_use_srt_ext Signed-off-by: Johan Pascal --- library/ssl_srv.c | 9 +++++---- library/ssl_tls.c | 10 ++++++---- programs/ssl/ssl_client2.c | 16 ++++++++-------- programs/ssl/ssl_server2.c | 14 +++++++------- 4 files changed, 26 insertions(+), 23 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6dc219bdd..e151ffe89 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2063,6 +2063,7 @@ read_record_header: #if defined(MBEDTLS_SSL_DTLS_SRTP) case MBEDTLS_TLS_EXT_USE_SRTP: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); if ( ret != 0 ) return( ret ); @@ -2645,8 +2646,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - ssl->dtls_srtp_info.mki_len != 0 ) + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) { mki_len = ssl->dtls_srtp_info.mki_len; } @@ -2659,7 +2659,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * - 1 byte for the mki length * + the actual mki length * Check we have enough room in the output buffer */ - if( end < buf + mki_len + 9 ) + if( (size_t)( end - buf ) < mki_len + 9 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); return; @@ -2679,7 +2679,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, /* protection profile length: 2 */ buf[4] = 0x00; buf[5] = 0x02; - profile_value = mbedtls_ssl_get_srtp_profile_iana_value( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); + profile_value = mbedtls_ssl_get_srtp_profile_iana_value( + ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); if( profile_value != 0xFFFF ) { buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 93b60cc9b..696eb85ea 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4751,12 +4751,12 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, { if ( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ) { - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len ); @@ -4779,8 +4779,10 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, } - for( i=0; i < profiles_number; i++ ) { - switch( profiles[i] ) { + for( i=0; i < profiles_number; i++ ) + { + switch( profiles[i] ) + { case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6adaf9216..d727ebcad 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2608,7 +2608,7 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) + if( opt.use_srtp != 0 && strlen( opt.mki ) != 0 ) { if( mbedtls_test_unhexify( mki, sizeof( mki ), opt.mki,&mki_len ) != 0 ) @@ -2754,11 +2754,11 @@ int main( int argc, char *argv[] ) { size_t j = 0; - if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) - == MBEDTLS_SRTP_UNSET_PROFILE ) ) + if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + == MBEDTLS_SRTP_UNSET_PROFILE ) ) { - mbedtls_printf( " DTLS-SRTP unable to negotiate " - "protection profile\n" ); + mbedtls_printf( " Unable to negotiate " + "the use of DTLS-SRTP\n" ); } else { @@ -2781,11 +2781,11 @@ int main( int argc, char *argv[] ) for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) { if( j % 8 == 0 ) - mbedtls_printf("\n "); - mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + mbedtls_printf( "\n " ); + mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); } - mbedtls_printf("\n"); + mbedtls_printf( "\n" ); } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 350d8ca51..6dc783215 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3863,11 +3863,11 @@ handshake: { size_t j = 0; - if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) - == MBEDTLS_SRTP_UNSET_PROFILE ) ) + if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + == MBEDTLS_SRTP_UNSET_PROFILE ) ) { - mbedtls_printf( " DTLS-SRTP unable to negotiate " - "protection profile\n" ); + mbedtls_printf( " Unable to negotiate " + "the use of DTLS-SRTP\n" ); } else { @@ -3890,11 +3890,11 @@ handshake: for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) { if( j % 8 == 0 ) - mbedtls_printf("\n "); - mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + mbedtls_printf( "\n " ); + mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); } - mbedtls_printf("\n"); + mbedtls_printf( "\n" ); } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ From 4f099264b5a7848289af3a2c3dab11bc6da15115 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 10:59:26 +0200 Subject: [PATCH 353/488] use_srtp extension shall not interfere in the handshake settings Signed-off-by: Johan Pascal --- library/ssl_srv.c | 29 ++--------------------------- library/ssl_tls.c | 33 ++++----------------------------- 2 files changed, 6 insertions(+), 56 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e151ffe89..f774b407f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3055,39 +3055,14 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) authmode = ssl->handshake->sni_authmode; else -#endif -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* - * check if we have a chosen srtp protection profile, - * force verify mode to be at least OPTIONAL - */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE && - ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ) - { - authmode = MBEDTLS_SSL_VERIFY_OPTIONAL; - } - else #endif authmode = ssl->conf->authmode; if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) || authmode == MBEDTLS_SSL_VERIFY_NONE ) { -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "should not happen" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); - } - else - { -#endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); - return( 0 ); -#if defined(MBEDTLS_SSL_DTLS_SRTP) - } -#endif + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); + return( 0 ); } /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 696eb85ea..6b084450c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2088,21 +2088,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) { -#if defined(MBEDTLS_SSL_DTLS_SRTP) - /* check if we have a chosen srtp protection profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) - { - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); - } - else - { -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); - ssl->state++; - return( 0 ); -#if defined(MBEDTLS_SSL_DTLS_SRTP) - } -#endif + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + ssl->state++; + return( 0 ); } #if defined(MBEDTLS_SSL_CLI_C) @@ -2727,22 +2715,9 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ? ssl->handshake->sni_authmode -#if defined(MBEDTLS_SSL_DTLS_SRTP) - : ssl->dtls_srtp_info.chosen_dtls_srtp_profile != - MBEDTLS_SRTP_UNSET_PROFILE - && ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE - ? MBEDTLS_SSL_VERIFY_OPTIONAL -#endif /* MBEDTLS_SSL_DTLS_SRTP */ : ssl->conf->authmode; #else - const int authmode = -#if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl->dtls_srtp_info.chosen_dtls_srtp_profile != - MBEDTLS_SRTP_UNSET_PROFILE && - ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE ? - MBEDTLS_SSL_VERIFY_OPTIONAL : -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - ssl->conf->authmode; + const int authmode = ssl->conf->authmode; #endif void *rs_ctx = NULL; mbedtls_x509_crt *chain = NULL; From 43f9490a525bccfebb352b9823fadbafdf5e008a Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 12:25:52 +0200 Subject: [PATCH 354/488] SRTP profiles definition use macros only Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 43 ++++++++------------------ include/mbedtls/ssl_internal.h | 43 +++++--------------------- library/ssl_cli.c | 25 ++++++++------- library/ssl_srv.c | 26 ++++++++-------- library/ssl_tls.c | 41 +++++++++++-------------- programs/ssl/ssl_client2.c | 10 +++--- programs/ssl/ssl_server2.c | 10 +++--- tests/ssl-opt.sh | 56 +++++++++++++++++----------------- 8 files changed, 105 insertions(+), 149 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 44530cb24..1ded993bc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -414,6 +414,7 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 +#if defined(MBEDTLS_SSL_DTLS_SRTP) /* * Use_srtp extension protection profiles values as defined in * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml @@ -422,6 +423,9 @@ #define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 0x0002 #define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 0x0005 #define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 0x0006 +/* This one is not iana defined, but for code readability. */ +#define MBEDTLS_TLS_SRTP_UNSET 0x0000 +#endif /* MBEDTLS_SSL_DTLS_SRTP*/ /* * Size defines @@ -870,24 +874,15 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 /* - * List of SRTP profiles for DTLS-SRTP + * For code readability use a typedef for DTLS-SRTP profiles + * The supported profiles are defines as macro above: + * MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 + * MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 + * MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 + * MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 + * MBEDTLS_TLS_SRTP_UNSET */ -typedef enum -{ - MBEDTLS_SRTP_UNSET_PROFILE, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32, -} -mbedtls_ssl_srtp_profile; - -typedef struct -{ - const mbedtls_ssl_srtp_profile profile; - const char *name; -} -mbedtls_ssl_srtp_profile_info; +typedef uint16_t mbedtls_ssl_srtp_profile; typedef struct mbedtls_dtls_srtp_info_t { @@ -3248,23 +3243,11 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * \param ssl The SSL context to query. * * \return The DTLS SRTP protection profile in use. - * \return #MBEDTLS_SRTP_UNSET_PROFILE if the use of SRTP was not negotiated + * \return #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated * or peer's Hello packet was not parsed yet. */ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile ( const mbedtls_ssl_context *ssl ); - -/** - * \brief Utility function to get information on DTLS-SRTP profile. - * - * \param profile The DTLS-SRTP profile id to get info on. - * - * \return The address of the SRTP profile information structure on - * success. - * \return \c NULL if the protection profile \p profile was not found. - */ -const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id - ( mbedtls_ssl_srtp_profile profile ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index a4c0467df..e1ba5cdb6 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1096,50 +1096,23 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) -static inline uint16_t mbedtls_ssl_get_srtp_profile_iana_value - ( mbedtls_ssl_srtp_profile profile ) -{ - uint16_t profile_value = 0xffff; - switch( profile ) - { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - profile_value = MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80; - break; - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - profile_value = MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32; - break; - default: break; - } - return( profile_value ); -} +#if defined(MBEDTLS_DEBUG_C) +const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ); +#endif /* MBEDTLS_DEBUG_C */ -static inline mbedtls_ssl_srtp_profile mbedtls_ssl_get_srtp_profile_value - ( uint16_t srtp_iana_value ) +static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value + ( const uint16_t srtp_profile_value ) { - mbedtls_ssl_srtp_profile profile_value = MBEDTLS_SRTP_UNSET_PROFILE; - switch( srtp_iana_value ) + switch( srtp_profile_value ) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80; - break; case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - profile_value = MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32; - break; case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_80; - break; case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - profile_value = MBEDTLS_SRTP_NULL_HMAC_SHA1_32; - break; + return srtp_profile_value; default: break; } - return( profile_value ); + return( MBEDTLS_TLS_SRTP_UNSET ); } #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b8acc7562..185997ddf 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -811,9 +811,9 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; protection_profiles_index++ ) { - profile_value = mbedtls_ssl_get_srtp_profile_iana_value + profile_value = mbedtls_ssl_check_srtp_profile_value ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ); - if( profile_value != 0xFFFF ) + if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", profile_value ) ); @@ -1823,10 +1823,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_ssl_srtp_profile server_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET; size_t i, mki_len = 0; uint16_t server_protection_profile_value = 0; - const mbedtls_ssl_srtp_profile_info * profile_info; /* If use_srtp is not configured, just ignore the extension */ if( ssl->conf->dtls_srtp_profile_list == NULL || @@ -1870,14 +1869,16 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; - server_protection = mbedtls_ssl_get_srtp_profile_value( server_protection_profile_value ); - profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( server_protection ); - if( profile_info != NULL ) + server_protection = mbedtls_ssl_check_srtp_profile_value( + server_protection_profile_value ); + if( server_protection != MBEDTLS_TLS_SRTP_UNSET ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection ) ) ); } - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; /* * Check we have the server profile in our list @@ -1886,13 +1887,15 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection ) ) ); break; } } /* If no match was found : server problem, it shall never answer with incompatible profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f774b407f..9dc08d299 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -781,10 +781,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_ssl_srtp_profile client_protection = MBEDTLS_SRTP_UNSET_PROFILE; + mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; size_t i,j; size_t profile_length,mki_length; - const mbedtls_ssl_srtp_profile_info *profile_info; /*! 2 bytes for profile length and 1 byte for mki len */ const size_t size_of_lengths = 3; @@ -818,7 +817,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_SRTP_UNSET_PROFILE; + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; /* first 2 bytes are protection profile length(in bytes) */ profile_length = ( buf[0] << 8 ) | buf[1]; @@ -839,12 +838,13 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, for( j=0; j < profile_length; j += 2 ) { uint16_t protection_profile_value = buf[j] << 8 | buf[j+1]; - client_protection = mbedtls_ssl_get_srtp_profile_value( protection_profile_value ); + client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value ); - profile_info = mbedtls_ssl_dtls_srtp_profile_info_from_id( client_protection ); - if( profile_info != NULL ) + if( client_protection != MBEDTLS_TLS_SRTP_UNSET ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection ) ) ); } else { @@ -856,11 +856,13 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", profile_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection ) ) ); break; } } - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_SRTP_UNSET_PROFILE ) + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET ) break; } buf += profile_length; /* buf points to the mki length */ @@ -2639,7 +2641,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_SRTP_UNSET_PROFILE ) + if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) { return; } @@ -2679,9 +2681,9 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, /* protection profile length: 2 */ buf[4] = 0x00; buf[5] = 0x02; - profile_value = mbedtls_ssl_get_srtp_profile_iana_value( + profile_value = mbedtls_ssl_check_srtp_profile_value( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); - if( profile_value != 0xFFFF ) + if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) { buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); buf[7] = (unsigned char)( profile_value & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6b084450c..caaba2428 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4690,29 +4690,24 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -static const mbedtls_ssl_srtp_profile_info srtp_profile_definitions[] = +#if defined(MBEDTLS_DEBUG_C) +const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ) { - { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" }, - { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, "MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" }, - { MBEDTLS_SRTP_NULL_HMAC_SHA1_80, "MBEDTLS_SRTP_NULL_HMAC_SHA1_80" }, - { MBEDTLS_SRTP_NULL_HMAC_SHA1_32, "MBEDTLS_SRTP_NULL_HMAC_SHA1_32" }, - { MBEDTLS_SRTP_UNSET_PROFILE, "" } -}; - -const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id( mbedtls_ssl_srtp_profile profile ) -{ - const mbedtls_ssl_srtp_profile_info *cur = srtp_profile_definitions; - - while( cur->profile != MBEDTLS_SRTP_UNSET_PROFILE ) + switch( profile ) { - if( cur->profile == profile ) - return( cur ); - - cur++; + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; + default: break; } - - return( NULL ); + return( "" ); } +#endif /* MBEDTLS_DEBUG_C */ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ) @@ -4758,10 +4753,10 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, { switch( profiles[i] ) { - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80: - case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: - case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: - case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: break; default: conf->dtls_srtp_profile_list = NULL; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d727ebcad..33fbc0538 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1246,10 +1246,10 @@ int main( int argc, char *argv[] ) const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -2755,7 +2755,7 @@ int main( int argc, char *argv[] ) size_t j = 0; if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) - == MBEDTLS_SRTP_UNSET_PROFILE ) ) + == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " "the use of DTLS-SRTP\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 6dc783215..b6f0736a8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1877,10 +1877,10 @@ int main( int argc, char *argv[] ) const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; const mbedtls_ssl_srtp_profile default_profiles[] = { - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -3864,7 +3864,7 @@ handshake: size_t j = 0; if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) - == MBEDTLS_SRTP_UNSET_PROFILE ) ) + == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " "the use of DTLS-SRTP\n" ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b820a735b..be57f9ddd 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1074,7 +1074,7 @@ P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" -O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" +O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT" @@ -8734,33 +8734,33 @@ run_test "DTLS-SRTP all profiles supported" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=3 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ - -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8771,13 +8771,13 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8785,10 +8785,10 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one different profile." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ -S "DTLS-SRTP key material is"\ @@ -8944,7 +8944,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8967,7 +8967,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8979,7 +8979,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8991,7 +8991,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -8999,7 +8999,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \ @@ -9067,8 +9067,8 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ - -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ - -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" @@ -9076,12 +9076,12 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ - "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ - -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ + -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_NULL_SHA1_32" @@ -9132,7 +9132,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9145,7 +9145,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ - -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9157,7 +9157,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9170,7 +9170,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9183,7 +9183,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ - -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ + -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ -C "error" @@ -9192,7 +9192,7 @@ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ - "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=4 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \ From 253d0263a67b2e8d0a8555f00583abefaee76e07 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 13:04:45 +0200 Subject: [PATCH 355/488] set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 15 +++++++-------- library/ssl_tls.c | 36 +++++++++++++++++------------------- programs/ssl/ssl_client2.c | 15 +++++---------- programs/ssl/ssl_server2.c | 13 +++++-------- 4 files changed, 34 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1ded993bc..085d27082 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3204,13 +3204,13 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * \brief Set the supported DTLS-SRTP protection profiles. * * \param conf SSL configuration - * \param profiles List of supported protection profiles, + * \param profiles Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated + * supported protection profiles * in decreasing preference order. - * The pointer to the list is - * recorded by the library for later reference as required, - * so the lifetime of the table must be at least as long - * as the lifetime of the SSL configuration structure. - * \param profiles_number Number of supported profiles. + * The pointer to the list is recorded by the library + * for later reference as required, so the lifetime + * of the table must be at least as long as the lifetime + * of the SSL configuration structure. * * \return 0 on success * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of @@ -3218,8 +3218,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles ( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles, - size_t profiles_number ); + const mbedtls_ssl_srtp_profile *profiles ); /** * \brief Set the mki_value for the current DTLS-SRTP session. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index caaba2428..f6b56f197 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4735,38 +4735,36 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, } int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles, - size_t profiles_number ) + const mbedtls_ssl_srtp_profile *profiles ) { - size_t i; - /* - * Check input validity : must be a list of profiles from enumeration. - * Maximum length is 4 as only 4 protection profiles are defined. - */ - if( profiles_number > 4 ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } + const mbedtls_ssl_srtp_profile *p; + size_t list_size = 0; - - for( i=0; i < profiles_number; i++ ) + /* check the profiles list: all entry must be valid, + * its size cannot be more than the total number of supported profiles, currently 4 */ + for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size < 5; p++ ) { - switch( profiles[i] ) + switch( *p ) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: + list_size++; break; - default: - conf->dtls_srtp_profile_list = NULL; - conf->dtls_srtp_profile_list_len = 0; - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + default: /* unsupported value, stop parsing and set the size to an error value */ + list_size = 5; } } + if ( list_size > 4 ) { + conf->dtls_srtp_profile_list = NULL; + conf->dtls_srtp_profile_list_len = 0; + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + conf->dtls_srtp_profile_list = profiles; - conf->dtls_srtp_profile_list_len = profiles_number; + conf->dtls_srtp_profile_list_len = list_size; return( 0 ); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 33fbc0538..cdedbd290 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1249,7 +1249,8 @@ int main( int argc, char *argv[] ) MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -2334,18 +2335,12 @@ int main( int argc, char *argv[] ) { if( opt.force_srtp_profile != 0 ) { - const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles - ( &conf, - forced_profile, - sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); + const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile ); } else { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles - ( &conf, - default_profiles, - sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles ); } if( ret != 0 ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b6f0736a8..e66ca4041 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1880,7 +1880,8 @@ int main( int argc, char *argv[] ) MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80, MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32, MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 + MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32, + MBEDTLS_TLS_SRTP_UNSET }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -3146,16 +3147,12 @@ int main( int argc, char *argv[] ) { if( opt.force_srtp_profile != 0 ) { - const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, - forced_profile, - sizeof( forced_profile ) / sizeof( mbedtls_ssl_srtp_profile ) ); + const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, forced_profile ); } else { - ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, - default_profiles, - sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); + ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles ); } if( ret != 0 ) From f6417ecf605d7122568fa425c623be80611a838f Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 15:15:19 +0200 Subject: [PATCH 356/488] mki length feats in a uint16_t Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 6 +++--- library/ssl_cli.c | 9 +++------ library/ssl_srv.c | 3 ++- library/ssl_tls.c | 2 +- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 085d27082..066522fe5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -888,10 +888,10 @@ typedef struct mbedtls_dtls_srtp_info_t { /*! The SRTP profile that was negotiated. */ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; + /*! The length of mki_value. */ + uint16_t mki_len; /*! The mki_value used, with max size of 256 bytes. */ unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; - /*! The length of mki_value. */ - size_t mki_len; } mbedtls_dtls_srtp_info; @@ -3233,7 +3233,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles */ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, - size_t mki_len ); + uint16_t mki_len ); /** * \brief Get the negotiated DTLS-SRTP Protection Profile. * This function should be called after the handshake is diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 185997ddf..39547684e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -761,10 +761,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { unsigned char *p = buf; - size_t protection_profiles_index = 0; - size_t mki_len = 0; - size_t ext_len = 0; - uint16_t profile_value = 0; + size_t protection_profiles_index = 0, ext_len = 0; + uint16_t mki_len = 0, profile_value = 0; *olen = 0; @@ -1843,8 +1841,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; * */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - ssl->dtls_srtp_info.mki_len != 0 ) + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) { mki_len = ssl->dtls_srtp_info.mki_len; } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9dc08d299..5c56a70d9 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -783,7 +783,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; size_t i,j; - size_t profile_length,mki_length; + size_t profile_length; + uint16_t mki_length; /*! 2 bytes for profile length and 1 byte for mki len */ const size_t size_of_lengths = 3; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f6b56f197..9a669840a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4717,7 +4717,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, - size_t mki_len ) + uint16_t mki_len ) { if ( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) { From a455cd9a473fc80d85df8d4bbbc6c48aab44ad89 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 15:28:11 +0200 Subject: [PATCH 357/488] mbedtls_ssl_get_srtp_profile_as_string declared and defined in ssl.h Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ include/mbedtls/ssl_internal.h | 4 ---- library/ssl_tls.c | 19 ------------------- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 066522fe5..d0007fc9f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3184,6 +3184,24 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) +#if defined(MBEDTLS_DEBUG_C) +static inline const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ) +{ + switch( profile ) + { + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; + case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: + return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; + case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: + return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; + default: break; + } + return( "" ); +} +#endif /* MBEDTLS_DEBUG_C */ /** * \brief Manage support for mki(master key id) value * in use_srtp extension. diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e1ba5cdb6..1dc9648b0 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1096,10 +1096,6 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) -#if defined(MBEDTLS_DEBUG_C) -const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ); -#endif /* MBEDTLS_DEBUG_C */ - static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value ( const uint16_t srtp_profile_value ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9a669840a..7c06c3bda 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4690,25 +4690,6 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -#if defined(MBEDTLS_DEBUG_C) -const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ) -{ - switch( profile ) - { - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; - default: break; - } - return( "" ); -} -#endif /* MBEDTLS_DEBUG_C */ - void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, int support_mki_value ) { From e79c1e812147c95572a5abc887f10058ea88f4fc Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 15:51:27 +0200 Subject: [PATCH 358/488] style Signed-off-by: Johan Pascal --- include/mbedtls/config.h | 4 ++-- include/mbedtls/ssl.h | 8 ++++---- library/ssl_cli.c | 11 +++++++---- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 7a1a2b1e5..2b123388e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1817,8 +1817,8 @@ * * Enable support for DTLS-SRTP, RFC5764, use_srtp extension. * \note Only the dtls-srtp key material negotiation is supported. - * Once negotiated, the key should be extracted, and data should be transmitted - * via an SRTP stack. + * Once negotiated, the key should be extracted using mbedtls_ssl_tls_prf() + * and data should be transmitted via an SRTP stack. * * Requires: MBEDTLS_SSL_PROTO_DTLS * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d0007fc9f..bae5348d3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3190,13 +3190,13 @@ static inline const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_s switch( profile ) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"; + return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ); case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"; + return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ); case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"; + return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ); case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"; + return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ); default: break; } return( "" ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 39547684e..0eaeefa10 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -800,9 +800,9 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ext_len & 0xFF ); /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ - *p++ = (unsigned char)( ( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) ) + *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( 2 * (ssl->conf->dtls_srtp_profile_list_len) ) + *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) & 0xFF ); for( protection_profiles_index=0; @@ -824,8 +824,11 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * Note: we shall never arrive here as protection profiles * is checked by ssl_set_dtls_srtp_protection_profiles function */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, ignore illegal DTLS-SRTP protection profile %d", - ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, " + "ignore illegal DTLS-SRTP protection profile %d", + ssl->conf->dtls_srtp_profile_list[protection_profiles_index] + ) ); } } From aae4d22b166deec4c36bb53e8ad3e333dfda10d9 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 21:21:39 +0200 Subject: [PATCH 359/488] Improve code readability +micro optimization +style Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 5 ++++- library/ssl_cli.c | 10 ++++++++-- library/ssl_tls.c | 6 +++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index bae5348d3..a6b8f1bf5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -873,6 +873,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 +#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4 /* * For code readability use a typedef for DTLS-SRTP profiles * The supported profiles are defines as macro above: @@ -3185,7 +3186,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_DEBUG_C) -static inline const char *mbedtls_ssl_get_srtp_profile_as_string ( mbedtls_ssl_srtp_profile profile ) +static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile ) { switch( profile ) { @@ -3229,6 +3230,8 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * for later reference as required, so the lifetime * of the table must be at least as long as the lifetime * of the SSL configuration structure. + * The list must not hold more than + * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements * * \return 0 on success * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 0eaeefa10..b3cfc972c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -800,8 +800,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ext_len & 0xFF ); /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ - *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) - >> 8 ) & 0xFF ); + /* micro-optimization: + * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + * which is lower than 127, so the upper byte of the length is always 0 + * For the documentation, the more generic code is left in comments + * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) + * >> 8 ) & 0xFF ); + */ + *p++ = 0; *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7c06c3bda..18a149f0c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4723,7 +4723,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, /* check the profiles list: all entry must be valid, * its size cannot be more than the total number of supported profiles, currently 4 */ - for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size < 5; p++ ) + for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; p++ ) { switch( *p ) { @@ -4734,11 +4734,11 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, list_size++; break; default: /* unsupported value, stop parsing and set the size to an error value */ - list_size = 5; + list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH+1; } } - if ( list_size > 4 ) { + if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) { conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); From 77696eedac32e3f8fc080a4cb4b7418252c69699 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 22 Sep 2020 21:49:40 +0200 Subject: [PATCH 360/488] Add bound check in the client ssl_write_use_srtp_ext Signed-off-by: Johan Pascal --- library/ssl_cli.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index b3cfc972c..73d16b3a8 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -757,8 +757,10 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; size_t protection_profiles_index = 0, ext_len = 0; @@ -769,14 +771,9 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) { - return; + return( 0 ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) ); - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); - /* RFC 5764 section 4.1.1 * uint8 SRTPProtectionProfile[2]; * @@ -796,6 +793,18 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, */ ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) ); + + /* Check there is room in the buffer for the extension + 4 bytes + * - the extension tag (2 bytes) + * - the extension length (2 bytes) + */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 ); + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + + *p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF ); *p++ = (unsigned char)( ext_len & 0xFF ); @@ -860,6 +869,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * + mki value */ *olen = p - buf; + + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1387,7 +1398,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DTLS_SRTP) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { - ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); + return( ret ); + } ext_len += olen; } #endif From 842d671316d3261317cda2eea85a07daddea5d48 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 23 Sep 2020 13:34:40 +0200 Subject: [PATCH 361/488] Update include/mbedtls/config.h Co-authored-by: Hanno Becker Signed-off-by: Johan Pascal --- include/mbedtls/config.h | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2b123388e..2ac2cc696 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1815,10 +1815,27 @@ /** * \def MBEDTLS_SSL_DTLS_SRTP * - * Enable support for DTLS-SRTP, RFC5764, use_srtp extension. - * \note Only the dtls-srtp key material negotiation is supported. - * Once negotiated, the key should be extracted using mbedtls_ssl_tls_prf() - * and data should be transmitted via an SRTP stack. + * Enable support for negotation of DTLS-SRTP (RFC 5764) + * through the use_srtp extension. + * + * \note This feature provides the minimum functionality required + * to negotiate the use of DTLS-SRTP and to allow the derivation of + * the associated SRTP packet protection key material. + * In particular, the SRTP packet protection itself, as well as the + * demultiplexing of RTP and DTLS packets at the datagram layer + * (see Section 5 of RFC 5764), are not handled by this feature. + * Instead, after successful completion of a handshake negotiating + * the use of DTLS-SRTP, the extended key exporter API + * mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement + * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705 + * (this is implemented in the SSL example programs). + * The resulting key should then be passed to an SRTP stack. + * + * Setting this option enables the runtime API + * mbedtls_ssl_conf_dtls_srtp_protection_profiles() + * through which the supported DTLS-SRTP protection + * profiles can be configured. You must call this API at + * runtime if you wish to negotiate the use of DTLS-SRTP. * * Requires: MBEDTLS_SSL_PROTO_DTLS * From d387aa05869eecfe0b52d90a104b3eca676fb03a Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 23 Sep 2020 18:47:56 +0200 Subject: [PATCH 362/488] style + missing cast Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 1 + library/ssl_cli.c | 8 ++++---- library/ssl_tls.c | 11 +++++++---- programs/ssl/ssl_client2.c | 2 +- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a6b8f1bf5..840722ded 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3232,6 +3232,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * of the SSL configuration structure. * The list must not hold more than * MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements + * (excluding the terminating MBEDTLS_TLS_SRTP_UNSET). * * \return 0 on success * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 73d16b3a8..c864cb2c6 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -758,9 +758,9 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_SRTP) static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; size_t protection_profiles_index = 0, ext_len = 0; @@ -1399,7 +1399,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) + end, &olen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); return( ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 18a149f0c..58fcab3dd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4723,7 +4723,9 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, /* check the profiles list: all entry must be valid, * its size cannot be more than the total number of supported profiles, currently 4 */ - for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; p++ ) + for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && + list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; + p++ ) { switch( *p ) { @@ -4731,14 +4733,15 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - list_size++; + list_size++; break; default: /* unsupported value, stop parsing and set the size to an error value */ - list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH+1; + list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; } } - if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) { + if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) + { conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cdedbd290..d0f573e27 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2614,7 +2614,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); if( ( ret = mbedtls_ssl_dtls_srtp_set_mki_value( &ssl, mki, - strlen( opt.mki ) / 2 ) ) != 0 ) + (uint16_t) strlen( opt.mki ) / 2 ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret ); goto exit; From 39cfd3b96e16fe67ee6e112920ac64ca18ee1a5f Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 23 Sep 2020 18:49:13 +0200 Subject: [PATCH 363/488] interop test: openssl generate the DTLS-SRTP keys Missing a command in the test script to compare with peer's output Signed-off-by: Johan Pascal --- tests/ssl-opt.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index be57f9ddd..1bba6c646 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8857,7 +8857,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP all profiles supported. openssl client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -8869,7 +8869,7 @@ run_test "DTLS-SRTP all profiles supported. openssl client." \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -8881,7 +8881,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ - "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -8893,7 +8893,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -8905,7 +8905,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ - "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -8917,7 +8917,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ - "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 0 \ -s "found use_srtp extension" \ -s "found srtp profile" \ @@ -8929,7 +8929,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ "$P_SRV dtls=1 debug_level=3" \ - "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ @@ -8938,7 +8938,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP all profiles supported. openssl server" \ - "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ @@ -8950,7 +8950,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ - "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ @@ -8962,7 +8962,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ - "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ @@ -8974,7 +8974,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ - "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ @@ -8986,7 +8986,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ - "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ @@ -8998,7 +8998,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ - "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ @@ -9022,7 +9022,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ - "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32" \ + "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ From 9bc50b01221d7c5e0d20c70b1af9c96567748c04 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 24 Sep 2020 12:01:13 +0200 Subject: [PATCH 364/488] Test check the key material exported match - include interop with openssl client Signed-off-by: Johan Pascal --- programs/ssl/ssl_client2.c | 10 ++++++++++ programs/ssl/ssl_server2.c | 10 ++++++++++ tests/ssl-opt.sh | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d0f573e27..759603a8f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2779,7 +2779,17 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n " ); mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); } + mbedtls_printf( "\n" ); + /* produce a less readable output used to perform automatic checks + * - compare client and server output + * - interop test with openssl which client produces this kind of output + */ + mbedtls_printf( " Keying material: " ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_key_material[j] ); + } mbedtls_printf( "\n" ); } } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e66ca4041..9cef27523 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3890,7 +3890,17 @@ handshake: mbedtls_printf( "\n " ); mbedtls_printf( "%02x ", dtls_srtp_key_material[j] ); } + mbedtls_printf( "\n" ); + /* produce a less readable output used to perform automatic checks + * - compare client and server output + * - interop test with openssl which client produces this kind of output + */ + mbedtls_printf( " Keying material: " ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_key_material[j] ); + } mbedtls_printf( "\n" ); } } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1bba6c646..533422579 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -634,6 +634,23 @@ detect_dtls() { fi } +# Compare file content +# Usage: find_in_both pattern file1 file2 +# extract from file1 the first line matching the pattern +# check in file2 that the same line can be found +find_in_both() { + srv_pattern=$(grep -m 1 "$1" "$2"); + if [ -z "$srv_pattern" ]; then + return 1; + fi + + if grep "$srv_pattern" $3 >/dev/null; then : + return 0; + else + return 1; + fi +} + # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output @@ -643,6 +660,7 @@ detect_dtls() { # -C pattern pattern that must be absent in client output # -U pattern lines after pattern must be unique in server output # -F call shell function on server output +# -g call shell function on server and client output run_test() { NAME="$1" shift 1 @@ -865,6 +883,12 @@ run_test() { return fi ;; + "-g") + if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then + fail "function call to '$2' failed on Server and Client output" + return + fi + ;; *) echo "Unknown test: $1" >&2 @@ -8729,8 +8753,10 @@ run_test "DTLS-SRTP all profiles supported" \ -c "found srtp profile" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -C "error" + requires_config_enabled MBEDTLS_SSL_DTLS_SRTP run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ @@ -8746,6 +8772,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile." -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8763,6 +8790,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles." -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8780,6 +8808,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8832,6 +8861,7 @@ run_test "DTLS-SRTP all profiles supported. mki used" \ -c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'received mki' (8 bytes)" \ -c "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8850,6 +8880,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -c "found srtp profile" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ -C "error" @@ -8864,6 +8895,7 @@ run_test "DTLS-SRTP all profiles supported. openssl client." \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8876,6 +8908,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8888,6 +8921,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8900,6 +8934,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8912,6 +8947,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ + -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP From 104031547ffd4975ca6eaa6feb27b412b429552a Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Fri, 9 Oct 2020 20:43:51 +0200 Subject: [PATCH 365/488] style Signed-off-by: Johan Pascal --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 533422579..f84c48540 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -645,7 +645,7 @@ find_in_both() { fi if grep "$srv_pattern" $3 >/dev/null; then : - return 0; + return 0; else return 1; fi From 76fdf1d60e93a4acb2653ec91e23180c02e142d3 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 22 Oct 2020 23:31:00 +0200 Subject: [PATCH 366/488] Minor fix and improvements Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 51 +++++++++++++++++++++----------------- library/ssl_cli.c | 19 ++++++++------ library/ssl_srv.c | 32 +++++++++++++----------- library/ssl_tls.c | 16 ++++++------ programs/ssl/ssl_client2.c | 6 +++++ programs/ssl/ssl_server2.c | 6 +++++ 6 files changed, 77 insertions(+), 53 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 840722ded..84082f3af 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -414,19 +414,6 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 -#if defined(MBEDTLS_SSL_DTLS_SRTP) -/* - * Use_srtp extension protection profiles values as defined in - * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - */ -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 0x0001 -#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 0x0002 -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 0x0005 -#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 0x0006 -/* This one is not iana defined, but for code readability. */ -#define MBEDTLS_TLS_SRTP_UNSET 0x0000 -#endif /* MBEDTLS_SSL_DTLS_SRTP*/ - /* * Size defines */ @@ -871,18 +858,24 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) -#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 #define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH 255 #define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4 /* * For code readability use a typedef for DTLS-SRTP profiles - * The supported profiles are defines as macro above: - * MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 - * MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 - * MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 - * MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 - * MBEDTLS_TLS_SRTP_UNSET + * + * Use_srtp extension protection profiles values as defined in + * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + * + * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value + * must be updated too. */ +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ( (uint16_t) 0x0001) +#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ( (uint16_t) 0x0002) +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80 ( (uint16_t) 0x0005) +#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32 ( (uint16_t) 0x0006) +/* This one is not iana defined, but for code readability. */ +#define MBEDTLS_TLS_SRTP_UNSET ( (uint16_t) 0x0000) + typedef uint16_t mbedtls_ssl_srtp_profile; typedef struct mbedtls_dtls_srtp_info_t @@ -2096,6 +2089,8 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, * (Default: none.) * * \note See \c mbedtls_ssl_export_keys_ext_t. + * \warning Exported key material must not be used for any purpose + * before the (D)TLS handshake is completed * * \param conf SSL configuration context * \param f_export_keys_ext Callback for exporting keys @@ -3249,6 +3244,11 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles * \param mki_value The MKI value to set. * \param mki_len The length of the MKI value. * + * \note This function is relevant on client side only. + * The server discovers the mki value during handshake. + * A mki value set on server side using this function + * is ignored. + * * \return 0 on success * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE @@ -3258,12 +3258,17 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, uint16_t mki_len ); /** * \brief Get the negotiated DTLS-SRTP Protection Profile. - * This function should be called after the handshake is - * completed. + * + * \warning This function must be called after the handshake is + * completed. The value returned by this function must + * not be trusted or acted upon before the handshake completes. * * \param ssl The SSL context to query. * - * \return The DTLS SRTP protection profile in use. + * \return The DTLS SRTP protection profile in use. The return type is + * a direct mapping of the iana defined value for protection + * profile on an uint16_t. + * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml * \return #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated * or peer's Hello packet was not parsed yet. */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c864cb2c6..234098a7f 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -837,13 +837,14 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, { /* * Note: we shall never arrive here as protection profiles - * is checked by ssl_set_dtls_srtp_protection_profiles function + * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, " - "ignore illegal DTLS-SRTP protection profile %d", + "illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } } @@ -1872,11 +1873,12 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, } /* - * Length is 5 and optional mki_value : one protection profile(2 bytes) - * + length(2 bytes) + mki_len(1 byte) + * Length is 5 + optional mki_value : one protection profile length (2 bytes) + * + protection profile (2 bytes) + * + mki_len(1 byte) * and optional srtp_mki */ - if( ( len != 5 ) && ( len != ( 5 + mki_len ) ) ) + if( len != ( buf[4] + 5u ) ) return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); /* @@ -2509,8 +2511,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); - if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); + if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) + return( ret ); + } break; #endif /* MBEDTLS_SSL_ALPN */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 5c56a70d9..007d9e41a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -810,8 +810,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Min length is 5: at least one protection profile(2 bytes) * and length(2 bytes) + srtp_mki length(1 byte) * Check here that we have at least 2 bytes of protection profiles length + * and one of srtp_mki length */ - if( len < 2 ) + if( len < size_of_lengths ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); @@ -824,8 +825,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, profile_length = ( buf[0] << 8 ) | buf[1]; buf += 2; - /* check the buffer size: at least profiles + profile and mki length */ - if( profile_length + size_of_lengths > len || + /* The profile length cannot be bigger than input buffer size - lengths fields */ + if( profile_length > len - size_of_lengths || profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */ { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -836,9 +837,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * parse the extension list values are defined in * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ - for( j=0; j < profile_length; j += 2 ) + for( j = 0; j < profile_length; j += 2 ) { - uint16_t protection_profile_value = buf[j] << 8 | buf[j+1]; + uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1]; client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value ); if( client_protection != MBEDTLS_TLS_SRTP_UNSET ) @@ -884,10 +885,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { ssl->dtls_srtp_info.mki_len = mki_length; - for( i=0; i < mki_length; i++ ) - { - ssl->dtls_srtp_info.mki_value[i] = buf[i]; - } + memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length); MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); @@ -2067,9 +2065,12 @@ read_record_header: case MBEDTLS_TLS_EXT_USE_SRTP: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); - ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); - if ( ret != 0 ) - return( ret ); + if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); + if ( ret != 0 ) + return( ret ); + } break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -2991,8 +2992,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; + } #endif MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 58fcab3dd..a9e5523f6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4727,16 +4727,14 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; p++ ) { - switch( *p ) + if ( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET ) { - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - list_size++; - break; - default: /* unsupported value, stop parsing and set the size to an error value */ - list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; + list_size++; + } + else + { + /* unsupported value, stop parsing and set the size to an error value */ + list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; } } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 759603a8f..c70346a74 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -680,6 +680,12 @@ exit: } #if defined( MBEDTLS_SSL_DTLS_SRTP ) +/* Supported SRTP mode needs a maximum of : + * - 16 bytes for key (AES-128) + * - 14 bytes SALT + * One for sender, one for receiver context + */ +#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 typedef struct dtls_srtp_keys { unsigned char master_secret[48]; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 9cef27523..97929cd65 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -782,6 +782,12 @@ exit: } #if defined( MBEDTLS_SSL_DTLS_SRTP ) +/* Supported SRTP mode needs a maximum of : + * - 16 bytes for key (AES-128) + * - 14 bytes SALT + * One for sender, one for receiver context + */ +#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60 typedef struct dtls_srtp_keys { unsigned char master_secret[48]; From adbd9449ecad5ff011a3eb57cd2548900d421603 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Mon, 26 Oct 2020 21:24:25 +0100 Subject: [PATCH 367/488] More minor fix Signed-off-by: Johan Pascal --- library/ssl_cli.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 234098a7f..ddbe5ca67 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1878,7 +1878,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * + mki_len(1 byte) * and optional srtp_mki */ - if( len != ( buf[4] + 5u ) ) + if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) ) return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); /* @@ -2524,8 +2524,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) case MBEDTLS_TLS_EXT_USE_SRTP: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); - if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); + if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) + return( ret ); + } break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ From 20c7db3a678b840be578cd3e1a7044d20a23158d Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Mon, 26 Oct 2020 22:45:58 +0100 Subject: [PATCH 368/488] API modified so server side can get mki value + client side discards self mki if server does not support it Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 17 ++++++++++++----- library/ssl_cli.c | 8 ++++++++ library/ssl_tls.c | 6 +++--- programs/ssl/ssl_client2.c | 18 +++++++++++++++++- programs/ssl/ssl_server2.c | 19 ++++++++++++++++++- tests/ssl-opt.sh | 5 +++++ 6 files changed, 63 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 84082f3af..398eb012a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3257,7 +3257,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, uint16_t mki_len ); /** - * \brief Get the negotiated DTLS-SRTP Protection Profile. + * \brief Get the negotiated DTLS-SRTP informations: + * Protection profile and MKI value. * * \warning This function must be called after the handshake is * completed. The value returned by this function must @@ -3265,14 +3266,20 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * * \param ssl The SSL context to query. * - * \return The DTLS SRTP protection profile in use. The return type is - * a direct mapping of the iana defined value for protection + * \return The negotiated DTLS-SRTP informations: + * - Protection profile in use. + * A direct mapping of the iana defined value for protection * profile on an uint16_t. * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * \return #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated + * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated * or peer's Hello packet was not parsed yet. + * - mki size and value (if size is > 0). These informations are valid only + * if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET. + * Ownership of the returned structure is kept by the ssl context, + * the caller must duplicate any information that must live longer than + * the context (typically MKI size and value if any) */ -mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile +const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result ( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index ddbe5ca67..56a71c696 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1925,6 +1925,14 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } + + /* If server does not use mki in its reply, make sure the client won't keep + * one as negotiated */ + if( len == 5 ) + { + ssl->dtls_srtp_info.mki_len = 0; + } + /* * RFC5764: * If the client detects a nonzero-length MKI in the server's response diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a9e5523f6..cee8ba132 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4751,10 +4751,10 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( 0 ); } -mbedtls_ssl_srtp_profile - mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl ) +const mbedtls_dtls_srtp_info * + mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl ) { - return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); + return( &( ssl->dtls_srtp_info ) ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c70346a74..d53a40af8 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2754,8 +2754,10 @@ int main( int argc, char *argv[] ) else if( opt.use_srtp != 0 ) { size_t j = 0; + const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result = + mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); - if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " @@ -2797,6 +2799,20 @@ int main( int argc, char *argv[] ) mbedtls_printf( "%02X", dtls_srtp_key_material[j] ); } mbedtls_printf( "\n" ); + + if ( dtls_srtp_negotiation_result->mki_len > 0 ) + { + mbedtls_printf( " DTLS-SRTP mki value: " ); + for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] ); + } + } + else + { + mbedtls_printf( " DTLS-SRTP no mki value negociated" ); + } + mbedtls_printf( "\n" ); } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 97929cd65..126a64c0d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3865,8 +3865,10 @@ handshake: else if( opt.use_srtp != 0 ) { size_t j = 0; + const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result = + mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); - if( ( mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " @@ -3908,6 +3910,21 @@ handshake: mbedtls_printf( "%02X", dtls_srtp_key_material[j] ); } mbedtls_printf( "\n" ); + + if ( dtls_srtp_negotiation_result->mki_len > 0 ) + { + mbedtls_printf( " DTLS-SRTP mki value: " ); + for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ ) + { + mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] ); + } + } + else + { + mbedtls_printf( " DTLS-SRTP no mki value negociated" ); + } + mbedtls_printf( "\n" ); + } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f84c48540..210108df3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8862,6 +8862,7 @@ run_test "DTLS-SRTP all profiles supported. mki used" \ -c "dumping 'received mki' (8 bytes)" \ -c "DTLS-SRTP key material is"\ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ + -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8874,12 +8875,14 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ + -s "DTLS-SRTP no mki value negociated"\ -S "dumping 'using mki' (8 bytes)" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -c "DTLS-SRTP no mki value negociated"\ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ @@ -9066,6 +9069,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl -c "found srtp profile" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -c "DTLS-SRTP no mki value negociated"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ -C "error" @@ -9261,6 +9265,7 @@ run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ -c "found srtp profile" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ + -c "DTLS-SRTP mki value:"\ -c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'received mki' (8 bytes)" \ -C "error" From 275874bc47a50771e7f92a4f5da28fcb3b4fbb1c Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Tue, 27 Oct 2020 10:43:53 +0100 Subject: [PATCH 369/488] Fix previous commit Signed-off-by: Johan Pascal --- library/ssl_cli.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 56a71c696..a3e027e1d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2519,11 +2519,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); - if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); - } + if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) + return( ret ); break; #endif /* MBEDTLS_SSL_ALPN */ From 0dbcd1d3f094c5ffd491b479b15efe3dbe08496d Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 28 Oct 2020 11:03:07 +0100 Subject: [PATCH 370/488] Make API safer Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 5 +---- library/ssl_tls.c | 10 ++++++++-- programs/ssl/ssl_client2.c | 10 +++++----- programs/ssl/ssl_server2.c | 10 +++++----- 4 files changed, 19 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 398eb012a..4805c67b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3275,11 +3275,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * or peer's Hello packet was not parsed yet. * - mki size and value (if size is > 0). These informations are valid only * if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET. - * Ownership of the returned structure is kept by the ssl context, - * the caller must duplicate any information that must live longer than - * the context (typically MKI size and value if any) */ -const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result +mbedtls_dtls_srtp_info mbedtls_ssl_get_dtls_srtp_negotiation_result ( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cee8ba132..0739b8f05 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4751,10 +4751,16 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( 0 ); } -const mbedtls_dtls_srtp_info * +mbedtls_dtls_srtp_info mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl ) { - return( &( ssl->dtls_srtp_info ) ); + mbedtls_dtls_srtp_info ret = ssl->dtls_srtp_info; + /* discard the mki if there is no chosen profile */ + if ( ret.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) + { + ret.mki_len = 0; + } + return( ret ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d53a40af8..2a6050789 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2754,10 +2754,10 @@ int main( int argc, char *argv[] ) else if( opt.use_srtp != 0 ) { size_t j = 0; - const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result = + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result = mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); - if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile + if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " @@ -2800,12 +2800,12 @@ int main( int argc, char *argv[] ) } mbedtls_printf( "\n" ); - if ( dtls_srtp_negotiation_result->mki_len > 0 ) + if ( dtls_srtp_negotiation_result.mki_len > 0 ) { mbedtls_printf( " DTLS-SRTP mki value: " ); - for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ ) + for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ ) { - mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] ); + mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] ); } } else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 126a64c0d..81721bbca 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3865,10 +3865,10 @@ handshake: else if( opt.use_srtp != 0 ) { size_t j = 0; - const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result = + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result = mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); - if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile + if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " @@ -3911,12 +3911,12 @@ handshake: } mbedtls_printf( "\n" ); - if ( dtls_srtp_negotiation_result->mki_len > 0 ) + if ( dtls_srtp_negotiation_result.mki_len > 0 ) { mbedtls_printf( " DTLS-SRTP mki value: " ); - for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ ) + for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ ) { - mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] ); + mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] ); } } else From 2258a4f481ede36323b3ced8d76b869fb4921c75 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 28 Oct 2020 13:53:09 +0100 Subject: [PATCH 371/488] Do not return a structure, use a return parameter Signed-off-by: Johan Pascal --- include/mbedtls/ssl.h | 34 ++++++++++++++++------------------ library/ssl_tls.c | 17 ++++++++++------- programs/ssl/ssl_client2.c | 4 ++-- programs/ssl/ssl_server2.c | 4 ++-- 4 files changed, 30 insertions(+), 29 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4805c67b3..1b4e163f6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3257,27 +3257,25 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, uint16_t mki_len ); /** - * \brief Get the negotiated DTLS-SRTP informations: - * Protection profile and MKI value. + * \brief Get the negotiated DTLS-SRTP informations: + * Protection profile and MKI value. * - * \warning This function must be called after the handshake is - * completed. The value returned by this function must - * not be trusted or acted upon before the handshake completes. + * \warning This function must be called after the handshake is + * completed. The value returned by this function must + * not be trusted or acted upon before the handshake completes. * - * \param ssl The SSL context to query. - * - * \return The negotiated DTLS-SRTP informations: - * - Protection profile in use. - * A direct mapping of the iana defined value for protection - * profile on an uint16_t. - * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml - * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated - * or peer's Hello packet was not parsed yet. - * - mki size and value (if size is > 0). These informations are valid only - * if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET. + * \param ssl The SSL context to query. + * \param dtls_srtp_info The negotiated DTLS-SRTP informations: + * - Protection profile in use. + * A direct mapping of the iana defined value for protection + * profile on an uint16_t. + http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml + * #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated + * or peer's Hello packet was not parsed yet. + * - mki size and value( if size is > 0 ). */ -mbedtls_dtls_srtp_info mbedtls_ssl_get_dtls_srtp_negotiation_result - ( const mbedtls_ssl_context *ssl ); +void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0739b8f05..8dec7f10a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4751,16 +4751,19 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( 0 ); } -mbedtls_dtls_srtp_info - mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl ) +void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, mbedtls_dtls_srtp_info *dtls_srtp_info ) { - mbedtls_dtls_srtp_info ret = ssl->dtls_srtp_info; - /* discard the mki if there is no chosen profile */ - if ( ret.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) + dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; + /* do not copy the mki value if there is no chosen profile */ + if ( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) { - ret.mki_len = 0; + dtls_srtp_info->mki_len = 0; + } + else + { + dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; + memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); } - return( ret ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2a6050789..e78c087ff 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2754,8 +2754,8 @@ int main( int argc, char *argv[] ) else if( opt.use_srtp != 0 ) { size_t j = 0; - mbedtls_dtls_srtp_info dtls_srtp_negotiation_result = - mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; + mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result ); if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 81721bbca..7383d8885 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3865,8 +3865,8 @@ handshake: else if( opt.use_srtp != 0 ) { size_t j = 0; - mbedtls_dtls_srtp_info dtls_srtp_negotiation_result = - mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; + mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result ); if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) From 5ef72d214f0b2525a0f89ae390267e583f2f42ba Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 28 Oct 2020 17:05:47 +0100 Subject: [PATCH 372/488] Style and typos Signed-off-by: Johan Pascal --- library/ssl_cli.c | 3 ++- library/ssl_srv.c | 8 ++++---- library/ssl_tls.c | 14 ++++++++------ programs/ssl/ssl_client2.c | 5 +++-- programs/ssl/ssl_server2.c | 2 +- tests/ssl-opt.sh | 6 +++--- 6 files changed, 21 insertions(+), 17 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a3e027e1d..223f582c4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1909,7 +1909,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, */ for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { - if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) { + if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) + { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", mbedtls_ssl_get_srtp_profile_as_string( diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 007d9e41a..60de57b1c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -885,7 +885,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { ssl->dtls_srtp_info.mki_len = mki_length; - memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length); + memcpy( ssl->dtls_srtp_info.mki_value, buf, mki_length ); MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); @@ -2065,10 +2065,10 @@ read_record_header: case MBEDTLS_TLS_EXT_USE_SRTP: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); - if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); - if ( ret != 0 ) + if( ret != 0 ) return( ret ); } break; @@ -2992,7 +2992,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8dec7f10a..7cb5b8ccf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4700,7 +4700,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, uint16_t mki_len ) { - if ( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) + if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -4727,7 +4727,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; p++ ) { - if ( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET ) + if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET ) { list_size++; } @@ -4738,7 +4738,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, } } - if ( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) + if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) { conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; @@ -4751,18 +4751,20 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( 0 ); } -void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, mbedtls_dtls_srtp_info *dtls_srtp_info ) +void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info ) { dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; /* do not copy the mki value if there is no chosen profile */ - if ( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) + if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) { dtls_srtp_info->mki_len = 0; } else { dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; - memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, ssl->dtls_srtp_info.mki_len ); + memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len ); } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index e78c087ff..dd274700c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2341,7 +2341,8 @@ int main( int argc, char *argv[] ) { if( opt.force_srtp_profile != 0 ) { - const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; + const mbedtls_ssl_srtp_profile forced_profile[] = + { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, forced_profile ); } else @@ -2810,7 +2811,7 @@ int main( int argc, char *argv[] ) } else { - mbedtls_printf( " DTLS-SRTP no mki value negociated" ); + mbedtls_printf( " DTLS-SRTP no mki value negotiated" ); } mbedtls_printf( "\n" ); } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7383d8885..dcb215d4e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3921,7 +3921,7 @@ handshake: } else { - mbedtls_printf( " DTLS-SRTP no mki value negociated" ); + mbedtls_printf( " DTLS-SRTP no mki value negotiated" ); } mbedtls_printf( "\n" ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 210108df3..59e79744f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8875,14 +8875,14 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "DTLS-SRTP key material is"\ - -s "DTLS-SRTP no mki value negociated"\ + -s "DTLS-SRTP no mki value negotiated"\ -S "dumping 'using mki' (8 bytes)" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP no mki value negociated"\ + -c "DTLS-SRTP no mki value negotiated"\ -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ @@ -9069,7 +9069,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl -c "found srtp profile" \ -c "selected srtp profile" \ -c "DTLS-SRTP key material is"\ - -c "DTLS-SRTP no mki value negociated"\ + -c "DTLS-SRTP no mki value negotiated"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ -C "error" From c3ccd98a916a10d3b400df5e189a9ef895d342ba Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Wed, 28 Oct 2020 17:18:18 +0100 Subject: [PATCH 373/488] Check transport in the extension parser/writer Signed-off-by: Johan Pascal --- library/ssl_cli.c | 30 +++++++++++++----------------- library/ssl_srv.c | 24 ++++++++++-------------- 2 files changed, 23 insertions(+), 31 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 223f582c4..76be8ab07 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -768,8 +768,9 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ( ssl->conf->dtls_srtp_profile_list == NULL ) || - ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->conf->dtls_srtp_profile_list == NULL ) || + ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) { return( 0 ); } @@ -1397,16 +1398,13 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) { - if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); - return( ret ); - } - ext_len += olen; + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); + return( ret ); } + ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) @@ -1852,8 +1850,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, uint16_t server_protection_profile_value = 0; /* If use_srtp is not configured, just ignore the extension */ - if( ssl->conf->dtls_srtp_profile_list == NULL || - ssl->conf->dtls_srtp_profile_list_len == 0 ) + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->conf->dtls_srtp_profile_list == NULL ) || + ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) return( 0 ); /* RFC 5764 section 4.1.1 @@ -2530,11 +2529,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) case MBEDTLS_TLS_EXT_USE_SRTP: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); - if ( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); - } + if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) + return( ret ); break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 60de57b1c..070a5915f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -789,8 +789,9 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, const size_t size_of_lengths = 3; /* If use_srtp is not configured, just ignore the extension */ - if( ssl->conf->dtls_srtp_profile_list == NULL || - ssl->conf->dtls_srtp_profile_list_len == 0 ) + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->conf->dtls_srtp_profile_list == NULL ) || + ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) { return( 0 ); } @@ -2065,12 +2066,9 @@ read_record_header: case MBEDTLS_TLS_EXT_USE_SRTP: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - } + ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -2643,7 +2641,8 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) + if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || + ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) { return; } @@ -2992,11 +2991,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; - } + ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; #endif MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) ); From 5fbe9e7ac089f310370ee6905c9c1aa7ef5fb746 Mon Sep 17 00:00:00 2001 From: Johan Pascal Date: Thu, 29 Oct 2020 10:49:21 +0100 Subject: [PATCH 374/488] remove useless parentheses Signed-off-by: Johan Pascal --- programs/ssl/ssl_client2.c | 4 ++-- programs/ssl/ssl_server2.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index dd274700c..54cdd7d32 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2758,8 +2758,8 @@ int main( int argc, char *argv[] ) mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result ); - if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile - == MBEDTLS_TLS_SRTP_UNSET ) ) + if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile + == MBEDTLS_TLS_SRTP_UNSET ) { mbedtls_printf( " Unable to negotiate " "the use of DTLS-SRTP\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index dcb215d4e..ec3d6ade5 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3868,8 +3868,8 @@ handshake: mbedtls_dtls_srtp_info dtls_srtp_negotiation_result; mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl, &dtls_srtp_negotiation_result ); - if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile - == MBEDTLS_TLS_SRTP_UNSET ) ) + if( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile + == MBEDTLS_TLS_SRTP_UNSET ) { mbedtls_printf( " Unable to negotiate " "the use of DTLS-SRTP\n" ); From 423d3e7fcfffc6d1390f760d7ddd50e22aea81a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 29 Oct 2020 11:07:39 +0100 Subject: [PATCH 375/488] Update support macros for IV/nonce sizes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit defines the following new macros added to the PSA Crypto API between versions 1.0 beta 3 and 1.0.0 final: PSA_AEAD_NONCE_LENGTH PSA_AEAD_NONCE_MAX_SIZE PSA_CIPHER_IV_LENGTH PSA_CIPHER_IV_MAX_SIZE Signed-off-by: Bence Szépkúti --- include/psa/crypto_sizes.h | 87 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index f6373b8c2..4dc8ad417 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -657,4 +657,91 @@ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ 0) +/** The default nonce size for an AEAD algorithm, in bytes. + * + * This macro can be used to allocate a buffer of sufficient size to + * store the nonce output from #psa_aead_generate_nonce(). + * + * See also #PSA_AEAD_NONCE_MAX_SIZE. + * + * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(), + * #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by + * #psa_aead_generate_nonce(). + * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * + * \param key_type A symmetric key type that is compatible with algorithm \p alg. + * + * \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \return The default nonce size for the specified key type and algorithm. + * If the key type or AEAD algorithm is not recognized, + * or the parameters are incompatible, return 0. + * An implementation can return either 0 or a correct size for a key type + * and AEAD algorithm that it recognizes, but does not support. + */ +#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ + (PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) == 16 && \ + (PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CCM || \ + PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_GCM) ? 12 : \ + (key_type) == PSA_KEY_TYPE_CHACHA20 && \ + PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \ + 0) + +/** The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes. + * + * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return. + * + * \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(), + * #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by + * #psa_aead_generate_nonce(). + */ +#define PSA_AEAD_NONCE_MAX_SIZE 12 + +/** The default IV size for a cipher algorithm, in bytes. + * + * The IV that is generated as part of a call to #psa_cipher_encrypt() is always + * the default IV length for the algorithm. + * + * This macro can be used to allocate a buffer of sufficient size to + * store the IV output from #psa_cipher_generate_iv() when using + * a multi-part cipher operation. + * + * See also #PSA_CIPHER_IV_MAX_SIZE. + * + * \warning This macro may evaluate its arguments multiple times or + * zero times, so you should not pass arguments that contain + * side effects. + * + * \param key_type A symmetric key type that is compatible with algorithm \p alg. + * + * \param alg A cipher algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_CIPHER(\p alg) is true). + * + * \return The default IV size for the specified key type and algorithm. + * If the algorithm does not use an IV, return 0. + * If the key type or cipher algorithm is not recognized, + * or the parameters are incompatible, return 0. + * An implementation can return either 0 or a correct size for a key type + * and cipher algorithm that it recognizes, but does not support. + */ +#define PSA_CIPHER_IV_LENGTH(key_type, alg) \ + (PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) > 1 && \ + ((alg) == PSA_ALG_CTR || \ + (alg) == PSA_ALG_CFB || \ + (alg) == PSA_ALG_OFB || \ + (alg) == PSA_ALG_XTS || \ + (alg) == PSA_ALG_CBC_NO_PADDING || \ + (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_SIZE(key_type) : \ + (key_type) == PSA_KEY_TYPE_CHACHA20 && \ + (alg) == PSA_ALG_CHACHA20 ? 12 : \ + 0) + +/** The maximum IV size for all supported cipher algorithms, in bytes. + * + * See also #PSA_CIPHER_IV_LENGTH(). + */ +#define PSA_CIPHER_IV_MAX_SIZE 16 + #endif /* PSA_CRYPTO_SIZES_H */ From c4813a6e809a38d42db12804f23585518b725d88 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 23 Oct 2020 11:45:43 +0200 Subject: [PATCH 376/488] Rename 'keygen' to 'key management' Signed-off-by: Steven Cooreman --- .../drivers/{keygen.h => key_management.h} | 19 +++++----- tests/include/test/drivers/signature.h | 2 +- tests/include/test/drivers/test_driver.h | 2 +- .../drivers/{keygen.c => key_management.c} | 36 ++++++++++--------- ..._suite_psa_crypto_driver_wrappers.function | 22 ++++++------ visualc/VS2010/mbedTLS.vcxproj | 2 +- 6 files changed, 44 insertions(+), 39 deletions(-) rename tests/include/test/drivers/{keygen.h => key_management.h} (74%) rename tests/src/drivers/{keygen.c => key_management.c} (85%) diff --git a/tests/include/test/drivers/keygen.h b/tests/include/test/drivers/key_management.h similarity index 74% rename from tests/include/test/drivers/keygen.h rename to tests/include/test/drivers/key_management.h index e5a5e4700..56f3ef82e 100644 --- a/tests/include/test/drivers/keygen.h +++ b/tests/include/test/drivers/key_management.h @@ -17,8 +17,8 @@ * limitations under the License. */ -#ifndef PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H -#define PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H +#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H +#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -36,18 +36,19 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the keygen driver functions is called. */ + /* Count the amount of times one of the key management driver functions + * is called. */ unsigned long hits; -} test_driver_keygen_hooks_t; +} test_driver_key_management_hooks_t; -#define TEST_DRIVER_KEYGEN_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } -static inline test_driver_keygen_hooks_t test_driver_keygen_hooks_init( void ) +#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +static inline test_driver_key_management_hooks_t test_driver_key_management_hooks_init( void ) { - const test_driver_keygen_hooks_t v = TEST_DRIVER_KEYGEN_INIT; + const test_driver_key_management_hooks_t v = TEST_DRIVER_KEY_MANAGEMENT_INIT; return( v ); } -extern test_driver_keygen_hooks_t test_driver_keygen_hooks; +extern test_driver_key_management_hooks_t test_driver_key_management_hooks; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, @@ -63,4 +64,4 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute size_t *bits); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_TEST_DRIVERS_KEYGEN_H */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index e41892e77..8abcb111a 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -36,7 +36,7 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; - /* Count the amount of times one of the keygen driver functions is called. */ + /* Count the amount of times one of the signature driver functions is called. */ unsigned long hits; } test_driver_signature_hooks_t; diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index ee5974217..f26b795dd 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -23,7 +23,7 @@ #define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff #include "test/drivers/signature.h" -#include "test/drivers/keygen.h" +#include "test/drivers/key_management.h" #include "test/drivers/cipher.h" #include "test/drivers/size.h" diff --git a/tests/src/drivers/keygen.c b/tests/src/drivers/key_management.c similarity index 85% rename from tests/src/drivers/keygen.c rename to tests/src/drivers/key_management.c index 84fc98a37..6ca03c6be 100644 --- a/tests/src/drivers/keygen.c +++ b/tests/src/drivers/key_management.c @@ -30,30 +30,31 @@ #include "mbedtls/ecp.h" #include "mbedtls/error.h" -#include "test/drivers/keygen.h" +#include "test/drivers/key_management.h" #include "test/random.h" #include -test_driver_keygen_hooks_t test_driver_keygen_hooks = TEST_DRIVER_KEYGEN_INIT; +test_driver_key_management_hooks_t test_driver_key_management_hooks = + TEST_DRIVER_KEY_MANAGEMENT_INIT; psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { - ++test_driver_keygen_hooks.hits; + ++test_driver_key_management_hooks.hits; - if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_keygen_hooks.forced_status ); + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); - if( test_driver_keygen_hooks.forced_output != NULL ) + if( test_driver_key_management_hooks.forced_output != NULL ) { - if( test_driver_keygen_hooks.forced_output_length > key_size ) + if( test_driver_key_management_hooks.forced_output_length > key_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( key, test_driver_keygen_hooks.forced_output, - test_driver_keygen_hooks.forced_output_length ); - *key_length = test_driver_keygen_hooks.forced_output_length; + memcpy( key, test_driver_key_management_hooks.forced_output, + test_driver_key_management_hooks.forced_output_length ); + *key_length = test_driver_key_management_hooks.forced_output_length; return( PSA_SUCCESS ); } @@ -62,9 +63,12 @@ psa_status_t test_transparent_generate_key( if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { - psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( psa_get_key_type( attributes ) ); + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( + psa_get_key_type( attributes ) ); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + mbedtls_ecc_group_of_psa( + curve, + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_keypair ecp; @@ -127,10 +131,10 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute size_t data_length, size_t *bits) { - ++test_driver_keygen_hooks.hits; + ++test_driver_key_management_hooks.hits; - if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_keygen_hooks.forced_status ); + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); #if defined(MBEDTLS_ECP_C) psa_key_type_t type = psa_get_key_type( attributes ); @@ -154,7 +158,7 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute * - The byte 0x04; * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * So its data length is 2m+1 where n is the key size in bits. + * So its data length is 2m+1 where m is the curve size in bits. */ if( ( data_length & 1 ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 3cecbfc67..a0140d2cb 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -132,7 +132,7 @@ void generate_key( int force_status_arg, psa_status_t actual_status; uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = {0}; size_t actual_output_length; - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); @@ -142,18 +142,18 @@ void generate_key( int force_status_arg, if( fake_output->len > 0 ) { - expected_output = test_driver_keygen_hooks.forced_output = fake_output->x; - expected_output_length = test_driver_keygen_hooks.forced_output_length = + expected_output = test_driver_key_management_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_key_management_hooks.forced_output_length = fake_output->len; } - test_driver_keygen_hooks.hits = 0; - test_driver_keygen_hooks.forced_status = force_status; + test_driver_key_management_hooks.hits = 0; + test_driver_key_management_hooks.forced_status = force_status; PSA_ASSERT( psa_crypto_init( ) ); actual_status = psa_generate_key( &attributes, &handle ); - TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); + TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); if( actual_status == PSA_SUCCESS ) @@ -180,7 +180,7 @@ exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } /* END_CASE */ @@ -196,25 +196,25 @@ void validate_key( int force_status_arg, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t actual_status; - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); psa_set_key_type( &attributes, key_type ); psa_set_key_bits( &attributes, 0 ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); - test_driver_keygen_hooks.forced_status = force_status; + test_driver_key_management_hooks.forced_status = force_status; PSA_ASSERT( psa_crypto_init( ) ); actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &handle ); - TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); + TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } /* END_CASE */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 3e9d14a29..3f1be2105 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -239,7 +239,7 @@ - + From 162ec8758fc8ff5a08b65f79ca985442aa6af193 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 23 Oct 2020 12:03:08 +0200 Subject: [PATCH 377/488] Detecting bit size is no longer required Storage format has been changed to always store the key's bit size Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 168 --------------------------- library/psa_crypto_core.h | 19 --- library/psa_crypto_slot_management.c | 2 - 3 files changed, 189 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1901281c5..74b98714a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -982,174 +982,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, return( PSA_SUCCESS ); } -psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot ) -{ - if( slot->attr.bits != 0 ) - return( PSA_SUCCESS ); - - if( key_type_is_raw_bytes( slot->attr.type ) ) - { - slot->attr.bits = - (psa_key_bits_t) PSA_BYTES_TO_BITS( slot->data.key.bytes ); - return( PSA_SUCCESS ); - } - else if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) - { - /* Keys are stored in export format, and we are currently - * restricted to known curves, so do the reverse lookup based - * on data length. */ - size_t byte_length = slot->data.key.bytes; - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) && - PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) != - PSA_ECC_FAMILY_MONTGOMERY ) - { - /* A Weierstrass public key is represented as: - * - The byte 0x04; - * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; - * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. - * So its data length is 2m+1 where m is the curve size in bits. - */ - if( ( byte_length & 1 ) == 0 ) - return( PSA_ERROR_BAD_STATE ); - byte_length = byte_length / 2; - - /* Montgomery public keys are represented in compressed format, - * meaning their curve_size is equal to the amount of input. */ - - /* Private keys are represented in uncompressed private random - * integer format, meaning their curve_size is equal to the - * amount of input. */ - } - - switch( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ) ) - { - case PSA_ECC_FAMILY_SECP_R1: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 192 ): - slot->attr.bits = 192; - break; - case PSA_BITS_TO_BYTES( 224 ): - slot->attr.bits = 224; - break; - case PSA_BITS_TO_BYTES( 256 ): - slot->attr.bits = 256; - break; - case PSA_BITS_TO_BYTES( 384 ): - slot->attr.bits = 384; - break; - case PSA_BITS_TO_BYTES( 521 ): - slot->attr.bits = 521; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 256 ): - slot->attr.bits = 256; - break; - case PSA_BITS_TO_BYTES( 384 ): - slot->attr.bits = 384; - break; - case PSA_BITS_TO_BYTES( 512 ): - slot->attr.bits = 512; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - case PSA_ECC_FAMILY_MONTGOMERY: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 255 ): - slot->attr.bits = 255; - break; - case PSA_BITS_TO_BYTES( 448 ): - slot->attr.bits = 448; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - case PSA_ECC_FAMILY_SECP_K1: - switch( byte_length ) - { - case PSA_BITS_TO_BYTES( 192 ): - slot->attr.bits = 192; - break; - case PSA_BITS_TO_BYTES( 224 ): - slot->attr.bits = 224; - break; - case PSA_BITS_TO_BYTES( 256 ): - slot->attr.bits = 256; - break; - default: - return( PSA_ERROR_BAD_STATE ); - } - break; - - default: - return( PSA_ERROR_BAD_STATE ); - } - - return( PSA_SUCCESS ); - } - else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) - { - /* There's no easy way of figuring out the RSA bit size from - * the data length of the export representation. For now, use - * the mbed TLS software implementation to figure it out. */ - psa_key_attributes_t attributes = { - .core = slot->attr - }; - size_t bits; - psa_status_t status = psa_driver_wrapper_validate_key( - &attributes, - slot->data.key.data, - slot->data.key.bytes, - &bits ); - if( status == PSA_SUCCESS ) - slot->attr.bits = (psa_key_bits_t) bits; - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); - - /* If no accelerator was able to figure it out, try software. */ -#if defined(MBEDTLS_RSA_C) - mbedtls_rsa_context *rsa = NULL; - - /* Parse input */ - status = psa_load_rsa_representation( slot->attr.type, - slot->data.key.data, - slot->data.key.bytes, - &rsa ); - if( status != PSA_SUCCESS ) - { - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - return( status ); - } - - slot->attr.bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( - mbedtls_rsa_get_len( rsa ) ); - - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - - return( PSA_SUCCESS ); -#else - return( PSA_ERROR_NOT_SUPPORTED ); -#endif - } - else - return( PSA_ERROR_NOT_SUPPORTED ); -} - /** Import key data into a slot. * * `slot->type` must have been set previously. diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 2786b7993..8d1f1bb28 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -158,25 +158,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, const uint8_t *data, size_t data_length ); -/** Detect the key bit size for a key in a slot where bit size - * is unset. - * - * This function assumes that the slot contains key material in - * export format. - * - * \param[in,out] slot Key slot to detect and set the bit size in. - * - * \retval #PSA_SUCCESS - * The key bit size was already set, or has been detected - * and set accordingly. - * \retval #PSA_ERROR_BAD_STATE - * The size of the key material in the slot doesn't match - * with the declared key type. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The key type is unknown to the implementation. - */ -psa_status_t psa_detect_bit_size_in_slot( psa_key_slot_t *slot ); - /** Convert an mbed TLS error code to a PSA error code * * \note This function is provided solely for the convenience of diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index f33c4f2ef..5140772e0 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -144,8 +144,6 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); if( status != PSA_SUCCESS ) goto exit; - - status = psa_detect_bit_size_in_slot( slot ); } exit: From 40120f6b7606b1ab08b4848321c7b487431a83fe Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Oct 2020 11:42:22 +0100 Subject: [PATCH 378/488] Address review comments * zero key buffer on failure * readability improvements * psa_finish_key_creation adjustment after removing import_key_into_slot Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 57 +++++++++--------------------- library/psa_crypto_storage.h | 5 +-- tests/src/drivers/key_management.c | 6 +++- 3 files changed, 25 insertions(+), 43 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 74b98714a..79ecf80a3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1039,6 +1039,8 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, * psa_start_key_creation() wrote the size declared by the * caller, which may be 0 (meaning unspecified) or wrong. */ slot->attr.bits = (psa_key_bits_t) bit_size; + + return( PSA_SUCCESS ); } else if( PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) ) { @@ -1067,41 +1069,27 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, /* Key format is not supported by any accelerator, try software fallback * if present. */ +#if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_ECP_C) - status = psa_import_ecp_key( slot, - data, data_length ); -#else - /* No drivers have been implemented yet, so without mbed TLS backing - * there's no way to do ECP with the current library. */ - status = PSA_ERROR_NOT_SUPPORTED; + return( psa_import_ecp_key( slot, data, data_length ) ); + } #endif /* defined(MBEDTLS_ECP_C) */ - } - else if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) - { #if defined(MBEDTLS_RSA_C) - status = psa_import_rsa_key( slot, - data, data_length ); -#else - /* No drivers have been implemented yet, so without mbed TLS backing - * there's no way to do RSA with the current library. */ - status = PSA_ERROR_NOT_SUPPORTED; -#endif /* defined(MBEDTLS_RSA_C) */ - } - else + if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { - /* Unsupported asymmetric key type */ - status = PSA_ERROR_NOT_SUPPORTED; + return( psa_import_rsa_key( slot, data, data_length ) ); } +#endif /* defined(MBEDTLS_RSA_C) */ + + /* Fell through the fallback as well, so have nothing else to try. */ + return( PSA_ERROR_NOT_SUPPORTED ); } else { /* Unknown key type */ - status = PSA_ERROR_NOT_SUPPORTED; + return( PSA_ERROR_NOT_SUPPORTED ); } - - return( status ); } /** Calculate the intersection of two algorithm usage policies. @@ -1977,22 +1965,11 @@ static psa_status_t psa_finish_key_creation( else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ { - size_t buffer_size = - PSA_KEY_EXPORT_MAX_SIZE( slot->attr.type, - slot->attr.bits ); - uint8_t *buffer = mbedtls_calloc( 1, buffer_size ); - size_t length = 0; - if( buffer == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_internal_export_key( slot, - buffer, buffer_size, &length, - 0 ); - if( status == PSA_SUCCESS ) - status = psa_save_persistent_key( &slot->attr, - buffer, length ); - - mbedtls_platform_zeroize( buffer, buffer_size ); - mbedtls_free( buffer ); + /* Key material is saved in export representation in the slot, so + * just pass the slot buffer for storage. */ + status = psa_save_persistent_key( &slot->attr, + slot->data.key.data, + slot->data.key.bytes ); } } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index de845a748..3def1b5e4 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -81,9 +81,10 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ); * This function formats the key data and metadata and saves it to a * persistent storage backend. The storage location corresponding to the * key slot must be empty, otherwise this function will fail. This function - * should be called after psa_import_key_into_slot() to ensure the + * should be called after loading the key into an internal slot to ensure the * persistent key is not saved into a storage location corresponding to an - * already occupied non-persistent key, as well as validating the key data. + * already occupied non-persistent key, as well as ensuring the key data is + * validated. * * * \param[in] attr The attributes of the key to save. diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index 6ca03c6be..9bef4b678 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -106,6 +106,10 @@ psa_status_t test_transparent_generate_key( { *key_length = bytes; } + else + { + memset( key, 0, bytes ); + } mbedtls_ecp_keypair_free( &ecp ); return( status ); @@ -146,7 +150,7 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute mbedtls_ecp_keypair ecp; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( *bits == 0 ) + if( psa_get_key_bits( attributes ) == 0 ) { // Attempt auto-detect of curve bit size size_t curve_size = data_length; From 381c1078fc681a38738ee8021d53c34b812dc0fd Mon Sep 17 00:00:00 2001 From: David Brown Date: Tue, 3 Nov 2020 15:36:44 -0700 Subject: [PATCH 379/488] cmake: Avoid using target_properties for old cmake CMake versions less than 3.0 do not support the `target_sources` command. In order to be able to support v2.8.12.2 of cmake, directly set the SOURCES property instead of using the target_sources command. A future patch could reverse this, if the project decides to forgo support for cmake versions less than 3.0. Fixes #3801 Signed-off-by: David Brown --- programs/fuzz/CMakeLists.txt | 4 ++-- programs/ssl/CMakeLists.txt | 4 ++-- programs/test/CMakeLists.txt | 3 ++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 35512c79a..f0e57052a 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -36,7 +36,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) if (NOT FUZZINGENGINE_LIB) target_link_libraries(${exe} ${libs}) - target_sources(${exe} PRIVATE onefile.c) + set_property(TARGET ${exe} APPEND PROPERTY SOURCES onefile.c) else() target_link_libraries(${exe} ${libs} FuzzingEngine) SET_TARGET_PROPERTIES(${exe} PROPERTIES LINKER_LANGUAGE CXX) @@ -45,7 +45,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if (${exe_index} GREATER -1) - target_sources(${exe} PRIVATE common.c) + set_property(TARGET ${exe} APPEND PROPERTY SOURCES common.c) endif() endforeach() diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index ca0a6a429..149aa303b 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -32,8 +32,8 @@ foreach(exe IN LISTS executables) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() -target_sources(ssl_client2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) -target_sources(ssl_server2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) +set_property(TARGET ssl_client2 APPEND PROPERTY SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) +set_property(TARGET ssl_server2 APPEND PROPERTY SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c $) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 217741bf9..49b44e707 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -37,7 +37,8 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) endif() endforeach() -target_sources(query_compile_time_config PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) +set_property(TARGET query_compile_time_config APPEND PROPERTY SOURCES + ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) install(TARGETS ${executables_libs} ${executables_mbedcrypto} DESTINATION "bin" From 7b5e6b9dcc1f5ca9d560e10445331a7883da24da Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Nov 2020 18:30:01 +0100 Subject: [PATCH 380/488] Typos and clarifications Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 6267f103c..bf969f5e6 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -111,7 +111,7 @@ These symbols are not part of the public interface of Mbed TLS towards applicati When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. -When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library, including `psa/crypto_struct.h`. Therefore, * `psa/crypto_struct.h` needs to include `mbedtls/config_psa.h`. +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library, including `psa/crypto_struct.h` (where the layout of some structures depends on the configuration). Therefore, `psa/crypto_struct.h` (or a header that is included before it) needs to include `mbedtls/config_psa.h`. `mbedtls/config_psa.h` includes two header files: @@ -131,7 +131,7 @@ Symbols With `MBEDTLS_PSA_CRYPTO_CONFIG` Without `MBEDTLS_PS `mbedtls/config_psa.h` (D) `PSA_WANT_xxx` `psa/crypto_config.h` (U) `mbedtls/config_psa.h (D) `MBEDTLS_PSA_BUILTIN_xxx` `mbedtls/config_psa.h` (D) `mbedtls/config_psa.h` (D) -`MBEDTLS_PSA_ACCEL_xxx` `mbedtls/crypto_drivers` (G) N/A +`MBEDTLS_PSA_ACCEL_xxx` `mbedtls/crypto_drivers.h` (G) N/A ------------------------------------------------------------------------------------------------ #### Visibility of internal symbols From a8e40ddfc90a6b126b9756996704f8cad22c9cc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 29 Oct 2020 10:22:35 +0100 Subject: [PATCH 381/488] Do not set IV size for ECB mode ciphers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ECB mode ciphers do not use IVs Signed-off-by: Bence Szépkúti --- ChangeLog.d/ecb_iv_fix.txt | 3 +++ library/cipher_wrap.c | 20 ++++++++++---------- 2 files changed, 13 insertions(+), 10 deletions(-) create mode 100644 ChangeLog.d/ecb_iv_fix.txt diff --git a/ChangeLog.d/ecb_iv_fix.txt b/ChangeLog.d/ecb_iv_fix.txt new file mode 100644 index 000000000..ae2ae2543 --- /dev/null +++ b/ChangeLog.d/ecb_iv_fix.txt @@ -0,0 +1,3 @@ +Bugfix + * Correct the default IV size for mbedtls_cipher_info_t structures using + MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs. diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 8eb2ec02b..57eb3cb67 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -753,7 +753,7 @@ static const mbedtls_cipher_info_t camellia_128_ecb_info = { MBEDTLS_MODE_ECB, 128, "CAMELLIA-128-ECB", - 16, + 0, 0, 16, &camellia_info @@ -764,7 +764,7 @@ static const mbedtls_cipher_info_t camellia_192_ecb_info = { MBEDTLS_MODE_ECB, 192, "CAMELLIA-192-ECB", - 16, + 0, 0, 16, &camellia_info @@ -775,7 +775,7 @@ static const mbedtls_cipher_info_t camellia_256_ecb_info = { MBEDTLS_MODE_ECB, 256, "CAMELLIA-256-ECB", - 16, + 0, 0, 16, &camellia_info @@ -1129,7 +1129,7 @@ static const mbedtls_cipher_info_t aria_128_ecb_info = { MBEDTLS_MODE_ECB, 128, "ARIA-128-ECB", - 16, + 0, 0, 16, &aria_info @@ -1140,7 +1140,7 @@ static const mbedtls_cipher_info_t aria_192_ecb_info = { MBEDTLS_MODE_ECB, 192, "ARIA-192-ECB", - 16, + 0, 0, 16, &aria_info @@ -1151,7 +1151,7 @@ static const mbedtls_cipher_info_t aria_256_ecb_info = { MBEDTLS_MODE_ECB, 256, "ARIA-256-ECB", - 16, + 0, 0, 16, &aria_info @@ -1553,7 +1553,7 @@ static const mbedtls_cipher_info_t des_ecb_info = { MBEDTLS_MODE_ECB, MBEDTLS_KEY_LENGTH_DES, "DES-ECB", - 8, + 0, 0, 8, &des_info @@ -1604,7 +1604,7 @@ static const mbedtls_cipher_info_t des_ede_ecb_info = { MBEDTLS_MODE_ECB, MBEDTLS_KEY_LENGTH_DES_EDE, "DES-EDE-ECB", - 8, + 0, 0, 8, &des_ede_info @@ -1655,7 +1655,7 @@ static const mbedtls_cipher_info_t des_ede3_ecb_info = { MBEDTLS_MODE_ECB, MBEDTLS_KEY_LENGTH_DES_EDE3, "DES-EDE3-ECB", - 8, + 0, 0, 8, &des_ede3_info @@ -1770,7 +1770,7 @@ static const mbedtls_cipher_info_t blowfish_ecb_info = { MBEDTLS_MODE_ECB, 128, "BLOWFISH-ECB", - 8, + 0, MBEDTLS_CIPHER_VARIABLE_KEY_LEN, 8, &blowfish_info From d2ed4815da82bdb809d3df4be4ae81bd103f747d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Jul 2020 16:11:30 +0200 Subject: [PATCH 382/488] Split persistence and key id validation With key usage based on key identifiers and not key handles (openless APIs), volatile keys will also have a key identifier. Thus, isolate key identifier validation from key persistence validation to clarify that key identifiers are not specific to persistent keys. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 15 +++++++- library/psa_crypto_slot_management.c | 56 +++++++++++----------------- library/psa_crypto_slot_management.h | 23 ++++++++---- 3 files changed, 49 insertions(+), 45 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ab4e47ab0..36dcd3fca 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1776,17 +1776,28 @@ static psa_status_t psa_validate_key_attributes( psa_se_drv_table_entry_t **p_drv ) { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); status = psa_validate_key_location( psa_get_key_lifetime( attributes ), p_drv ); if( status != PSA_SUCCESS ) return( status ); - status = psa_validate_key_persistence( psa_get_key_lifetime( attributes ), - psa_get_key_id( attributes ) ); + status = psa_validate_key_persistence( lifetime ); if( status != PSA_SUCCESS ) return( status ); + /* Validate the key identifier only in the case of a persistent key. */ + if ( ! PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + status = psa_validate_key_id( + psa_get_key_id( attributes ), + psa_key_lifetime_is_external( lifetime ) ); + + if( status != PSA_SUCCESS ) + return( status ); + } + status = psa_validate_key_policy( &attributes->core.policy ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 5140772e0..4f651d985 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -51,6 +51,22 @@ typedef struct static psa_global_data_t global_data; +psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ) +{ + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); + + if( ( PSA_KEY_ID_USER_MIN <= key_id ) && + ( key_id <= PSA_KEY_ID_USER_MAX ) ) + return( PSA_SUCCESS ); + + if( vendor_ok && + ( PSA_KEY_ID_VENDOR_MIN <= key_id ) && + ( key_id <= PSA_KEY_ID_VENDOR_MAX ) ) + return( PSA_SUCCESS ); + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + /* Access a key slot at the given handle. The handle of a key slot is * the index of the slot in the global slot array, plus one so that handles * start at 1 and not 0. */ @@ -150,31 +166,6 @@ exit: psa_free_persistent_key_data( key_data, key_data_length ); return( status ); } - -/** Check whether a key identifier is acceptable. - * - * For backward compatibility, key identifiers that were valid in a - * past released version must remain valid, unless a migration path - * is provided. - * - * \param key The key identifier to check. - * \param vendor_ok Nonzero to allow key ids in the vendor range. - * 0 to allow only key ids in the application range. - * - * \return 1 if \p key is acceptable, otherwise 0. - */ -static int psa_is_key_id_valid( mbedtls_svc_key_id_t key, int vendor_ok ) -{ - psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); - if( PSA_KEY_ID_USER_MIN <= key_id && key_id <= PSA_KEY_ID_USER_MAX ) - return( 1 ); - else if( vendor_ok && - PSA_KEY_ID_VENDOR_MIN <= key_id && - key_id <= PSA_KEY_ID_VENDOR_MAX ) - return( 1 ); - else - return( 0 ); -} #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, @@ -202,8 +193,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, return( PSA_SUCCESS ); } -psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - mbedtls_svc_key_id_t key ) +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ) { if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { @@ -214,13 +204,8 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, { /* Persistent keys require storage support */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( psa_is_key_id_valid( key, - psa_key_lifetime_is_external( lifetime ) ) ) - return( PSA_SUCCESS ); - else - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_SUCCESS ); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - (void) key; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */ } @@ -234,8 +219,9 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) *handle = 0; - if( ! psa_is_key_id_valid( key, 1 ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_validate_key_id( key, 1 ); + if( status != PSA_SUCCESS ) + return( status ); status = psa_get_empty_key_slot( handle, &slot ); if( status != PSA_SUCCESS ) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index c6fecbb7a..6c2e54960 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -108,18 +108,25 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ); -/** Validate that a key's persistence attributes are valid. - * - * This function checks whether a key's declared persistence level and key ID - * attributes are valid and known to the PSA Core in its actual configuration. +/** Validate the persistence of a key. * * \param[in] lifetime The key lifetime attribute. - * \param[in] key The key identifier. * * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INVALID_ARGUMENT The key is persistent but persistent + * keys are not supported. */ -psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, - mbedtls_svc_key_id_t key ); +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ); + +/** Validate a key identifier. + * + * \param[in] key The key identifier. + * \param[in] vendor_ok Non-zero to indicate that key identifiers in the + * vendor range are allowed, \c 0 otherwise. + * + * \retval #PSA_SUCCESS The identifier is valid. + * \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid. + */ +psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ From f4a6a05e9d1506a0af313d3b67af3f470aa8b2f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 14:55:35 +0100 Subject: [PATCH 383/488] ssl_context_info: fix config requirements Revealed by attempting to build in configs/config-no-entropy.h. Signed-off-by: Gilles Peskine --- programs/ssl/ssl_context_info.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index d109c1e6f..a204d9ead 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -26,10 +26,12 @@ #include #include -#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) +#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \ + !defined(MBEDTLS_SSL_TLS_C) int main( void ) { - printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C not defined.\n"); + printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or " + "MBEDTLS_SSL_TLS_C not defined.\n"); return( 0 ); } #else From bce4dc028f439e7ead2a8786be75fd249a1eb711 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:06:57 +0100 Subject: [PATCH 384/488] Include config_psa.h from psa/crypto.h When the new PSA crypto configuration mechanism MBEDTLS_PSA_CRYPTO_CONFIG is disabled, legacy configurations must keep working, even if they don't include the new header file mbedtls/config_psa.h. Code that uses or implements PSA crypto interfaces needs some of the symbols defined by the new header file. Therefore, include the new header file via PSA crypto headers, which are included everywhere mbedtls/config_psa.h is needed. Include it early, in psa/crypto_platform.h, just after including mbedtls/config.h, so that its symbols are available wherever the symbols from mbedtls/config.h is available. This fixes the unit tests with configs/config-psa-crypto.h: some unit tests were failing, revealing that library features controlled with the new symbols were no longer getting built. Signed-off-by: Gilles Peskine --- include/psa/crypto_platform.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index c64f61d58..4582a865f 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -41,6 +41,10 @@ #include MBEDTLS_CONFIG_FILE #endif +/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx + * feature symbols. */ +#include "mbedtls/config_psa.h" + /* PSA requires several types which C99 provides in stdint.h. */ #include From b64e0fe5e35b174b8070827d92ec0a6aed6910f6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:14:10 +0100 Subject: [PATCH 385/488] Fix conditions for including string.h in error.c is actually needed when MBEDTLS_ERROR_C is enabled and not when only MBEDTLS_ERROR_STRERROR_DUMMY is enabled. Fix #3866. Signed-off-by: Gilles Peskine --- ChangeLog.d/error-include-string.txt | 2 ++ library/error.c | 2 +- scripts/data_files/error.fmt | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/error-include-string.txt diff --git a/ChangeLog.d/error-include-string.txt b/ChangeLog.d/error-include-string.txt new file mode 100644 index 000000000..0a12c7bec --- /dev/null +++ b/ChangeLog.d/error-include-string.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix conditions for including string.h in error.c. Fixes #3866. diff --git a/library/error.c b/library/error.c index cba61e9e7..0d9f736b9 100644 --- a/library/error.c +++ b/library/error.c @@ -19,7 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) +#if defined(MBEDTLS_ERROR_C) #include #endif diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index fd72f8b5f..1c8a79036 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -19,7 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) +#if defined(MBEDTLS_ERROR_C) #include #endif From 7a78a1f47c6736de81ed8e1f3b3a0c2ee5b529bc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 14:44:04 +0100 Subject: [PATCH 386/488] Sort entries to make it easier to eyeball the list No semantic change. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 01edfe2fb..d38f5e718 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -28,6 +28,9 @@ use warnings; use strict; my %configs = ( + 'config-ccm-psk-tls1_2.h' => { + 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + }, 'config-mini-tls1_1.h' => { 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #' }, @@ -36,9 +39,6 @@ my %configs = ( }, 'config-symmetric-only.h' => { }, - 'config-ccm-psk-tls1_2.h' => { - 'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', - }, 'config-thread.h' => { 'opt' => '-f ECJPAKE.*nolog', }, From 25fdebf0c6c722623099633e6bc5616ba265542c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:15:17 +0100 Subject: [PATCH 387/488] Add missing configs from test-ref-configs.pl Two sample configuration file were not being tested: config-no-entropy.h and config-psa-crypto.h. Add them. Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index d38f5e718..cf4175af2 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -34,6 +34,10 @@ my %configs = ( 'config-mini-tls1_1.h' => { 'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'', #' }, + 'config-no-entropy.h' => { + }, + 'config-psa-crypto.h' => { + }, 'config-suite-b.h' => { 'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", }, From a26b3e56cb82e841a329ac6579bb9539fa37adcb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:19:32 +0100 Subject: [PATCH 388/488] Only include config_psa.h from config.h with new-style PSA configuration In old-style configuration, do not include mbedtls/config_psa.h from mbedtls/config.h. The inclusion should not and did not break any code, but it caused our testing to miss a break of backward compatibility (fixed in "Include config_psa.h from psa/crypto.h"). If users have their own config.h which enabled MBEDTLS_PSA_CRYPTO_C and worked prior to the creation of config_psa.h and MBEDTLS_PSA_CRYPTO_CONFIG, their config.h must keep working. By including config_psa.h from config.h in the legacy case, we weren't testing the legacy configuration mechanism adequately. Signed-off-by: Gilles Peskine --- include/mbedtls/config.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2ac2cc696..5fd3c590e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3856,7 +3856,9 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #include "mbedtls/config_psa.h" +#endif #include "mbedtls/check_config.h" From 58858b7ce4ea7da1168894c44ace993b2b8d9dfb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:26:09 +0100 Subject: [PATCH 389/488] Document that MBEDTLS_PSA_CRYPTO_CONFIG requires config_psa.h Document that enabling MBEDTLS_PSA_CRYPTO_CONFIG requires including mbedtls/config_psa.h from the configuration file (mbedtls/config.h or MBEDTLS_USER_CONFIG_FILE). Signed-off-by: Gilles Peskine --- include/mbedtls/config.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5fd3c590e..98f88aebc 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2057,7 +2057,11 @@ * API to be configured separately from support through the mbedtls API. * * Uncomment this to enable use of PSA Crypto configuration settings which - * can be found in include/psa/crypto_config.h + * can be found in include/psa/crypto_config.h. + * + * If you enable this option and write your own configuration file, you must + * include mbedtls/config_psa.h in your configuration file. The default + * provided mbedtls/config.h contains the necessary inclusion. * * This feature is still experimental and is not ready for production since * it is not completed. From 3809f5f70a23ced4c759beec42d574d26e92f899 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:40:05 +0100 Subject: [PATCH 390/488] Add a build with MBEDTLS_ERROR_STRERROR_DUMMY Add a build with MBEDTLS_ERROR_STRERROR_DUMMY but not MBEDTLS_ERROR_C. Previously, both options were enabled by default, but MBEDTLS_ERROR_STRERROR_DUMMY only matters when MBEDTLS_ERROR_C is enabled, so its effect was not tested. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 757a9ecc9..88a3eaf81 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1895,6 +1895,20 @@ component_test_no_64bit_multiplication () { make test } +component_test_no_strings () { + msg "build: no strings" # ~10s + scripts/config.py full + # Disable options that activate a large amount of string constants. + scripts/config.py unset MBEDTLS_DEBUG_C + scripts/config.py unset MBEDTLS_ERROR_C + scripts/config.py set MBEDTLS_ERROR_STRERROR_DUMMY + scripts/config.py unset MBEDTLS_VERSION_FEATURES + make CFLAGS='-Werror -Os' + + msg "test: no strings" # ~ 10s + make test +} + component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.py baremetal From 646ad22afc56adc290cee3b46a9e9de182951b22 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 21:20:16 +0100 Subject: [PATCH 391/488] Update the list of directories containing source files The list hadn't been updated since the addition of 3rdparty and of tests/src and tests/include. Signed-off-by: Gilles Peskine --- Makefile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d00183e5a..a6ee2aec4 100644 --- a/Makefile +++ b/Makefile @@ -126,7 +126,16 @@ apidoc_clean: endif ## Editor navigation files -C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) +C_SOURCE_FILES = $(wildcard \ + 3rdparty/*/include/*/*.h 3rdparty/*/include/*/*/*.h 3rdparty/*/include/*/*/*/*.h \ + 3rdparty/*/*.c 3rdparty/*/*/*.c 3rdparty/*/*/*/*.c 3rdparty/*/*/*/*/*.c \ + include/*/*.h \ + library/*.[hc] \ + programs/*/*.[hc] \ + tests/include/*/*.h tests/include/*/*/*.h \ + tests/src/*.c tests/src/*/*.c \ + tests/suites/*.function \ +) # Exuberant-ctags invocation. Other ctags implementations may require different options. CTAGS = ctags --langmap=c:+.h.function -o tags: $(C_SOURCE_FILES) From d0c780198d8b090ba8231d446a0f1eb3cf325096 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 21:21:31 +0100 Subject: [PATCH 392/488] Add a target for the cscope index Signed-off-by: Gilles Peskine --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index a6ee2aec4..663df86a7 100644 --- a/Makefile +++ b/Makefile @@ -144,3 +144,5 @@ TAGS: $(C_SOURCE_FILES) etags -o $@ $(C_SOURCE_FILES) GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc +cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) + cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES) From d03219527800d933a84131ad4f4f527a4d0e992b Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 29 Oct 2020 21:37:36 -0700 Subject: [PATCH 393/488] Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 55 +++++++++++++- include/psa/crypto_config.h | 4 + library/psa_crypto.c | 138 +++++++++++++++++++---------------- tests/scripts/all.sh | 57 +++++++++++++++ 4 files changed, 187 insertions(+), 67 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 6af4d1999..8f90630da 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -54,9 +54,42 @@ extern "C" { #define MBEDTLS_ECDSA_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C -#endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ #endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ +#if defined(PSA_WANT_ALG_ECDH) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) */ +#endif /* defined(PSA_WANT_ALG_ECDH) */ + +#if defined(PSA_WANT_ALG_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_MD_C +#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) */ +#endif /* defined(PSA_WANT_ALG_HMAC) */ + +#if defined(PSA_WANT_ALG_HKDF) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 +#define MBEDTLS_HKDF_C +#define MBEDTLS_MD_C +#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) */ +#endif /* defined(PSA_WANT_ALG_HKDF) */ + +#if defined(PSA_WANT_ALG_RSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_RSA) */ +#endif /* defined(PSA_WANT_ALG_RSA) */ + #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ /* @@ -64,15 +97,31 @@ extern "C" { * is not defined */ #if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 // Only add in DETERMINISTIC support if ECDSA is also enabled #if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ #endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_ECDH_C) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 +#endif /* MBEDTLS_ECDH_C */ + +#if defined(MBEDTLS_MD_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* MBEDTLS_MD_C */ + +#if defined(MBEDTLS_HKDF_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 +#endif /* MBEDTLS_HKDF_C */ + +#ifdef MBEDTLS_RSA_C +#define MBEDTLS_PSA_BUILTIN_ALG_RSA 1 +#endif /* MBEDTLS_RSA_C */ + #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #ifdef __cplusplus diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 8dbb18d50..854981314 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -52,5 +52,9 @@ #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +#define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_RSA 1 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ab4e47ab0..f349ff5c1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -491,7 +491,7 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, return( PSA_SUCCESS ); } -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) #if defined(MBEDTLS_PK_PARSE_C) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes @@ -709,7 +709,7 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ #if defined(MBEDTLS_ECP_C) /** Load the contents of a key buffer into an internal ECP representation @@ -1075,12 +1075,12 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, return( psa_import_ecp_key( slot, data, data_length ) ); } #endif /* defined(MBEDTLS_ECP_C) */ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { return( psa_import_rsa_key( slot, data, data_length ) ); } -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ /* Fell through the fallback as well, so have nothing else to try. */ return( PSA_ERROR_NOT_SUPPORTED ); @@ -1426,7 +1426,7 @@ psa_status_t psa_get_key_domain_parameters( return( PSA_SUCCESS ); } -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) static psa_status_t psa_get_rsa_public_exponent( const mbedtls_rsa_context *rsa, psa_key_attributes_t *attributes ) @@ -1466,7 +1466,7 @@ exit: mbedtls_free( buffer ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ /** Retrieve all the publicly-accessible attributes of a key. */ @@ -1493,7 +1493,7 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, switch( slot->attr.type ) { -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1520,7 +1520,7 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, mbedtls_free( rsa ); } break; -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ default: /* Nothing else to do. */ break; @@ -1620,7 +1620,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, * so conversion is needed */ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) mbedtls_rsa_context *rsa = NULL; psa_status_t status = psa_load_rsa_representation( slot->attr.type, @@ -1643,7 +1643,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #else /* We don't know how to convert a private RSA key to public. */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ } else { @@ -2059,7 +2059,7 @@ static psa_status_t psa_validate_optional_attributes( if( attributes->domain_parameters_size != 0 ) { -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -2096,7 +2096,7 @@ static psa_status_t psa_validate_optional_attributes( return( mbedtls_to_psa_error( ret ) ); } else -#endif +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -2289,7 +2289,7 @@ exit: /* Message digests */ /****************************************************************/ -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) @@ -2332,7 +2332,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) return( NULL ); } } -#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) { @@ -2849,7 +2849,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( (int) key_bits, mode ) ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) static size_t psa_get_hash_block_size( psa_algorithm_t alg ) { switch( alg ) @@ -2876,7 +2876,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) return( 0 ); } } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ @@ -2901,7 +2901,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { /* We'll set up the hash operation later in psa_hmac_setup_internal. */ @@ -2909,7 +2909,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, status = PSA_SUCCESS; } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { if( ! PSA_ALG_IS_MAC( alg ) ) status = PSA_ERROR_INVALID_ARGUMENT; @@ -2920,13 +2920,13 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, return( status ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) { mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); return( psa_hash_abort( &hmac->hash_ctx ) ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) { @@ -2945,13 +2945,13 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { psa_hmac_abort_internal( &operation->ctx.hmac ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */ @@ -2997,7 +2997,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation, } #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, const uint8_t *key, size_t key_length, @@ -3059,7 +3059,7 @@ cleanup: return( status ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_key_handle_t handle, @@ -3109,7 +3109,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( full_length_alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_HMAC_GET_HASH( alg ); @@ -3140,7 +3140,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, hash_alg ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { (void) key_bits; status = PSA_ERROR_NOT_SUPPORTED; @@ -3212,14 +3212,14 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input, input_length ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* This shouldn't happen if `operation` was initialized by * a setup function. */ @@ -3231,7 +3231,7 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, return( status ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, uint8_t *mac, size_t mac_size ) @@ -3269,7 +3269,7 @@ exit: mbedtls_platform_zeroize( tmp, hash_size ); return( status ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, uint8_t *mac, @@ -3295,14 +3295,14 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, } else #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { return( psa_hmac_finish_internal( &operation->ctx.hmac, mac, operation->mac_size ) ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { /* This shouldn't happen if `operation` was initialized by * a setup function. */ @@ -3398,7 +3398,7 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, @@ -3561,7 +3561,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, return( PSA_ERROR_INVALID_SIGNATURE ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const @@ -3705,7 +3705,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, goto exit; /* If the operation was not supported by any accelerator, try fallback. */ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -3727,7 +3727,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( rsa ); } else -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { @@ -3807,7 +3807,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, psa_key_lifetime_is_external( slot->attr.lifetime ) ) return status; -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -3828,7 +3828,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { @@ -3862,7 +3862,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, } } -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_PKCS1_V21) static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, mbedtls_rsa_context *rsa ) { @@ -3871,7 +3871,7 @@ static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); } -#endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_PKCS1_V21) */ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3904,7 +3904,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -3963,7 +3963,7 @@ rsa_exit: return( status ); } else -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3999,7 +3999,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -4058,7 +4058,7 @@ rsa_exit: return( status ); } else -#endif /* defined(MBEDTLS_RSA_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -4949,7 +4949,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * nothing to do. */ } else -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); @@ -4979,7 +4979,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * mbedtls_platform_zeroize() in the end of this function. */ } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ { status = PSA_ERROR_BAD_STATE; } @@ -5011,7 +5011,7 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op return( PSA_SUCCESS ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) /* Read some bytes from an HKDF-based operation. This performs a chunk * of the expand phase of the HKDF algorithm. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, @@ -5227,7 +5227,7 @@ static psa_status_t psa_key_derivation_tls12_prf_read( return( PSA_SUCCESS ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -5235,7 +5235,9 @@ psa_status_t psa_key_derivation_output_bytes( size_t output_length ) { psa_status_t status; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); +#endif if( operation->alg == 0 ) { @@ -5263,7 +5265,7 @@ psa_status_t psa_key_derivation_output_bytes( } operation->capacity -= output_length; -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); @@ -5279,7 +5281,7 @@ psa_status_t psa_key_derivation_output_bytes( output_length ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ { return( PSA_ERROR_BAD_STATE ); } @@ -5393,12 +5395,15 @@ static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg ) { +#if !defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) + (void)kdf_alg; +#endif /* Make sure that operation->ctx is properly zero-initialised. (Macro * initialisers for this union leave some bytes unspecified.) */ memset( &operation->ctx, 0, sizeof( operation->ctx ) ); /* Make sure that kdf_alg is a supported key derivation algorithm. */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) @@ -5416,8 +5421,8 @@ static psa_status_t psa_key_derivation_setup_kdf( operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } -#endif /* MBEDTLS_MD_C */ else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ return( PSA_ERROR_NOT_SUPPORTED ); } @@ -5448,7 +5453,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation return( status ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t hash_alg, psa_key_derivation_step_t step, @@ -5645,7 +5650,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input( return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) ); } -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. @@ -5689,13 +5694,18 @@ static psa_status_t psa_key_derivation_input_internal( size_t data_length ) { psa_status_t status; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); +#else + (void)data; + (void)data_length; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ status = psa_key_derivation_check_input_type( step, key_type ); if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { status = psa_hkdf_input( &operation->ctx.hkdf, @@ -5715,7 +5725,7 @@ static psa_status_t psa_key_derivation_input_internal( step, data, data_length ); } else -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ { /* This can't happen unless the operation object was not initialized */ return( PSA_ERROR_BAD_STATE ); @@ -5772,7 +5782,7 @@ psa_status_t psa_key_derivation_input_key( /* Key agreement */ /****************************************************************/ -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, size_t peer_key_length, const mbedtls_ecp_keypair *our_key, @@ -5823,7 +5833,7 @@ exit: return( status ); } -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES @@ -5837,7 +5847,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, { switch( alg ) { -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) case PSA_ALG_ECDH: if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -5856,7 +5866,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, mbedtls_ecp_keypair_free( ecp ); mbedtls_free( ecp ); return( status ); -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ default: (void) private_key; (void) peer_key; @@ -6020,7 +6030,7 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed, } #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_GENPRIME) static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, size_t domain_parameters_size, int *exponent ) @@ -6046,7 +6056,7 @@ static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, *exponent = acc; return( PSA_SUCCESS ); } -#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA && MBEDTLS_GENPRIME */ static psa_status_t psa_generate_key_internal( psa_key_slot_t *slot, size_t bits, @@ -6084,7 +6094,7 @@ static psa_status_t psa_generate_key_internal( } else -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_GENPRIME) if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context rsa; @@ -6132,7 +6142,7 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA && MBEDTLS_GENPRIME */ #if defined(MBEDTLS_ECP_C) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 757a9ecc9..a99dd4fe5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1335,6 +1335,63 @@ component_build_psa_want_ecdsa_disabled_software() { make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } +# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. +component_build_psa_want_ecdh_disabled_software() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH + # without MBEDTLS_ECDH_C + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. +component_build_psa_want_hmac_disabled_software() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. +component_build_psa_want_hkdf_disabled_software() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF + # without MBEDTLS_HKDF_C + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_HKDF_C + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_want_rsa_disabled_software() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + component_test_check_params_functionality () { msg "build+test: MBEDTLS_CHECK_PARAMS functionality" scripts/config.py full # includes CHECK_PARAMS From f4c4cb008c845492ae672c98d920da09a02ac19e Mon Sep 17 00:00:00 2001 From: John Durkop Date: Wed, 28 Oct 2020 20:09:55 -0700 Subject: [PATCH 394/488] Added additional support for ECP for PSA_CRYPTO_CONFIG The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR and PUBLIC_KEY as needed. Tests have also been added to validate the new settings. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 35 ++++++++++++++++++++++++++--------- include/psa/crypto_config.h | 2 ++ library/psa_crypto.c | 36 ++++++++++++++++++------------------ tests/scripts/all.sh | 24 ++++++++++++++++++++++++ 4 files changed, 70 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 8f90630da..c5d284cc9 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -63,23 +63,35 @@ extern "C" { #define MBEDTLS_ECDH_C #define MBEDTLS_ECP_C #define MBEDTLS_BIGNUM_C -#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) */ -#endif /* defined(PSA_WANT_ALG_ECDH) */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ + +#if defined(PSA_WANT_ECC_KEY_PAIR) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_KEY_PAIR */ +#endif /* PSA_WANT_ECC_KEY_PAIR */ + +#if defined(PSA_WANT_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_ECC_PUBLIC_KEY */ #if defined(PSA_WANT_ALG_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_MD_C -#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) */ -#endif /* defined(PSA_WANT_ALG_HMAC) */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ +#endif /* PSA_WANT_ALG_HMAC */ #if defined(PSA_WANT_ALG_HKDF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #define MBEDTLS_HKDF_C #define MBEDTLS_MD_C -#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) */ -#endif /* defined(PSA_WANT_ALG_HKDF) */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ +#endif /* PSA_WANT_ALG_HKDF */ #if defined(PSA_WANT_ALG_RSA) #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA) @@ -87,8 +99,8 @@ extern "C" { #define MBEDTLS_RSA_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C -#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_RSA) */ -#endif /* defined(PSA_WANT_ALG_RSA) */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA */ +#endif /* PSA_WANT_ALG_RSA */ #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ @@ -110,6 +122,11 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 #endif /* MBEDTLS_ECDH_C */ +#if defined(MBEDTLS_ECP_C) +#define MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY 1 +#endif /* MBEDTLS_ECP_C */ + #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #endif /* MBEDTLS_MD_C */ @@ -118,7 +135,7 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #endif /* MBEDTLS_HKDF_C */ -#ifdef MBEDTLS_RSA_C +#if defined(MBEDTLS_RSA_C) #define MBEDTLS_PSA_BUILTIN_ALG_RSA 1 #endif /* MBEDTLS_RSA_C */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 854981314..c7605aa2c 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -53,6 +53,8 @@ #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 #define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ECC_KEY_PAIR 1 +#define PSA_WANT_ECC_PUBLIC_KEY 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_HKDF 1 #define PSA_WANT_ALG_RSA 1 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f349ff5c1..c45d0ee60 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -370,7 +370,7 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ) { @@ -438,7 +438,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, return( MBEDTLS_ECP_DP_NONE ); } } -#endif /* defined(MBEDTLS_ECP_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, size_t bits ) @@ -711,7 +711,7 @@ exit: } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) /** Load the contents of a key buffer into an internal ECP representation * * \param[in] type The type of key contained in \p data. @@ -930,7 +930,7 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_ECP_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ /** Return the size of the key in the given slot, in bits. * @@ -1069,12 +1069,12 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, /* Key format is not supported by any accelerator, try software fallback * if present. */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { return( psa_import_ecp_key( slot, data, data_length ) ); } -#endif /* defined(MBEDTLS_ECP_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { @@ -1647,7 +1647,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, } else { -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) mbedtls_ecp_keypair *ecp = NULL; psa_status_t status = psa_load_ecp_representation( slot->attr.type, @@ -1671,7 +1671,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #else /* We don't know how to convert a private ECC key to public */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif +#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ } } else @@ -3728,7 +3728,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) @@ -3762,7 +3762,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, } } else -#endif /* defined(MBEDTLS_ECP_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ { status = PSA_ERROR_NOT_SUPPORTED; } @@ -3829,7 +3829,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) @@ -3856,7 +3856,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, } } else -#endif /* defined(MBEDTLS_ECP_C) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -5782,7 +5782,7 @@ psa_status_t psa_key_derivation_input_key( /* Key agreement */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, size_t peer_key_length, const mbedtls_ecp_keypair *our_key, @@ -5833,7 +5833,7 @@ exit: return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR */ #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES @@ -5847,7 +5847,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, { switch( alg ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) case PSA_ALG_ECDH: if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -5866,7 +5866,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, mbedtls_ecp_keypair_free( ecp ); mbedtls_free( ecp ); return( status ); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR */ default: (void) private_key; (void) peer_key; @@ -6144,7 +6144,7 @@ static psa_status_t psa_generate_key_internal( else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA && MBEDTLS_GENPRIME */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) { psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); @@ -6189,7 +6189,7 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* MBEDTLS_ECP_C */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) */ { return( PSA_ERROR_NOT_SUPPORTED ); } diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a99dd4fe5..7ad4c497e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1354,6 +1354,30 @@ component_build_psa_want_ecdh_disabled_software() { make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } +# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. +component_build_psa_want_ecc_key_pair_disabled_software() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ECC_KEY_PAIR + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ECC_KEY_PAIR" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. +component_build_psa_want_ecc_public_key_disabled_software() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ECC_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ECC_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. component_build_psa_want_hmac_disabled_software() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC From 0e00519711c4e8ee8242e407c59801b71deb129d Mon Sep 17 00:00:00 2001 From: John Durkop Date: Sat, 31 Oct 2020 22:06:54 -0700 Subject: [PATCH 395/488] Add feature support for RSA for PSA crypto config In the original attempt to add RSA support to PSA crypto config was too generic. This set of changes adds support for the following RSA features: PSA_WANT_ALG_RSA_PKCS1V15_CRYPT, PSA_WANT_ALG_RSA_PKCS1V15_SIGN, PSA_WANT_ALG_RSA_OAEP, PSA_WANT_ALG_RSA_PSS, PSA_WANT_KEY_TYPE_RSA_KEY_PAIR, and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY. There were also some updates to ensure the proper inclusion of PSA crypto library code when certain features are enabled. These updates were made to address warnings and errors in builds from the new tests for these features being added for PSA crypto configuration. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 74 +++++++++++++--- include/mbedtls/ssl.h | 2 +- include/mbedtls/ssl_internal.h | 4 +- include/psa/crypto_config.h | 11 ++- library/psa_crypto.c | 137 +++++++++++++++++------------ tests/src/drivers/key_management.c | 7 +- 6 files changed, 162 insertions(+), 73 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index c5d284cc9..545ab3cff 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -66,17 +66,18 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ #endif /* PSA_WANT_ALG_ECDH */ -#if defined(PSA_WANT_ECC_KEY_PAIR) +#if defined(PSA_WANT_ECC_PUBLIC_KEY) || defined(PSA_WANT_ECC_KEY_PAIR) #if !defined(MBEDTLS_PSA_ACCEL_ECC_KEY_PAIR) #define MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR 1 +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C #endif /* !MBEDTLS_PSA_ACCEL_ECC_KEY_PAIR */ -#endif /* PSA_WANT_ECC_KEY_PAIR */ - -#if defined(PSA_WANT_ECC_PUBLIC_KEY) #if !defined(MBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY) #define MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY 1 +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C #endif /* !MBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY */ -#endif /* PSA_WANT_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_ECC_PUBLIC_KEY || PSA_WANT_ECC_KEY_PAIR */ #if defined(PSA_WANT_ALG_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) @@ -93,14 +94,56 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ -#if defined(PSA_WANT_ALG_RSA) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA +#if defined(PSA_WANT_ALG_RSA_OAEP) || defined(PSA_WANT_ALG_RSA_PSS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 #define MBEDTLS_RSA_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA */ -#endif /* PSA_WANT_ALG_RSA */ +#define MBEDTLS_PKCS1_V21_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V21_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ +#endif /* PSA_WANT_ALG_RSA_OAEP || PSA_WANT_ALG_RSA_PSS */ + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V15 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */ +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V15 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT || PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_GENPRIME +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */ +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_GENPRIME +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ @@ -136,7 +179,16 @@ extern "C" { #endif /* MBEDTLS_HKDF_C */ #if defined(MBEDTLS_RSA_C) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA 1 +#if defined(MBEDTLS_PKCS1_V15) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#endif /* MBEDTLSS_PKCS1_V15 */ +#if defined(MBEDTLS_PKCS1_V21) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 +#endif /* MBEDTLS_PKCS1_V21 */ +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 #endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1b4e163f6..c35f65e90 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -42,7 +42,7 @@ #include "mbedtls/dhm.h" #endif -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_ECDH_C) || defined(PSA_WANT_ALG_ECDH) #include "mbedtls/ecdh.h" #endif diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 1dc9648b0..406d22463 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -437,7 +437,7 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_DHM_C) mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ #endif -#if defined(MBEDTLS_ECDH_C) +#if defined(MBEDTLS_ECDH_C) || defined(PSA_WANT_ALG_ECDH) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -447,7 +447,7 @@ struct mbedtls_ssl_handshake_params unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t ecdh_psa_peerkey_len; #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_ECDH_C */ +#endif /* MBEDTLS_ECDH_C || PSA_WANT_ALG_ECDH */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index c7605aa2c..da92bdb89 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -53,10 +53,15 @@ #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 #define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ECC_KEY_PAIR 1 -#define PSA_WANT_ECC_PUBLIC_KEY 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ALG_RSA 1 +//#define PSA_WANT_ECC_KEY_PAIR 1 +//#define PSA_WANT_ECC_PUBLIC_KEY 1 +//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 +//#define PSA_WANT_ALG_RSA_OAEP 1 +//#define PSA_WANT_ALG_RSA_PSS 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 +//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c45d0ee60..e527ab72a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -491,7 +491,10 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) #if defined(MBEDTLS_PK_PARSE_C) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes @@ -709,7 +712,7 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ #if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) /** Load the contents of a key buffer into an internal ECP representation @@ -1075,12 +1078,13 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, return( psa_import_ecp_key( slot, data, data_length ) ); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { return( psa_import_rsa_key( slot, data, data_length ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /* Fell through the fallback as well, so have nothing else to try. */ return( PSA_ERROR_NOT_SUPPORTED ); @@ -1426,7 +1430,8 @@ psa_status_t psa_get_key_domain_parameters( return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) static psa_status_t psa_get_rsa_public_exponent( const mbedtls_rsa_context *rsa, psa_key_attributes_t *attributes ) @@ -1466,7 +1471,7 @@ exit: mbedtls_free( buffer ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. */ @@ -1493,7 +1498,8 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, switch( slot->attr.type ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1520,7 +1526,7 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, mbedtls_free( rsa ); } break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ default: /* Nothing else to do. */ break; @@ -1620,7 +1626,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, * so conversion is needed */ if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) mbedtls_rsa_context *rsa = NULL; psa_status_t status = psa_load_rsa_representation( slot->attr.type, @@ -1643,7 +1650,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #else /* We don't know how to convert a private RSA key to public. */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } else { @@ -2059,7 +2066,8 @@ static psa_status_t psa_validate_optional_attributes( if( attributes->domain_parameters_size != 0 ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -2096,7 +2104,7 @@ static psa_status_t psa_validate_optional_attributes( return( mbedtls_to_psa_error( ret ) ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -2289,7 +2297,12 @@ exit: /* Message digests */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + (defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && \ + (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY))) static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) @@ -2332,7 +2345,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) return( NULL ); } } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || (defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY))) */ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) { @@ -3398,7 +3411,10 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, @@ -3417,7 +3433,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_ERROR_INVALID_ARGUMENT ); #endif -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) /* For PKCS#1 v1.5 signature, if using a hash, the hash length * must be correct. */ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && @@ -3428,20 +3444,21 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, if( mbedtls_md_get_size( md_info ) != hash_length ) return( PSA_ERROR_INVALID_ARGUMENT ); } -#endif /* MBEDTLS_PKCS1_V15 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) /* PSS requires a hash internally. */ if( PSA_ALG_IS_RSA_PSS( alg ) ) { if( md_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ return( PSA_SUCCESS ); } +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, psa_algorithm_t alg, const uint8_t *hash, @@ -3453,6 +3470,10 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; +#if !defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + (void)hash; + (void)signature; +#endif /* !MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); if( status != PSA_SUCCESS ) @@ -3461,7 +3482,7 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, if( signature_size < mbedtls_rsa_get_len( rsa ) ) return( PSA_ERROR_BUFFER_TOO_SMALL ); -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -3476,8 +3497,8 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -3491,7 +3512,7 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -3500,6 +3521,7 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, *signature_length = mbedtls_rsa_get_len( rsa ); return( mbedtls_to_psa_error( ret ) ); } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR */ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, psa_algorithm_t alg, @@ -3511,6 +3533,10 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; +#if !defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + (void)hash; + (void)signature; +#endif /* !MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); if( status != PSA_SUCCESS ) @@ -3519,7 +3545,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, if( signature_length != mbedtls_rsa_get_len( rsa ) ) return( PSA_ERROR_INVALID_SIGNATURE ); -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -3534,8 +3560,8 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -3549,7 +3575,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, signature ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -3561,9 +3587,10 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, return( PSA_ERROR_INVALID_SIGNATURE ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY)) /* `ecp` cannot be const because `ecp->grp` needs to be non-const * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() * (even though these functions don't modify it). */ @@ -3662,7 +3689,7 @@ cleanup: mbedtls_mpi_free( &s ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */ +#endif /* (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY)) */ psa_status_t psa_sign_hash( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3705,7 +3732,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, goto exit; /* If the operation was not supported by any accelerator, try fallback. */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -3727,11 +3754,11 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( rsa ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ #if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) PSA_ALG_IS_ECDSA( alg ) @@ -3756,7 +3783,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( ecp ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { status = PSA_ERROR_INVALID_ARGUMENT; } @@ -3807,7 +3834,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, psa_key_lifetime_is_external( slot->attr.lifetime ) ) return status; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -3828,7 +3856,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { @@ -3862,7 +3890,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, } } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, mbedtls_rsa_context *rsa ) { @@ -3871,7 +3899,7 @@ static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_PKCS1_V21) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3904,7 +3932,8 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -3920,7 +3949,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, status = PSA_ERROR_BUFFER_TOO_SMALL; goto rsa_exit; } -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) { status = mbedtls_to_psa_error( @@ -3933,8 +3962,8 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, output ) ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { psa_rsa_oaep_set_padding_mode( alg, rsa ); @@ -3949,7 +3978,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, output ) ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ { status = PSA_ERROR_INVALID_ARGUMENT; goto rsa_exit; @@ -3963,7 +3992,7 @@ rsa_exit: return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3999,7 +4028,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -4016,7 +4045,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, goto rsa_exit; } -#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) { status = mbedtls_to_psa_error( @@ -4030,8 +4059,8 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, output_size ) ); } else -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { psa_rsa_oaep_set_padding_mode( alg, rsa ); @@ -4047,7 +4076,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, output_size ) ); } else -#endif /* MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ { status = PSA_ERROR_INVALID_ARGUMENT; } @@ -4058,7 +4087,7 @@ rsa_exit: return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -6030,7 +6059,7 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed, } #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, size_t domain_parameters_size, int *exponent ) @@ -6056,7 +6085,7 @@ static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, *exponent = acc; return( PSA_SUCCESS ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA && MBEDTLS_GENPRIME */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ static psa_status_t psa_generate_key_internal( psa_key_slot_t *slot, size_t bits, @@ -6094,7 +6123,7 @@ static psa_status_t psa_generate_key_internal( } else -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context rsa; @@ -6142,7 +6171,7 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA && MBEDTLS_GENPRIME */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ #if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index 9bef4b678..34eb614f9 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -43,6 +43,9 @@ psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { +#if !defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) && !defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) + (void)attributes; +#endif /* !MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR && !MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ ++test_driver_key_management_hooks.hits; if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) @@ -59,7 +62,7 @@ psa_status_t test_transparent_generate_key( } /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { @@ -115,7 +118,7 @@ psa_status_t test_transparent_generate_key( return( status ); } else -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ return( PSA_ERROR_NOT_SUPPORTED ); } From bd069d32e8ef61b7ca500a6da2bc464194ade0c6 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Sat, 31 Oct 2020 22:14:03 -0700 Subject: [PATCH 396/488] Enhanced testing for PSA crypto config features Updated some of the test names to better reflect what they are testing. Expanded the testing around RSA feature for PSA crypto config. Updated the test script to support backing up and restoring the include/psa/crypto_config.h file so that features can be individually setup for each unique feature test. Signed-off-by: John Durkop --- tests/scripts/all.sh | 98 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 91 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7ad4c497e..95e0e4c1b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -127,6 +127,8 @@ pre_check_environment () { pre_initialize_variables () { CONFIG_H='include/mbedtls/config.h' CONFIG_BAK="$CONFIG_H.bak" + CRYPTO_CONFIG_H='include/psa/crypto_config.h' + CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak" append_outcome=0 MEMORY=0 @@ -285,6 +287,10 @@ cleanup() if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" fi + + if [ -f "$CRYPTO_CONFIG_BAK" ]; then + mv "$CRYPTO_CONFIG_BAK" "$CRYPTO_CONFIG_H" + fi } # Executed on exit. May be redefined depending on command line options. @@ -1355,31 +1361,34 @@ component_build_psa_want_ecdh_disabled_software() { } # This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. -component_build_psa_want_ecc_key_pair_disabled_software() { +component_build_psa_want_ecc_key_pair() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ECC_KEY_PAIR msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ECC_KEY_PAIR" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ECC_KEY_PAIR 1 + #scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ECC_PUBLIC_KEY # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. -component_build_psa_want_ecc_public_key_disabled_software() { +component_build_psa_want_ecc_public_key() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ECC_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ECC_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ECC_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. -component_build_psa_want_hmac_disabled_software() { +component_build_psa_want_hmac() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" scripts/config.py full @@ -1400,20 +1409,94 @@ component_build_psa_want_hkdf_disabled_software() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_HKDF_C + # Make sure to unset TLS1_3_EXPERIMENTAL since it requires HKDF_C and will not build properly without it. + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_want_rsa_disabled_software() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA" +component_build_psa_want_rsa_pkcs1v15_crypt() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_want_rsa_pkcs1v15_sign() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_want_rsa_oaep() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_want_rsa_pss() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_want_rsa_key_pair() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" +} + +# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. +component_build_psa_want_rsa_public_key() { + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + # Need to define the correct symbol and include the test driver header path in order to build with the test driver + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } component_test_check_params_functionality () { @@ -2246,6 +2329,7 @@ run_component () { # Back up the configuration in case the component modifies it. # The cleanup function will restore it. cp -p "$CONFIG_H" "$CONFIG_BAK" + cp -p "$CRYPTO_CONFIG_H" "$CRYPTO_CONFIG_BAK" current_component="$1" export MBEDTLS_TEST_CONFIGURATION="$current_component" From d8b83eaf0710e041569ef47bcc7edc6cdb42c32d Mon Sep 17 00:00:00 2001 From: John Durkop Date: Sat, 31 Oct 2020 23:32:07 -0700 Subject: [PATCH 397/488] Update symmetric only reference config to include config_psa.h Since the symmetric only reference config is utilizing PSA crypto library builds, the config file needs to included the new config_psa.h so that all the PSA feature macros are setup properly for the test. Signed-off-by: John Durkop --- configs/config-symmetric-only.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 054cb9e15..f05a0d7cb 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -92,6 +92,8 @@ #define MBEDTLS_VERSION_C #define MBEDTLS_XTEA_C +#include "mbedtls/config_psa.h" + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 7fc75eac213f292b1b6755f98c365251f40bd45d Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 3 Nov 2020 19:05:36 -0800 Subject: [PATCH 398/488] Enable all features in crypto_config.h In order to pass existing tests like test_psa_crypto_config_basic and test_psa_crypto_config_no_driver, all the new features need to be enabled in the default crypto_config.h file. This change enables those features by default and updates the other new tests to compensate for everything being enabled by disabling some features for some of the tests as needed. Signed-off-by: John Durkop --- include/psa/crypto_config.h | 16 ++++++++-------- tests/scripts/all.sh | 19 ++++++++++++++----- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index da92bdb89..f23189edc 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -55,13 +55,13 @@ #define PSA_WANT_ALG_ECDH 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_HKDF 1 -//#define PSA_WANT_ECC_KEY_PAIR 1 -//#define PSA_WANT_ECC_PUBLIC_KEY 1 -//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 -//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 -//#define PSA_WANT_ALG_RSA_OAEP 1 -//#define PSA_WANT_ALG_RSA_PSS 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 -//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define PSA_WANT_ECC_KEY_PAIR 1 +#define PSA_WANT_ECC_PUBLIC_KEY 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 +#define PSA_WANT_ALG_RSA_OAEP 1 +#define PSA_WANT_ALG_RSA_PSS 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 95e0e4c1b..b68cfe3d4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1369,7 +1369,7 @@ component_build_psa_want_ecc_key_pair() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ECC_KEY_PAIR 1 - #scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ECC_PUBLIC_KEY + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ECC_PUBLIC_KEY # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -1383,6 +1383,7 @@ component_build_psa_want_ecc_public_key() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ECC_PUBLIC_KEY 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ECC_KEY_PAIR # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -1424,7 +1425,9 @@ component_build_psa_want_rsa_pkcs1v15_crypt() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -1438,7 +1441,9 @@ component_build_psa_want_rsa_pkcs1v15_sign() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -1452,7 +1457,9 @@ component_build_psa_want_rsa_oaep() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PSS # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -1466,7 +1473,9 @@ component_build_psa_want_rsa_pss() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } From 9814fa2b08bfa8d1fff6158885cfe39347a99d12 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Wed, 4 Nov 2020 12:28:15 -0800 Subject: [PATCH 399/488] Minor updates from review comments Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx per comments from review. Implemented a check_config_psa.h to help with dependency checking of features enabled in config_psa.h. Added check_config_psa.h to visual studio project. Signed-off-by: John Durkop --- include/mbedtls/check_config_psa.h | 39 +++++++++ include/mbedtls/config_psa.h | 50 +++++++----- include/psa/crypto_config.h | 4 +- library/psa_crypto.c | 124 ++++++++++++++++++++--------- tests/scripts/all.sh | 20 ++--- tests/src/drivers/key_management.c | 14 ++-- visualc/VS2010/mbedTLS.vcxproj | 1 + 7 files changed, 178 insertions(+), 74 deletions(-) create mode 100644 include/mbedtls/check_config_psa.h diff --git a/include/mbedtls/check_config_psa.h b/include/mbedtls/check_config_psa.h new file mode 100644 index 000000000..3fb5850c6 --- /dev/null +++ b/include/mbedtls/check_config_psa.h @@ -0,0 +1,39 @@ +/** + * \file check_config_psa.h + * + * \brief Consistency checks for PSA configuration options + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * It is recommended to include this file from your config_psa.h + * in order to catch dependency issues early. + */ + +#ifndef MBEDTLS_CHECK_CONFIG_PSA_H +#define MBEDTLS_CHECK_CONFIG_PSA_H + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && \ + !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) +#error "MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites" +#endif + +#endif /* MBEDTLS_CHECK_CONFIG_PSA_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 545ab3cff..48046e07b 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -66,18 +66,21 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ #endif /* PSA_WANT_ALG_ECDH */ -#if defined(PSA_WANT_ECC_PUBLIC_KEY) || defined(PSA_WANT_ECC_KEY_PAIR) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_KEY_PAIR) -#define MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR 1 +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_ECP_C #define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_ECC_KEY_PAIR */ -#if !defined(MBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 #define MBEDTLS_ECP_C #define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY */ -#endif /* PSA_WANT_ECC_PUBLIC_KEY || PSA_WANT_ECC_KEY_PAIR */ +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ #if defined(PSA_WANT_ALG_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) @@ -94,24 +97,27 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ -#if defined(PSA_WANT_ALG_RSA_OAEP) || defined(PSA_WANT_ALG_RSA_PSS) +#if defined(PSA_WANT_ALG_RSA_OAEP) #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 #define MBEDTLS_RSA_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V21_C +#define MBEDTLS_PKCS1_V21 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ +#endif /* PSA_WANT_ALG_RSA_OAEP */ + +#if defined(PSA_WANT_ALG_RSA_PSS) #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 #define MBEDTLS_RSA_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V21_C +#define MBEDTLS_PKCS1_V21 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ -#endif /* PSA_WANT_ALG_RSA_OAEP || PSA_WANT_ALG_RSA_PSS */ +#endif /* PSA_WANT_ALG_RSA_PSS */ -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 #define MBEDTLS_RSA_C @@ -119,6 +125,9 @@ extern "C" { #define MBEDTLS_OID_C #define MBEDTLS_PKCS1_V15 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */ + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 #define MBEDTLS_RSA_C @@ -126,9 +135,9 @@ extern "C" { #define MBEDTLS_OID_C #define MBEDTLS_PKCS1_V15 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ -#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT || PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 #define MBEDTLS_RSA_C @@ -136,6 +145,9 @@ extern "C" { #define MBEDTLS_OID_C #define MBEDTLS_GENPRIME #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 #define MBEDTLS_RSA_C @@ -143,7 +155,7 @@ extern "C" { #define MBEDTLS_OID_C #define MBEDTLS_GENPRIME #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ @@ -166,8 +178,8 @@ extern "C" { #endif /* MBEDTLS_ECDH_C */ #if defined(MBEDTLS_ECP_C) -#define MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR 1 -#define MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) @@ -193,6 +205,8 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ +#include "mbedtls/check_config_psa.h" + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index f23189edc..3fd137465 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -55,8 +55,8 @@ #define PSA_WANT_ALG_ECDH 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_ECC_KEY_PAIR 1 -#define PSA_WANT_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 #define PSA_WANT_ALG_RSA_OAEP 1 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e527ab72a..31506ef3b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -370,7 +370,8 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ) { @@ -438,7 +439,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, return( MBEDTLS_ECP_DP_NONE ); } } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, size_t bits ) @@ -494,7 +496,9 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) #if defined(MBEDTLS_PK_PARSE_C) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes @@ -712,9 +716,15 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) /** Load the contents of a key buffer into an internal ECP representation * * \param[in] type The type of key contained in \p data. @@ -933,7 +943,8 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ /** Return the size of the key in the given slot, in bits. * @@ -1072,19 +1083,22 @@ static psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, /* Key format is not supported by any accelerator, try software fallback * if present. */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { return( psa_import_ecp_key( slot, data, data_length ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { return( psa_import_rsa_key( slot, data, data_length ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /* Fell through the fallback as well, so have nothing else to try. */ return( PSA_ERROR_NOT_SUPPORTED ); @@ -1471,7 +1485,8 @@ exit: mbedtls_free( buffer ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. */ @@ -1526,7 +1541,8 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, mbedtls_free( rsa ); } break; -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ default: /* Nothing else to do. */ break; @@ -1650,11 +1666,12 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #else /* We don't know how to convert a private RSA key to public. */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } else { -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_keypair *ecp = NULL; psa_status_t status = psa_load_ecp_representation( slot->attr.type, @@ -1678,7 +1695,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #else /* We don't know how to convert a private ECC key to public */ return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } } else @@ -2104,7 +2122,8 @@ static psa_status_t psa_validate_optional_attributes( return( mbedtls_to_psa_error( ret ) ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -2301,8 +2320,7 @@ exit: defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ - (defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && \ - (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY))) + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) @@ -2345,7 +2363,11 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) return( NULL ); } } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || (defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY))) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) { @@ -3414,7 +3436,8 @@ cleanup: #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, @@ -3587,10 +3610,16 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, return( PSA_ERROR_INVALID_SIGNATURE ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ -#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ - (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY)) +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) && \ + ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) /* `ecp` cannot be const because `ecp->grp` needs to be non-const * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() * (even though these functions don't modify it). */ @@ -3689,7 +3718,10 @@ cleanup: mbedtls_mpi_free( &s ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && (defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY)) */ +#endif /* ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) && + ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) */ psa_status_t psa_sign_hash( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3755,10 +3787,12 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) PSA_ALG_IS_ECDSA( alg ) @@ -3783,13 +3817,15 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( ecp ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { status = PSA_ERROR_INVALID_ARGUMENT; } } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ { status = PSA_ERROR_NOT_SUPPORTED; } @@ -3856,11 +3892,14 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { mbedtls_ecp_keypair *ecp = NULL; @@ -3878,13 +3917,15 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3992,7 +4033,10 @@ rsa_exit: return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -5811,7 +5855,8 @@ psa_status_t psa_key_derivation_input_key( /* Key agreement */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, size_t peer_key_length, const mbedtls_ecp_keypair *our_key, @@ -5862,7 +5907,7 @@ exit: return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR */ #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES @@ -5876,7 +5921,8 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, { switch( alg ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) case PSA_ALG_ECDH: if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -5895,7 +5941,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, mbedtls_ecp_keypair_free( ecp ); mbedtls_free( ecp ); return( status ); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR */ default: (void) private_key; (void) peer_key; @@ -6173,7 +6219,7 @@ static psa_status_t psa_generate_key_internal( else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) { psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); @@ -6218,7 +6264,7 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ { return( PSA_ERROR_NOT_SUPPORTED ); } diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b68cfe3d4..138849c54 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1362,30 +1362,30 @@ component_build_psa_want_ecdh_disabled_software() { # This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. component_build_psa_want_ecc_key_pair() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ECC_KEY_PAIR - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ECC_KEY_PAIR" + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ECC_KEY_PAIR 1 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ECC_PUBLIC_KEY + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. component_build_psa_want_ecc_public_key() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ECC_PUBLIC_KEY - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ECC_PUBLIC_KEY" + # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY + msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ECC_PUBLIC_KEY 1 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ECC_KEY_PAIR + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index 34eb614f9..a788934fa 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -43,7 +43,8 @@ psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { -#if !defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) && !defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) && \ + !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) (void)attributes; #endif /* !MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR && !MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ ++test_driver_key_management_hooks.hits; @@ -62,7 +63,8 @@ psa_status_t test_transparent_generate_key( } /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { @@ -118,7 +120,7 @@ psa_status_t test_transparent_generate_key( return( status ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ return( PSA_ERROR_NOT_SUPPORTED ); } @@ -143,7 +145,8 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( test_driver_key_management_hooks.forced_status ); -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) psa_key_type_t type = psa_get_key_type( attributes ); if ( PSA_KEY_TYPE_IS_ECC( type ) ) { @@ -234,11 +237,12 @@ ecp_exit: } return( PSA_ERROR_NOT_SUPPORTED ); #else + (void) attributes; (void) data; (void) data_length; (void) bits; return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 801f17c3e..cf9f21248 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -157,6 +157,7 @@ + From 2a99315cc570ef37785fb2c77a10fc050bdb4af9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 Jul 2020 14:13:26 +0200 Subject: [PATCH 400/488] Add volatile key identifiers Volatile key identifiers are introduced in PSA Crypto API v1.0.0. They are returned by the APIs when importing or generating or deriving a volatile key. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 3 ++- library/psa_crypto_slot_management.c | 10 ++++++++-- library/psa_crypto_slot_management.h | 26 +++++++++++++++++++++++--- 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 36dcd3fca..c813ca382 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1851,6 +1851,7 @@ static psa_status_t psa_start_key_creation( psa_se_drv_table_entry_t **p_drv ) { psa_status_t status; + psa_key_id_t volatile_key_id; psa_key_slot_t *slot; (void) method; @@ -1860,7 +1861,7 @@ static psa_status_t psa_start_key_creation( if( status != PSA_SUCCESS ) return( status ); - status = psa_get_empty_key_slot( handle, p_slot ); + status = psa_get_empty_key_slot( handle, &volatile_key_id, p_slot ); if( status != PSA_SUCCESS ) return( status ); slot = *p_slot; diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 4f651d985..43282b448 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -114,7 +114,8 @@ void psa_wipe_all_key_slots( void ) } psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, - psa_key_slot_t **p_slot ) + psa_key_id_t *volatile_key_id, + psa_key_slot_t **p_slot ) { if( ! global_data.key_slots_initialized ) return( PSA_ERROR_BAD_STATE ); @@ -123,7 +124,11 @@ psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, { *p_slot = &global_data.key_slots[*handle - 1]; if( ! psa_is_key_slot_occupied( *p_slot ) ) + { + *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( *handle ) - 1; + return( PSA_SUCCESS ); + } } *p_slot = NULL; return( PSA_ERROR_INSUFFICIENT_MEMORY ); @@ -215,6 +220,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_status_t status; + psa_key_id_t volatile_key_id; psa_key_slot_t *slot; *handle = 0; @@ -223,7 +229,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) if( status != PSA_SUCCESS ) return( status ); - status = psa_get_empty_key_slot( handle, &slot ); + status = psa_get_empty_key_slot( handle, &volatile_key_id, &slot ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 6c2e54960..d649f53a7 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -28,6 +28,23 @@ * The value is a compile-time constant for now, for simplicity. */ #define PSA_KEY_SLOT_COUNT 32 +/** Range of volatile key identifiers. + * + * The last PSA_KEY_SLOT_COUNT identifiers of the implementation range + * of key identifiers are reserved for volatile key identifiers. + * A volatile key identifier is equal to PSA_KEY_ID_VOLATILE_MIN plus the + * index of the key slot containing the volatile key definition. + */ + +/** The minimum value for a volatile key identifier. + */ +#define PSA_KEY_ID_VOLATILE_MIN ( PSA_KEY_ID_VENDOR_MAX - \ + PSA_KEY_SLOT_COUNT + 1 ) + +/** The maximum value for a volatile key identifier. + */ +#define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX + /** Access a key slot at the given handle. * * \param handle Key handle to query. @@ -62,15 +79,18 @@ void psa_wipe_all_key_slots( void ); * This function returns a key slot that is available for use and is in its * ground state (all-bits-zero). * - * \param[out] handle On success, a slot number that can be used as a - * handle to the slot. - * \param[out] p_slot On success, a pointer to the slot. + * \param[out] handle On success, a slot number that can be used + * as a handle to the slot. + * \param[out] volatile_key_id On success, volatile key identifier + * associated to the returned slot. + * \param[out] p_slot On success, a pointer to the slot. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE */ psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, + psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ); /** Test whether a lifetime designates a key in an external cryptoprocessor. From 98a54ddbd69c3ad8c99889700737f380169e534b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 24 Jul 2020 16:33:11 +0200 Subject: [PATCH 401/488] psa: slot mgmt: Don't use handles to loop through slot array Signed-off-by: Ronald Cron --- library/psa_crypto_slot_management.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 43282b448..060606e43 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -104,10 +104,11 @@ psa_status_t psa_initialize_key_slots( void ) void psa_wipe_all_key_slots( void ) { - psa_key_handle_t key; - for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ ) + size_t slot_idx; + + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { - psa_key_slot_t *slot = &global_data.key_slots[key - 1]; + psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; (void) psa_wipe_key_slot( slot ); } global_data.key_slots_initialized = 0; @@ -117,15 +118,19 @@ psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ) { + size_t slot_idx; + if( ! global_data.key_slots_initialized ) return( PSA_ERROR_BAD_STATE ); - for( *handle = PSA_KEY_SLOT_COUNT; *handle != 0; --( *handle ) ) + for( slot_idx = PSA_KEY_SLOT_COUNT; slot_idx > 0; slot_idx-- ) { - *p_slot = &global_data.key_slots[*handle - 1]; + *p_slot = &global_data.key_slots[ slot_idx - 1 ]; if( ! psa_is_key_slot_occupied( *p_slot ) ) { - *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( *handle ) - 1; + *handle = (psa_key_handle_t)slot_idx; + *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + + ( (psa_key_id_t)slot_idx ) - 1; return( PSA_SUCCESS ); } @@ -268,11 +273,13 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) { - psa_key_handle_t key; + size_t slot_idx; + memset( stats, 0, sizeof( *stats ) ); - for( key = 1; key <= PSA_KEY_SLOT_COUNT; key++ ) + + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { - const psa_key_slot_t *slot = &global_data.key_slots[key - 1]; + const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; if( ! psa_is_key_slot_occupied( slot ) ) { ++stats->empty_slots; From 91e951542494d2a389ba2fad6df102ee90ec7c0d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 30 Jul 2020 17:48:03 +0200 Subject: [PATCH 402/488] Introduce PSA_KEY_HANDLE_INIT macro Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 2 +- include/psa/crypto_platform.h | 1 + library/pk_wrap.c | 2 +- library/psa_crypto.c | 10 +- library/psa_crypto_slot_management.c | 4 +- library/ssl_cli.c | 2 +- library/ssl_tls.c | 6 +- programs/psa/crypto_examples.c | 6 +- programs/psa/key_ladder_demo.c | 16 +-- programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_server2.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_psa_crypto.function | 135 +++++++++--------- ..._suite_psa_crypto_driver_wrappers.function | 17 ++- ...t_suite_psa_crypto_persistent_key.function | 8 +- ...st_suite_psa_crypto_se_driver_hal.function | 32 ++--- ...te_psa_crypto_se_driver_hal_mocks.function | 12 +- ..._suite_psa_crypto_slot_management.function | 23 +-- tests/suites/test_suite_x509write.function | 2 +- 19 files changed, 145 insertions(+), 141 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 1dc9648b0..30be67665 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1070,7 +1070,7 @@ static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk( if( ssl->conf->psk_opaque != 0 ) return( ssl->conf->psk_opaque ); - return( 0 ); + return( PSA_KEY_HANDLE_INIT ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index c64f61d58..6ada32477 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -51,6 +51,7 @@ /* Integral type representing a key handle. */ typedef uint16_t psa_key_handle_t; +#define PSA_KEY_HANDLE_INIT ( (psa_key_handle_t)0 ) #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 903c53b9d..a40734b27 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -543,7 +543,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, mbedtls_ecdsa_context *ctx = ctx_arg; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; psa_status_t status; mbedtls_pk_context key; int key_len; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c813ca382..85d9df404 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2185,7 +2185,7 @@ exit: if( status != PSA_SUCCESS ) { psa_fail_key_creation( slot, driver ); - *handle = 0; + *handle = PSA_KEY_HANDLE_INIT; } return( status ); } @@ -2197,7 +2197,7 @@ psa_status_t mbedtls_psa_register_se_key( psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; /* Leaving attributes unspecified is not currently supported. * It could make sense to query the key type and size from the @@ -2290,7 +2290,7 @@ exit: if( status != PSA_SUCCESS ) { psa_fail_key_creation( target_slot, driver ); - *target_handle = 0; + *target_handle = PSA_KEY_HANDLE_INIT; } return( status ); } @@ -5390,7 +5390,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut if( status != PSA_SUCCESS ) { psa_fail_key_creation( slot, driver ); - *handle = 0; + *handle = PSA_KEY_HANDLE_INIT; } return( status ); } @@ -6232,7 +6232,7 @@ exit: if( status != PSA_SUCCESS ) { psa_fail_key_creation( slot, driver ); - *handle = 0; + *handle = PSA_KEY_HANDLE_INIT; } return( status ); } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 060606e43..dacd7f69f 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -245,13 +245,13 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) if( status != PSA_SUCCESS ) { psa_wipe_key_slot( slot ); - *handle = 0; + *handle = PSA_KEY_HANDLE_INIT; } return( status ); #else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ (void) key; - *handle = 0; + *handle = PSA_KEY_HANDLE_INIT; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 76be8ab07..9494c65da 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3802,7 +3802,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) status = psa_destroy_key( handshake->ecdh_psa_privkey ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - handshake->ecdh_psa_privkey = 0; + handshake->ecdh_psa_privkey = PSA_KEY_HANDLE_INIT; } else #endif /* MBEDTLS_USE_PSA_CRYPTO && diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7cb5b8ccf..6144851b6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -507,7 +507,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, { psa_status_t status; psa_algorithm_t alg; - psa_key_handle_t master_slot = 0; + psa_key_handle_t master_slot = PSA_KEY_HANDLE_INIT; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -4348,7 +4348,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) { /* The maintenance of the PSK key slot is the * user's responsibility. */ - conf->psk_opaque = 0; + conf->psk_opaque = PSA_KEY_HANDLE_INIT; } /* This and the following branch should never * be taken simultaenously as we maintain the @@ -4434,7 +4434,7 @@ static void ssl_remove_psk( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl->handshake->psk_opaque != 0 ) { - ssl->handshake->psk_opaque = 0; + ssl->handshake->psk_opaque = PSA_KEY_HANDLE_INIT; } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 15aabf946..86ceecce1 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -165,7 +165,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; size_t output_len = 0; uint8_t iv[block_size]; uint8_t input[block_size]; @@ -215,7 +215,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; size_t output_len = 0; uint8_t iv[block_size], input[input_size], encrypt[input_size + block_size], decrypt[input_size + block_size]; @@ -262,7 +262,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = 0; + psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; size_t output_len = 0; uint8_t iv[block_size], input[input_size], encrypt[input_size], decrypt[input_size]; diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index a3628f031..456d8d645 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -197,7 +197,7 @@ exit: static psa_status_t generate( const char *key_file_name ) { psa_status_t status = PSA_SUCCESS; - psa_key_handle_t key_handle = 0; + psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, @@ -232,7 +232,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage, FILE *key_file = NULL; unsigned char extra_byte; - *master_key_handle = 0; + *master_key_handle = PSA_KEY_HANDLE_INIT; SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL ); SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ), @@ -262,7 +262,7 @@ exit: * *master_key_handle is 0. psa_destroy_key(0) is guaranteed to do * nothing and return PSA_ERROR_INVALID_HANDLE. */ (void) psa_destroy_key( *master_key_handle ); - *master_key_handle = 0; + *master_key_handle = PSA_KEY_HANDLE_INIT; } return( status ); } @@ -304,7 +304,7 @@ static psa_status_t derive_key_ladder( const char *ladder[], /* When the parent key is not the master key, destroy it, * since it is no longer needed. */ PSA_CHECK( psa_close_key( *key_handle ) ); - *key_handle = 0; + *key_handle = PSA_KEY_HANDLE_INIT; /* Derive the next intermediate key from the parent key. */ PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, key_handle ) ); @@ -316,7 +316,7 @@ exit: if( status != PSA_SUCCESS ) { psa_close_key( *key_handle ); - *key_handle = 0; + *key_handle = PSA_KEY_HANDLE_INIT; } return( status ); } @@ -330,7 +330,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - *wrapping_key_handle = 0; + *wrapping_key_handle = PSA_KEY_HANDLE_INIT; /* Set up a key derivation operation from the key derived from * the master key. */ @@ -527,8 +527,8 @@ static psa_status_t run( enum program_mode mode, const char *output_file_name ) { psa_status_t status = PSA_SUCCESS; - psa_key_handle_t derivation_key_handle = 0; - psa_key_handle_t wrapping_key_handle = 0; + psa_key_handle_t derivation_key_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t wrapping_key_handle = PSA_KEY_HANDLE_INIT; /* Initialize the PSA crypto library. */ PSA_CHECK( psa_crypto_init( ) ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 54cdd7d32..16bd61952 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1207,7 +1207,7 @@ int main( int argc, char *argv[] ) const char *pers = "ssl_client2"; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t slot = 0; + psa_key_handle_t slot = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; psa_status_t status; @@ -1232,7 +1232,7 @@ int main( int argc, char *argv[] ) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t key_slot = 0; /* invalid key slot */ + psa_key_handle_t key_slot = PSA_KEY_HANDLE_INIT; /* invalid key slot */ #endif #endif char *p, *q; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ec3d6ade5..c11b0819d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1795,7 +1795,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; - psa_key_handle_t psk_slot = 0; + psa_key_handle_t psk_slot = PSA_KEY_HANDLE_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index c6041b249..22bf0e707 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -151,7 +151,7 @@ void pk_psa_utils( ) TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); - TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, 0 ) == + TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, PSA_KEY_HANDLE_INIT ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); mbedtls_pk_free( &pk ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fc563cb15..3c4d7c825 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -298,7 +298,7 @@ int exercise_mac_setup( psa_key_type_t key_type, psa_mac_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); @@ -333,7 +333,7 @@ int exercise_cipher_setup( psa_key_type_t key_type, psa_cipher_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); @@ -1452,7 +1452,7 @@ void import_with_policy( int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; psa_algorithm_t alg = alg_arg; @@ -1496,7 +1496,7 @@ void import_with_data( data_t *data, int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t type = type_arg; size_t attr_bits = attr_bits_arg; psa_status_t expected_status = expected_status_arg; @@ -1536,7 +1536,7 @@ void import_large_key( int type_arg, int byte_size_arg, size_t byte_size = byte_size_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; uint8_t *buffer = NULL; size_t buffer_size = byte_size + 1; @@ -1580,7 +1580,7 @@ exit: /* BEGIN_CASE */ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; size_t bits = bits_arg; psa_status_t expected_status = expected_status_arg; psa_status_t status; @@ -1624,7 +1624,7 @@ void import_export( data_t *data, int expected_export_status_arg, int canonical_input ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1717,7 +1717,7 @@ void import_export_public_key( data_t *data, int expected_export_status_arg, data_t *expected_public_key ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1768,7 +1768,7 @@ void import_and_exercise_key( data_t *data, int bits_arg, int alg_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_algorithm_t alg = alg_arg; @@ -1810,7 +1810,7 @@ void effective_key_attributes( int type_arg, int expected_type_arg, int usage_arg, int expected_usage_arg, int alg_arg, int expected_alg_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = type_arg; psa_key_type_t expected_key_type = expected_type_arg; size_t bits = bits_arg; @@ -1896,7 +1896,7 @@ void mac_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_status_t status; @@ -1941,7 +1941,7 @@ void cipher_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_status_t status; @@ -1986,7 +1986,7 @@ void aead_key_policy( int policy_usage, int tag_length_arg, int exercise_alg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char nonce[16] = {0}; @@ -2045,7 +2045,7 @@ void asymmetric_encryption_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; size_t key_bits; @@ -2108,7 +2108,7 @@ void asymmetric_signature_key_policy( int policy_usage, int exercise_alg, int payload_length_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; @@ -2161,7 +2161,7 @@ void derive_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; @@ -2211,7 +2211,7 @@ void agreement_key_policy( int policy_usage, int exercise_alg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -2243,7 +2243,7 @@ exit: void key_policy_alg2( int key_type_arg, data_t *key_data, int usage_arg, int alg_arg, int alg2_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2284,7 +2284,7 @@ void raw_agreement_key_policy( int policy_usage, int exercise_alg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -2326,8 +2326,8 @@ void copy_success( int source_usage_arg, psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; - psa_key_handle_t source_handle = 0; - psa_key_handle_t target_handle = 0; + psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; uint8_t *export_buffer = NULL; PSA_ASSERT( psa_crypto_init( ) ); @@ -2404,8 +2404,8 @@ void copy_fail( int source_usage_arg, { psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t source_handle = 0; - psa_key_handle_t target_handle = 0; + psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -2909,7 +2909,7 @@ exit: /* BEGIN_CASE */ void mac_bad_order( ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); const uint8_t key[] = { @@ -3036,7 +3036,7 @@ void mac_sign( int key_type_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; @@ -3110,7 +3110,7 @@ void mac_verify( int key_type_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; @@ -3264,7 +3264,7 @@ exit: /* BEGIN_CASE */ void cipher_bad_order( ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_AES; psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -3420,7 +3420,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3487,7 +3487,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3560,8 +3560,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = 0; - + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3633,7 +3632,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3697,7 +3696,7 @@ void cipher_verify_output( int alg_arg, int key_type_arg, data_t *key, data_t *input ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; @@ -3790,7 +3789,7 @@ void cipher_verify_output_multipart( int alg_arg, data_t *input, int first_part_size_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3903,7 +3902,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, data_t *input_data, int expected_result_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -3979,7 +3978,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, data_t *input_data, data_t *expected_result ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -4030,7 +4029,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, data_t *expected_data, int expected_result_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -4103,7 +4102,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, data_t *output_data ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4164,7 +4163,7 @@ void sign_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int signature_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t signature_size = signature_size_arg; @@ -4218,7 +4217,7 @@ exit: void sign_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4285,7 +4284,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4326,7 +4325,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, data_t *signature_data, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t actual_status; @@ -4370,7 +4369,7 @@ void asymmetric_encrypt( int key_type_arg, int expected_output_length_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t expected_output_length = expected_output_length_arg; @@ -4437,7 +4436,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, data_t *input_data, data_t *label ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4503,7 +4502,7 @@ void asymmetric_decrypt( int key_type_arg, data_t *label, data_t *expected_data ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4566,7 +4565,7 @@ void asymmetric_decrypt_fail( int key_type_arg, int output_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4705,12 +4704,14 @@ void derive_input( int alg_arg, expected_status_arg2, expected_status_arg3}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = {0, 0, 0}; + psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT, + PSA_KEY_HANDLE_INIT, + PSA_KEY_HANDLE_INIT}; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t i; psa_key_type_t output_key_type = output_key_type_arg; - psa_key_handle_t output_handle = 0; + psa_key_handle_t output_handle = PSA_KEY_HANDLE_INIT; psa_status_t expected_output_status = expected_output_status_arg; psa_status_t actual_output_status; @@ -4784,7 +4785,7 @@ exit: void test_derive_invalid_key_derivation_state( int alg_arg ) { psa_algorithm_t alg = alg_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; size_t key_type = PSA_KEY_TYPE_DERIVE; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input1[] = "Input 1"; @@ -4872,7 +4873,9 @@ void derive_output( int alg_arg, psa_algorithm_t alg = alg_arg; psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = {0, 0, 0}; + psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT, + PSA_KEY_HANDLE_INIT, + PSA_KEY_HANDLE_INIT}; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *expected_outputs[2] = @@ -4982,7 +4985,7 @@ void derive_full( int alg_arg, data_t *input2, int requested_capacity_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5048,8 +5051,8 @@ void derive_key_exercise( int alg_arg, int derived_usage_arg, int derived_alg_arg ) { - psa_key_handle_t base_handle = 0; - psa_key_handle_t derived_handle = 0; + psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t derived_type = derived_type_arg; size_t derived_bits = derived_bits_arg; @@ -5107,8 +5110,8 @@ void derive_key_export( int alg_arg, int bytes1_arg, int bytes2_arg ) { - psa_key_handle_t base_handle = 0; - psa_key_handle_t derived_handle = 0; + psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; size_t bytes1 = bytes1_arg; size_t bytes2 = bytes2_arg; @@ -5186,8 +5189,8 @@ void derive_key( int alg_arg, int type_arg, int bits_arg, int expected_status_arg ) { - psa_key_handle_t base_handle = 0; - psa_key_handle_t derived_handle = 0; + psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t type = type_arg; size_t bits = bits_arg; @@ -5231,7 +5234,7 @@ void key_agreement_setup( int alg_arg, data_t *our_key_data, data_t *peer_key_data, int expected_status_arg ) { - psa_key_handle_t our_key = 0; + psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; psa_algorithm_t our_key_alg = our_key_alg_arg; psa_key_type_t our_key_type = our_key_type_arg; @@ -5280,7 +5283,7 @@ void raw_key_agreement( int alg_arg, data_t *peer_key_data, data_t *expected_output ) { - psa_key_handle_t our_key = 0; + psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -5317,7 +5320,7 @@ void key_agreement_capacity( int alg_arg, data_t *peer_key_data, int expected_capacity_arg ) { - psa_key_handle_t our_key = 0; + psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5377,7 +5380,7 @@ void key_agreement_output( int alg_arg, data_t *peer_key_data, data_t *expected_output1, data_t *expected_output2 ) { - psa_key_handle_t our_key = 0; + psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5491,7 +5494,7 @@ void generate_key( int type_arg, int alg_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; size_t bits = bits_arg; @@ -5533,7 +5536,7 @@ void generate_key_rsa( int bits_arg, data_t *e_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; size_t bits = bits_arg; psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; @@ -5639,8 +5642,8 @@ void persistent_key_load_key_from_storage( data_t *data, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; - psa_key_handle_t base_key = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t base_key = PSA_KEY_HANDLE_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_key_usage_t usage_flags = usage_flags_arg; @@ -5704,7 +5707,7 @@ void persistent_key_load_key_from_storage( data_t *data, &handle ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); - base_key = 0; + base_key = PSA_KEY_HANDLE_INIT; } break; } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a0140d2cb..53df781e0 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -19,7 +19,7 @@ void ecdsa_sign( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); uint8_t signature[64]; @@ -73,7 +73,7 @@ void ecdsa_verify( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); psa_status_t actual_status; @@ -124,7 +124,7 @@ void generate_key( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); const uint8_t *expected_output = NULL; @@ -226,7 +226,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, int force_status_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -319,7 +319,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -404,8 +404,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = 0; - + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -492,7 +491,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, int force_status_arg, int expected_status_arg ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -581,7 +580,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, data_t *key, data_t *iv, data_t *input ) { - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 7ee17f9d9..a50eac41b 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -117,7 +117,7 @@ exit: void save_large_persistent_key( int data_length_arg, int expected_status ) { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; uint8_t *data = NULL; size_t data_length = data_length_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -149,7 +149,7 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -204,7 +204,7 @@ void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init() ); @@ -254,7 +254,7 @@ void import_export_persistent_key( data_t *data, int type_arg, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; unsigned char *exported = NULL; size_t export_size = data->len; size_t exported_length; diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 8584e5ed6..68a803e30 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -450,7 +450,7 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -483,7 +483,7 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -664,7 +664,7 @@ static int smoke_test_key( psa_key_handle_t handle ) PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t buffer[80]; /* large enough for a public key for ECDH */ size_t length; - psa_key_handle_t handle2 = 0; + psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT; SMOKE_ASSERT( psa_get_key_attributes( handle, &attributes ) ); @@ -880,7 +880,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -983,7 +983,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) exported, exported_length ); PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + handle = PSA_KEY_HANDLE_INIT; if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) @@ -1014,7 +1014,7 @@ void key_creation_in_chosen_slot( int slot_arg, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -1072,7 +1072,7 @@ void key_creation_in_chosen_slot( int slot_arg, PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + handle = PSA_KEY_HANDLE_INIT; if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) @@ -1098,7 +1098,7 @@ void import_key_smoke( int type_arg, int alg_arg, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1148,7 +1148,7 @@ void import_key_smoke( int type_arg, int alg_arg, /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + handle = PSA_KEY_HANDLE_INIT; if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1172,7 +1172,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1213,7 +1213,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1262,7 +1262,7 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) /* We're done. */ PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + handle = PSA_KEY_HANDLE_INIT; if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; @@ -1295,8 +1295,8 @@ void sign_verify( int flow, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t drv_handle = 0; /* key managed by the driver */ - psa_key_handle_t sw_handle = 0; /* transparent key */ + psa_key_handle_t drv_handle = PSA_KEY_HANDLE_INIT; /* key managed by the driver */ + psa_key_handle_t sw_handle = PSA_KEY_HANDLE_INIT; /* transparent key */ psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t drv_attributes; uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; @@ -1462,7 +1462,7 @@ void register_key_smoke_test( int lifetime_arg, mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; TEST_USES_KEY_ID( id ); @@ -1518,7 +1518,7 @@ void register_key_smoke_test( int lifetime_arg, goto exit; /* This time, destroy the key. */ PSA_ASSERT( psa_destroy_key( handle ) ); - handle = 0; + handle = PSA_KEY_HANDLE_INIT; TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 7d4a59125..0e2e203c8 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -333,7 +333,7 @@ void mock_import( int mock_alloc_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -402,7 +402,7 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -456,7 +456,7 @@ void mock_generate( int mock_alloc_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mock_allocate_data.return_value = mock_alloc_return_value; @@ -523,7 +523,7 @@ void mock_export_public( int mock_export_public_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -573,7 +573,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); @@ -634,7 +634,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index fa3dd6e3a..bee583562 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -141,7 +141,7 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; close_method_t close_method = close_method_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -185,7 +185,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; close_method_t close_method = close_method_arg; - psa_key_handle_t handle = 0; + psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *reexported = NULL; @@ -194,7 +194,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) mbedtls_svc_key_id_t wrong_owner_id = mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); - psa_key_handle_t invalid_handle = 0; + psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT; #endif TEST_USES_KEY_ID( id ); @@ -319,7 +319,8 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, { psa_key_lifetime_t lifetime = lifetime_arg; mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); - psa_key_handle_t handle1 = 0, handle2 = 0; + psa_key_handle_t handle1 = PSA_KEY_HANDLE_INIT; + psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; const uint8_t material1[5] = "a key"; @@ -447,7 +448,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = 0; + psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t source_type = type_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg; @@ -455,7 +456,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = 0; + psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; @@ -573,14 +574,14 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, mbedtls_svc_key_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = 0; + psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; psa_key_type_t source_type = source_type_arg; psa_key_lifetime_t target_lifetime = target_lifetime_arg; mbedtls_svc_key_id_t target_id = mbedtls_svc_key_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = 0; + psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_type_t target_type = target_type_arg; psa_key_handle_t new_handle = 0xdead; uint8_t *export_buffer = NULL; @@ -674,8 +675,8 @@ exit: void invalid_handle( int handle_construction, int close_status_arg, int usage_status_arg ) { - psa_key_handle_t valid_handle = 0; - psa_key_handle_t invalid_handle = 0; + psa_key_handle_t valid_handle = PSA_KEY_HANDLE_INIT; + psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT; psa_status_t close_status = close_status_arg; psa_status_t usage_status = usage_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -696,7 +697,7 @@ void invalid_handle( int handle_construction, switch( handle_construction ) { case INVALID_HANDLE_0: - invalid_handle = 0; + invalid_handle = PSA_KEY_HANDLE_INIT; break; case INVALID_HANDLE_UNOPENED: /* We can't easily construct a handle that's never been opened diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 31d60009d..1dd264264 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -161,7 +161,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, int cert_type ) { mbedtls_pk_context key; - psa_key_handle_t slot = 0; + psa_key_handle_t slot = PSA_KEY_HANDLE_INIT; psa_algorithm_t md_alg_psa; mbedtls_x509write_csr req; unsigned char buf[4096]; From c26f8d467aa4800eac2a633ed1d2bbf7f53f5b34 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 1 Sep 2020 10:51:51 +0200 Subject: [PATCH 403/488] Introduce psa_key_handle_is_null inline function Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 4 ++-- include/psa/crypto_platform.h | 11 +++++++++++ library/psa_crypto.c | 2 +- library/psa_crypto_slot_management.c | 5 +++-- library/ssl_cli.c | 2 +- library/ssl_srv.c | 6 +++--- library/ssl_tls.c | 17 +++++++++-------- programs/ssl/ssl_server2.c | 4 ++-- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_psa_crypto.function | 2 +- .../suites/test_suite_psa_crypto_init.function | 2 +- ...st_suite_psa_crypto_persistent_key.function | 2 +- ...est_suite_psa_crypto_se_driver_hal.function | 2 +- ...t_suite_psa_crypto_slot_management.function | 18 +++++++++--------- 14 files changed, 46 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 30be67665..015b53c2b 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1064,10 +1064,10 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk( const mbedtls_ssl_context *ssl ) { - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) return( ssl->handshake->psk_opaque ); - if( ssl->conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) return( ssl->conf->psk_opaque ); return( PSA_KEY_HANDLE_INIT ); diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 6ada32477..a27136d5a 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -53,6 +53,17 @@ typedef uint16_t psa_key_handle_t; #define PSA_KEY_HANDLE_INIT ( (psa_key_handle_t)0 ) +/** Check whether a handle is null. + * + * \param handle Key handle. + * + * \return Non-zero if the key handle is null, zero otherwise. + */ +static inline int psa_key_handle_is_null( psa_key_handle_t handle ) +{ + return( handle == 0 ); +} + #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 85d9df404..5d9b34e77 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1300,7 +1300,7 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle ) psa_se_drv_table_entry_t *driver; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( handle == 0 ) + if( psa_key_handle_is_null( handle ) ) return( PSA_SUCCESS ); status = psa_get_key_slot( handle, &slot ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index dacd7f69f..6303473d9 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -81,7 +81,8 @@ psa_status_t psa_get_key_slot( psa_key_handle_t handle, /* 0 is not a valid handle under any circumstance. This * implementation provides slots number 1 to N where N is the * number of available slots. */ - if( handle == 0 || handle > ARRAY_LENGTH( global_data.key_slots ) ) + if( psa_key_handle_is_null( handle ) || + ( handle > ARRAY_LENGTH( global_data.key_slots ) ) ) return( PSA_ERROR_INVALID_HANDLE ); slot = &global_data.key_slots[handle - 1]; @@ -261,7 +262,7 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) psa_status_t status; psa_key_slot_t *slot; - if( handle == 0 ) + if( psa_key_handle_is_null( handle ) ) return( PSA_SUCCESS ); status = psa_get_key_slot( handle, &slot ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 9494c65da..391e93c6e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -63,7 +63,7 @@ static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 070a5915f..03dc2d4bb 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -157,7 +157,7 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -172,13 +172,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ssl->conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6144851b6..d74e40c34 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -466,7 +466,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de if( status != PSA_SUCCESS ) return( status ); - if( slot == 0 ) + if( psa_key_handle_is_null( slot ) ) { status = psa_key_derivation_input_bytes( derivation, PSA_KEY_DERIVATION_INPUT_SECRET, @@ -563,7 +563,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - if( master_slot != 0 ) + if( ! psa_key_handle_is_null( master_slot ) ) status = psa_destroy_key( master_slot ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); @@ -707,13 +707,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ssl->conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); @@ -4344,7 +4344,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) { /* Remove reference to existing PSK, if any. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( conf->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( conf->psk_opaque ) ) { /* The maintenance of the PSK key slot is the * user's responsibility. */ @@ -4432,7 +4432,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, static void ssl_remove_psk( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ssl->handshake->psk_opaque != 0 ) + if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) { ssl->handshake->psk_opaque = PSA_KEY_HANDLE_INIT; } @@ -4478,7 +4478,7 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, ssl_conf_remove_psk( conf ); /* Check and set opaque PSK */ - if( psk_slot == 0 ) + if( psa_key_handle_is_null( psk_slot ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); conf->psk_opaque = psk_slot; @@ -4494,7 +4494,8 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, psa_key_handle_t psk_slot ) { - if( psk_slot == 0 || ssl->handshake == NULL ) + if( ( psa_key_handle_is_null( psk_slot ) ) || + ( ssl->handshake == NULL ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); ssl_remove_psk( ssl ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c11b0819d..fce2e22c6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1303,7 +1303,7 @@ int psk_free( psk_entry *head ) psa_status_t status; psa_key_handle_t const slot = head->slot; - if( slot != 0 ) + if( ! psa_key_handle_is_null( slot ) ) { status = psa_destroy_key( slot ); if( status != PSA_SUCCESS ) @@ -1376,7 +1376,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl, memcmp( name, cur->name, name_len ) == 0 ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( cur->slot != 0 ) + if( ! psa_key_handle_is_null( cur->slot ) ) return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) ); else #endif diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 22bf0e707..5fee0d7e3 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -158,7 +158,7 @@ void pk_psa_utils( ) mbedtls_pk_init( &pk ); key = pk_psa_genkey(); - if( key == 0 ) + if( psa_key_handle_is_null( key ) ) goto exit; TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 3c4d7c825..fbd7195cc 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -5761,7 +5761,7 @@ exit: mbedtls_free( second_export ); psa_key_derivation_abort( &operation ); psa_destroy_key( base_key ); - if( handle == 0 ) + if( psa_key_handle_is_null( handle ) ) { /* In case there was a test failure after creating the persistent key * but while it was not open, try to re-open the persistent key diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index fd4ff21fc..c9fdcd180 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -197,7 +197,7 @@ void validate_module_init_key_based( int count ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); status = psa_import_key( &attributes, data, sizeof( data ), &handle ); TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index a50eac41b..34b88a70b 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -177,7 +177,7 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, /* Check key slot storage is removed */ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); /* Shutdown and restart */ PSA_DONE(); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 68a803e30..a1d542d74 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -674,7 +674,7 @@ static int smoke_test_key( psa_key_handle_t handle ) buffer, sizeof( buffer ), &length ) ); SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) ); - if( handle2 != 0 ) + if( ! psa_key_handle_is_null( handle2 ) ) PSA_ASSERT( psa_close_key( handle2 ) ); SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index bee583562..39491a0b0 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -152,7 +152,7 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - TEST_ASSERT( handle != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); @@ -210,7 +210,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_enrollment_algorithm( &attributes, alg2 ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - TEST_ASSERT( handle != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), @@ -342,7 +342,7 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_algorithm( &attributes, 0 ); PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ), &handle1 ) ); - TEST_ASSERT( handle1 != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handle1 ) ); if( reopen_policy == CLOSE_BEFORE ) PSA_ASSERT( psa_close_key( handle1 ) ); @@ -351,7 +351,7 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ), &handle2 ), PSA_ERROR_ALREADY_EXISTS ); - TEST_EQUAL( handle2, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle2 ) ); if( reopen_policy == CLOSE_AFTER ) PSA_ASSERT( psa_close_key( handle1 ) ); @@ -394,7 +394,7 @@ void open_fail( int id_arg, PSA_ASSERT( psa_crypto_init( ) ); TEST_EQUAL( psa_open_key( id, &handle ), expected_status ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); exit: PSA_DONE( ); @@ -422,7 +422,7 @@ void create_fail( int lifetime_arg, int id_arg, TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ), &handle ), expected_status ); - TEST_EQUAL( handle, 0 ); + TEST_ASSERT( psa_key_handle_is_null( handle ) ); exit: PSA_DONE( ); @@ -631,7 +631,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, TEST_EQUAL( psa_copy_key( source_handle, &attributes, &new_handle ), PSA_ERROR_ALREADY_EXISTS ); - TEST_EQUAL( new_handle , 0 ); + TEST_ASSERT( psa_key_handle_is_null( new_handle ) ); /* Test that the target slot is unaffected. */ PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) ); @@ -691,7 +691,7 @@ void invalid_handle( int handle_construction, PSA_ASSERT( psa_import_key( &attributes, material, sizeof( material ), &valid_handle ) ); - TEST_ASSERT( valid_handle != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( valid_handle ) ); /* Construct an invalid handle as specified in the test case data. */ switch( handle_construction ) @@ -766,7 +766,7 @@ void many_transient_handles( int max_handles_arg ) if( status == PSA_ERROR_INSUFFICIENT_MEMORY ) break; PSA_ASSERT( status ); - TEST_ASSERT( handles[i] != 0 ); + TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) ); for( j = 0; j < i; j++ ) TEST_ASSERT( handles[i] != handles[j] ); } From 47a85614eda27fb0f8bb929bfe458f9b47e100ba Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 1 Sep 2020 09:02:08 +0200 Subject: [PATCH 404/488] Introduce psa_key_handle_equal inline function Signed-off-by: Ronald Cron --- include/psa/crypto_platform.h | 13 +++++++++++++ .../test_suite_psa_crypto_slot_management.function | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index a27136d5a..9cc27f679 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -64,6 +64,19 @@ static inline int psa_key_handle_is_null( psa_key_handle_t handle ) return( handle == 0 ); } +/** Compare two handles. + * + * \param handle1 First handle. + * \param handle2 Second handle. + * + * \return Non-zero if the two handles are equal, zero otherwise. + */ +static inline int psa_key_handle_equal( psa_key_handle_t handle1, + psa_key_handle_t handle2 ) +{ + return( handle1 == handle2 ); +} + #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 39491a0b0..a99f7de5e 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -659,7 +659,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, } PSA_ASSERT( psa_destroy_key( source_handle ) ); - if( target_handle != source_handle ) + if( ! psa_key_handle_equal( target_handle, source_handle ) ) PSA_ASSERT( psa_destroy_key( target_handle ) ); exit: @@ -768,7 +768,7 @@ void many_transient_handles( int max_handles_arg ) PSA_ASSERT( status ); TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) ); for( j = 0; j < i; j++ ) - TEST_ASSERT( handles[i] != handles[j] ); + TEST_ASSERT( ! psa_key_handle_equal( handles[i], handles[j] ) ); } max_handles = i; From c4d1b514ab814726fd168ad388531d653192801e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 31 Jul 2020 11:26:37 +0200 Subject: [PATCH 405/488] Define handles as key identifiers Define psa_key_handle_t to be equal to mbedtls_svc_key_id_t. Make the handle of a persistent key be equal to its key identifier. For volatile keys, make the key handle equal to the volatile key identifier of the created volatile key. The unit tests are modified just to make them compile not to make them run successfully. They are fixed in the subsequent commits. Signed-off-by: Ronald Cron --- include/psa/crypto_platform.h | 28 ----- include/psa/crypto_types.h | 6 + include/psa/crypto_values.h | 48 +++++++ library/psa_crypto.c | 18 ++- library/psa_crypto_slot_management.c | 118 +++++++++++------- library/psa_crypto_slot_management.h | 43 ++++--- programs/ssl/ssl_client2.c | 6 +- programs/ssl/ssl_server2.c | 6 +- .../test_suite_psa_crypto_init.function | 2 +- ..._suite_psa_crypto_slot_management.function | 37 ++++-- 10 files changed, 209 insertions(+), 103 deletions(-) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 9cc27f679..4a6328a15 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -49,34 +49,6 @@ #define inline __inline #endif -/* Integral type representing a key handle. */ -typedef uint16_t psa_key_handle_t; -#define PSA_KEY_HANDLE_INIT ( (psa_key_handle_t)0 ) - -/** Check whether a handle is null. - * - * \param handle Key handle. - * - * \return Non-zero if the key handle is null, zero otherwise. - */ -static inline int psa_key_handle_is_null( psa_key_handle_t handle ) -{ - return( handle == 0 ); -} - -/** Compare two handles. - * - * \param handle1 First handle. - * \param handle2 Second handle. - * - * \return Non-zero if the two handles are equal, zero otherwise. - */ -static inline int psa_key_handle_equal( psa_key_handle_t handle1, - psa_key_handle_t handle2 ) -{ - return( handle1 == handle2 ); -} - #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 923b02b53..b5e68d4bd 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -247,6 +247,12 @@ typedef struct #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ +/* + * To support temporary both openless APIs and psa_open_key(), define + * psa_key_handle_t to be equal to mbedtls_svc_key_id_t. + */ +typedef mbedtls_svc_key_id_t psa_key_handle_t; + /**@}*/ /** \defgroup policy Key policies diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 3eb64d8cc..5061ab4c9 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1700,6 +1700,17 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, return( id1 == id2 ); } +/** Check whether a key identifier is null. + * + * \param key Key identifier. + * + * \return Non-zero if the key identifier is null, zero otherwise. + */ +static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) +{ + return( key == 0 ); +} + #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ #define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } ) @@ -1732,8 +1743,45 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, mbedtls_key_owner_id_equal( id1.owner, id2.owner ) ); } +/** Check whether a key identifier is null. + * + * \param key Key identifier. + * + * \return Non-zero if the key identifier is null, zero otherwise. + */ +static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) +{ + return( ( key.key_id == 0 ) && ( key.owner == 0 ) ); +} + #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ +#define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT + +/** Compare two handles. + * + * \param handle1 First handle. + * \param handle2 Second handle. + * + * \return Non-zero if the two handles are equal, zero otherwise. + */ +static inline int psa_key_handle_equal( psa_key_handle_t handle1, + psa_key_handle_t handle2 ) +{ + return( mbedtls_svc_key_id_equal( handle1, handle2 ) ); +} + +/** Check wether an handle is null. + * + * \param handle Handle + * + * \return Non-zero if the handle is null, zero otherwise. + */ +static inline int psa_key_handle_is_null( psa_key_handle_t handle ) +{ + return( mbedtls_svc_key_id_is_null( handle ) ); +} + /**@}*/ /** \defgroup policy Key policies diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5d9b34e77..f8a8c0ab7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1861,7 +1861,7 @@ static psa_status_t psa_start_key_creation( if( status != PSA_SUCCESS ) return( status ); - status = psa_get_empty_key_slot( handle, &volatile_key_id, p_slot ); + status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); if( status != PSA_SUCCESS ) return( status ); slot = *p_slot; @@ -1870,9 +1870,19 @@ static psa_status_t psa_start_key_creation( * creation mechanism to verify that this information is correct. * It's automatically correct for mechanisms that use the bit-size as * an input (generate, device) but not for those where the bit-size - * is optional (import, copy). */ + * is optional (import, copy). In case of a volatile key, assign it the + * volatile key identifier associated to the slot returned to contain its + * definition. */ slot->attr = attributes->core; + if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) + { +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + slot->attr.id = volatile_key_id; +#else + slot->attr.id.key_id = volatile_key_id; +#endif + } /* Erase external-only flags from the internal copy. To access * external-only flags, query `attributes`. Thanks to the check @@ -1928,7 +1938,9 @@ static psa_status_t psa_start_key_creation( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - return( status ); + *handle = slot->attr.id; + + return( PSA_SUCCESS ); } /** Finalize the creation of a key once its key material has been set. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 6303473d9..8ef851bdd 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -64,36 +64,41 @@ psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ) ( key_id <= PSA_KEY_ID_VENDOR_MAX ) ) return( PSA_SUCCESS ); - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_INVALID_HANDLE ); } -/* Access a key slot at the given handle. The handle of a key slot is - * the index of the slot in the global slot array, plus one so that handles - * start at 1 and not 0. */ -psa_status_t psa_get_key_slot( psa_key_handle_t handle, - psa_key_slot_t **p_slot ) +static psa_key_slot_t* psa_get_slot_from_volatile_key_id( + mbedtls_svc_key_id_t key ) { - psa_key_slot_t *slot = NULL; + psa_key_slot_t *slot; + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); - if( ! global_data.key_slots_initialized ) - return( PSA_ERROR_BAD_STATE ); + if( ( key_id < PSA_KEY_ID_VOLATILE_MIN ) || + ( key_id > PSA_KEY_ID_VOLATILE_MAX ) ) + return( NULL ); - /* 0 is not a valid handle under any circumstance. This - * implementation provides slots number 1 to N where N is the - * number of available slots. */ - if( psa_key_handle_is_null( handle ) || - ( handle > ARRAY_LENGTH( global_data.key_slots ) ) ) - return( PSA_ERROR_INVALID_HANDLE ); - slot = &global_data.key_slots[handle - 1]; + slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ]; - /* If the slot isn't occupied, the handle is invalid. */ - if( ! psa_is_key_slot_occupied( slot ) ) - return( PSA_ERROR_INVALID_HANDLE ); - - *p_slot = slot; - return( PSA_SUCCESS ); + return( mbedtls_svc_key_id_equal( key, slot->attr.id ) ? slot : NULL ); } +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) +static psa_key_slot_t* psa_get_slot_from_key_id( + mbedtls_svc_key_id_t key ) +{ + psa_key_slot_t *slot = &global_data.key_slots[ PSA_KEY_SLOT_COUNT ]; + + while( slot > &global_data.key_slots[ 0 ] ) + { + slot--; + if( mbedtls_svc_key_id_equal( key, slot->attr.id ) ) + return( slot ); + } + + return( NULL ); +} +#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ + psa_status_t psa_initialize_key_slots( void ) { /* Nothing to do: program startup and psa_wipe_all_key_slots() both @@ -115,8 +120,7 @@ void psa_wipe_all_key_slots( void ) global_data.key_slots_initialized = 0; } -psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, - psa_key_id_t *volatile_key_id, +psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ) { size_t slot_idx; @@ -129,7 +133,6 @@ psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, *p_slot = &global_data.key_slots[ slot_idx - 1 ]; if( ! psa_is_key_slot_occupied( *p_slot ) ) { - *handle = (psa_key_handle_t)slot_idx; *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( (psa_key_id_t)slot_idx ) - 1; @@ -177,8 +180,50 @@ exit: psa_free_persistent_key_data( key_data, key_data_length ); return( status ); } +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + +psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot ) +{ + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + + *p_slot = NULL; + if( ! global_data.key_slots_initialized ) + return( PSA_ERROR_BAD_STATE ); + + status = psa_validate_key_id( key, 1 ); + if( status != PSA_SUCCESS ) + return( status ); + + *p_slot = psa_get_slot_from_volatile_key_id( key ); + if( *p_slot != NULL ) + return( PSA_SUCCESS ); + +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) + psa_key_id_t volatile_key_id; + + *p_slot = psa_get_slot_from_key_id( key ); + if( *p_slot != NULL ) + return( PSA_SUCCESS ); + + status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); + if( status != PSA_SUCCESS ) + return( status ); + + (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT; + (*p_slot)->attr.id = key; + + status = psa_load_persistent_key_into_slot( *p_slot ); + if( status != PSA_SUCCESS ) + psa_wipe_key_slot( *p_slot ); + + return( status ); +#else + return( PSA_ERROR_DOES_NOT_EXIST ); #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ +} + psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ) { @@ -226,29 +271,18 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_status_t status; - psa_key_id_t volatile_key_id; psa_key_slot_t *slot; - *handle = 0; - - status = psa_validate_key_id( key, 1 ); - if( status != PSA_SUCCESS ) - return( status ); - - status = psa_get_empty_key_slot( handle, &volatile_key_id, &slot ); - if( status != PSA_SUCCESS ) - return( status ); - - slot->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT; - slot->attr.id = key; - - status = psa_load_persistent_key_into_slot( slot ); + status = psa_get_key_slot( key, &slot ); if( status != PSA_SUCCESS ) { - psa_wipe_key_slot( slot ); *handle = PSA_KEY_HANDLE_INIT; + return( status ); } - return( status ); + + *handle = key; + + return( PSA_SUCCESS ); #else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ (void) key; diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index d649f53a7..98a1ce753 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -22,6 +22,7 @@ #define PSA_CRYPTO_SLOT_MANAGEMENT_H #include "psa/crypto.h" +#include "psa_crypto_core.h" #include "psa_crypto_se.h" /* Number of key slots (plus one because 0 is not used). @@ -45,21 +46,38 @@ */ #define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX -/** Access a key slot at the given handle. +/** Retrieve the description of a key given its identifier. * - * \param handle Key handle to query. + * The descriptions of volatile keys and loaded persistent keys are + * stored in key slots. This function returns a pointer to the key slot + * containing the description of a key given its identifier. + * + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. + * + * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the - * key slot in memory designated by \p handle. + * key slot containing the description of the key + * identified by \p key. * - * \retval PSA_SUCCESS - * Success: \p handle is a handle to `*p_slot`. Note that `*p_slot` - * may be empty or occupied. - * \retval PSA_ERROR_INVALID_HANDLE - * \p handle is out of range or is not in use. - * \retval PSA_ERROR_BAD_STATE + * \retval #PSA_SUCCESS + * The pointer to the key slot containing the description of the key + * identified by \p key was returned. + * \retval #PSA_ERROR_BAD_STATE * The library has not been initialized. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p key is not a valid key identifier. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \p key is a persistent key identifier. The implementation does not + * have sufficient resources to load the persistent key. This can be + * due to a lack of empty key slot, or available memory. + * \retval #PSA_ERROR_DOES_NOT_EXIST + * There is no key with key identifier \p key. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT */ -psa_status_t psa_get_key_slot( psa_key_handle_t handle, +psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot ); /** Initialize the key slot structures. @@ -79,8 +97,6 @@ void psa_wipe_all_key_slots( void ); * This function returns a key slot that is available for use and is in its * ground state (all-bits-zero). * - * \param[out] handle On success, a slot number that can be used - * as a handle to the slot. * \param[out] volatile_key_id On success, volatile key identifier * associated to the returned slot. * \param[out] p_slot On success, a pointer to the slot. @@ -89,8 +105,7 @@ void psa_wipe_all_key_slots( void ); * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE */ -psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, - psa_key_id_t *volatile_key_id, +psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ); /** Test whether a lifetime designates a key in an external cryptoprocessor. diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 16bd61952..246d71a8d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3577,8 +3577,10 @@ exit: if( ( status != PSA_SUCCESS ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { - mbedtls_printf( "Failed to destroy key slot %u - error was %d", - (unsigned) slot, (int) status ); + mbedtls_printf( "Failed to destroy key slot %u-%u - error was %d", + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( slot ), + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot ), + (int) status ); if( ret == 0 ) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index fce2e22c6..eb4ab0d8f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -4518,8 +4518,10 @@ exit: if( ( status != PSA_SUCCESS ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { - mbedtls_printf( "Failed to destroy key slot %u - error was %d", - (unsigned) psk_slot, (int) status ); + mbedtls_printf( "Failed to destroy key slot %u-%u - error was %d", + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psk_slot ), + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psk_slot ), + (int) status ); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index c9fdcd180..d587886dc 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -185,7 +185,7 @@ void validate_module_init_key_based( int count ) psa_status_t status; uint8_t data[10] = { 0 }; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = 0xdead; + psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); int i; for( i = 0; i < count; i++ ) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index a99f7de5e..c688474aa 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -2,6 +2,7 @@ #include #include "test/psa_crypto_helpers.h" +#include "psa_crypto_slot_management.h" #include "psa_crypto_storage.h" typedef enum @@ -389,7 +390,7 @@ void open_fail( int id_arg, { mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0xdead; + psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); PSA_ASSERT( psa_crypto_init( ) ); @@ -409,7 +410,7 @@ void create_fail( int lifetime_arg, int id_arg, mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = 0xdead; + psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); uint8_t material[1] = {'k'}; TEST_USES_KEY_ID( id ); @@ -583,7 +584,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, psa_algorithm_t target_alg = target_alg_arg; psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_type_t target_type = target_type_arg; - psa_key_handle_t new_handle = 0xdead; + psa_key_handle_t new_handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); uint8_t *export_buffer = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT; @@ -677,6 +678,7 @@ void invalid_handle( int handle_construction, { psa_key_handle_t valid_handle = PSA_KEY_HANDLE_INIT; psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t key_id; psa_status_t close_status = close_status_arg; psa_status_t usage_status = usage_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -700,14 +702,26 @@ void invalid_handle( int handle_construction, invalid_handle = PSA_KEY_HANDLE_INIT; break; case INVALID_HANDLE_UNOPENED: - /* We can't easily construct a handle that's never been opened - * without knowing how the implementation constructs handle - * values. The current test code assumes that valid handles - * are in a range between 1 and some maximum. */ - if( valid_handle == 1 ) - invalid_handle = 2; + + /* + * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) is a volatile + * key identifier as the imported key is a volatile key. Volatile + * key identifiers are in the range from PSA_KEY_ID_VOLATILE_MIN + * to PSA_KEY_ID_VOLATILE_MAX included. Thus pick a key identifier + * in the range from PSA_KEY_ID_VOLATILE_MIN to + * PSA_KEY_ID_VOLATILE_MAX different from + * MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) to build an + * unopened and thus invalid identifier. + */ + + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) == + PSA_KEY_ID_VOLATILE_MIN ) + key_id = PSA_KEY_ID_VOLATILE_MIN + 1; else - invalid_handle = valid_handle - 1; + key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( valid_handle ) - 1; + + invalid_handle = + mbedtls_svc_key_id_make( 0, key_id ); break; case INVALID_HANDLE_CLOSED: PSA_ASSERT( psa_import_key( &attributes, @@ -716,7 +730,8 @@ void invalid_handle( int handle_construction, PSA_ASSERT( psa_destroy_key( invalid_handle ) ); break; case INVALID_HANDLE_HUGE: - invalid_handle = (psa_key_handle_t) ( -1 ); + invalid_handle = + mbedtls_svc_key_id_make( 0, PSA_KEY_ID_VENDOR_MAX + 1 ); break; default: TEST_ASSERT( ! "unknown handle construction" ); From 2d52eb2f78efe29c1532c682c3f0a56d92915458 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 17 Sep 2020 13:58:00 +0200 Subject: [PATCH 406/488] tests: Fix invalid key identifier error code PSA Crypto API spec defines the error code for an invalid key identifier as PSA_ERROR_INVALID_HANDLE. Signed-off-by: Ronald Cron --- .../test_suite_psa_crypto_se_driver_hal.data | 2 +- .../test_suite_psa_crypto_slot_management.data | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index e5eee58d9..645e27d3c 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -148,7 +148,7 @@ Key registration: not supported register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:-1:PSA_ERROR_NOT_SUPPORTED Key registration: key id out of range -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_HANDLE Key registration: key id in vendor range register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index e16089d65..10521e1d5 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -72,15 +72,15 @@ create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x3617:1:KEEP_OPEN Open failure: invalid identifier (0) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:0:PSA_ERROR_INVALID_ARGUMENT +open_fail:0:PSA_ERROR_INVALID_HANDLE Open failure: invalid identifier (random seed UID) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT +open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_HANDLE Open failure: invalid identifier (reserved range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT +open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_HANDLE Open failure: invalid identifier (implementation range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -95,19 +95,19 @@ create_fail:0x7fffffff:0:PSA_ERROR_INVALID_ARGUMENT Create failure: invalid key id (0) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_HANDLE Create failure: invalid key id (random seed UID) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_HANDLE Create failure: invalid key id (reserved range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_HANDLE Create failure: invalid key id (implementation range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_ARGUMENT +create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_INVALID_HANDLE Open not supported depends_on:!MBEDTLS_PSA_CRYPTO_STORAGE_C From 432e19c7b276c785e350fe4bb45848783393f2d0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 17 Sep 2020 14:12:30 +0200 Subject: [PATCH 407/488] tests: Fix error codes when using "invalid" handles As handles are now key identifiers, a handle may be valid now even if it does not refer to any key known to the library. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto.function | 6 +++--- tests/suites/test_suite_psa_crypto_slot_management.data | 4 ++-- .../suites/test_suite_psa_crypto_slot_management.function | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fbd7195cc..f79d9b3d9 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1188,7 +1188,7 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle ) psa_set_key_algorithm( &attributes, PSA_ALG_CTR ); psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), - PSA_ERROR_INVALID_HANDLE ); + PSA_ERROR_DOES_NOT_EXIST ); TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); TEST_EQUAL( @@ -1201,10 +1201,10 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle ) TEST_EQUAL( psa_export_key( handle, buffer, sizeof( buffer ), &length ), - PSA_ERROR_INVALID_HANDLE ); + PSA_ERROR_DOES_NOT_EXIST ); TEST_EQUAL( psa_export_public_key( handle, buffer, sizeof( buffer ), &length ), - PSA_ERROR_INVALID_HANDLE ); + PSA_ERROR_DOES_NOT_EXIST ); ok = 1; diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 10521e1d5..2b3087ff9 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -156,10 +156,10 @@ invalid handle: 0 invalid_handle:INVALID_HANDLE_0:PSA_SUCCESS:PSA_ERROR_INVALID_HANDLE invalid handle: never opened -invalid_handle:INVALID_HANDLE_UNOPENED:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE +invalid_handle:INVALID_HANDLE_UNOPENED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT_EXIST invalid handle: already closed -invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE +invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT_EXIST invalid handle: huge invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index c688474aa..fe3e5f987 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -165,8 +165,8 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, /* Test that the handle is now invalid. */ TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), - PSA_ERROR_INVALID_HANDLE ); - TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE ); + PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -253,9 +253,9 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, /* Test that the handle is now invalid. */ TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ), - PSA_ERROR_INVALID_HANDLE ); + PSA_ERROR_DOES_NOT_EXIST ); psa_reset_key_attributes( &read_attributes ); - TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE ); + TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); /* Try to reopen the key. If we destroyed it, check that it doesn't * exist. Otherwise check that it still exists and has the expected From 4184107d2e53d05d7a7b54e948da8cf63e7734fd Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 17 Sep 2020 15:28:26 +0200 Subject: [PATCH 408/488] tests: Fix checks of volatile key identifier Volatile keys have now a volatile non-null key identifier. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto.function | 9 ++++++++- .../suites/test_suite_psa_crypto_se_driver_hal.function | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f79d9b3d9..23d827ec4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -19,6 +19,7 @@ #define HAVE_RAM_AVAILABLE_128K #include "psa/crypto.h" +#include "psa_crypto_slot_management.h" /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; @@ -245,7 +246,13 @@ int check_key_attributes_sanity( psa_key_handle_t key ) /* Persistence */ if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) - TEST_ASSERT( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) == 0 ); + { + TEST_ASSERT( + ( PSA_KEY_ID_VOLATILE_MIN <= + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ) && + ( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) <= + PSA_KEY_ID_VOLATILE_MAX ) ); + } else { TEST_ASSERT( diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index a1d542d74..f22e6b7ec 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -972,6 +972,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( sizeof( key_material ) ) ); psa_set_key_slot_number( &attributes, min_slot ); + psa_set_key_id( &attributes, handle ); if( ! check_key_attributes( handle, &attributes ) ) goto exit; From e4f6d5c5fe5b2ac9fa93c067d4553754f6a8a02b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 9 Nov 2020 17:47:52 +0100 Subject: [PATCH 409/488] tests: Fix persistent slot lifecycle tests Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto_slot_management.function | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index fe3e5f987..12cf3eac9 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -251,12 +251,6 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, if( ! invalidate_psa( close_method ) ) goto exit; - /* Test that the handle is now invalid. */ - TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ), - PSA_ERROR_DOES_NOT_EXIST ); - psa_reset_key_attributes( &read_attributes ); - TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); - /* Try to reopen the key. If we destroyed it, check that it doesn't * exist. Otherwise check that it still exists and has the expected * content. */ From cf56a0a320469a28d8b825f7f028fa5ea01c2ac3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 4 Aug 2020 09:51:30 +0200 Subject: [PATCH 410/488] psa: Move from key handle to key identifier Move all the PSA crypto APIs using key handles to use key identifiers but psa_key_open() and psa_key_close(). This is done without modifying any test as key handles and key identifiers are now the same. Update the library modules using PSA crypto APIs to get rid of key handles. Programs and unit tests are updated to not use key handles in subsequent commits, not in this one. Signed-off-by: Ronald Cron --- README.md | 2 +- docs/architecture/testing/invasive-testing.md | 4 +- docs/getting_started.md | 64 ++-- docs/proposed/psa-driver-developer-guide.md | 4 - docs/proposed/psa-driver-interface.md | 4 +- include/mbedtls/cipher_internal.h | 2 +- include/mbedtls/pk.h | 11 +- include/mbedtls/ssl.h | 15 +- include/mbedtls/ssl_internal.h | 12 +- include/psa/crypto.h | 318 +++++++----------- include/psa/crypto_compat.h | 135 ++++++++ include/psa/crypto_types.h | 8 +- include/psa/crypto_values.h | 40 +-- library/pk.c | 15 +- library/pk_wrap.c | 16 +- library/pkwrite.c | 10 +- library/psa_crypto.c | 139 ++++---- library/ssl_cli.c | 4 +- library/ssl_srv.c | 6 +- library/ssl_tls.c | 51 ++- 20 files changed, 445 insertions(+), 415 deletions(-) diff --git a/README.md b/README.md index 2058d24d6..ac2a6ab44 100644 --- a/README.md +++ b/README.md @@ -208,7 +208,7 @@ The design goals of the PSA cryptography API include: * The API distinguishes caller memory from internal memory, which allows the library to be implemented in an isolated space for additional security. Library calls can be implemented as direct function calls if isolation is not desired, and as remote procedure calls if isolation is desired. * The structure of internal data is hidden to the application, which allows substituting alternative implementations at build time or run time, for example, in order to take advantage of hardware accelerators. -* All access to the keys happens through handles, which allows support for external cryptoprocessors that is transparent to applications. +* All access to the keys happens through key identifiers, which allows support for external cryptoprocessors that is transparent to applications. * The interface to algorithms is generic, favoring algorithm agility. * The interface is designed to be easy to use and hard to accidentally misuse. diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 744f19401..de611a567 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -100,7 +100,7 @@ Resources include: * Memory. * Files in storage (PSA API only — in the Mbed TLS API, black-box unit tests are sufficient). -* Key handles (PSA API only). +* Key slots (PSA API only). * Key slots in a secure element (PSA SE HAL). * Communication handles (PSA crypto service only). @@ -116,7 +116,7 @@ When code should clean up resources, how do we know that they have truly been cl * Zeroization of confidential data after use. * Freeing memory. -* Closing key handles. +* Freeing key slots. * Freeing key slots in a secure element. * Deleting files in storage (PSA API only). diff --git a/docs/getting_started.md b/docs/getting_started.md index e274f49d7..15d5a3182 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -64,7 +64,7 @@ To use the Mbed Crypto APIs, call `psa_crypto_init()` before calling any other A ### Importing a key To use a key for cryptography operations in Mbed Crypto, you need to first -import it. Importing the key creates a handle that refers to the key for use +import it. The import operation returns the identifier of the key for use with other function calls. **Prerequisites to importing keys:** @@ -76,7 +76,7 @@ void import_a_key(const uint8_t *key, size_t key_len) { psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Import an AES key...\t"); fflush(stdout); @@ -95,7 +95,7 @@ void import_a_key(const uint8_t *key, size_t key_len) psa_set_key_bits(&attributes, 128); /* Import the key */ - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import key\n"); return; @@ -106,7 +106,7 @@ void import_a_key(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -135,7 +135,7 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) 0xa9, 0xe8, 0xcc, 0xac, 0xd0, 0xf6, 0x54, 0x5c}; uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = {0}; size_t signature_length; - psa_key_handle_t handle; + psa_key_id_t key; printf("Sign a message...\t"); fflush(stdout); @@ -154,14 +154,14 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) psa_set_key_bits(&attributes, 1024); /* Import the key */ - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import key\n"); return; } /* Sign message using the key */ - status = psa_sign_hash(handle, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, + status = psa_sign_hash(key, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, hash, sizeof(hash), signature, sizeof(signature), &signature_length); @@ -176,7 +176,7 @@ void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -188,7 +188,7 @@ Mbed Crypto supports encrypting and decrypting messages using various symmetric **Prerequisites to working with the symmetric cipher API:** * Initialize the library with a successful call to `psa_crypto_init()`. -* Have a handle to a symmetric key. This key's usage flags must include `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to allow decryption. +* Have a symmetric key. This key's usage flags must include `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to allow decryption. **To encrypt a message with a symmetric cipher:** 1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions. @@ -213,7 +213,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) size_t iv_len; uint8_t output[block_size]; size_t output_len; - psa_key_handle_t handle; + psa_key_id_t key; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; printf("Encrypt with cipher...\t"); @@ -232,7 +232,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import a key\n"); return; @@ -240,7 +240,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Encrypt the plaintext */ - status = psa_cipher_encrypt_setup(&operation, handle, alg); + status = psa_cipher_encrypt_setup(&operation, key, alg); if (status != PSA_SUCCESS) { printf("Failed to begin cipher operation\n"); return; @@ -268,7 +268,7 @@ void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_cipher_abort(&operation); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -298,7 +298,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) uint8_t iv[block_size] = ENCRYPTED_WITH_IV; uint8_t output[block_size]; size_t output_len; - psa_key_handle_t handle; + psa_key_id_t key; printf("Decrypt with cipher...\t"); fflush(stdout); @@ -316,7 +316,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, key_len, &handle); + status = psa_import_key(&attributes, key, key_len, &key); if (status != PSA_SUCCESS) { printf("Failed to import a key\n"); return; @@ -324,7 +324,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_reset_key_attributes(&attributes); /* Decrypt the ciphertext */ - status = psa_cipher_decrypt_setup(&operation, handle, alg); + status = psa_cipher_decrypt_setup(&operation, key, alg); if (status != PSA_SUCCESS) { printf("Failed to begin cipher operation\n"); return; @@ -352,7 +352,7 @@ void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) psa_cipher_abort(&operation); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); } @@ -592,8 +592,8 @@ derived from the key, salt and info provided: PSA_KEY_DERIVATION_OPERATION_INIT; size_t derived_bits = 128; size_t capacity = PSA_BITS_TO_BYTES(derived_bits); - psa_key_handle_t base_key; - psa_key_handle_t derived_key; + psa_key_id_t base_key; + psa_key_id_t derived_key; printf("Derive a key (HKDF)...\t"); fflush(stdout); @@ -702,7 +702,7 @@ This example shows how to authenticate and encrypt a message: size_t output_length = 0; size_t tag_length = 16; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Authenticate encrypt...\t"); fflush(stdout); @@ -726,11 +726,11 @@ This example shows how to authenticate and encrypt a message: psa_set_key_algorithm(&attributes, PSA_ALG_CCM); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, sizeof(key), &handle); + status = psa_import_key(&attributes, key, sizeof(key), &key); psa_reset_key_attributes(&attributes); /* Authenticate and encrypt */ - status = psa_aead_encrypt(handle, PSA_ALG_CCM, + status = psa_aead_encrypt(key, PSA_ALG_CCM, nonce, sizeof(nonce), additional_data, sizeof(additional_data), input_data, sizeof(input_data), @@ -747,7 +747,7 @@ This example shows how to authenticate and encrypt a message: free(output_data); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); ``` @@ -756,7 +756,7 @@ This example shows how to authenticate and decrypt a message: ```C psa_status_t status; - static const uint8_t key[] = { + static const uint8_t key_data[] = { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF }; static const uint8_t nonce[] = { @@ -773,7 +773,7 @@ This example shows how to authenticate and decrypt a message: size_t output_size = 0; size_t output_length = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Authenticate decrypt...\t"); fflush(stdout); @@ -797,7 +797,7 @@ This example shows how to authenticate and decrypt a message: psa_set_key_algorithm(&attributes, PSA_ALG_CCM); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, sizeof(key), &handle); + status = psa_import_key(&attributes, key_data, sizeof(key_data), &key); if (status != PSA_SUCCESS) { printf("Failed to import a key\n"); return; @@ -805,7 +805,7 @@ This example shows how to authenticate and decrypt a message: psa_reset_key_attributes(&attributes); /* Authenticate and decrypt */ - status = psa_aead_decrypt(handle, PSA_ALG_CCM, + status = psa_aead_decrypt(key, PSA_ALG_CCM, nonce, sizeof(nonce), additional_data, sizeof(additional_data), input_data, sizeof(input_data), @@ -822,7 +822,7 @@ This example shows how to authenticate and decrypt a message: free(output_data); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); ``` @@ -848,7 +848,7 @@ Mbed Crypto provides a simple way to generate a key or key pair. size_t exported_length = 0; static uint8_t exported[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)]; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle; + psa_key_id_t key; printf("Generate a key pair...\t"); fflush(stdout); @@ -867,14 +867,14 @@ Mbed Crypto provides a simple way to generate a key or key pair. psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); psa_set_key_bits(&attributes, key_bits); - status = psa_generate_key(&attributes, &handle); + status = psa_generate_key(&attributes, &key); if (status != PSA_SUCCESS) { printf("Failed to generate key\n"); return; } psa_reset_key_attributes(&attributes); - status = psa_export_public_key(handle, exported, sizeof(exported), + status = psa_export_public_key(key, exported, sizeof(exported), &exported_length); if (status != PSA_SUCCESS) { printf("Failed to export public key %ld\n", status); @@ -884,7 +884,7 @@ Mbed Crypto provides a simple way to generate a key or key pair. printf("Exported a public key\n"); /* Destroy the key */ - psa_destroy_key(handle); + psa_destroy_key(key); mbedtls_psa_crypto_free(); ``` diff --git a/docs/proposed/psa-driver-developer-guide.md b/docs/proposed/psa-driver-developer-guide.md index c221bb247..70cb9d397 100644 --- a/docs/proposed/psa-driver-developer-guide.md +++ b/docs/proposed/psa-driver-developer-guide.md @@ -36,10 +36,6 @@ A driver therefore consists of: Mbed TLS calls driver entry points [as specified in the PSA Cryptography Driver Interface specification](psa-driver-interface.html#driver-entry-points) except as otherwise indicated in this section. -### Key handles - -Mbed TLS currently implements the interface for opening and closing persistent keys from version 1.0 beta 3 of the PSA Crypto specification. As a consequence, functions that operate on an existing key take an argument of type `psa_key_handle_t` instead of `psa_key_id_t`. Functions that create a new key take an argument of type `psa_key_handle_t *` instead of `psa_key_id_t *`. - ## Building and testing your driver diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 56e2b29e9..5ec313451 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -580,8 +580,8 @@ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_size(&attributes, 128); psa_set_key_algorithm(&attributes, PSA_ALG_GCM); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); -psa_key_handle_t handle = 0; -psa_generate_key(&attributes, &handle); +psa_key_id_t key; +psa_generate_key(&attributes, &key); ``` ## Using opaque drivers from an application diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h index d28310847..2484c01c7 100644 --- a/include/mbedtls/cipher_internal.h +++ b/include/mbedtls/cipher_internal.h @@ -134,7 +134,7 @@ typedef enum typedef struct { psa_algorithm_t alg; - psa_key_handle_t slot; + psa_key_id_t slot; mbedtls_cipher_psa_key_ownership slot_state; } mbedtls_cipher_context_psa; #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 22fab13bd..7d0f977d5 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -331,12 +331,13 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input - * (context already used, invalid key handle). + * (context already used, invalid key identifier). * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an * ECC key pair. * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ); +int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, + const psa_key_id_t key ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) @@ -858,9 +859,9 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); * * \param pk Input: the EC key to import to a PSA key. * Output: a PK context wrapping that PSA key. - * \param handle Output: a PSA key handle. + * \param key Output: a PSA key identifier. * It's the caller's responsibility to call - * psa_destroy_key() on that handle after calling + * psa_destroy_key() on that key identifier after calling * mbedtls_pk_free() on the PK context. * \param hash_alg The hash algorithm to allow for use with that key. * @@ -868,7 +869,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); * \return An Mbed TLS error code otherwise. */ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_handle_t *handle, + psa_key_id_t *key, psa_algorithm_t hash_alg ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1b4e163f6..e4af30a2b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1063,11 +1063,12 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t psk_opaque; /*!< PSA key slot holding opaque PSK. - * This field should only be set via - * mbedtls_ssl_conf_psk_opaque(). - * If either no PSK or a raw PSK have - * been configured, this has value \c 0. */ + psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field + * should only be set via + * mbedtls_ssl_conf_psk_opaque(). + * If either no PSK or a raw PSK have been + * configured, this has value \c 0. + */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *psk; /*!< The raw pre-shared key. This field should @@ -2814,7 +2815,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_handle_t psk, + psa_key_id_t psk, const unsigned char *psk_identity, size_t psk_identity_len ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -2860,7 +2861,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_handle_t psk ); + psa_key_id_t psk ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 015b53c2b..9f8d71787 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -443,7 +443,7 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t ecdh_psa_type; uint16_t ecdh_bits; - psa_key_handle_t ecdh_psa_privkey; + psa_key_id_t ecdh_psa_privkey; unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t ecdh_psa_peerkey_len; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -462,7 +462,7 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t psk_opaque; /*!< Opaque PSK from the callback */ + psa_key_id_t psk_opaque; /*!< Opaque PSK from the callback */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *psk; /*!< PSK from the callback */ size_t psk_len; /*!< Length of PSK from callback */ @@ -1061,16 +1061,16 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque() * Return an opaque PSK */ -static inline psa_key_handle_t mbedtls_ssl_get_opaque_psk( +static inline psa_key_id_t mbedtls_ssl_get_opaque_psk( const mbedtls_ssl_context *ssl ) { - if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) return( ssl->handshake->psk_opaque ); - if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) return( ssl->conf->psk_opaque ); - return( PSA_KEY_HANDLE_INIT ); + return( MBEDTLS_SVC_KEY_ID_INIT ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 5ba16b987..2620af5ba 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -348,7 +348,7 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes); * Once you have called this function on an attribute structure, * you must call psa_reset_key_attributes() to free these resources. * - * \param[in] handle Handle to the key to query. + * \param[in] key Identifier of the key to query. * \param[in,out] attributes On success, the attributes of the key. * On failure, equivalent to a * freshly-initialized structure. @@ -364,7 +364,7 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_get_key_attributes(psa_key_handle_t handle, +psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes); /** Reset a key attribute structure to a freshly initialized state. @@ -387,94 +387,6 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * @{ */ -/** Open a handle to an existing persistent key. - * - * Open a handle to a persistent key. A key is persistent if it was created - * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key - * always has a nonzero key identifier, set with psa_set_key_id() when - * creating the key. Implementations may provide additional pre-provisioned - * keys that can be opened with psa_open_key(). Such keys have an application - * key identifier in the vendor range, as documented in the description of - * #psa_key_id_t. - * - * The application must eventually close the handle with psa_close_key() or - * psa_destroy_key() to release associated resources. If the application dies - * without calling one of these functions, the implementation should perform - * the equivalent of a call to psa_close_key(). - * - * Some implementations permit an application to open the same key multiple - * times. If this is successful, each call to psa_open_key() will return a - * different key handle. - * - * \note Applications that rely on opening a key multiple times will not be - * portable to implementations that only permit a single key handle to be - * opened. See also :ref:\`key-handles\`. - * - * \param key The persistent identifier of the key. - * \param[out] handle On success, a handle to the key. - * - * \retval #PSA_SUCCESS - * Success. The application can now use the value of `*handle` - * to access the key. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * The implementation does not have sufficient resources to open the - * key. This can be due to reaching an implementation limit on the - * number of open keys, the number of open key handles, or available - * memory. - * \retval #PSA_ERROR_DOES_NOT_EXIST - * There is no persistent key with key identifier \p id. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p id is not a valid persistent key identifier. - * \retval #PSA_ERROR_NOT_PERMITTED - * The specified key exists, but the application does not have the - * permission to access it. Note that this specification does not - * define any way to create such a key, but it may be possible - * through implementation-specific means. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_open_key( mbedtls_svc_key_id_t key, - psa_key_handle_t *handle ); - -/** Close a key handle. - * - * If the handle designates a volatile key, this will destroy the key material - * and free all associated resources, just like psa_destroy_key(). - * - * If this is the last open handle to a persistent key, then closing the handle - * will free all resources associated with the key in volatile memory. The key - * data in persistent storage is not affected and can be opened again later - * with a call to psa_open_key(). - * - * Closing the key handle makes the handle invalid, and the key handle - * must not be used again by the application. - * - * \note If the key handle was used to set up an active - * :ref:\`multipart operation \`, then closing the - * key handle can cause the multipart operation to fail. Applications should - * maintain the key handle until after the multipart operation has finished. - * - * \param handle The key handle to close. - * If this is \c 0, do nothing and return \c PSA_SUCCESS. - * - * \retval #PSA_SUCCESS - * \p handle was a valid handle or \c 0. It is now closed. - * \retval #PSA_ERROR_INVALID_HANDLE - * \p handle is not a valid handle nor \c 0. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_close_key(psa_key_handle_t handle); - /** Make a copy of a key. * * Copy key material from one location to another. @@ -512,7 +424,10 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * The effect of this function on implementation-defined attributes is * implementation-defined. * - * \param source_handle The key to copy. It must be a valid key handle. + * \param source_key The key to copy. It must allow the usage + * PSA_KEY_USAGE_COPY. If a private or secret key is + * being copied outside of a secure element it must + * also allow PSA_KEY_USAGE_EXPORT. * \param[in] attributes The attributes for the new key. * They are used as follows: * - The key type and size may be 0. If either is @@ -526,12 +441,12 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * the source key and \p attributes so that * both sets of restrictions apply, as * described in the documentation of this function. - * \param[out] target_handle On success, a handle to the newly created key. - * \c 0 on failure. + * \param[out] target_key On success, an identifier for the newly created + * key. \c 0 on failure. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE - * \p source_handle is invalid. + * \p source_key is invalid. * \retval #PSA_ERROR_ALREADY_EXISTS * This is an attempt to create a persistent key, and there is * already a persistent key with the given identifier. @@ -559,9 +474,9 @@ psa_status_t psa_close_key(psa_key_handle_t handle); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_copy_key(psa_key_handle_t source_handle, +psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *attributes, - psa_key_handle_t *target_handle); + mbedtls_svc_key_id_t *target_key); /** @@ -572,28 +487,22 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * make a best effort to ensure that that the key material cannot be recovered. * * This function also erases any metadata such as policies and frees - * resources associated with the key. To free all resources associated with - * the key, all handles to the key must be closed or destroyed. - * - * Destroying the key makes the handle invalid, and the key handle - * must not be used again by the application. Using other open handles to the - * destroyed key in a cryptographic operation will result in an error. + * resources associated with the key. * * If a key is currently in use in a multipart operation, then destroying the * key will cause the multipart operation to fail. * - * \param handle Handle to the key to erase. - * If this is \c 0, do nothing and return \c PSA_SUCCESS. + * \param key Identifier of the key to erase. If this is \c 0, do nothing and + * return PSA_SUCCESS. * * \retval #PSA_SUCCESS - * \p handle was a valid handle and the key material that it - * referred to has been erased. - * Alternatively, \p handle is \c 0. + * \p key was a valid identifier and the key material that it + * referred to has been erased. Alternatively, \p key is \c 0. * \retval #PSA_ERROR_NOT_PERMITTED * The key cannot be erased because it is * read-only, either due to a policy or due to physical restrictions. * \retval #PSA_ERROR_INVALID_HANDLE - * \p handle is not a valid handle nor \c 0. + * \p key is not a valid identifier nor \c 0. * \retval #PSA_ERROR_COMMUNICATION_FAILURE * There was an failure in communication with the cryptoprocessor. * The key material may still be present in the cryptoprocessor. @@ -611,7 +520,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_destroy_key(psa_key_handle_t handle); +psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); /**@}*/ @@ -646,7 +555,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); * \p data buffer. * If the key size in \p attributes is nonzero, * it must be equal to the size from \p data. - * \param[out] handle On success, a handle to the newly created key. + * \param[out] key On success, an identifier to the newly created key. * \c 0 on failure. * \param[in] data Buffer containing the key data. The content of this * buffer is interpreted according to the type declared @@ -691,7 +600,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle); psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, - psa_key_handle_t *handle); + mbedtls_svc_key_id_t *key); @@ -752,7 +661,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set. * - * \param handle Handle to the key to export. + * \param key Identifier of the key to export. It must allow the + * usage PSA_KEY_USAGE_EXPORT, unless it is a public + * key. * \param[out] data Buffer where the key data is to be written. * \param data_size Size of the \p data buffer in bytes. * \param[out] data_length On success, the number of bytes @@ -779,7 +690,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_export_key(psa_key_handle_t handle, +psa_status_t psa_export_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length); @@ -822,7 +733,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * Exporting a public key object or the public part of a key pair is * always permitted, regardless of the key's usage flags. * - * \param handle Handle to the key to export. + * \param key Identifier of the key to export. * \param[out] data Buffer where the key data is to be written. * \param data_size Size of the \p data buffer in bytes. * \param[out] data_length On success, the number of bytes @@ -849,7 +760,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_export_public_key(psa_key_handle_t handle, +psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length); @@ -1226,7 +1137,8 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * about the MAC value which could allow an attacker to guess * a valid MAC and thereby bypass security controls. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. It + * must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. @@ -1241,7 +1153,7 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -1257,7 +1169,7 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_mac_compute(psa_key_handle_t handle, +psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1267,7 +1179,8 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, /** Calculate the MAC of a message and compare it with a reference value. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. It + * must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. @@ -1283,7 +1196,7 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1297,7 +1210,7 @@ psa_status_t psa_mac_compute(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_mac_verify(psa_key_handle_t handle, +psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1382,9 +1295,9 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_mac_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. + * \param key Identifier of the key to use for the operation. It + * must remain valid until the operation terminates. + * It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * @@ -1393,7 +1306,7 @@ static psa_mac_operation_t psa_mac_operation_init(void); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1410,7 +1323,7 @@ static psa_mac_operation_t psa_mac_operation_init(void); * results in this error code. */ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Set up a multipart MAC verification operation. @@ -1444,9 +1357,10 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_mac_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. + * \param key Identifier of the key to use for the operation. It + * must remain valid until the operation terminates. + * It must allow the usage + * PSA_KEY_USAGE_VERIFY_MESSAGE. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(\p alg) is true). * @@ -1472,7 +1386,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * results in this error code. */ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Add a message fragment to a multipart MAC operation. @@ -1639,9 +1553,8 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * vector). Use the multipart operation interface with a * #psa_cipher_operation_t object to provide other forms of IV. * - * \param handle Handle to the key to use for the operation. - * It must remain valid until the operation - * terminates. + * \param key Identifier of the key to use for the operation. + * It must allow the usage PSA_KEY_USAGE_ENCRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1659,7 +1572,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -1673,7 +1586,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, +psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1685,9 +1598,10 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * * This function decrypts a message encrypted with a symmetric cipher. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * PSA_KEY_USAGE_DECRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1705,7 +1619,7 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -1719,7 +1633,7 @@ psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, +psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -1805,9 +1719,10 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_cipher_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * PSA_KEY_USAGE_ENCRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1817,7 +1732,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1833,7 +1748,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * results in this error code. */ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Set the key for a multipart symmetric decryption operation. @@ -1868,9 +1783,10 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_cipher_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * PSA_KEY_USAGE_DECRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1880,7 +1796,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -1896,7 +1812,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * results in this error code. */ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Generate an IV for a symmetric encryption operation. @@ -2110,7 +2026,9 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); /** Process an authenticated encryption operation. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the + * operation. It must allow the usage + * PSA_KEY_USAGE_ENCRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2141,7 +2059,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2156,7 +2074,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_aead_encrypt(psa_key_handle_t handle, +psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -2170,7 +2088,9 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, /** Process an authenticated decryption operation. * - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the + * operation. It must allow the usage + * PSA_KEY_USAGE_DECRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2201,7 +2121,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * The ciphertext is not authentic. * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2216,7 +2136,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_aead_decrypt(psa_key_handle_t handle, +psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -2312,9 +2232,10 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_aead_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * PSA_KEY_USAGE_ENCRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2326,7 +2247,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2340,7 +2261,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * results in this error code. */ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Set the key for a multipart authenticated decryption operation. @@ -2378,9 +2299,10 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_aead_operation_t and not yet in use. - * \param handle Handle to the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must remain valid until the operation - * terminates. + * terminates. It must allow the usage + * PSA_KEY_USAGE_DECRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2392,7 +2314,7 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p handle is not compatible with \p alg. + * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2406,7 +2328,7 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * results in this error code. */ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg); /** Generate a random nonce for an authenticated encryption operation. @@ -2864,10 +2786,11 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) * to determine the hash algorithm to use. * - * \param handle Handle to the key to use for the operation. - * It must be an asymmetric key pair. + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. The key must + * allow the usage PSA_KEY_USAGE_SIGN_HASH. * \param alg A signature algorithm that is compatible with - * the type of \p handle. + * the type of \p key. * \param[in] hash The hash or message to sign. * \param hash_length Size of the \p hash buffer in bytes. * \param[out] signature Buffer where the signature is to be written. @@ -2883,7 +2806,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * determine a sufficient buffer size by calling * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size - * respectively of \p handle. + * respectively of \p key. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2897,7 +2820,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_sign_hash(psa_key_handle_t handle, +psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -2914,10 +2837,11 @@ psa_status_t psa_sign_hash(psa_key_handle_t handle, * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) * to determine the hash algorithm to use. * - * \param handle Handle to the key to use for the operation. - * It must be a public key or an asymmetric key pair. + * \param key Identifier of the key to use for the operation. It + * must be a public key or an asymmetric key pair. The + * key must allow the usage PSA_KEY_USAGE_VERIFY_HASH. * \param alg A signature algorithm that is compatible with - * the type of \p handle. + * the type of \p key. * \param[in] hash The hash or message whose signature is to be * verified. * \param hash_length Size of the \p hash buffer in bytes. @@ -2943,7 +2867,7 @@ psa_status_t psa_sign_hash(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_verify_hash(psa_key_handle_t handle, +psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -2953,11 +2877,12 @@ psa_status_t psa_verify_hash(psa_key_handle_t handle, /** * \brief Encrypt a short message with a public key. * - * \param handle Handle to the key to use for the operation. - * It must be a public key or an asymmetric - * key pair. + * \param key Identifer of the key to use for the operation. + * It must be a public key or an asymmetric key + * pair. It must allow the usage + * PSA_KEY_USAGE_ENCRYPT. * \param alg An asymmetric encryption algorithm that is - * compatible with the type of \p handle. + * compatible with the type of \p key. * \param[in] input The message to encrypt. * \param input_length Size of the \p input buffer in bytes. * \param[in] salt A salt or label, if supported by the @@ -2986,7 +2911,7 @@ psa_status_t psa_verify_hash(psa_key_handle_t handle, * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size - * respectively of \p handle. + * respectively of \p key. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -3000,7 +2925,7 @@ psa_status_t psa_verify_hash(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, +psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -3013,10 +2938,11 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, /** * \brief Decrypt a short message with a private key. * - * \param handle Handle to the key to use for the operation. - * It must be an asymmetric key pair. + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. It must + * allow the usage PSA_KEY_USAGE_DECRYPT. * \param alg An asymmetric encryption algorithm that is - * compatible with the type of \p handle. + * compatible with the type of \p key. * \param[in] input The message to decrypt. * \param input_length Size of the \p input buffer in bytes. * \param[in] salt A salt or label, if supported by the @@ -3045,7 +2971,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size - * respectively of \p handle. + * respectively of \p key. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -3060,7 +2986,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, +psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -3318,9 +3244,9 @@ psa_status_t psa_key_derivation_input_bytes( * psa_key_derivation_setup() and must not * have produced any output yet. * \param step Which step the input data is for. - * \param handle Handle to the key. It must have an - * appropriate type for \p step and must - * allow the usage #PSA_KEY_USAGE_DERIVE. + * \param key Identifier of the key. It must have an + * appropriate type for step and must allow the + * usage PSA_KEY_USAGE_DERIVE. * * \retval #PSA_SUCCESS * Success. @@ -3346,7 +3272,7 @@ psa_status_t psa_key_derivation_input_bytes( psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t handle); + mbedtls_svc_key_id_t key); /** Perform a key agreement and use the shared secret as input to a key * derivation. @@ -3371,7 +3297,8 @@ psa_status_t psa_key_derivation_input_key( * The operation must be ready for an * input of the type given by \p step. * \param step Which step the input data is for. - * \param private_key Handle to the private key to use. + * \param private_key Identifier of the private key to use. It must + * allow the usage PSA_KEY_USAGE_DERIVE. * \param[in] peer_key Public key of the peer. The peer key must be in the * same format that psa_import_key() accepts for the * public key type corresponding to the type of @@ -3415,7 +3342,7 @@ psa_status_t psa_key_derivation_input_key( psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length); @@ -3559,8 +3486,8 @@ psa_status_t psa_key_derivation_output_bytes( * * \param[in] attributes The attributes for the new key. * \param[in,out] operation The key derivation operation object to read from. - * \param[out] handle On success, a handle to the newly created key. - * \c 0 on failure. + * \param[out] key On success, an identifier for the newly created + * key. \c 0 on failure. * * \retval #PSA_SUCCESS * Success. @@ -3599,7 +3526,7 @@ psa_status_t psa_key_derivation_output_bytes( psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, - psa_key_handle_t *handle); + mbedtls_svc_key_id_t *key); /** Abort a key derivation operation. * @@ -3640,7 +3567,8 @@ psa_status_t psa_key_derivation_abort( * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) * is true). - * \param private_key Handle to the private key to use. + * \param private_key Identifier of the private key to use. It must + * allow the usage PSA_KEY_USAGE_DERIVE. * \param[in] peer_key Public key of the peer. It must be * in the same format that psa_import_key() * accepts. The standard formats for public @@ -3678,7 +3606,7 @@ psa_status_t psa_key_derivation_abort( * results in this error code. */ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, @@ -3734,8 +3662,8 @@ psa_status_t psa_generate_random(uint8_t *output, * attributes. * * \param[in] attributes The attributes for the new key. - * \param[out] handle On success, a handle to the newly created key. - * \c 0 on failure. + * \param[out] key On success, an identifier for the newly created + * key. \c 0 on failure. * * \retval #PSA_SUCCESS * Success. @@ -3759,7 +3687,7 @@ psa_status_t psa_generate_random(uint8_t *output, * results in this error code. */ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, - psa_key_handle_t *handle); + mbedtls_svc_key_id_t *key); /**@}*/ diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 4b607b6ff..fea292311 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -34,6 +34,40 @@ extern "C" { #endif +/* + * To support temporary both openless APIs and psa_open_key(), define + * psa_key_handle_t to be equal to mbedtls_svc_key_id_t. Do not mark the + * type and its utility macros and functions deprecated yet. This will be done + * in a subsequent phase. + */ +typedef mbedtls_svc_key_id_t psa_key_handle_t; + +#define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT + +/** Compare two handles. + * + * \param handle1 First handle. + * \param handle2 Second handle. + * + * \return Non-zero if the two handles are equal, zero otherwise. + */ +static inline int psa_key_handle_equal( psa_key_handle_t handle1, + psa_key_handle_t handle2 ) +{ + return( mbedtls_svc_key_id_equal( handle1, handle2 ) ); +} + +/** Check wether an handle is null. + * + * \param handle Handle + * + * \return Non-zero if the handle is null, zero otherwise. + */ +static inline int psa_key_handle_is_null( psa_key_handle_t handle ) +{ + return( mbedtls_svc_key_id_is_null( handle ) ); +} + #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* @@ -223,6 +257,107 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key #define PSA_DH_GROUP_CUSTOM \ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM ) +/** Open a handle to an existing persistent key. + * + * Open a handle to a persistent key. A key is persistent if it was created + * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key + * always has a nonzero key identifier, set with psa_set_key_id() when + * creating the key. Implementations may provide additional pre-provisioned + * keys that can be opened with psa_open_key(). Such keys have an application + * key identifier in the vendor range, as documented in the description of + * #psa_key_id_t. + * + * The application must eventually close the handle with psa_close_key() or + * psa_destroy_key() to release associated resources. If the application dies + * without calling one of these functions, the implementation should perform + * the equivalent of a call to psa_close_key(). + * + * Some implementations permit an application to open the same key multiple + * times. If this is successful, each call to psa_open_key() will return a + * different key handle. + * + * \note This API is not part of the PSA Cryptography API Release 1.0.0 + * specification. It was defined in the 1.0 Beta 3 version of the + * specification but was removed in the 1.0.0 released version. This API is + * kept for the time being to not break applications relying on it. It is not + * deprecated yet but will be in the near future. + * + * \note Applications that rely on opening a key multiple times will not be + * portable to implementations that only permit a single key handle to be + * opened. See also :ref:\`key-handles\`. + * + * + * \param key The persistent identifier of the key. + * \param[out] handle On success, a handle to the key. + * + * \retval #PSA_SUCCESS + * Success. The application can now use the value of `*handle` + * to access the key. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * The implementation does not have sufficient resources to open the + * key. This can be due to reaching an implementation limit on the + * number of open keys, the number of open key handles, or available + * memory. + * \retval #PSA_ERROR_DOES_NOT_EXIST + * There is no persistent key with key identifier \p id. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p id is not a valid persistent key identifier. + * \retval #PSA_ERROR_NOT_PERMITTED + * The specified key exists, but the application does not have the + * permission to access it. Note that this specification does not + * define any way to create such a key, but it may be possible + * through implementation-specific means. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_open_key( mbedtls_svc_key_id_t key, + psa_key_handle_t *handle ); + +/** Close a key handle. + * + * If the handle designates a volatile key, this will destroy the key material + * and free all associated resources, just like psa_destroy_key(). + * + * If this is the last open handle to a persistent key, then closing the handle + * will free all resources associated with the key in volatile memory. The key + * data in persistent storage is not affected and can be opened again later + * with a call to psa_open_key(). + * + * Closing the key handle makes the handle invalid, and the key handle + * must not be used again by the application. + * + * \note This API is not part of the PSA Cryptography API Release 1.0.0 + * specification. It was defined in the 1.0 Beta 3 version of the + * specification but was removed in the 1.0.0 released version. This API is + * kept for the time being to not break applications relying on it. It is not + * deprecated yet but will be in the near future. + * + * \note If the key handle was used to set up an active + * :ref:\`multipart operation \`, then closing the + * key handle can cause the multipart operation to fail. Applications should + * maintain the key handle until after the multipart operation has finished. + * + * \param handle The key handle to close. + * If this is \c 0, do nothing and return \c PSA_SUCCESS. + * + * \retval #PSA_SUCCESS + * \p handle was a valid handle or \c 0. It is now closed. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p handle is not a valid handle nor \c 0. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_close_key(psa_key_handle_t handle); + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index b5e68d4bd..0a2ae5428 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -247,12 +247,6 @@ typedef struct #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ -/* - * To support temporary both openless APIs and psa_open_key(), define - * psa_key_handle_t to be equal to mbedtls_svc_key_id_t. - */ -typedef mbedtls_svc_key_id_t psa_key_handle_t; - /**@}*/ /** \defgroup policy Key policies @@ -358,7 +352,7 @@ typedef uint32_t psa_key_usage_t; * -# Call a key creation function: psa_import_key(), psa_generate_key(), * psa_key_derivation_output_key() or psa_copy_key(). This function reads * the attribute structure, creates a key with these attributes, and - * outputs a handle to the newly created key. + * outputs a key identifier to the newly created key. * -# The attribute structure is now no longer necessary. * You may call psa_reset_key_attributes(), although this is optional * with the workflow presented here because the attributes currently diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 5061ab4c9..9828768a0 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -108,7 +108,7 @@ * as applicable. * * Implementations shall not return this error code to indicate that a - * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE + * key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE * instead. */ #define PSA_ERROR_BAD_STATE ((psa_status_t)-137) @@ -118,7 +118,7 @@ * combination of parameters are recognized as invalid. * * Implementations shall not return this error code to indicate that a - * key handle is invalid, but shall return #PSA_ERROR_INVALID_HANDLE + * key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE * instead. */ #define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t)-135) @@ -266,7 +266,7 @@ * to read from a resource. */ #define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t)-143) -/** The key handle is not valid. See also :ref:\`key-handles\`. +/** The key identifier is not valid. See also :ref:\`key-handles\`. */ #define PSA_ERROR_INVALID_HANDLE ((psa_status_t)-136) @@ -769,9 +769,9 @@ * an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each * call to sign or verify a message may use a different hash. * ``` - * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...); - * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...); - * psa_sign_hash(handle, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...); + * psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...); + * psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...); + * psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...); * ``` * * This value may not be used to build other algorithms that are @@ -1561,7 +1561,7 @@ /** The default lifetime for volatile keys. * - * A volatile key only exists as long as the handle to it is not closed. + * A volatile key only exists as long as the identifier to it is not destroyed. * The key material is guaranteed to be erased on a power reset. * * A key with this lifetime is typically stored in the RAM area of the @@ -1756,32 +1756,6 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ -#define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT - -/** Compare two handles. - * - * \param handle1 First handle. - * \param handle2 Second handle. - * - * \return Non-zero if the two handles are equal, zero otherwise. - */ -static inline int psa_key_handle_equal( psa_key_handle_t handle1, - psa_key_handle_t handle2 ) -{ - return( mbedtls_svc_key_id_equal( handle1, handle2 ) ); -} - -/** Check wether an handle is null. - * - * \param handle Handle - * - * \return Non-zero if the handle is null, zero otherwise. - */ -static inline int psa_key_handle_is_null( psa_key_handle_t handle ) -{ - return( mbedtls_svc_key_id_is_null( handle ) ); -} - /**@}*/ /** \defgroup policy Key policies diff --git a/library/pk.c b/library/pk.c index 9a3bcb0dc..ecf002d45 100644 --- a/library/pk.c +++ b/library/pk.c @@ -150,11 +150,12 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) /* * Initialise a PSA-wrapping context */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ) +int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, + const psa_key_id_t key ) { const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t *pk_ctx; + psa_key_id_t *pk_ctx; psa_key_type_t type; if( ctx == NULL || ctx->pk_info != NULL ) @@ -174,7 +175,7 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ctx->pk_info = info; - pk_ctx = (psa_key_handle_t *) ctx->pk_ctx; + pk_ctx = (psa_key_id_t *) ctx->pk_ctx; *pk_ctx = key; return( 0 ); @@ -587,12 +588,12 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) * Currently only works for EC private keys. */ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_handle_t *handle, + psa_key_id_t *key, psa_algorithm_t hash_alg ) { #if !defined(MBEDTLS_ECP_C) ((void) pk); - ((void) handle); + ((void) key); ((void) hash_alg); return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); #else @@ -624,14 +625,14 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); /* import private key into PSA */ - if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, handle ) ) + if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); /* make PK context wrap the key slot */ mbedtls_pk_free( pk ); mbedtls_pk_init( pk ); - return( mbedtls_pk_setup_opaque( pk, *handle ) ); + return( mbedtls_pk_setup_opaque( pk, *key ) ); #endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index a40734b27..107e912ac 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -543,7 +543,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, mbedtls_ecdsa_context *ctx = ctx_arg; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t key_id = 0; psa_status_t status; mbedtls_pk_context key; int key_len; @@ -576,7 +576,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, status = psa_import_key( &attributes, buf + sizeof( buf ) - key_len, key_len, - &key_handle ); + &key_id ); if( status != PSA_SUCCESS ) { ret = mbedtls_psa_err_translate_pk( status ); @@ -598,7 +598,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, goto cleanup; } - if( psa_verify_hash( key_handle, psa_sig_md, + if( psa_verify_hash( key_id, psa_sig_md, hash, hash_len, buf, 2 * signature_part_size ) != PSA_SUCCESS ) @@ -615,7 +615,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, ret = 0; cleanup: - psa_destroy_key( key_handle ); + psa_destroy_key( key_id ); return( ret ); } #else /* MBEDTLS_USE_PSA_CRYPTO */ @@ -870,7 +870,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { static void *pk_opaque_alloc_wrap( void ) { - void *ctx = mbedtls_calloc( 1, sizeof( psa_key_handle_t ) ); + void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) ); /* no _init() function to call, an calloc() already zeroized */ @@ -879,13 +879,13 @@ static void *pk_opaque_alloc_wrap( void ) static void pk_opaque_free_wrap( void *ctx ) { - mbedtls_platform_zeroize( ctx, sizeof( psa_key_handle_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) ); mbedtls_free( ctx ); } static size_t pk_opaque_get_bitlen( const void *ctx ) { - const psa_key_handle_t *key = (const psa_key_handle_t *) ctx; + const psa_key_id_t *key = (const psa_key_id_t *) ctx; size_t bits; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1008,7 +1008,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ((void) p_rng); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); #else /* !MBEDTLS_ECDSA_C */ - const psa_key_handle_t *key = (const psa_key_handle_t *) ctx; + const psa_key_id_t *key = (const psa_key_id_t *) ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); size_t buf_len; diff --git a/library/pkwrite.c b/library/pkwrite.c index b317ccf22..0da369818 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -198,13 +198,13 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE ) { size_t buffer_size; - psa_key_handle_t* key_slot = (psa_key_handle_t*) key->pk_ctx; + psa_key_id_t* key_id = (psa_key_id_t*) key->pk_ctx; if ( *p < start ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); buffer_size = (size_t)( *p - start ); - if ( psa_export_public_key( *key_slot, start, buffer_size, &len ) + if ( psa_export_public_key( *key_id, start, buffer_size, &len ) != PSA_SUCCESS ) { return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -265,12 +265,12 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; - psa_key_handle_t handle; + psa_key_id_t key_id; psa_ecc_family_t curve; size_t bits; - handle = *((psa_key_handle_t*) key->pk_ctx ); - if( PSA_SUCCESS != psa_get_key_attributes( handle, &attributes ) ) + key_id = *((psa_key_id_t*) key->pk_ctx ); + if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) ) return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); key_type = psa_get_key_type( &attributes ); bits = psa_get_key_bits( &attributes ); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f8a8c0ab7..a437aeec9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1190,7 +1190,7 @@ static psa_status_t psa_restrict_key_policy( /** Retrieve a slot which must contain a key. The key must have allow all the * usage flags set in \p usage. If \p alg is nonzero, the key must allow * operations with this algorithm. */ -static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle, +static psa_status_t psa_get_key_from_slot( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, psa_key_usage_t usage, psa_algorithm_t alg ) @@ -1200,7 +1200,7 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle, *p_slot = NULL; - status = psa_get_key_slot( handle, &slot ); + status = psa_get_key_slot( key, &slot ); if( status != PSA_SUCCESS ) return( status ); @@ -1230,12 +1230,12 @@ static psa_status_t psa_get_key_from_slot( psa_key_handle_t handle, * until secure element support is fully implemented. */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static psa_status_t psa_get_transparent_key( psa_key_handle_t handle, +static psa_status_t psa_get_transparent_key( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, psa_key_usage_t usage, psa_algorithm_t alg ) { - psa_status_t status = psa_get_key_from_slot( handle, p_slot, usage, alg ); + psa_status_t status = psa_get_key_from_slot( key, p_slot, usage, alg ); if( status != PSA_SUCCESS ) return( status ); if( psa_key_slot_is_external( *p_slot ) ) @@ -1247,8 +1247,8 @@ static psa_status_t psa_get_transparent_key( psa_key_handle_t handle, } #else /* MBEDTLS_PSA_CRYPTO_SE_C */ /* With no secure element support, all keys are transparent. */ -#define psa_get_transparent_key( handle, p_slot, usage, alg ) \ - psa_get_key_from_slot( handle, p_slot, usage, alg ) +#define psa_get_transparent_key( key, p_slot, usage, alg ) \ + psa_get_key_from_slot( key, p_slot, usage, alg ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ /** Wipe key data from a slot. Preserve metadata such as the policy. */ @@ -1291,7 +1291,7 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) return( status ); } -psa_status_t psa_destroy_key( psa_key_handle_t handle ) +psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) { psa_key_slot_t *slot; psa_status_t status; /* status of the last operation */ @@ -1300,10 +1300,10 @@ psa_status_t psa_destroy_key( psa_key_handle_t handle ) psa_se_drv_table_entry_t *driver; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( psa_key_handle_is_null( handle ) ) + if( mbedtls_svc_key_id_is_null( key ) ) return( PSA_SUCCESS ); - status = psa_get_key_slot( handle, &slot ); + status = psa_get_key_slot( key, &slot ); if( status != PSA_SUCCESS ) return( status ); @@ -1470,7 +1470,7 @@ exit: /** Retrieve all the publicly-accessible attributes of a key. */ -psa_status_t psa_get_key_attributes( psa_key_handle_t handle, +psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes ) { psa_key_slot_t *slot; @@ -1478,7 +1478,7 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, psa_reset_key_attributes( attributes ); - status = psa_get_key_from_slot( handle, &slot, 0, 0 ); + status = psa_get_key_from_slot( key, &slot, 0, 0 ); if( status != PSA_SUCCESS ) return( status ); @@ -1683,7 +1683,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, } } -psa_status_t psa_export_key( psa_key_handle_t handle, +psa_status_t psa_export_key( mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length ) @@ -1700,14 +1700,14 @@ psa_status_t psa_export_key( psa_key_handle_t handle, /* Export requires the EXPORT flag. There is an exception for public keys, * which don't require any flag, but psa_get_key_from_slot takes * care of this. */ - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_EXPORT, 0 ); + status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_EXPORT, 0 ); if( status != PSA_SUCCESS ) return( status ); return( psa_internal_export_key( slot, data, data_size, data_length, 0 ) ); } -psa_status_t psa_export_public_key( psa_key_handle_t handle, +psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length ) @@ -1722,7 +1722,7 @@ psa_status_t psa_export_public_key( psa_key_handle_t handle, *data_length = 0; /* Exporting a public key doesn't require a usage flag. */ - status = psa_get_key_from_slot( handle, &slot, 0, 0 ); + status = psa_get_key_from_slot( key, &slot, 0, 0 ); if( status != PSA_SUCCESS ) return( status ); return( psa_internal_export_key( slot, data, data_size, @@ -1825,7 +1825,8 @@ static psa_status_t psa_validate_key_attributes( * * This function is intended to be used as follows: * -# Call psa_start_key_creation() to allocate a key slot, prepare - * it with the specified attributes, and assign it a handle. + * it with the specified attributes, and in case of a volatile key assign it + * a volatile key identifier. * -# Populate the slot with the key material. * -# Call psa_finish_key_creation() to finalize the creation of the slot. * In case of failure at any step, stop the sequence and call @@ -1833,7 +1834,7 @@ static psa_status_t psa_validate_key_attributes( * * \param method An identification of the calling function. * \param[in] attributes Key attributes for the new key. - * \param[out] handle On success, a handle for the allocated slot. + * \param[out] key On success, identifier of the key. * \param[out] p_slot On success, a pointer to the prepared slot. * \param[out] p_drv On any return, the driver for the key, if any. * NULL for a transparent key. @@ -1846,7 +1847,7 @@ static psa_status_t psa_validate_key_attributes( static psa_status_t psa_start_key_creation( psa_key_creation_method_t method, const psa_key_attributes_t *attributes, - psa_key_handle_t *handle, + mbedtls_svc_key_id_t *key, psa_key_slot_t **p_slot, psa_se_drv_table_entry_t **p_drv ) { @@ -1938,7 +1939,7 @@ static psa_status_t psa_start_key_creation( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - *handle = slot->attr.id; + *key = slot->attr.id; return( PSA_SUCCESS ); } @@ -1956,7 +1957,7 @@ static psa_status_t psa_start_key_creation( * or NULL for a transparent key. * * \retval #PSA_SUCCESS - * The key was successfully created. The handle is now valid. + * The key was successfully created. * \return If this function fails, the key slot is an invalid state. * You must call psa_fail_key_creation() to wipe and free the slot. */ @@ -2138,7 +2139,7 @@ static psa_status_t psa_validate_optional_attributes( psa_status_t psa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, - psa_key_handle_t *handle ) + mbedtls_svc_key_id_t *key ) { psa_status_t status; psa_key_slot_t *slot = NULL; @@ -2151,7 +2152,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes, - handle, &slot, &driver ); + key, &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -2197,7 +2198,7 @@ exit: if( status != PSA_SUCCESS ) { psa_fail_key_creation( slot, driver ); - *handle = PSA_KEY_HANDLE_INIT; + *key = MBEDTLS_SVC_KEY_ID_INIT; } return( status ); } @@ -2209,7 +2210,7 @@ psa_status_t mbedtls_psa_register_se_key( psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; /* Leaving attributes unspecified is not currently supported. * It could make sense to query the key type and size from the @@ -2221,7 +2222,7 @@ psa_status_t mbedtls_psa_register_se_key( return( PSA_ERROR_NOT_SUPPORTED ); status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes, - &handle, &slot, &driver ); + &key, &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -2233,7 +2234,7 @@ exit: psa_fail_key_creation( slot, driver ); } /* Registration doesn't keep the key in RAM. */ - psa_close_key( handle ); + psa_close_key( key ); return( status ); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -2253,9 +2254,9 @@ static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, return( PSA_SUCCESS ); } -psa_status_t psa_copy_key( psa_key_handle_t source_handle, +psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *specified_attributes, - psa_key_handle_t *target_handle ) + mbedtls_svc_key_id_t *target_key ) { psa_status_t status; psa_key_slot_t *source_slot = NULL; @@ -2263,7 +2264,7 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle, psa_key_attributes_t actual_attributes = *specified_attributes; psa_se_drv_table_entry_t *driver = NULL; - status = psa_get_transparent_key( source_handle, &source_slot, + status = psa_get_transparent_key( source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 ); if( status != PSA_SUCCESS ) goto exit; @@ -2280,7 +2281,7 @@ psa_status_t psa_copy_key( psa_key_handle_t source_handle, status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes, - target_handle, &target_slot, &driver ); + target_key, &target_slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -2302,7 +2303,7 @@ exit: if( status != PSA_SUCCESS ) { psa_fail_key_creation( target_slot, driver ); - *target_handle = PSA_KEY_HANDLE_INIT; + *target_key = MBEDTLS_SVC_KEY_ID_INIT; } return( status ); } @@ -3086,7 +3087,7 @@ cleanup: #endif /* MBEDTLS_MD_C */ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, int is_sign ) { @@ -3110,7 +3111,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, if( is_sign ) operation->is_sign = 1; - status = psa_get_transparent_key( handle, &slot, usage, alg ); + status = psa_get_transparent_key( key, &slot, usage, alg ); if( status != PSA_SUCCESS ) goto exit; key_bits = psa_get_key_slot_bits( slot ); @@ -3203,17 +3204,17 @@ exit: } psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_mac_setup( operation, handle, alg, 1 ) ); + return( psa_mac_setup( operation, key, alg, 1 ) ); } psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_mac_setup( operation, handle, alg, 0 ) ); + return( psa_mac_setup( operation, key, alg, 0 ) ); } psa_status_t psa_mac_update( psa_mac_operation_t *operation, @@ -3688,7 +3689,7 @@ cleanup: } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */ -psa_status_t psa_sign_hash( psa_key_handle_t handle, +psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -3707,7 +3708,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, if( signature_size == 0 ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN_HASH, alg ); + status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_SIGN_HASH, alg ); if( status != PSA_SUCCESS ) goto exit; if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) @@ -3806,7 +3807,7 @@ exit: return( status ); } -psa_status_t psa_verify_hash( psa_key_handle_t handle, +psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -3816,7 +3817,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, psa_key_slot_t *slot; psa_status_t status; - status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg ); + status = psa_get_key_from_slot( key, &slot, + PSA_KEY_USAGE_VERIFY_HASH, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -3897,7 +3899,7 @@ static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, } #endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) */ -psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, +psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -3921,7 +3923,7 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); + status = psa_get_transparent_key( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) || @@ -3993,7 +3995,7 @@ rsa_exit: } } -psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, +psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -4017,7 +4019,7 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_DECRYPT, alg ); + status = psa_get_transparent_key( key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) @@ -4095,7 +4097,7 @@ rsa_exit: /****************************************************************/ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, mbedtls_operation_t cipher_operation ) { @@ -4117,7 +4119,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, return( PSA_ERROR_INVALID_ARGUMENT ); /* Fetch key material from key storage. */ - status = psa_get_key_from_slot( handle, &slot, usage, alg ); + status = psa_get_key_from_slot( key, &slot, usage, alg ); if( status != PSA_SUCCESS ) goto exit; @@ -4248,17 +4250,17 @@ exit: } psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_cipher_setup( operation, handle, alg, MBEDTLS_ENCRYPT ) ); + return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) ); } psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg ) { - return( psa_cipher_setup( operation, handle, alg, MBEDTLS_DECRYPT ) ); + return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) ); } psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, @@ -4643,7 +4645,7 @@ static void psa_aead_abort_internal( aead_operation_t *operation ) } static psa_status_t psa_aead_setup( aead_operation_t *operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -4651,7 +4653,7 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, size_t key_bits; mbedtls_cipher_id_t cipher_id; - status = psa_get_transparent_key( handle, &operation->slot, usage, alg ); + status = psa_get_transparent_key( key, &operation->slot, usage, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -4737,7 +4739,7 @@ cleanup: return( status ); } -psa_status_t psa_aead_encrypt( psa_key_handle_t handle, +psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -4755,7 +4757,7 @@ psa_status_t psa_aead_encrypt( psa_key_handle_t handle, *ciphertext_length = 0; - status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_ENCRYPT, alg ); + status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_ENCRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -4851,7 +4853,7 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, return( PSA_SUCCESS ); } -psa_status_t psa_aead_decrypt( psa_key_handle_t handle, +psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -4869,7 +4871,7 @@ psa_status_t psa_aead_decrypt( psa_key_handle_t handle, *plaintext_length = 0; - status = psa_aead_setup( &operation, handle, PSA_KEY_USAGE_DECRYPT, alg ); + status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_DECRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -5368,7 +5370,7 @@ exit: psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes, psa_key_derivation_operation_t *operation, - psa_key_handle_t *handle ) + mbedtls_svc_key_id_t *key ) { psa_status_t status; psa_key_slot_t *slot = NULL; @@ -5383,7 +5385,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut return( PSA_ERROR_NOT_PERMITTED ); status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, - attributes, handle, &slot, &driver ); + attributes, key, &slot, &driver ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( driver != NULL ) { @@ -5402,7 +5404,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut if( status != PSA_SUCCESS ) { psa_fail_key_creation( slot, driver ); - *handle = PSA_KEY_HANDLE_INIT; + *key = MBEDTLS_SVC_KEY_ID_INIT; } return( status ); } @@ -5765,14 +5767,13 @@ psa_status_t psa_key_derivation_input_bytes( psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { psa_key_slot_t *slot; psa_status_t status; - status = psa_get_transparent_key( handle, &slot, - PSA_KEY_USAGE_DERIVE, - operation->alg ); + status = psa_get_transparent_key( key, &slot, + PSA_KEY_USAGE_DERIVE, operation->alg ); if( status != PSA_SUCCESS ) { psa_key_derivation_abort( operation ); @@ -5931,7 +5932,7 @@ exit: psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length ) { @@ -5959,7 +5960,7 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o } psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, - psa_key_handle_t private_key, + mbedtls_svc_key_id_t private_key, const uint8_t *peer_key, size_t peer_key_length, uint8_t *output, @@ -6212,7 +6213,7 @@ static psa_status_t psa_generate_key_internal( } psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, - psa_key_handle_t *handle ) + mbedtls_svc_key_id_t *key ) { psa_status_t status; psa_key_slot_t *slot = NULL; @@ -6224,7 +6225,7 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, - attributes, handle, &slot, &driver ); + attributes, key, &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -6244,7 +6245,7 @@ exit: if( status != PSA_SUCCESS ) { psa_fail_key_creation( slot, driver ); - *handle = PSA_KEY_HANDLE_INIT; + *key = MBEDTLS_SVC_KEY_ID_INIT; } return( status ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 391e93c6e..a8331d9bb 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -63,7 +63,7 @@ static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! psa_key_handle_is_null( conf->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -3802,7 +3802,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) status = psa_destroy_key( handshake->ecdh_psa_privkey ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - handshake->ecdh_psa_privkey = PSA_KEY_HANDLE_INIT; + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; } else #endif /* MBEDTLS_USE_PSA_CRYPTO && diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 03dc2d4bb..2bb3487db 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -157,7 +157,7 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) return( 1 ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! psa_key_handle_is_null( conf->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) return( 1 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -172,13 +172,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d74e40c34..041578e68 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -446,7 +446,7 @@ exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, - psa_key_handle_t slot, + psa_key_id_t key, psa_algorithm_t alg, const unsigned char* seed, size_t seed_length, const unsigned char* label, size_t label_length, @@ -466,7 +466,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de if( status != PSA_SUCCESS ) return( status ); - if( psa_key_handle_is_null( slot ) ) + if( mbedtls_svc_key_id_is_null( key ) ) { status = psa_key_derivation_input_bytes( derivation, PSA_KEY_DERIVATION_INPUT_SECRET, @@ -475,8 +475,7 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de else { status = psa_key_derivation_input_key( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, - slot ); + derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key ); } if( status != PSA_SUCCESS ) return( status ); @@ -507,7 +506,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, { psa_status_t status; psa_algorithm_t alg; - psa_key_handle_t master_slot = PSA_KEY_HANDLE_INIT; + psa_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -521,7 +520,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, * this PRF is also used to derive an IV, in particular in EAP-TLS, * and for this use case it makes sense to have a 0-length "secret". * Since the key API doesn't allow importing a key of length 0, - * keep master_slot=0, which setup_psa_key_derivation() understands + * keep master_key=0, which setup_psa_key_derivation() understands * to mean a 0-length "secret" input. */ if( slen != 0 ) { @@ -530,13 +529,13 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, psa_set_key_algorithm( &key_attributes, alg ); psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE ); - status = psa_import_key( &key_attributes, secret, slen, &master_slot ); + status = psa_import_key( &key_attributes, secret, slen, &master_key ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } status = setup_psa_key_derivation( &derivation, - master_slot, alg, + master_key, alg, random, rlen, (unsigned char const *) label, (size_t) strlen( label ), @@ -544,7 +543,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, if( status != PSA_SUCCESS ) { psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_slot ); + psa_destroy_key( master_key ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } @@ -552,19 +551,19 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, if( status != PSA_SUCCESS ) { psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_slot ); + psa_destroy_key( master_key ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } status = psa_key_derivation_abort( &derivation ); if( status != PSA_SUCCESS ) { - psa_destroy_key( master_slot ); + psa_destroy_key( master_key ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - if( ! psa_key_handle_is_null( master_slot ) ) - status = psa_destroy_key( master_slot ); + if( ! mbedtls_svc_key_id_is_null( master_key ) ) + status = psa_destroy_key( master_key ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); @@ -707,13 +706,13 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) return( 1 ); return( 0 ); } - if( ! psa_key_handle_is_null( ssl->conf->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) return( 1 ); return( 0 ); @@ -1514,7 +1513,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, /* Perform PSK-to-MS expansion in a single step. */ psa_status_t status; psa_algorithm_t alg; - psa_key_handle_t psk; + psa_key_id_t psk; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; @@ -4344,11 +4343,11 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) { /* Remove reference to existing PSK, if any. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! psa_key_handle_is_null( conf->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) { /* The maintenance of the PSK key slot is the * user's responsibility. */ - conf->psk_opaque = PSA_KEY_HANDLE_INIT; + conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } /* This and the following branch should never * be taken simultaenously as we maintain the @@ -4432,9 +4431,9 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, static void ssl_remove_psk( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! psa_key_handle_is_null( ssl->handshake->psk_opaque ) ) + if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) { - ssl->handshake->psk_opaque = PSA_KEY_HANDLE_INIT; + ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -4469,7 +4468,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_handle_t psk_slot, + psa_key_id_t psk, const unsigned char *psk_identity, size_t psk_identity_len ) { @@ -4478,9 +4477,9 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, ssl_conf_remove_psk( conf ); /* Check and set opaque PSK */ - if( psa_key_handle_is_null( psk_slot ) ) + if( mbedtls_svc_key_id_is_null( psk ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - conf->psk_opaque = psk_slot; + conf->psk_opaque = psk; /* Check and set PSK Identity */ ret = ssl_conf_set_psk_identity( conf, psk_identity, @@ -4492,14 +4491,14 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, } int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_handle_t psk_slot ) + psa_key_id_t psk ) { - if( ( psa_key_handle_is_null( psk_slot ) ) || + if( ( mbedtls_svc_key_id_is_null( psk ) ) || ( ssl->handshake == NULL ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); ssl_remove_psk( ssl ); - ssl->handshake->psk_opaque = psk_slot; + ssl->handshake->psk_opaque = psk; return( 0 ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ From 277a85f1ef7e46724f1cbd4f9e222bec6bce21ec Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 4 Aug 2020 15:49:48 +0200 Subject: [PATCH 411/488] Add psa_purge_key API Signed-off-by: Ronald Cron --- include/psa/crypto.h | 23 +++++++++++++++++++++++ library/psa_crypto_slot_management.c | 15 +++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2620af5ba..15ffe2271 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -387,6 +387,29 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes); * @{ */ +/** Remove non-essential copies of key material from memory. + * + * If the key identifier designates a volatile key, this functions does not do + * anything and returns successfully. + * + * If the key identifier designates a persistent key, then this function will + * free all resources associated with the key in volatile memory. The key + * data in persistent storage is not affected and the key can still be used. + * + * \param key Identifier of the key to purge. + * + * \retval #PSA_SUCCESS + * The key material will have been removed from memory if it is not + * currently required. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not a valid key identifier. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); + /** Make a copy of a key. * * Copy key material from one location to another. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 8ef851bdd..6471591b5 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -306,6 +306,21 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) return( psa_wipe_key_slot( slot ) ); } +psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) +{ + psa_status_t status; + psa_key_slot_t *slot; + + status = psa_get_key_slot( key, &slot ); + if( status != PSA_SUCCESS ) + return( status ); + + if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE ) + return PSA_SUCCESS; + + return( psa_wipe_key_slot( slot ) ); +} + void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) { size_t slot_idx; From c3623dbc76fac2950379964247f46b04e43dd04f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 29 Oct 2020 10:51:32 +0100 Subject: [PATCH 412/488] State PSA_CRYPTO_KEY_ID_ENCODES_OWNER and USE_PSA_CRYPTO incompatibility Code under MBEDTLS_USE_PSA_CRYPTO define is PSA client code intended to use key identifiers of type psa_key_id_t. Thus the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER configuration option is incompatible with MBEDTLS_USE_PSA_CRYPTO. State this in config.h and check_config.h. As a consequence: . remove MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER from the full configuration, as MBEDTLS_USE_PSA_CRYPTO is part of it. . add a new component in all.sh to keep testing the library when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is set. Signed-off-by: Ronald Cron --- include/mbedtls/check_config.h | 5 +++++ include/mbedtls/config.h | 2 +- scripts/config.py | 1 + tests/scripts/all.sh | 12 ++++++++++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index fd979db84..1ebb7066a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -609,6 +609,11 @@ #error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO." +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2ac2cc696..c930a8ff3 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1266,7 +1266,7 @@ * which is currently hard-coded to be int32_t. * * Note that this option is meant for internal use only and may be removed - * without notice. + * without notice. It is incompatible with PSA_USE_PSA_CRYPTO. */ //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER diff --git a/scripts/config.py b/scripts/config.py index 6c299818f..ae0614ae0 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -185,6 +185,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature 'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config + 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 757a9ecc9..3c2761787 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -780,6 +780,18 @@ component_test_full_cmake_gcc_asan () { if_build_succeeded tests/context-info.sh } +component_test_psa_crypto_key_id_encodes_owner () { + msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + scripts/config.py full + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan" + make test +} + component_test_zlib_make() { msg "build: zlib enabled, make" scripts/config.py set MBEDTLS_ZLIB_SUPPORT From adc2ff28b025ac814c0e56cb4012f3a10f1cb282 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 16 Sep 2020 16:49:27 +0200 Subject: [PATCH 413/488] Adapt programs to PSA openless APIs PSA and SSL programs are PSA clients thus should use psa_key_id_t as the type for key identifiers, not mbedtls_svc_key_id_t. As a consequence, PSA, ssl_server2 and ssl_client2 programs cannot compile and must not be compiled if MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined. Thus, add MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER compilation guard to those programs. Signed-off-by: Ronald Cron --- programs/psa/crypto_examples.c | 44 +++++++------ programs/psa/key_ladder_demo.c | 114 ++++++++++++++++----------------- programs/ssl/ssl_client2.c | 18 +++--- programs/ssl/ssl_server2.c | 26 ++++---- 4 files changed, 102 insertions(+), 100 deletions(-) diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 86ceecce1..d165d2e55 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -45,13 +45,15 @@ #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \ !defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \ - !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) + !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or " "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR " "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING " - "not defined.\r\n" ); + "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER" + " defined.\r\n" ); return( 0 ); } #else @@ -92,7 +94,7 @@ exit: return( status ); } -static psa_status_t cipher_encrypt( psa_key_handle_t key_handle, +static psa_status_t cipher_encrypt( psa_key_id_t key, psa_algorithm_t alg, uint8_t * iv, size_t iv_size, @@ -108,7 +110,7 @@ static psa_status_t cipher_encrypt( psa_key_handle_t key_handle, size_t iv_len = 0; memset( &operation, 0, sizeof( operation ) ); - status = psa_cipher_encrypt_setup( &operation, key_handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); ASSERT_STATUS( status, PSA_SUCCESS ); status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len ); @@ -123,7 +125,7 @@ exit: return( status ); } -static psa_status_t cipher_decrypt( psa_key_handle_t key_handle, +static psa_status_t cipher_decrypt( psa_key_id_t key, psa_algorithm_t alg, const uint8_t * iv, size_t iv_size, @@ -138,7 +140,7 @@ static psa_status_t cipher_decrypt( psa_key_handle_t key_handle, psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; memset( &operation, 0, sizeof( operation ) ); - status = psa_cipher_decrypt_setup( &operation, key_handle, alg ); + status = psa_cipher_decrypt_setup( &operation, key, alg ); ASSERT_STATUS( status, PSA_SUCCESS ); status = psa_cipher_set_iv( &operation, iv, iv_size ); @@ -165,7 +167,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t key = 0; size_t output_len = 0; uint8_t iv[block_size]; uint8_t input[block_size]; @@ -181,15 +183,15 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, key_bits ); - status = psa_generate_key( &attributes, &key_handle ); + status = psa_generate_key( &attributes, &key ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_encrypt( key, alg, iv, sizeof( iv ), input, sizeof( input ), part_size, encrypt, sizeof( encrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_decrypt( key, alg, iv, sizeof( iv ), encrypt, output_len, part_size, decrypt, sizeof( decrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); @@ -198,7 +200,7 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) ASSERT_STATUS( status, PSA_SUCCESS ); exit: - psa_destroy_key( key_handle ); + psa_destroy_key( key ); return( status ); } @@ -215,7 +217,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t key = 0; size_t output_len = 0; uint8_t iv[block_size], input[input_size], encrypt[input_size + block_size], decrypt[input_size + block_size]; @@ -229,15 +231,15 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, key_bits ); - status = psa_generate_key( &attributes, &key_handle ); + status = psa_generate_key( &attributes, &key ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_encrypt( key, alg, iv, sizeof( iv ), input, sizeof( input ), part_size, encrypt, sizeof( encrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_decrypt( key, alg, iv, sizeof( iv ), encrypt, output_len, part_size, decrypt, sizeof( decrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); @@ -246,7 +248,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) ASSERT_STATUS( status, PSA_SUCCESS ); exit: - psa_destroy_key( key_handle ); + psa_destroy_key( key ); return( status ); } @@ -262,7 +264,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t key = 0; size_t output_len = 0; uint8_t iv[block_size], input[input_size], encrypt[input_size], decrypt[input_size]; @@ -276,15 +278,15 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, key_bits ); - status = psa_generate_key( &attributes, &key_handle ); + status = psa_generate_key( &attributes, &key ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_encrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_encrypt( key, alg, iv, sizeof( iv ), input, sizeof( input ), part_size, encrypt, sizeof( encrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); - status = cipher_decrypt( key_handle, alg, iv, sizeof( iv ), + status = cipher_decrypt( key, alg, iv, sizeof( iv ), encrypt, output_len, part_size, decrypt, sizeof( decrypt ), &output_len ); ASSERT_STATUS( status, PSA_SUCCESS ); @@ -293,7 +295,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) ASSERT_STATUS( status, PSA_SUCCESS ); exit: - psa_destroy_key( key_handle ); + psa_destroy_key( key ); return( status ); } diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index 456d8d645..c36b67faf 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -65,15 +65,17 @@ #include /* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ - !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) +#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ + !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { - printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " - "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " - "not defined.\n"); + printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " + "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " + "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " + "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER " + "defined.\n" ); return( 0 ); } #else @@ -167,7 +169,7 @@ enum program_mode /* Save a key to a file. In the real world, you may want to export a derived * key sometimes, to share it with another party. */ -static psa_status_t save_key( psa_key_handle_t key_handle, +static psa_status_t save_key( psa_key_id_t key, const char *output_file_name ) { psa_status_t status = PSA_SUCCESS; @@ -175,7 +177,7 @@ static psa_status_t save_key( psa_key_handle_t key_handle, size_t key_size; FILE *key_file = NULL; - PSA_CHECK( psa_export_key( key_handle, + PSA_CHECK( psa_export_key( key, key_data, sizeof( key_data ), &key_size ) ); SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL ); @@ -197,7 +199,7 @@ exit: static psa_status_t generate( const char *key_file_name ) { psa_status_t status = PSA_SUCCESS; - psa_key_handle_t key_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t key = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, @@ -206,12 +208,12 @@ static psa_status_t generate( const char *key_file_name ) psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) ); - PSA_CHECK( psa_generate_key( &attributes, &key_handle ) ); + PSA_CHECK( psa_generate_key( &attributes, &key ) ); - PSA_CHECK( save_key( key_handle, key_file_name ) ); + PSA_CHECK( save_key( key, key_file_name ) ); exit: - (void) psa_destroy_key( key_handle ); + (void) psa_destroy_key( key ); return( status ); } @@ -223,7 +225,7 @@ exit: static psa_status_t import_key_from_file( psa_key_usage_t usage, psa_algorithm_t alg, const char *key_file_name, - psa_key_handle_t *master_key_handle ) + psa_key_id_t *master_key ) { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -232,8 +234,6 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage, FILE *key_file = NULL; unsigned char extra_byte; - *master_key_handle = PSA_KEY_HANDLE_INIT; - SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL ); SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ), key_file ) ) != 0 ); @@ -250,8 +250,7 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage, psa_set_key_usage_flags( &attributes, usage ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - PSA_CHECK( psa_import_key( &attributes, key_data, key_size, - master_key_handle ) ); + PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) ); exit: if( key_file != NULL ) fclose( key_file ); @@ -259,21 +258,22 @@ exit: if( status != PSA_SUCCESS ) { /* If the key creation hasn't happened yet or has failed, - * *master_key_handle is 0. psa_destroy_key(0) is guaranteed to do - * nothing and return PSA_ERROR_INVALID_HANDLE. */ - (void) psa_destroy_key( *master_key_handle ); - *master_key_handle = PSA_KEY_HANDLE_INIT; + * *master_key is null. psa_destroy_key( 0 ) is + * guaranteed to do nothing and return PSA_SUCCESS. */ + (void) psa_destroy_key( *master_key ); + *master_key = 0; } return( status ); } /* Derive the intermediate keys, using the list of labels provided on - * the command line. On input, *key_handle is a handle to the master key. - * This function closes the master key. On successful output, *key_handle - * is a handle to the final derived key. */ + * the command line. On input, *key is the master key identifier. + * This function destroys the master key. On successful output, *key + * is the identifier of the final derived key. + */ static psa_status_t derive_key_ladder( const char *ladder[], size_t ladder_depth, - psa_key_handle_t *key_handle ) + psa_key_id_t *key ) { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -297,17 +297,17 @@ static psa_status_t derive_key_ladder( const char *ladder[], DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) ); PSA_CHECK( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - *key_handle ) ); + *key ) ); PSA_CHECK( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t*) ladder[i], strlen( ladder[i] ) ) ); /* When the parent key is not the master key, destroy it, * since it is no longer needed. */ - PSA_CHECK( psa_close_key( *key_handle ) ); - *key_handle = PSA_KEY_HANDLE_INIT; + PSA_CHECK( psa_destroy_key( *key ) ); + *key = 0; /* Derive the next intermediate key from the parent key. */ PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - key_handle ) ); + key ) ); PSA_CHECK( psa_key_derivation_abort( &operation ) ); } @@ -315,22 +315,22 @@ exit: psa_key_derivation_abort( &operation ); if( status != PSA_SUCCESS ) { - psa_close_key( *key_handle ); - *key_handle = PSA_KEY_HANDLE_INIT; + psa_destroy_key( *key ); + *key = 0; } return( status ); } /* Derive a wrapping key from the last intermediate key. */ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, - psa_key_handle_t derived_key_handle, - psa_key_handle_t *wrapping_key_handle ) + psa_key_id_t derived_key, + psa_key_id_t *wrapping_key ) { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - *wrapping_key_handle = PSA_KEY_HANDLE_INIT; + *wrapping_key = 0; /* Set up a key derivation operation from the key derived from * the master key. */ @@ -340,7 +340,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) ); PSA_CHECK( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - derived_key_handle ) ); + derived_key ) ); PSA_CHECK( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); @@ -351,7 +351,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); psa_set_key_bits( &attributes, WRAPPING_KEY_BITS ); PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - wrapping_key_handle ) ); + wrapping_key ) ); exit: psa_key_derivation_abort( &operation ); @@ -360,7 +360,7 @@ exit: static psa_status_t wrap_data( const char *input_file_name, const char *output_file_name, - psa_key_handle_t wrapping_key_handle ) + psa_key_id_t wrapping_key ) { psa_status_t status; FILE *input_file = NULL; @@ -408,7 +408,7 @@ static psa_status_t wrap_data( const char *input_file_name, /* Wrap the data. */ PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) ); - PSA_CHECK( psa_aead_encrypt( wrapping_key_handle, WRAPPING_ALG, + PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG, header.iv, WRAPPING_IV_SIZE, (uint8_t *) &header, sizeof( header ), buffer, input_size, @@ -437,7 +437,7 @@ exit: static psa_status_t unwrap_data( const char *input_file_name, const char *output_file_name, - psa_key_handle_t wrapping_key_handle ) + psa_key_id_t wrapping_key ) { psa_status_t status; FILE *input_file = NULL; @@ -489,7 +489,7 @@ static psa_status_t unwrap_data( const char *input_file_name, input_file = NULL; /* Unwrap the data. */ - PSA_CHECK( psa_aead_decrypt( wrapping_key_handle, WRAPPING_ALG, + PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG, header.iv, WRAPPING_IV_SIZE, (uint8_t *) &header, sizeof( header ), buffer, ciphertext_size, @@ -527,8 +527,8 @@ static psa_status_t run( enum program_mode mode, const char *output_file_name ) { psa_status_t status = PSA_SUCCESS; - psa_key_handle_t derivation_key_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t wrapping_key_handle = PSA_KEY_HANDLE_INIT; + psa_key_id_t derivation_key = 0; + psa_key_id_t wrapping_key = 0; /* Initialize the PSA crypto library. */ PSA_CHECK( psa_crypto_init( ) ); @@ -541,30 +541,30 @@ static psa_status_t run( enum program_mode mode, PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT, KDF_ALG, key_file_name, - &derivation_key_handle ) ); + &derivation_key ) ); /* Calculate the derived key for this session. */ PSA_CHECK( derive_key_ladder( ladder, ladder_depth, - &derivation_key_handle ) ); + &derivation_key ) ); switch( mode ) { case MODE_SAVE: - PSA_CHECK( save_key( derivation_key_handle, output_file_name ) ); + PSA_CHECK( save_key( derivation_key, output_file_name ) ); break; case MODE_UNWRAP: PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT, - derivation_key_handle, - &wrapping_key_handle ) ); + derivation_key, + &wrapping_key ) ); PSA_CHECK( unwrap_data( input_file_name, output_file_name, - wrapping_key_handle ) ); + wrapping_key ) ); break; case MODE_WRAP: PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT, - derivation_key_handle, - &wrapping_key_handle ) ); + derivation_key, + &wrapping_key ) ); PSA_CHECK( wrap_data( input_file_name, output_file_name, - wrapping_key_handle ) ); + wrapping_key ) ); break; default: /* Unreachable but some compilers don't realize it. */ @@ -572,11 +572,11 @@ static psa_status_t run( enum program_mode mode, } exit: - /* Close any remaining key. Deinitializing the crypto library would do - * this anyway, but explicitly closing handles makes the code easier - * to reuse. */ - (void) psa_close_key( derivation_key_handle ); - (void) psa_close_key( wrapping_key_handle ); + /* Destroy any remaining key. Deinitializing the crypto library would do + * this anyway since they are volatile keys, but explicitly destroying + * keys makes the code easier. */ + (void) psa_destroy_key( derivation_key ); + (void) psa_destroy_key( wrapping_key ); /* Deinitialize the PSA crypto library. */ mbedtls_psa_crypto_free( ); return( status ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 246d71a8d..f92a73e4b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -42,12 +42,14 @@ #if !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or " + mbedtls_printf( "MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); + "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined " + " and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" ); mbedtls_exit( 0 ); } #else @@ -1207,7 +1209,7 @@ int main( int argc, char *argv[] ) const char *pers = "ssl_client2"; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t slot = PSA_KEY_HANDLE_INIT; + psa_key_id_t slot = 0; psa_algorithm_t alg = 0; psa_key_attributes_t key_attributes; psa_status_t status; @@ -1232,7 +1234,7 @@ int main( int argc, char *argv[] ) mbedtls_x509_crt clicert; mbedtls_pk_context pkey; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t key_slot = PSA_KEY_HANDLE_INIT; /* invalid key slot */ + psa_key_id_t key_slot = 0; /* invalid key slot */ #endif #endif char *p, *q; @@ -3577,10 +3579,8 @@ exit: if( ( status != PSA_SUCCESS ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { - mbedtls_printf( "Failed to destroy key slot %u-%u - error was %d", - MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( slot ), - MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot ), - (int) status ); + mbedtls_printf( "Failed to destroy key slot %u - error was %d", + (int) slot, (int) status ); if( ret == 0 ) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index eb4ab0d8f..c5ff30354 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -42,12 +42,14 @@ #if !defined(MBEDTLS_ENTROPY_C) || \ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \ - !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { - mbedtls_printf("MBEDTLS_ENTROPY_C and/or " + mbedtls_printf( "MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or " - "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n"); + "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined " + " and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined.\n" ); mbedtls_exit( 0 ); } #else @@ -1285,7 +1287,7 @@ struct _psk_entry size_t key_len; unsigned char key[MBEDTLS_PSK_MAX_LEN]; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_handle_t slot; + psa_key_id_t slot; #endif /* MBEDTLS_USE_PSA_CRYPTO */ psk_entry *next; }; @@ -1301,9 +1303,9 @@ int psk_free( psk_entry *head ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; - psa_key_handle_t const slot = head->slot; + psa_key_id_t const slot = head->slot; - if( ! psa_key_handle_is_null( slot ) ) + if( slot != 0 ) { status = psa_destroy_key( slot ); if( status != PSA_SUCCESS ) @@ -1376,7 +1378,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl, memcmp( name, cur->name, name_len ) == 0 ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! psa_key_handle_is_null( cur->slot ) ) + if( cur->slot != 0 ) return( mbedtls_ssl_set_hs_psk_opaque( ssl, cur->slot ) ); else #endif @@ -1711,7 +1713,7 @@ int idle( mbedtls_net_context *fd, } #if defined(MBEDTLS_USE_PSA_CRYPTO) -static psa_status_t psa_setup_psk_key_slot( psa_key_handle_t *slot, +static psa_status_t psa_setup_psk_key_slot( psa_key_id_t *slot, psa_algorithm_t alg, unsigned char *psk, size_t psk_len ) @@ -1795,7 +1797,7 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t alg = 0; - psa_key_handle_t psk_slot = PSA_KEY_HANDLE_INIT; + psa_key_id_t psk_slot = 0; #endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; @@ -4518,10 +4520,8 @@ exit: if( ( status != PSA_SUCCESS ) && ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { - mbedtls_printf( "Failed to destroy key slot %u-%u - error was %d", - MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( psk_slot ), - MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psk_slot ), - (int) status ); + mbedtls_printf( "Failed to destroy key slot %u - error was %d", + (int) psk_slot, (int) status ); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && From 5425a21fd2da9b784a89d4f5162803fd6918819d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 4 Aug 2020 14:58:35 +0200 Subject: [PATCH 414/488] tests: Adapt PSA tests to openless APIs psa_key_handle_equal() is removed as not used anymore. Signed-off-by: Ronald Cron --- include/psa/crypto_compat.h | 13 - tests/suites/test_suite_pk.function | 20 +- tests/suites/test_suite_psa_crypto.function | 846 +++++++++--------- ..._suite_psa_crypto_driver_wrappers.function | 107 ++- .../test_suite_psa_crypto_init.function | 6 +- ...t_suite_psa_crypto_persistent_key.function | 52 +- ...st_suite_psa_crypto_se_driver_hal.function | 206 ++--- ...te_psa_crypto_se_driver_hal_mocks.function | 48 +- ...test_suite_psa_crypto_slot_management.data | 4 +- ..._suite_psa_crypto_slot_management.function | 202 +++-- tests/suites/test_suite_x509write.function | 6 +- 11 files changed, 726 insertions(+), 784 deletions(-) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index fea292311..642be1a55 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -44,19 +44,6 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t; #define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT -/** Compare two handles. - * - * \param handle1 First handle. - * \param handle2 Second handle. - * - * \return Non-zero if the two handles are equal, zero otherwise. - */ -static inline int psa_key_handle_equal( psa_key_handle_t handle1, - psa_key_handle_t handle2 ) -{ - return( mbedtls_svc_key_id_equal( handle1, handle2 ) ); -} - /** Check wether an handle is null. * * \param handle Handle diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5fee0d7e3..9803f9051 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -100,13 +100,13 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) #if defined(MBEDTLS_USE_PSA_CRYPTO) /* - * Generate a key using PSA and return a handle to that key, + * Generate a key using PSA and return the key identifier of that key, * or 0 if the key generation failed. * The key uses NIST P-256 and is usable for signing with SHA-256. */ -psa_key_handle_t pk_psa_genkey( void ) +mbedtls_svc_key_id_t pk_psa_genkey( void ) { - psa_key_handle_t key; + mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ); @@ -133,7 +133,7 @@ exit: void pk_psa_utils( ) { mbedtls_pk_context pk, pk2; - psa_key_handle_t key; + mbedtls_svc_key_id_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const char * const name = "Opaque"; @@ -151,14 +151,14 @@ void pk_psa_utils( ) TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); - TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, PSA_KEY_HANDLE_INIT ) == + TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, MBEDTLS_SVC_KEY_ID_INIT ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); mbedtls_pk_free( &pk ); mbedtls_pk_init( &pk ); key = pk_psa_genkey(); - if( psa_key_handle_is_null( key ) ) + if( mbedtls_svc_key_id_is_null( key ) ) goto exit; TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); @@ -1220,7 +1220,7 @@ void pk_psa_sign( int grpid_arg, unsigned char *pkey_legacy_start, *pkey_psa_start; size_t sig_len, klen_legacy, klen_psa; int ret; - psa_key_handle_t handle; + mbedtls_svc_key_id_t key_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t expected_type = PSA_KEY_TYPE_ECC_KEY_PAIR( psa_curve_arg ); size_t expected_bits = expected_bits_arg; @@ -1252,10 +1252,10 @@ void pk_psa_sign( int grpid_arg, pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy; /* Turn PK context into an opaque one. */ - TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle, + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &key_id, PSA_ALG_SHA_256 ) == 0 ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), expected_type ); TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -1280,7 +1280,7 @@ void pk_psa_sign( int grpid_arg, TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 ); mbedtls_pk_free( &pk ); - TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) ); + TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key_id ) ); mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start, diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 23d827ec4..9b113b48e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -229,7 +229,7 @@ static int construct_fake_rsa_key( unsigned char *buffer, return( len ); } -int check_key_attributes_sanity( psa_key_handle_t key ) +int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -305,31 +305,29 @@ int exercise_mac_setup( psa_key_type_t key_type, psa_mac_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, - &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); - *status = psa_mac_sign_setup( operation, handle, alg ); + *status = psa_mac_sign_setup( operation, key, alg ); /* Whether setup succeeded or failed, abort must succeed. */ PSA_ASSERT( psa_mac_abort( operation ) ); /* If setup failed, reproduce the failure, so that the caller can * test the resulting state of the operation object. */ if( *status != PSA_SUCCESS ) { - TEST_EQUAL( psa_mac_sign_setup( operation, handle, alg ), - *status ); + TEST_EQUAL( psa_mac_sign_setup( operation, key, alg ), *status ); } - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 1 ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 0 ); } @@ -340,35 +338,34 @@ int exercise_cipher_setup( psa_key_type_t key_type, psa_cipher_operation_t *operation, psa_status_t *status ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, - &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length, &key ) ); - *status = psa_cipher_encrypt_setup( operation, handle, alg ); + *status = psa_cipher_encrypt_setup( operation, key, alg ); /* Whether setup succeeded or failed, abort must succeed. */ PSA_ASSERT( psa_cipher_abort( operation ) ); /* If setup failed, reproduce the failure, so that the caller can * test the resulting state of the operation object. */ if( *status != PSA_SUCCESS ) { - TEST_EQUAL( psa_cipher_encrypt_setup( operation, handle, alg ), + TEST_EQUAL( psa_cipher_encrypt_setup( operation, key, alg ), *status ); } - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 1 ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( 0 ); } -static int exercise_mac_key( psa_key_handle_t handle, +static int exercise_mac_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -379,8 +376,7 @@ static int exercise_mac_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_SIGN_HASH ) { - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, @@ -394,8 +390,7 @@ static int exercise_mac_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, mac, mac_length ), @@ -409,7 +404,7 @@ exit: return( 0 ); } -static int exercise_cipher_key( psa_key_handle_t handle, +static int exercise_cipher_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -424,8 +419,7 @@ static int exercise_cipher_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, iv, sizeof( iv ), &iv_length ) ); @@ -447,15 +441,14 @@ static int exercise_cipher_key( psa_key_handle_t handle, if( ! ( usage & PSA_KEY_USAGE_ENCRYPT ) ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); /* This should be PSA_CIPHER_GET_IV_SIZE but the API doesn't * have this macro yet. */ iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( psa_get_key_type( &attributes ) ); maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); } - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, iv_length ) ); PSA_ASSERT( psa_cipher_update( &operation, @@ -483,7 +476,7 @@ exit: return( 0 ); } -static int exercise_aead_key( psa_key_handle_t handle, +static int exercise_aead_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -496,7 +489,7 @@ static int exercise_aead_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_aead_encrypt( handle, alg, + PSA_ASSERT( psa_aead_encrypt( key, alg, nonce, nonce_length, NULL, 0, plaintext, sizeof( plaintext ), @@ -510,7 +503,7 @@ static int exercise_aead_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_ENCRYPT ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce, nonce_length, NULL, 0, ciphertext, ciphertext_length, @@ -525,7 +518,7 @@ exit: return( 0 ); } -static int exercise_signature_key( psa_key_handle_t handle, +static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -554,7 +547,7 @@ static int exercise_signature_key( psa_key_handle_t handle, * even for algorithms that allow other input sizes. */ if( hash_alg != 0 ) payload_length = PSA_HASH_SIZE( hash_alg ); - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, payload, payload_length, signature, sizeof( signature ), &signature_length ) ); @@ -566,7 +559,7 @@ static int exercise_signature_key( psa_key_handle_t handle, ( usage & PSA_KEY_USAGE_SIGN_HASH ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_hash( handle, alg, + TEST_EQUAL( psa_verify_hash( key, alg, payload, payload_length, signature, signature_length ), verify_status ); @@ -578,7 +571,7 @@ exit: return( 0 ); } -static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, +static int exercise_asymmetric_encryption_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -589,7 +582,7 @@ static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_ENCRYPT ) { - PSA_ASSERT( psa_asymmetric_encrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, plaintext, plaintext_length, NULL, 0, ciphertext, sizeof( ciphertext ), @@ -599,7 +592,7 @@ static int exercise_asymmetric_encryption_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_DECRYPT ) { psa_status_t status = - psa_asymmetric_decrypt( handle, alg, + psa_asymmetric_decrypt( key, alg, ciphertext, ciphertext_length, NULL, 0, plaintext, sizeof( plaintext ), @@ -617,7 +610,7 @@ exit: } static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, unsigned char* input1, size_t input1_length, unsigned char* input2, size_t input2_length, @@ -631,7 +624,7 @@ static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, input1, input1_length ) ); PSA_ASSERT( psa_key_derivation_input_key( operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( operation, PSA_KEY_DERIVATION_INPUT_INFO, input2, @@ -645,7 +638,7 @@ static int setup_key_derivation_wrap( psa_key_derivation_operation_t* operation, input1, input1_length ) ); PSA_ASSERT( psa_key_derivation_input_key( operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( operation, PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length ) ); @@ -665,7 +658,7 @@ exit: } -static int exercise_key_derivation_key( psa_key_handle_t handle, +static int exercise_key_derivation_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -679,7 +672,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_DERIVE ) { - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1, input1_length, input2, input2_length, capacity ) ) goto exit; @@ -700,7 +693,7 @@ exit: * private key against its own public key. */ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -713,18 +706,17 @@ static psa_status_t key_agreement_with_self( psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( handle, - public_key, public_key_length, + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); status = psa_key_derivation_key_agreement( - operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, + operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, public_key, public_key_length ); exit: mbedtls_free( public_key ); @@ -735,7 +727,7 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, - psa_key_handle_t handle ) + mbedtls_svc_key_id_t key ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -750,17 +742,17 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); private_key_type = psa_get_key_type( &attributes ); key_bits = psa_get_key_bits( &attributes ); public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type ); public_key_length = PSA_KEY_EXPORT_MAX_SIZE( public_key_type, key_bits ); ASSERT_ALLOC( public_key, public_key_length ); - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length, &public_key_length ) ); - status = psa_raw_key_agreement( alg, handle, + status = psa_raw_key_agreement( alg, key, public_key, public_key_length, output, sizeof( output ), &output_length ); exit: @@ -769,7 +761,7 @@ exit: return( status ); } -static int exercise_raw_key_agreement_key( psa_key_handle_t handle, +static int exercise_raw_key_agreement_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -779,7 +771,7 @@ static int exercise_raw_key_agreement_key( psa_key_handle_t handle, { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( raw_key_agreement_with_self( alg, handle ) ); + PSA_ASSERT( raw_key_agreement_with_self( alg, key ) ); } ok = 1; @@ -787,7 +779,7 @@ exit: return( ok ); } -static int exercise_key_agreement_key( psa_key_handle_t handle, +static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { @@ -800,7 +792,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( key_agreement_with_self( &operation, handle ) ); + PSA_ASSERT( key_agreement_with_self( &operation, key ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); @@ -1011,7 +1003,7 @@ exit: return( 0 ); } -static int exercise_export_key( psa_key_handle_t handle, +static int exercise_export_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -1020,12 +1012,12 @@ static int exercise_export_key( psa_key_handle_t handle, size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); if( ( usage & PSA_KEY_USAGE_EXPORT ) == 0 && ! PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( &attributes ) ) ) { - TEST_EQUAL( psa_export_key( handle, NULL, 0, &exported_length ), + TEST_EQUAL( psa_export_key( key, NULL, 0, &exported_length ), PSA_ERROR_NOT_PERMITTED ); ok = 1; goto exit; @@ -1035,7 +1027,7 @@ static int exercise_export_key( psa_key_handle_t handle, psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, exported, exported_size, &exported_length ) ); ok = exported_key_sanity_check( psa_get_key_type( &attributes ), @@ -1048,7 +1040,7 @@ exit: return( ok ); } -static int exercise_export_public_key( psa_key_handle_t handle ) +static int exercise_export_public_key( mbedtls_svc_key_id_t key ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t public_type; @@ -1057,10 +1049,10 @@ static int exercise_export_public_key( psa_key_handle_t handle ) size_t exported_length = 0; int ok = 0; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type( &attributes ) ) ) { - TEST_EQUAL( psa_export_public_key( handle, NULL, 0, &exported_length ), + TEST_EQUAL( psa_export_public_key( key, NULL, 0, &exported_length ), PSA_ERROR_INVALID_ARGUMENT ); return( 1 ); } @@ -1071,7 +1063,7 @@ static int exercise_export_public_key( psa_key_handle_t handle ) psa_get_key_bits( &attributes ) ); ASSERT_ALLOC( exported, exported_size ); - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, exported, exported_size, &exported_length ) ); ok = exported_key_sanity_check( public_type, @@ -1103,7 +1095,7 @@ exit: * if( ! exercise_key( ... ) ) goto exit; * ``` * - * \param handle The key to exercise. It should be capable of performing + * \param key The key to exercise. It should be capable of performing * \p alg. * \param usage The usage flags to assume. * \param alg The algorithm to exercise. @@ -1111,33 +1103,33 @@ exit: * \retval 0 The key failed the smoke tests. * \retval 1 The key passed the smoke tests. */ -static int exercise_key( psa_key_handle_t handle, +static int exercise_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { int ok; - if( ! check_key_attributes_sanity( handle ) ) + if( ! check_key_attributes_sanity( key ) ) return( 0 ); if( alg == 0 ) ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ else if( PSA_ALG_IS_MAC( alg ) ) - ok = exercise_mac_key( handle, usage, alg ); + ok = exercise_mac_key( key, usage, alg ); else if( PSA_ALG_IS_CIPHER( alg ) ) - ok = exercise_cipher_key( handle, usage, alg ); + ok = exercise_cipher_key( key, usage, alg ); else if( PSA_ALG_IS_AEAD( alg ) ) - ok = exercise_aead_key( handle, usage, alg ); + ok = exercise_aead_key( key, usage, alg ); else if( PSA_ALG_IS_SIGN( alg ) ) - ok = exercise_signature_key( handle, usage, alg ); + ok = exercise_signature_key( key, usage, alg ); else if( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) - ok = exercise_asymmetric_encryption_key( handle, usage, alg ); + ok = exercise_asymmetric_encryption_key( key, usage, alg ); else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) - ok = exercise_key_derivation_key( handle, usage, alg ); + ok = exercise_key_derivation_key( key, usage, alg ); else if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) - ok = exercise_raw_key_agreement_key( handle, usage, alg ); + ok = exercise_raw_key_agreement_key( key, usage, alg ); else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - ok = exercise_key_agreement_key( handle, usage, alg ); + ok = exercise_key_agreement_key( key, usage, alg ); else { char message[40]; @@ -1148,8 +1140,8 @@ static int exercise_key( psa_key_handle_t handle, ok = 0; } - ok = ok && exercise_export_key( handle, usage ); - ok = ok && exercise_export_public_key( handle ); + ok = ok && exercise_export_key( key, usage ); + ok = ok && exercise_export_public_key( key ); return( ok ); } @@ -1182,7 +1174,7 @@ static psa_key_usage_t usage_to_exercise( psa_key_type_t type, } -static int test_operations_on_invalid_handle( psa_key_handle_t handle ) +static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key ) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 0x6964 ); @@ -1194,7 +1186,7 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle ) psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT ); psa_set_key_algorithm( &attributes, PSA_ALG_CTR ); psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), + TEST_EQUAL( psa_get_key_attributes( key, &attributes ), PSA_ERROR_DOES_NOT_EXIST ); TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 ); @@ -1206,10 +1198,9 @@ static int test_operations_on_invalid_handle( psa_key_handle_t handle ) TEST_EQUAL( psa_get_key_type( &attributes ), 0 ); TEST_EQUAL( psa_get_key_bits( &attributes ), 0 ); - TEST_EQUAL( psa_export_key( handle, - buffer, sizeof( buffer ), &length ), + TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_EQUAL( psa_export_public_key( handle, + TEST_EQUAL( psa_export_public_key( key, buffer, sizeof( buffer ), &length ), PSA_ERROR_DOES_NOT_EXIST ); @@ -1459,7 +1450,7 @@ void import_with_policy( int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; psa_algorithm_t alg = alg_arg; @@ -1475,22 +1466,22 @@ void import_with_policy( int type_arg, status = psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ); + &key ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) goto exit; - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } @@ -1503,7 +1494,7 @@ void import_with_data( data_t *data, int type_arg, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t attr_bits = attr_bits_arg; psa_status_t expected_status = expected_status_arg; @@ -1514,22 +1505,22 @@ void import_with_data( data_t *data, int type_arg, psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, attr_bits ); - status = psa_import_key( &attributes, data->x, data->len, &handle ); + status = psa_import_key( &attributes, data->x, data->len, &key ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) goto exit; - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); if( attr_bits != 0 ) TEST_EQUAL( attr_bits, psa_get_key_bits( &got_attributes ) ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } @@ -1543,7 +1534,7 @@ void import_large_key( int type_arg, int byte_size_arg, size_t byte_size = byte_size_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; uint8_t *buffer = NULL; size_t buffer_size = byte_size + 1; @@ -1559,18 +1550,18 @@ void import_large_key( int type_arg, int byte_size_arg, /* Try importing the key */ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_type( &attributes, type ); - status = psa_import_key( &attributes, buffer, byte_size, &handle ); + status = psa_import_key( &attributes, buffer, byte_size, &key ); TEST_EQUAL( status, expected_status ); if( status == PSA_SUCCESS ) { - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_bits( &attributes ), PSA_BYTES_TO_BITS( byte_size ) ); ASSERT_NO_SLOT_NUMBER( &attributes ); memset( buffer, 0, byte_size + 1 ); - PSA_ASSERT( psa_export_key( handle, buffer, byte_size, &n ) ); + PSA_ASSERT( psa_export_key( key, buffer, byte_size, &n ) ); for( n = 0; n < byte_size; n++ ) TEST_EQUAL( buffer[n], 'K' ); for( n = byte_size; n < buffer_size; n++ ) @@ -1578,7 +1569,7 @@ void import_large_key( int type_arg, int byte_size_arg, } exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( buffer ); } @@ -1587,7 +1578,7 @@ exit: /* BEGIN_CASE */ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; size_t bits = bits_arg; psa_status_t expected_status = expected_status_arg; psa_status_t status; @@ -1610,11 +1601,11 @@ void import_rsa_made_up( int bits_arg, int keypair, int expected_status_arg ) /* Try importing the key */ psa_set_key_type( &attributes, type ); - status = psa_import_key( &attributes, p, length, &handle ); + status = psa_import_key( &attributes, p, length, &key ); TEST_EQUAL( status, expected_status ); if( status == PSA_SUCCESS ) - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: mbedtls_free( buffer ); @@ -1631,7 +1622,7 @@ void import_export( data_t *data, int expected_export_status_arg, int canonical_input ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1655,18 +1646,16 @@ void import_export( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), (size_t) expected_bits ); ASSERT_NO_SLOT_NUMBER( &got_attributes ); /* Export the key */ - status = psa_export_key( handle, - exported, export_size, - &exported_length ); + status = psa_export_key( key, exported, export_size, &exported_length ); TEST_EQUAL( status, expected_export_status ); /* The exported length must be set by psa_export_key() to a value between 0 @@ -1683,30 +1672,30 @@ void import_export( data_t *data, goto destroy; } - if( ! exercise_export_key( handle, usage_arg ) ) + if( ! exercise_export_key( key, usage_arg ) ) goto exit; if( canonical_input ) ASSERT_COMPARE( data->x, data->len, exported, exported_length ); else { - psa_key_handle_t handle2; + mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT( psa_import_key( &attributes, exported, exported_length, - &handle2 ) ); - PSA_ASSERT( psa_export_key( handle2, + &key2 ) ); + PSA_ASSERT( psa_export_key( key2, reexported, export_size, &reexported_length ) ); ASSERT_COMPARE( exported, exported_length, reexported, reexported_length ); - PSA_ASSERT( psa_close_key( handle2 ) ); + PSA_ASSERT( psa_destroy_key( key2 ) ); } TEST_ASSERT( exported_length <= PSA_KEY_EXPORT_MAX_SIZE( type, psa_get_key_bits( &got_attributes ) ) ); destroy: /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: mbedtls_free( exported ); @@ -1724,7 +1713,7 @@ void import_export_public_key( data_t *data, int expected_export_status_arg, data_t *expected_public_key ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_algorithm_t alg = alg_arg; psa_status_t expected_export_status = expected_export_status_arg; @@ -1741,11 +1730,11 @@ void import_export_public_key( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Export the public key */ ASSERT_ALLOC( exported, export_size ); - status = psa_export_public_key( handle, + status = psa_export_public_key( key, exported, export_size, &exported_length ); TEST_EQUAL( status, expected_export_status ); @@ -1753,7 +1742,7 @@ void import_export_public_key( data_t *data, { psa_key_type_t public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ); size_t bits; - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); bits = psa_get_key_bits( &attributes ); TEST_ASSERT( expected_public_key->len <= PSA_KEY_EXPORT_MAX_SIZE( public_type, bits ) ); @@ -1763,7 +1752,7 @@ void import_export_public_key( data_t *data, exit: mbedtls_free( exported ); - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &attributes ); PSA_DONE( ); } @@ -1775,7 +1764,7 @@ void import_and_exercise_key( data_t *data, int bits_arg, int alg_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_algorithm_t alg = alg_arg; @@ -1790,22 +1779,22 @@ void import_and_exercise_key( data_t *data, psa_set_key_type( &attributes, type ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; - PSA_ASSERT( psa_destroy_key( handle ) ); - test_operations_on_invalid_handle( handle ); + PSA_ASSERT( psa_destroy_key( key ) ); + test_operations_on_invalid_key( key ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } @@ -1817,7 +1806,7 @@ void effective_key_attributes( int type_arg, int expected_type_arg, int usage_arg, int expected_usage_arg, int alg_arg, int expected_alg_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = type_arg; psa_key_type_t expected_key_type = expected_type_arg; size_t bits = bits_arg; @@ -1835,17 +1824,17 @@ void effective_key_attributes( int type_arg, int expected_type_arg, psa_set_key_type( &attributes, key_type ); psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), expected_key_type ); TEST_EQUAL( psa_get_key_bits( &attributes ), expected_bits ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &attributes ); PSA_DONE( ); } @@ -1903,7 +1892,7 @@ void mac_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_status_t status; @@ -1916,9 +1905,9 @@ void mac_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_mac_sign_setup( &operation, handle, exercise_alg ); + status = psa_mac_sign_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 ) PSA_ASSERT( status ); @@ -1927,7 +1916,7 @@ void mac_key_policy( int policy_usage, psa_mac_abort( &operation ); memset( mac, 0, sizeof( mac ) ); - status = psa_mac_verify_setup( &operation, handle, exercise_alg ); + status = psa_mac_verify_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) PSA_ASSERT( status ); @@ -1936,7 +1925,7 @@ void mac_key_policy( int policy_usage, exit: psa_mac_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1948,7 +1937,7 @@ void cipher_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; psa_status_t status; @@ -1960,9 +1949,9 @@ void cipher_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_cipher_encrypt_setup( &operation, handle, exercise_alg ); + status = psa_cipher_encrypt_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 ) PSA_ASSERT( status ); @@ -1970,7 +1959,7 @@ void cipher_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); psa_cipher_abort( &operation ); - status = psa_cipher_decrypt_setup( &operation, handle, exercise_alg ); + status = psa_cipher_decrypt_setup( &operation, key, exercise_alg ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DECRYPT ) != 0 ) PSA_ASSERT( status ); @@ -1979,7 +1968,7 @@ void cipher_key_policy( int policy_usage, exit: psa_cipher_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1993,7 +1982,7 @@ void aead_key_policy( int policy_usage, int tag_length_arg, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char nonce[16] = {0}; @@ -2012,9 +2001,9 @@ void aead_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_aead_encrypt( handle, exercise_alg, + status = psa_aead_encrypt( key, exercise_alg, nonce, nonce_length, NULL, 0, NULL, 0, @@ -2027,7 +2016,7 @@ void aead_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); memset( tag, 0, sizeof( tag ) ); - status = psa_aead_decrypt( handle, exercise_alg, + status = psa_aead_decrypt( key, exercise_alg, nonce, nonce_length, NULL, 0, tag, tag_length, @@ -2040,7 +2029,7 @@ void aead_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2052,7 +2041,7 @@ void asymmetric_encryption_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; size_t key_bits; @@ -2067,15 +2056,15 @@ void asymmetric_encryption_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, exercise_alg ); ASSERT_ALLOC( buffer, buffer_length ); - status = psa_asymmetric_encrypt( handle, exercise_alg, + status = psa_asymmetric_encrypt( key, exercise_alg, NULL, 0, NULL, 0, buffer, buffer_length, @@ -2088,7 +2077,7 @@ void asymmetric_encryption_key_policy( int policy_usage, if( buffer_length != 0 ) memset( buffer, 0, buffer_length ); - status = psa_asymmetric_decrypt( handle, exercise_alg, + status = psa_asymmetric_decrypt( key, exercise_alg, buffer, buffer_length, NULL, 0, buffer, buffer_length, @@ -2100,7 +2089,7 @@ void asymmetric_encryption_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); psa_reset_key_attributes( &attributes ); PSA_DONE( ); mbedtls_free( buffer ); @@ -2115,7 +2104,7 @@ void asymmetric_signature_key_policy( int policy_usage, int exercise_alg, int payload_length_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; @@ -2135,9 +2124,9 @@ void asymmetric_signature_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = psa_sign_hash( handle, exercise_alg, + status = psa_sign_hash( key, exercise_alg, payload, payload_length, signature, sizeof( signature ), &signature_length ); @@ -2147,7 +2136,7 @@ void asymmetric_signature_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); memset( signature, 0, sizeof( signature ) ); - status = psa_verify_hash( handle, exercise_alg, + status = psa_verify_hash( key, exercise_alg, payload, payload_length, signature, sizeof( signature ) ); if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 ) @@ -2156,7 +2145,7 @@ void asymmetric_signature_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2168,7 +2157,7 @@ void derive_key_policy( int policy_usage, data_t *key_data, int exercise_alg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; @@ -2180,7 +2169,7 @@ void derive_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); @@ -2195,7 +2184,7 @@ void derive_key_policy( int policy_usage, status = psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ); + key ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) @@ -2205,7 +2194,7 @@ void derive_key_policy( int policy_usage, exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2218,7 +2207,7 @@ void agreement_key_policy( int policy_usage, int exercise_alg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -2232,16 +2221,16 @@ void agreement_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); - status = key_agreement_with_self( &operation, handle ); + status = key_agreement_with_self( &operation, key ); TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2250,7 +2239,7 @@ exit: void key_policy_alg2( int key_type_arg, data_t *key_data, int usage_arg, int alg_arg, int alg2_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -2265,20 +2254,20 @@ void key_policy_alg2( int key_type_arg, data_t *key_data, psa_set_key_enrollment_algorithm( &attributes, alg2 ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage ); TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg ); TEST_EQUAL( psa_get_key_enrollment_algorithm( &got_attributes ), alg2 ); - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; - if( ! exercise_key( handle, usage, alg2 ) ) + if( ! exercise_key( key, usage, alg2 ) ) goto exit; exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2291,7 +2280,7 @@ void raw_agreement_key_policy( int policy_usage, int exercise_alg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -2305,15 +2294,15 @@ void raw_agreement_key_policy( int policy_usage, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - status = raw_key_agreement_with_self( exercise_alg, handle ); + status = raw_key_agreement_with_self( exercise_alg, key ); TEST_EQUAL( status, expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2333,8 +2322,8 @@ void copy_success( int source_usage_arg, psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; uint8_t *export_buffer = NULL; PSA_ASSERT( psa_crypto_init( ) ); @@ -2346,8 +2335,8 @@ void copy_success( int source_usage_arg, psa_set_key_type( &source_attributes, type_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); - PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) ); + &source_key ) ); + PSA_ASSERT( psa_get_key_attributes( source_key, &source_attributes ) ); /* Prepare the target attributes. */ if( copy_attributes ) @@ -2360,14 +2349,14 @@ void copy_success( int source_usage_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Copy the key. */ - PSA_ASSERT( psa_copy_key( source_handle, - &target_attributes, &target_handle ) ); + PSA_ASSERT( psa_copy_key( source_key, + &target_attributes, &target_key ) ); /* Destroy the source to ensure that this doesn't affect the target. */ - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( source_key ) ); /* Test that the target slot has the expected content and policy. */ - PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( target_key, &target_attributes ) ); TEST_EQUAL( psa_get_key_type( &source_attributes ), psa_get_key_type( &target_attributes ) ); TEST_EQUAL( psa_get_key_bits( &source_attributes ), @@ -2380,17 +2369,17 @@ void copy_success( int source_usage_arg, { size_t length; ASSERT_ALLOC( export_buffer, material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( target_key, export_buffer, material->len, &length ) ); ASSERT_COMPARE( material->x, material->len, export_buffer, length ); } - if( ! exercise_key( target_handle, expected_usage, expected_alg ) ) + if( ! exercise_key( target_key, expected_usage, expected_alg ) ) goto exit; - if( ! exercise_key( target_handle, expected_usage, expected_alg2 ) ) + if( ! exercise_key( target_key, expected_usage, expected_alg2 ) ) goto exit; - PSA_ASSERT( psa_close_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( target_key ) ); exit: psa_reset_key_attributes( &source_attributes ); @@ -2411,8 +2400,8 @@ void copy_fail( int source_usage_arg, { psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t source_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -2423,7 +2412,7 @@ void copy_fail( int source_usage_arg, psa_set_key_type( &source_attributes, type_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); + &source_key ) ); /* Prepare the target attributes. */ psa_set_key_type( &target_attributes, target_type_arg ); @@ -2433,11 +2422,11 @@ void copy_fail( int source_usage_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Try to copy the key. */ - TEST_EQUAL( psa_copy_key( source_handle, - &target_attributes, &target_handle ), + TEST_EQUAL( psa_copy_key( source_key, + &target_attributes, &target_key ), expected_status_arg ); - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( source_key ) ); exit: psa_reset_key_attributes( &source_attributes ); @@ -2916,10 +2905,10 @@ exit: /* BEGIN_CASE */ void mac_bad_order( ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); - const uint8_t key[] = { + const uint8_t key_data[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; @@ -2938,7 +2927,8 @@ void mac_bad_order( ) psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), + &key ) ); /* Call update without calling setup beforehand. */ TEST_EQUAL( psa_mac_update( &operation, input, sizeof( input ) ), @@ -2958,16 +2948,13 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call setup twice in a row. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); - TEST_EQUAL( psa_mac_sign_setup( &operation, - handle, alg ), + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call update after sign finish. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -2977,8 +2964,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call update after verify finish. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2987,8 +2973,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call sign finish twice in a row. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -3000,8 +2985,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Call verify finish twice in a row. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -3011,8 +2995,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Setup sign but try verify. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ), @@ -3020,8 +3003,7 @@ void mac_bad_order( ) PSA_ASSERT( psa_mac_abort( &operation ) ); /* Setup verify but try sign. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -3029,7 +3011,7 @@ void mac_bad_order( ) PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_mac_abort( &operation ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: PSA_DONE( ); @@ -3038,19 +3020,19 @@ exit: /* BEGIN_CASE */ void mac_sign( int key_type_arg, - data_t *key, + data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_mac = NULL; size_t mac_buffer_size = - PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key->len ), alg ); + PSA_MAC_FINAL_SIZE( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg ); size_t mac_length = 0; const size_t output_sizes_to_test[] = { 0, @@ -3070,7 +3052,8 @@ void mac_sign( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); for( size_t i = 0; i < ARRAY_LENGTH( output_sizes_to_test ); i++ ) { @@ -3083,8 +3066,7 @@ void mac_sign( int key_type_arg, ASSERT_ALLOC( actual_mac, output_size ); /* Calculate the MAC. */ - PSA_ASSERT( psa_mac_sign_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_sign_finish( &operation, @@ -3104,7 +3086,7 @@ void mac_sign( int key_type_arg, exit: psa_mac_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( actual_mac ); } @@ -3112,12 +3094,12 @@ exit: /* BEGIN_CASE */ void mac_verify( int key_type_arg, - data_t *key, + data_t *key_data, int alg_arg, data_t *input, data_t *expected_mac ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; @@ -3132,11 +3114,11 @@ void mac_verify( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); /* Test the correct MAC. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, @@ -3144,8 +3126,7 @@ void mac_verify( int key_type_arg, expected_mac->len ) ); /* Test a MAC that's too short. */ - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, @@ -3156,8 +3137,7 @@ void mac_verify( int key_type_arg, /* Test a MAC that's too long. */ ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 ); memcpy( perturbed_mac, expected_mac->x, expected_mac->len ); - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, @@ -3170,8 +3150,7 @@ void mac_verify( int key_type_arg, { test_set_step( i ); perturbed_mac[i] ^= 1; - PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input->x, input->len ) ); TEST_EQUAL( psa_mac_verify_finish( &operation, @@ -3183,7 +3162,7 @@ void mac_verify( int key_type_arg, exit: psa_mac_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( perturbed_mac ); } @@ -3271,13 +3250,13 @@ exit: /* BEGIN_CASE */ void cipher_bad_order( ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = PSA_KEY_TYPE_AES; psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; unsigned char iv[PSA_BLOCK_CIPHER_BLOCK_SIZE(PSA_KEY_TYPE_AES)] = { 0 }; - const uint8_t key[] = { + const uint8_t key_data[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa }; const uint8_t text[] = { @@ -3290,18 +3269,18 @@ void cipher_bad_order( ) psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key, sizeof( key ), &handle ) ); - + PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), + &key ) ); /* Call encrypt setup twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( psa_cipher_encrypt_setup( &operation, handle, alg ), + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call decrypt setup twice in a row. */ - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - TEST_EQUAL( psa_cipher_decrypt_setup( &operation, handle, alg ), + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); + TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ), PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); @@ -3313,7 +3292,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Generate an IV twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ) ); @@ -3324,7 +3303,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Generate an IV after it's already set. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); TEST_EQUAL( psa_cipher_generate_iv( &operation, @@ -3340,7 +3319,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Set an IV after it's already set. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); TEST_EQUAL( psa_cipher_set_iv( &operation, @@ -3349,7 +3328,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Set an IV after it's already generated. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_generate_iv( &operation, buffer, sizeof( buffer ), &length ) ); @@ -3375,7 +3354,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call update after finish. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); PSA_ASSERT( psa_cipher_finish( &operation, @@ -3394,7 +3373,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call finish without an IV where an IV is required. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); /* Not calling update means we are encrypting an empty buffer, which is OK * for cipher modes with padding. */ TEST_EQUAL( psa_cipher_finish( &operation, @@ -3403,7 +3382,7 @@ void cipher_bad_order( ) PSA_ASSERT( psa_cipher_abort( &operation ) ); /* Call finish twice in a row. */ - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, iv, sizeof( iv ) ) ); PSA_ASSERT( psa_cipher_finish( &operation, @@ -3413,7 +3392,7 @@ void cipher_bad_order( ) PSA_ERROR_BAD_STATE ); PSA_ASSERT( psa_cipher_abort( &operation ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); exit: psa_cipher_abort( &operation ); @@ -3423,11 +3402,11 @@ exit: /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3445,10 +3424,10 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3481,20 +3460,20 @@ void cipher_encrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3513,10 +3492,10 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3554,20 +3533,20 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3586,10 +3565,10 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3628,18 +3607,18 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_decrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -3657,10 +3636,10 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); if( iv->len > 0 ) { @@ -3693,17 +3672,17 @@ void cipher_decrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ /* BEGIN_CASE */ void cipher_verify_output( int alg_arg, int key_type_arg, - data_t *key, + data_t *key_data, data_t *input ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; @@ -3726,12 +3705,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, - handle, alg ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { @@ -3784,7 +3762,7 @@ exit: psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -3792,11 +3770,11 @@ exit: /* BEGIN_CASE */ void cipher_verify_output_multipart( int alg_arg, int key_type_arg, - data_t *key, + data_t *key_data, data_t *input, int first_part_size_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -3820,12 +3798,11 @@ void cipher_verify_output_multipart( int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, - handle, alg ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { @@ -3896,7 +3873,7 @@ exit: psa_cipher_abort( &operation2 ); mbedtls_free( output1 ); mbedtls_free( output2 ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -3909,7 +3886,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, data_t *input_data, int expected_result_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -3936,9 +3913,9 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - TEST_EQUAL( psa_aead_encrypt( handle, alg, + TEST_EQUAL( psa_aead_encrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -3956,7 +3933,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, TEST_EQUAL( input_data->len, PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -3970,7 +3947,7 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data, } exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); mbedtls_free( output_data2 ); PSA_DONE( ); @@ -3985,7 +3962,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, data_t *input_data, data_t *expected_result ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -4008,9 +3985,9 @@ void aead_encrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_aead_encrypt( handle, alg, + PSA_ASSERT( psa_aead_encrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, input_data->x, input_data->len, @@ -4021,7 +3998,7 @@ void aead_encrypt( int key_type_arg, data_t *key_data, output_data, output_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); PSA_DONE( ); } @@ -4036,7 +4013,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, data_t *expected_data, int expected_result_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output_data = NULL; @@ -4061,9 +4038,9 @@ void aead_decrypt( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - TEST_EQUAL( psa_aead_decrypt( handle, alg, + TEST_EQUAL( psa_aead_decrypt( key, alg, nonce->x, nonce->len, additional_data->x, additional_data->len, @@ -4077,7 +4054,7 @@ void aead_decrypt( int key_type_arg, data_t *key_data, output_data, output_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output_data ); PSA_DONE( ); } @@ -4109,7 +4086,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, data_t *output_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4125,8 +4102,8 @@ void sign_deterministic( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); /* Allocate a buffer which has the size advertized by the @@ -4138,7 +4115,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4149,7 +4126,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_TEST_DEPRECATED) memset( signature, 0, signature_size ); signature_length = INVALID_EXPORT_LENGTH; - PSA_ASSERT( psa_asymmetric_sign( handle, alg, + PSA_ASSERT( psa_asymmetric_sign( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4159,7 +4136,7 @@ void sign_deterministic( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4170,7 +4147,7 @@ void sign_fail( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int signature_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t signature_size = signature_size_arg; @@ -4189,9 +4166,9 @@ void sign_fail( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_sign_hash( handle, alg, + actual_status = psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ); @@ -4204,7 +4181,7 @@ void sign_fail( int key_type_arg, data_t *key_data, #if defined(MBEDTLS_TEST_DEPRECATED) signature_length = INVALID_EXPORT_LENGTH; - TEST_EQUAL( psa_asymmetric_sign( handle, alg, + TEST_EQUAL( psa_asymmetric_sign( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ), @@ -4214,7 +4191,7 @@ void sign_fail( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4224,7 +4201,7 @@ exit: void sign_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4240,8 +4217,8 @@ void sign_verify( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); /* Allocate a buffer which has the size advertized by the @@ -4253,7 +4230,7 @@ void sign_verify( int key_type_arg, data_t *key_data, ASSERT_ALLOC( signature, signature_size ); /* Perform the signature. */ - PSA_ASSERT( psa_sign_hash( handle, alg, + PSA_ASSERT( psa_sign_hash( key, alg, input_data->x, input_data->len, signature, signature_size, &signature_length ) ); @@ -4262,7 +4239,7 @@ void sign_verify( int key_type_arg, data_t *key_data, TEST_ASSERT( signature_length > 0 ); /* Use the library to verify that the signature is correct. */ - PSA_ASSERT( psa_verify_hash( handle, alg, + PSA_ASSERT( psa_verify_hash( key, alg, input_data->x, input_data->len, signature, signature_length ) ); @@ -4272,7 +4249,7 @@ void sign_verify( int key_type_arg, data_t *key_data, * detected as invalid. Flip a bit at the beginning, not at the end, * because ECDSA may ignore the last few bits of the input. */ input_data->x[0] ^= 1; - TEST_EQUAL( psa_verify_hash( handle, alg, + TEST_EQUAL( psa_verify_hash( key, alg, input_data->x, input_data->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); @@ -4280,7 +4257,7 @@ void sign_verify( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); } @@ -4291,7 +4268,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4305,14 +4282,14 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_verify_hash( handle, alg, + PSA_ASSERT( psa_verify_hash( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ) ); #if defined(MBEDTLS_TEST_DEPRECATED) - PSA_ASSERT( psa_asymmetric_verify( handle, alg, + PSA_ASSERT( psa_asymmetric_verify( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ) ); @@ -4321,7 +4298,7 @@ void asymmetric_verify( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4332,7 +4309,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, data_t *signature_data, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_status_t actual_status; @@ -4346,15 +4323,15 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_verify_hash( handle, alg, + actual_status = psa_verify_hash( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ); TEST_EQUAL( actual_status, expected_status ); #if defined(MBEDTLS_TEST_DEPRECATED) - TEST_EQUAL( psa_asymmetric_verify( handle, alg, + TEST_EQUAL( psa_asymmetric_verify( key, alg, hash_data->x, hash_data->len, signature_data->x, signature_data->len ), expected_status ); @@ -4362,7 +4339,7 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4376,7 +4353,7 @@ void asymmetric_encrypt( int key_type_arg, int expected_output_length_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t expected_output_length = expected_output_length_arg; @@ -4395,16 +4372,16 @@ void asymmetric_encrypt( int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); /* Determine the maximum output length */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); ASSERT_ALLOC( output, output_size ); /* Encrypt the input */ - actual_status = psa_asymmetric_encrypt( handle, alg, + actual_status = psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4419,7 +4396,7 @@ void asymmetric_encrypt( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - actual_status = psa_asymmetric_encrypt( handle, alg, + actual_status = psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, output_size, @@ -4430,7 +4407,7 @@ void asymmetric_encrypt( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4443,7 +4420,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, data_t *input_data, data_t *label ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t key_bits; @@ -4462,10 +4439,10 @@ void asymmetric_encrypt_decrypt( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); /* Determine the maximum ciphertext length */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg ); ASSERT_ALLOC( output, output_size ); @@ -4475,7 +4452,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, /* We test encryption by checking that encrypt-then-decrypt gives back * the original plaintext because of the non-optional random * part of encryption process which prevents using fixed vectors. */ - PSA_ASSERT( psa_asymmetric_encrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_encrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4484,7 +4461,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, * it looks sensible. */ TEST_ASSERT( output_length <= output_size ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, output, output_length, label->x, label->len, output2, output2_size, @@ -4494,7 +4471,7 @@ void asymmetric_encrypt_decrypt( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); mbedtls_free( output2 ); PSA_DONE( ); @@ -4509,7 +4486,7 @@ void asymmetric_decrypt( int key_type_arg, data_t *label, data_t *expected_data ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4527,9 +4504,9 @@ void asymmetric_decrypt( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, @@ -4545,7 +4522,7 @@ void asymmetric_decrypt( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - PSA_ASSERT( psa_asymmetric_decrypt( handle, alg, + PSA_ASSERT( psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, @@ -4557,7 +4534,7 @@ void asymmetric_decrypt( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4572,7 +4549,7 @@ void asymmetric_decrypt_fail( int key_type_arg, int output_size_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char *output = NULL; @@ -4591,9 +4568,9 @@ void asymmetric_decrypt_fail( int key_type_arg, psa_set_key_type( &attributes, key_type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - actual_status = psa_asymmetric_decrypt( handle, alg, + actual_status = psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, label->x, label->len, output, output_size, @@ -4608,7 +4585,7 @@ void asymmetric_decrypt_fail( int key_type_arg, output_length = ~0; if( output_size != 0 ) memset( output, 0, output_size ); - actual_status = psa_asymmetric_decrypt( handle, alg, + actual_status = psa_asymmetric_decrypt( key, alg, input_data->x, input_data->len, NULL, label->len, output, output_size, @@ -4619,7 +4596,7 @@ void asymmetric_decrypt_fail( int key_type_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); } @@ -4711,14 +4688,14 @@ void derive_input( int alg_arg, expected_status_arg2, expected_status_arg3}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT}; + mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT }; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t i; psa_key_type_t output_key_type = output_key_type_arg; - psa_key_handle_t output_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t output_key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t expected_output_status = expected_output_status_arg; psa_status_t actual_output_status; @@ -4736,19 +4713,19 @@ void derive_input( int alg_arg, psa_set_key_type( &attributes, key_types[i] ); PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, - &handles[i] ) ); + &keys[i] ) ); if( PSA_KEY_TYPE_IS_KEY_PAIR( key_types[i] ) && steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET ) { // When taking a private key as secret input, use key agreement // to add the shared secret to the derivation - TEST_EQUAL( key_agreement_with_self( &operation, handles[i] ), + TEST_EQUAL( key_agreement_with_self( &operation, keys[i] ), expected_statuses[i] ); } else { TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i], - handles[i] ), + keys[i] ), expected_statuses[i] ); } } @@ -4768,7 +4745,7 @@ void derive_input( int alg_arg, psa_set_key_bits( &attributes, 8 ); actual_output_status = psa_key_derivation_output_key( &attributes, &operation, - &output_handle ); + &output_key ); } else { @@ -4781,9 +4758,9 @@ void derive_input( int alg_arg, exit: psa_key_derivation_abort( &operation ); - for( i = 0; i < ARRAY_LENGTH( handles ); i++ ) - psa_destroy_key( handles[i] ); - psa_destroy_key( output_handle ); + for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) + psa_destroy_key( keys[i] ); + psa_destroy_key( output_key ); PSA_DONE( ); } /* END_CASE */ @@ -4792,7 +4769,7 @@ exit: void test_derive_invalid_key_derivation_state( int alg_arg ) { psa_algorithm_t alg = alg_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; size_t key_type = PSA_KEY_TYPE_DERIVE; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char input1[] = "Input 1"; @@ -4814,10 +4791,10 @@ void test_derive_invalid_key_derivation_state( int alg_arg ) PSA_ASSERT( psa_import_key( &attributes, key_data, sizeof( key_data ), - &handle ) ); + &key ) ); /* valid key derivation */ - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1, input1_length, input2, input2_length, capacity ) ) @@ -4834,7 +4811,7 @@ void test_derive_invalid_key_derivation_state( int alg_arg ) exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -4880,9 +4857,9 @@ void derive_output( int alg_arg, psa_algorithm_t alg = alg_arg; psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg}; data_t *inputs[] = {input1, input2, input3}; - psa_key_handle_t handles[] = { PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT, - PSA_KEY_HANDLE_INIT}; + mbedtls_svc_key_id_t keys[] = { MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT, + MBEDTLS_SVC_KEY_ID_INIT }; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *expected_outputs[2] = @@ -4924,10 +4901,9 @@ void derive_output( int alg_arg, case PSA_KEY_DERIVATION_INPUT_SECRET: PSA_ASSERT( psa_import_key( &attributes, inputs[i]->x, inputs[i]->len, - &handles[i] ) ); + &keys[i] ) ); PSA_ASSERT( psa_key_derivation_input_key( - &operation, steps[i], - handles[i] ) ); + &operation, steps[i], keys[i] ) ); break; default: PSA_ASSERT( psa_key_derivation_input_bytes( @@ -4979,8 +4955,8 @@ void derive_output( int alg_arg, exit: mbedtls_free( output_buffer ); psa_key_derivation_abort( &operation ); - for( i = 0; i < ARRAY_LENGTH( handles ); i++ ) - psa_destroy_key( handles[i] ); + for( i = 0; i < ARRAY_LENGTH( keys ); i++ ) + psa_destroy_key( keys[i] ); PSA_DONE( ); } /* END_CASE */ @@ -4992,7 +4968,7 @@ void derive_full( int alg_arg, data_t *input2, int requested_capacity_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5008,9 +4984,9 @@ void derive_full( int alg_arg, psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); + &key ) ); - if( !setup_key_derivation_wrap( &operation, handle, alg, + if( !setup_key_derivation_wrap( &operation, key, alg, input1->x, input1->len, input2->x, input2->len, requested_capacity ) ) @@ -5043,7 +5019,7 @@ void derive_full( int alg_arg, exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -5058,8 +5034,8 @@ void derive_key_exercise( int alg_arg, int derived_usage_arg, int derived_alg_arg ) { - psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t derived_type = derived_type_arg; size_t derived_bits = derived_bits_arg; @@ -5076,10 +5052,10 @@ void derive_key_exercise( int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); /* Derive a key. */ - if ( setup_key_derivation_wrap( &operation, base_handle, alg, + if ( setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5089,22 +5065,22 @@ void derive_key_exercise( int alg_arg, psa_set_key_type( &attributes, derived_type ); psa_set_key_bits( &attributes, derived_bits ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &derived_handle ) ); + &derived_key ) ); /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( derived_key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), derived_type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), derived_bits ); /* Exercise the derived key. */ - if( ! exercise_key( derived_handle, derived_usage, derived_alg ) ) + if( ! exercise_key( derived_key, derived_usage, derived_alg ) ) goto exit; exit: psa_key_derivation_abort( &operation ); psa_reset_key_attributes( &got_attributes ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -5117,8 +5093,8 @@ void derive_key_export( int alg_arg, int bytes1_arg, int bytes2_arg ) { - psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; size_t bytes1 = bytes1_arg; size_t bytes2 = bytes2_arg; @@ -5138,10 +5114,10 @@ void derive_key_export( int alg_arg, psa_set_key_algorithm( &base_attributes, alg ); psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); /* Derive some material and output it. */ - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5152,7 +5128,7 @@ void derive_key_export( int alg_arg, PSA_ASSERT( psa_key_derivation_abort( &operation ) ); /* Derive the same output again, but this time store it in key objects. */ - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, capacity ) ) goto exit; @@ -5162,16 +5138,16 @@ void derive_key_export( int alg_arg, psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); - PSA_ASSERT( psa_export_key( derived_handle, + &derived_key ) ); + PSA_ASSERT( psa_export_key( derived_key, export_buffer, bytes1, &length ) ); TEST_EQUAL( length, bytes1 ); - PSA_ASSERT( psa_destroy_key( derived_handle ) ); + PSA_ASSERT( psa_destroy_key( derived_key ) ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); - PSA_ASSERT( psa_export_key( derived_handle, + &derived_key ) ); + PSA_ASSERT( psa_export_key( derived_key, export_buffer + bytes1, bytes2, &length ) ); TEST_EQUAL( length, bytes2 ); @@ -5184,8 +5160,8 @@ exit: mbedtls_free( output_buffer ); mbedtls_free( export_buffer ); psa_key_derivation_abort( &operation ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -5196,8 +5172,8 @@ void derive_key( int alg_arg, int type_arg, int bits_arg, int expected_status_arg ) { - psa_key_handle_t base_handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t derived_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t type = type_arg; size_t bits = bits_arg; @@ -5212,9 +5188,9 @@ void derive_key( int alg_arg, psa_set_key_algorithm( &base_attributes, alg ); psa_set_key_type( &base_attributes, PSA_KEY_TYPE_DERIVE ); PSA_ASSERT( psa_import_key( &base_attributes, key_data->x, key_data->len, - &base_handle ) ); + &base_key ) ); - if( !setup_key_derivation_wrap( &operation, base_handle, alg, + if( !setup_key_derivation_wrap( &operation, base_key, alg, input1->x, input1->len, input2->x, input2->len, SIZE_MAX ) ) goto exit; @@ -5224,13 +5200,13 @@ void derive_key( int alg_arg, psa_set_key_type( &derived_attributes, type ); psa_set_key_bits( &derived_attributes, bits ); TEST_EQUAL( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ), + &derived_key ), expected_status ); exit: psa_key_derivation_abort( &operation ); - psa_destroy_key( base_handle ); - psa_destroy_key( derived_handle ); + psa_destroy_key( base_key ); + psa_destroy_key( derived_key ); PSA_DONE( ); } /* END_CASE */ @@ -5241,7 +5217,7 @@ void key_agreement_setup( int alg_arg, data_t *our_key_data, data_t *peer_key_data, int expected_status_arg ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_algorithm_t our_key_alg = our_key_alg_arg; psa_key_type_t our_key_type = our_key_type_arg; @@ -5290,7 +5266,7 @@ void raw_key_agreement( int alg_arg, data_t *peer_key_data, data_t *expected_output ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -5327,7 +5303,7 @@ void key_agreement_capacity( int alg_arg, data_t *peer_key_data, int expected_capacity_arg ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5387,7 +5363,7 @@ void key_agreement_output( int alg_arg, data_t *peer_key_data, data_t *expected_output1, data_t *expected_output2 ) { - psa_key_handle_t our_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -5501,7 +5477,7 @@ void generate_key( int type_arg, int alg_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; psa_key_usage_t usage = usage_arg; size_t bits = bits_arg; @@ -5518,22 +5494,22 @@ void generate_key( int type_arg, psa_set_key_bits( &attributes, bits ); /* Generate a key */ - TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status ); + TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); if( expected_status != PSA_SUCCESS ) goto exit; /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &got_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) ); TEST_EQUAL( psa_get_key_type( &got_attributes ), type ); TEST_EQUAL( psa_get_key_bits( &got_attributes ), bits ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; exit: psa_reset_key_attributes( &got_attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -5543,7 +5519,7 @@ void generate_key_rsa( int bits_arg, data_t *e_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; size_t bits = bits_arg; psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; @@ -5578,12 +5554,12 @@ void generate_key_rsa( int bits_arg, psa_set_key_bits( &attributes, bits ); /* Generate a key */ - TEST_EQUAL( psa_generate_key( &attributes, &handle ), expected_status ); + TEST_EQUAL( psa_generate_key( &attributes, &key ), expected_status ); if( expected_status != PSA_SUCCESS ) goto exit; /* Test the key information */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_bits( &attributes ), bits ); PSA_ASSERT( psa_get_key_domain_parameters( &attributes, @@ -5595,11 +5571,11 @@ void generate_key_rsa( int bits_arg, ASSERT_COMPARE( e_read_buffer, e_read_length, e_arg->x, e_arg->len ); /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage, alg ) ) + if( ! exercise_key( key, usage, alg ) ) goto exit; /* Export the key and check the public exponent. */ - PSA_ASSERT( psa_export_public_key( handle, + PSA_ASSERT( psa_export_public_key( key, exported, exported_size, &exported_length ) ); { @@ -5634,7 +5610,7 @@ void generate_key_rsa( int bits_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( e_read_buffer ); mbedtls_free( exported ); @@ -5649,8 +5625,8 @@ void persistent_key_load_key_from_storage( data_t *data, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 1 ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; - psa_key_handle_t base_key = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t type = type_arg; size_t bits = bits_arg; psa_key_usage_t usage_flags = usage_flags_arg; @@ -5681,12 +5657,12 @@ void persistent_key_load_key_from_storage( data_t *data, case IMPORT_KEY: /* Import the key */ PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, - &handle ) ); + &key ) ); break; case GENERATE_KEY: /* Generate a key */ - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &key ) ); break; case DERIVE_KEY: @@ -5711,10 +5687,10 @@ void persistent_key_load_key_from_storage( data_t *data, NULL, 0 ) ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &handle ) ); + &key ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); - base_key = PSA_KEY_HANDLE_INIT; + base_key = MBEDTLS_SVC_KEY_ID_INIT; } break; } @@ -5723,7 +5699,7 @@ void persistent_key_load_key_from_storage( data_t *data, /* Export the key if permitted by the key policy. */ if( usage_flags & PSA_KEY_USAGE_EXPORT ) { - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, first_export, export_size, &first_exported_length ) ); if( generation_method == IMPORT_KEY ) @@ -5732,13 +5708,12 @@ void persistent_key_load_key_from_storage( data_t *data, } /* Shutdown and restart */ - PSA_ASSERT( psa_close_key( handle ) ); + PSA_ASSERT( psa_purge_key( key ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); /* Check key slot still contains key data */ - PSA_ASSERT( psa_open_key( key_id, &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -5751,7 +5726,7 @@ void persistent_key_load_key_from_storage( data_t *data, /* Export the key again if permitted by the key policy. */ if( usage_flags & PSA_KEY_USAGE_EXPORT ) { - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( key, second_export, export_size, &second_exported_length ) ); ASSERT_COMPARE( first_export, first_exported_length, @@ -5759,7 +5734,7 @@ void persistent_key_load_key_from_storage( data_t *data, } /* Do something with the key according to its type and permitted usage. */ - if( ! exercise_key( handle, usage_flags, alg ) ) + if( ! exercise_key( key, usage_flags, alg ) ) goto exit; exit: @@ -5768,14 +5743,7 @@ exit: mbedtls_free( second_export ); psa_key_derivation_abort( &operation ); psa_destroy_key( base_key ); - if( psa_key_handle_is_null( handle ) ) - { - /* In case there was a test failure after creating the persistent key - * but while it was not open, try to re-open the persistent key - * to delete it. */ - (void) psa_open_key( key_id, &handle ); - } - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 53df781e0..415418854 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -19,7 +19,7 @@ void ecdsa_sign( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); uint8_t signature[64]; @@ -34,7 +34,7 @@ void ecdsa_sign( int force_status_arg, psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, key_input->x, key_input->len, - &handle ); + &key ); test_driver_signature_sign_hooks.forced_status = force_status; if( fake_output == 1 ) @@ -43,7 +43,7 @@ void ecdsa_sign( int force_status_arg, test_driver_signature_sign_hooks.forced_output_length = expected_output->len; } - actual_status = psa_sign_hash( handle, alg, + actual_status = psa_sign_hash( key, alg, data_input->x, data_input->len, signature, sizeof( signature ), &signature_length ); @@ -57,7 +57,7 @@ void ecdsa_sign( int force_status_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_signature_sign_hooks = test_driver_signature_hooks_init(); } @@ -73,7 +73,7 @@ void ecdsa_verify( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); psa_status_t actual_status; @@ -88,7 +88,7 @@ void ecdsa_verify( int force_status_arg, psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, key_input->x, key_input->len, - &handle ); + &key ); } else { @@ -98,12 +98,12 @@ void ecdsa_verify( int force_status_arg, psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, key_input->x, key_input->len, - &handle ); + &key ); } test_driver_signature_verify_hooks.forced_status = force_status; - actual_status = psa_verify_hash( handle, alg, + actual_status = psa_verify_hash( key, alg, data_input->x, data_input->len, signature_input->x, signature_input->len ); TEST_EQUAL( actual_status, expected_status ); @@ -111,7 +111,7 @@ void ecdsa_verify( int force_status_arg, exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_signature_verify_hooks = test_driver_signature_hooks_init(); } @@ -124,7 +124,7 @@ void generate_key( int force_status_arg, { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); const uint8_t *expected_output = NULL; @@ -152,13 +152,13 @@ void generate_key( int force_status_arg, PSA_ASSERT( psa_crypto_init( ) ); - actual_status = psa_generate_key( &attributes, &handle ); + actual_status = psa_generate_key( &attributes, &key ); TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); if( actual_status == PSA_SUCCESS ) { - psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + psa_export_key( key, actual_output, sizeof(actual_output), &actual_output_length ); if( fake_output->len > 0 ) { @@ -178,7 +178,7 @@ void generate_key( int force_status_arg, } exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } @@ -193,7 +193,7 @@ void validate_key( int force_status_arg, psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; psa_key_type_t key_type = key_type_arg; - psa_key_handle_t handle = 0; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t actual_status; test_driver_key_management_hooks = test_driver_key_management_hooks_init(); @@ -207,12 +207,12 @@ void validate_key( int force_status_arg, PSA_ASSERT( psa_crypto_init( ) ); - actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &handle ); + actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key ); TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); TEST_EQUAL( actual_status, expected_status ); exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } @@ -220,13 +220,13 @@ exit: /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int mock_output_arg, int force_status_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -247,10 +247,10 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -305,7 +305,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -313,13 +313,13 @@ exit: /* BEGIN_CASE */ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -339,10 +339,10 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_encrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -390,7 +390,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -398,13 +398,13 @@ exit: /* BEGIN_CASE */ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, int first_part_size_arg, int output1_length_arg, int output2_length_arg, data_t *expected_output ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; size_t first_part_size = first_part_size_arg; @@ -424,10 +424,10 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -477,7 +477,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -485,13 +485,13 @@ exit: /* BEGIN_CASE */ void cipher_decrypt( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input, data_t *expected_output, int mock_output_arg, int force_status_arg, int expected_status_arg ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -512,10 +512,10 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); - PSA_ASSERT( psa_cipher_decrypt_setup( &operation, - handle, alg ) ); + PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); test_driver_cipher_hooks.hits = 0; @@ -569,7 +569,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } @@ -577,10 +577,10 @@ exit: /* BEGIN_CASE */ void cipher_entry_points( int alg_arg, int key_type_arg, - data_t *key, data_t *iv, + data_t *key_data, data_t *iv, data_t *input ) { - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; @@ -600,12 +600,12 @@ void cipher_entry_points( int alg_arg, int key_type_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, key_type ); - PSA_ASSERT( psa_import_key( &attributes, key->x, key->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); /* Test setup call, encrypt */ test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); /* When setup fails, it shouldn't call any further entry points */ TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); @@ -615,8 +615,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, TEST_EQUAL( test_driver_cipher_hooks.hits, 0 ); /* Test setup call failure, decrypt */ - status = psa_cipher_decrypt_setup( &operation, - handle, alg ); + status = psa_cipher_decrypt_setup( &operation, key, alg ); /* When setup fails, it shouldn't call any further entry points */ TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); @@ -627,8 +626,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test IV setting failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -650,8 +648,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test IV generation failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -673,8 +670,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test update failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -704,8 +700,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* Test finish failure */ test_driver_cipher_hooks.forced_status = PSA_SUCCESS; - status = psa_cipher_encrypt_setup( &operation, - handle, alg ); + status = psa_cipher_encrypt_setup( &operation, key, alg ); TEST_EQUAL( test_driver_cipher_hooks.hits, 1 ); TEST_EQUAL( status, test_driver_cipher_hooks.forced_status ); test_driver_cipher_hooks.hits = 0; @@ -744,7 +739,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, exit: psa_cipher_abort( &operation ); mbedtls_free( output ); - psa_destroy_key( handle ); + psa_destroy_key( key ); PSA_DONE( ); test_driver_cipher_hooks = test_driver_cipher_hooks_init(); } diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index d587886dc..62ef6e2d7 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -185,7 +185,7 @@ void validate_module_init_key_based( int count ) psa_status_t status; uint8_t data[10] = { 0 }; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); + mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0xdead, 0xdead ); int i; for( i = 0; i < count; i++ ) @@ -195,9 +195,9 @@ void validate_module_init_key_based( int count ) PSA_DONE( ); } psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - status = psa_import_key( &attributes, data, sizeof( data ), &handle ); + status = psa_import_key( &attributes, data, sizeof( data ), &key ); TEST_EQUAL( status, PSA_ERROR_BAD_STATE ); - TEST_ASSERT( psa_key_handle_is_null( handle ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( key ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 34b88a70b..ed30848ad 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -117,7 +117,6 @@ exit: void save_large_persistent_key( int data_length_arg, int expected_status ) { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; uint8_t *data = NULL; size_t data_length = data_length_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -129,11 +128,11 @@ void save_large_persistent_key( int data_length_arg, int expected_status ) psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - TEST_EQUAL( psa_import_key( &attributes, data, data_length, &handle ), + TEST_EQUAL( psa_import_key( &attributes, data, data_length, &key_id ), expected_status ); if( expected_status == PSA_SUCCESS ) - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: mbedtls_free( data ); @@ -149,7 +148,7 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t first_type = (psa_key_type_t) first_type_arg; psa_key_type_t second_type = (psa_key_type_t) second_type_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -160,24 +159,21 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, psa_set_key_type( &attributes, first_type ); PSA_ASSERT( psa_import_key( &attributes, first_data->x, first_data->len, - &handle ) ); + &returned_key_id ) ); if( restart ) { - psa_close_key( handle ); + psa_close_key( key_id ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 1 ); /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); /* Check key slot storage is removed */ TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); - TEST_EQUAL( psa_open_key( key_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_ASSERT( psa_key_handle_is_null( handle ) ); /* Shutdown and restart */ PSA_DONE(); @@ -187,9 +183,9 @@ void persistent_key_destroy( int owner_id_arg, int key_id_arg, int restart, psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, second_type ); PSA_ASSERT( psa_import_key( &attributes, second_data->x, second_data->len, - &handle ) ); + &returned_key_id ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: PSA_DONE(); @@ -203,42 +199,44 @@ void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( owner_id_arg, key_id_arg ); + mbedtls_svc_key_id_t returned_key_id; psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init() ); psa_set_key_id( &attributes, key_id ); psa_set_key_type( &attributes, type ); - TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &handle ), + TEST_EQUAL( psa_import_key( &attributes, data->x, data->len, &returned_key_id ), expected_status ); if( expected_status != PSA_SUCCESS ) { + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_key_id ) ); TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); goto exit; } + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key_id ) ); + if( restart ) { - psa_close_key( handle ); + PSA_ASSERT( psa_purge_key( key_id ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); - TEST_ASSERT( mbedtls_svc_key_id_equal( - psa_get_key_id( &attributes ), key_id ) ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), + key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), PSA_KEY_LIFETIME_PERSISTENT ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); TEST_EQUAL( psa_get_key_usage_flags( &attributes ), 0 ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); exit: psa_reset_key_attributes( &attributes ); @@ -254,7 +252,7 @@ void import_export_persistent_key( data_t *data, int type_arg, { mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make( 1, 42 ); psa_key_type_t type = (psa_key_type_t) type_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; unsigned char *exported = NULL; size_t export_size = data->len; size_t exported_length; @@ -269,20 +267,20 @@ void import_export_persistent_key( data_t *data, int type_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); /* Import the key */ - PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, &handle ) ); + PSA_ASSERT( psa_import_key( &attributes, data->x, data->len, + &returned_key_id ) ); if( restart ) { - psa_close_key( handle ); + PSA_ASSERT( psa_purge_key( key_id ) ); PSA_DONE(); PSA_ASSERT( psa_crypto_init() ); - PSA_ASSERT( psa_open_key( key_id, &handle ) ); } /* Test the key information */ psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key_id, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), key_id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -299,13 +297,13 @@ void import_export_persistent_key( data_t *data, int type_arg, psa_destroy_persistent_key( key_id ); } /* Export the key */ - PSA_ASSERT( psa_export_key( handle, exported, export_size, + PSA_ASSERT( psa_export_key( key_id, exported, export_size, &exported_length ) ); ASSERT_COMPARE( data->x, data->len, exported, exported_length ); /* Destroy the key */ - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key_id ) ); TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); exit: diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index f22e6b7ec..e5f87e08b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -367,7 +367,7 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context, size_t *data_length ) { psa_status_t status; - psa_key_handle_t handle; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; (void) context; @@ -379,11 +379,11 @@ static psa_status_t ram_export_public( psa_drv_se_context_t *context, status = psa_import_key( &attributes, ram_slots[slot_number].content, PSA_BITS_TO_BYTES( ram_slots[slot_number].bits ), - &handle ); + &key ); if( status != PSA_SUCCESS ) return( status ); - status = psa_export_public_key( handle, data, data_size, data_length ); - psa_destroy_key( handle ); + status = psa_export_public_key( key, data, data_size, data_length ); + psa_destroy_key( key ); return( PSA_SUCCESS ); } @@ -450,7 +450,7 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -463,13 +463,13 @@ static psa_status_t ram_sign( psa_drv_se_context_t *context, DRIVER_ASSERT( psa_import_key( &attributes, slot->content, PSA_BITS_TO_BYTES( slot->bits ), - &handle ) == PSA_SUCCESS ); - status = psa_sign_hash( handle, alg, + &key ) == PSA_SUCCESS ); + status = psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( status ); } @@ -483,7 +483,7 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, { ram_slot_t *slot; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; (void) context; @@ -496,20 +496,18 @@ static psa_status_t ram_verify( psa_drv_se_context_t *context, DRIVER_ASSERT( psa_import_key( &attributes, slot->content, PSA_BITS_TO_BYTES( slot->bits ), - &handle ) == + &key ) == PSA_SUCCESS ); - status = psa_verify_hash( handle, alg, + status = psa_verify_hash( key, alg, hash, hash_length, signature, signature_length ); exit: - psa_destroy_key( handle ); + psa_destroy_key( key ); return( status ); } - - /****************************************************************/ /* Other test helper functions */ /****************************************************************/ @@ -524,13 +522,13 @@ typedef enum /* Check that the attributes of a key reported by psa_get_key_attributes() * are consistent with the attributes used when creating the key. */ static int check_key_attributes( - psa_key_handle_t handle, + mbedtls_svc_key_id_t key, const psa_key_attributes_t *reference_attributes ) { int ok = 0; psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; - PSA_ASSERT( psa_get_key_attributes( handle, &actual_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( key, &actual_attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &actual_attributes ), @@ -654,7 +652,7 @@ static int is_status_smoke_free( psa_status_t status ) * mostly bogus parameters: the goal is to ensure that there is no memory * corruption or crash. This test function is most useful when run under * an environment with sanity checks such as ASan or MSan. */ -static int smoke_test_key( psa_key_handle_t handle ) +static int smoke_test_key( mbedtls_svc_key_id_t key ) { int ok = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -664,54 +662,54 @@ static int smoke_test_key( psa_key_handle_t handle ) PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t buffer[80]; /* large enough for a public key for ECDH */ size_t length; - psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT; - SMOKE_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + SMOKE_ASSERT( psa_get_key_attributes( key, &attributes ) ); - SMOKE_ASSERT( psa_export_key( handle, + SMOKE_ASSERT( psa_export_key( key, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_export_public_key( handle, + SMOKE_ASSERT( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_copy_key( handle, &attributes, &handle2 ) ); - if( ! psa_key_handle_is_null( handle2 ) ) - PSA_ASSERT( psa_close_key( handle2 ) ); + SMOKE_ASSERT( psa_copy_key( key, &attributes, &key2 ) ); + if( ! mbedtls_svc_key_id_is_null( key2 ) ) + PSA_ASSERT( psa_destroy_key( key2 ) ); - SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, handle, PSA_ALG_CMAC ) ); + SMOKE_ASSERT( psa_mac_sign_setup( &mac_operation, key, PSA_ALG_CMAC ) ); PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, handle, + SMOKE_ASSERT( psa_mac_verify_setup( &mac_operation, key, PSA_ALG_HMAC( PSA_ALG_SHA_256 ) ) ); PSA_ASSERT( psa_mac_abort( &mac_operation ) ); - SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, handle, + SMOKE_ASSERT( psa_cipher_encrypt_setup( &cipher_operation, key, PSA_ALG_CTR ) ); PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, handle, + SMOKE_ASSERT( psa_cipher_decrypt_setup( &cipher_operation, key, PSA_ALG_CTR ) ); PSA_ASSERT( psa_cipher_abort( &cipher_operation ) ); - SMOKE_ASSERT( psa_aead_encrypt( handle, PSA_ALG_CCM, + SMOKE_ASSERT( psa_aead_encrypt( key, PSA_ALG_CCM, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer), buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_aead_decrypt( handle, PSA_ALG_CCM, + SMOKE_ASSERT( psa_aead_decrypt( key, PSA_ALG_CCM, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer), buffer, sizeof( buffer), &length ) ); - SMOKE_ASSERT( psa_sign_hash( handle, PSA_ALG_ECDSA_ANY, + SMOKE_ASSERT( psa_sign_hash( key, PSA_ALG_ECDSA_ANY, buffer, 32, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_verify_hash( handle, PSA_ALG_ECDSA_ANY, + SMOKE_ASSERT( psa_verify_hash( key, PSA_ALG_ECDSA_ANY, buffer, 32, buffer, sizeof( buffer ) ) ); - SMOKE_ASSERT( psa_asymmetric_encrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT, + SMOKE_ASSERT( psa_asymmetric_encrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, buffer, 10, NULL, 0, buffer, sizeof( buffer ), &length ) ); - SMOKE_ASSERT( psa_asymmetric_decrypt( handle, PSA_ALG_RSA_PKCS1V15_CRYPT, + SMOKE_ASSERT( psa_asymmetric_decrypt( key, PSA_ALG_RSA_PKCS1V15_CRYPT, buffer, sizeof( buffer ), NULL, 0, buffer, sizeof( buffer ), &length ) ); @@ -724,12 +722,12 @@ static int smoke_test_key( psa_key_handle_t handle ) NULL, 0 ) ); SMOKE_ASSERT( psa_key_derivation_input_key( &derivation_operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle ) ); + key ) ); PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); /* If the key is asymmetric, try it in a key agreement, both as * part of a derivation operation and standalone. */ - if( psa_export_public_key( handle, buffer, sizeof( buffer ), &length ) == + if( psa_export_public_key( key, buffer, sizeof( buffer ), &length ) == PSA_SUCCESS ) { psa_algorithm_t alg = @@ -742,11 +740,11 @@ static int smoke_test_key( psa_key_handle_t handle ) SMOKE_ASSERT( psa_key_derivation_key_agreement( &derivation_operation, PSA_KEY_DERIVATION_INPUT_SECRET, - handle, buffer, length ) ); + key, buffer, length ) ); PSA_ASSERT( psa_key_derivation_abort( &derivation_operation ) ); SMOKE_ASSERT( psa_raw_key_agreement( - alg, handle, buffer, length, + alg, key, buffer, length, buffer, sizeof( buffer ), &length ) ); } #endif /* MBEDTLS_SHA256_C */ @@ -880,7 +878,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -909,7 +908,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) @@ -940,7 +939,8 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { /* Check that the PSA core has no knowledge of the volatile key */ - TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST ); + TEST_ASSERT( psa_open_key( returned_id, &handle ) == + PSA_ERROR_DOES_NOT_EXIST ); /* Drop data from our mockup driver */ ram_slots_reset(); @@ -948,20 +948,16 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) /* Re-import key */ PSA_ASSERT( psa_import_key( &attributes, - key_material, sizeof( key_material ), - &handle ) ); + key_material, sizeof( key_material ), + &returned_id ) ); } else { - - /* Check we can re-open the persistent key */ + /* Check the persistent key file */ if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - - /* Check that the PSA core still knows about the key */ - PSA_ASSERT( psa_open_key( id, &handle ) ); } } @@ -972,24 +968,23 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( sizeof( key_material ) ) ); psa_set_key_slot_number( &attributes, min_slot ); - psa_set_key_id( &attributes, handle ); - if( ! check_key_attributes( handle, &attributes ) ) + psa_set_key_id( &attributes, returned_id ); + if( ! check_key_attributes( returned_id, &attributes ) ) goto exit; /* Test the key data. */ - PSA_ASSERT( psa_export_key( handle, + PSA_ASSERT( psa_export_key( returned_id, exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( key_material, sizeof( key_material ), exported, exported_length ); - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( returned_id ) ); if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), + TEST_EQUAL( psa_open_key( returned_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); /* Test that the key has been erased from the designated slot. */ @@ -1015,7 +1010,8 @@ void key_creation_in_chosen_slot( int slot_arg, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -1042,7 +1038,7 @@ void key_creation_in_chosen_slot( int slot_arg, psa_set_key_slot_number( &attributes, wanted_slot ); status = psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ); + &returned_id ); TEST_EQUAL( status, expected_status ); if( status != PSA_SUCCESS ) @@ -1062,7 +1058,6 @@ void key_creation_in_chosen_slot( int slot_arg, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); } /* Test that the key was created in the expected slot. */ @@ -1070,16 +1065,14 @@ void key_creation_in_chosen_slot( int slot_arg, /* Test that the key is reported with the correct attributes, * including the expected slot. */ - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &ram_shadow_slot_usage, sizeof( ram_shadow_slot_usage ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1099,7 +1092,8 @@ void import_key_smoke( int type_arg, int alg_arg, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1127,13 +1121,13 @@ void import_key_smoke( int type_arg, int alg_arg, psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_material->x, key_material->len, - &handle ) ); + &returned_id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; /* Do stuff with the key. */ - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* Restart and try again. */ @@ -1143,18 +1137,15 @@ void import_key_smoke( int type_arg, int alg_arg, if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* We're done. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1173,7 +1164,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1193,7 +1184,7 @@ void generate_key_not_supported( int type_arg, int bits_arg ) psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - TEST_EQUAL( psa_generate_key( &attributes, &handle ), + TEST_EQUAL( psa_generate_key( &attributes, &returned_id ), PSA_ERROR_NOT_SUPPORTED ); exit: @@ -1214,7 +1205,8 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; + psa_key_handle_t handle; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_USES_KEY_ID( id ); @@ -1241,13 +1233,13 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); psa_set_key_bits( &attributes, bits ); - PSA_ASSERT( psa_generate_key( &attributes, &handle ) ); + PSA_ASSERT( psa_generate_key( &attributes, &returned_id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; /* Do stuff with the key. */ - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* Restart and try again. */ @@ -1257,18 +1249,15 @@ void generate_key_smoke( int type_arg, int bits_arg, int alg_arg ) if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! smoke_test_key( handle ) ) + if( ! smoke_test_key( id ) ) goto exit; /* We're done. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; + PSA_ASSERT( psa_destroy_key( id ) ); if( ! check_persistent_data( location, &shadow_counter, sizeof( shadow_counter ) ) ) goto exit; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -1296,8 +1285,8 @@ void sign_verify( int flow, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t drv_handle = PSA_KEY_HANDLE_INIT; /* key managed by the driver */ - psa_key_handle_t sw_handle = PSA_KEY_HANDLE_INIT; /* transparent key */ + mbedtls_svc_key_id_t returned_id; + mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t drv_attributes; uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; @@ -1352,11 +1341,11 @@ void sign_verify( int flow, if( generating ) { psa_set_key_bits( &drv_attributes, bits ); - PSA_ASSERT( psa_generate_key( &drv_attributes, &drv_handle ) ); + PSA_ASSERT( psa_generate_key( &drv_attributes, &returned_id ) ); /* Since we called a generate method that does not actually * generate material, store the desired result of generation in * the mock secure element storage. */ - PSA_ASSERT( psa_get_key_attributes( drv_handle, &drv_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &drv_attributes ) ); TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) ); memcpy( ram_slots[ram_min_slot].content, key_material->x, key_material->len ); @@ -1365,7 +1354,7 @@ void sign_verify( int flow, { PSA_ASSERT( psa_import_key( &drv_attributes, key_material->x, key_material->len, - &drv_handle ) ); + &returned_id ) ); } /* Either import the same key in software, or export the driver's @@ -1376,20 +1365,20 @@ void sign_verify( int flow, case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: PSA_ASSERT( psa_import_key( &sw_attributes, key_material->x, key_material->len, - &sw_handle ) ); + &sw_key ) ); break; case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: { uint8_t public_key[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )]; size_t public_key_length; - PSA_ASSERT( psa_export_public_key( drv_handle, + PSA_ASSERT( psa_export_public_key( id, public_key, sizeof( public_key ), &public_key_length ) ); psa_set_key_type( &sw_attributes, PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( type ) ); PSA_ASSERT( psa_import_key( &sw_attributes, public_key, public_key_length, - &sw_handle ) ); + &sw_key ) ); break; } } @@ -1400,16 +1389,14 @@ void sign_verify( int flow, case SIGN_IN_DRIVER_AND_PARALLEL_CREATION: case SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC: PSA_ASSERT_VIA_DRIVER( - psa_sign_hash( drv_handle, - alg, + psa_sign_hash( id, alg, input->x, input->len, signature, sizeof( signature ), &signature_length ), PSA_SUCCESS ); break; case SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION: - PSA_ASSERT( psa_sign_hash( sw_handle, - alg, + PSA_ASSERT( psa_sign_hash( sw_key, alg, input->x, input->len, signature, sizeof( signature ), &signature_length ) ); @@ -1417,30 +1404,30 @@ void sign_verify( int flow, } /* Verify with both keys. */ - PSA_ASSERT( psa_verify_hash( sw_handle, alg, + PSA_ASSERT( psa_verify_hash( sw_key, alg, input->x, input->len, signature, signature_length ) ); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( drv_handle, alg, + psa_verify_hash( id, alg, input->x, input->len, signature, signature_length ), PSA_SUCCESS ); /* Change the signature and verify again. */ signature[0] ^= 1; - TEST_EQUAL( psa_verify_hash( sw_handle, alg, + TEST_EQUAL( psa_verify_hash( sw_key, alg, input->x, input->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); PSA_ASSERT_VIA_DRIVER( - psa_verify_hash( drv_handle, alg, + psa_verify_hash( id, alg, input->x, input->len, signature, signature_length ), PSA_ERROR_INVALID_SIGNATURE ); exit: - psa_destroy_key( drv_handle ); - psa_destroy_key( sw_handle ); + psa_destroy_key( id ); + psa_destroy_key( sw_key ); PSA_DONE( ); ram_slots_reset( ); psa_purge_storage( ); @@ -1461,9 +1448,9 @@ void register_key_smoke_test( int lifetime_arg, psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); + psa_key_handle_t handle; size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_status_t status; TEST_USES_KEY_ID( id ); @@ -1499,10 +1486,8 @@ void register_key_smoke_test( int lifetime_arg, goto exit; /* Test that the key exists and has the expected attributes. */ - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! check_key_attributes( handle, &attributes ) ) + if( ! check_key_attributes( id, &attributes ) ) goto exit; - PSA_ASSERT( psa_close_key( handle ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) mbedtls_svc_key_id_t invalid_id = @@ -1510,22 +1495,21 @@ void register_key_smoke_test( int lifetime_arg, TEST_EQUAL( psa_open_key( invalid_id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); #endif + PSA_ASSERT( psa_purge_key( id ) ); + /* Restart and try again. */ PSA_DONE( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - PSA_ASSERT( psa_open_key( id, &handle ) ); - if( ! check_key_attributes( handle, &attributes ) ) + if( ! check_key_attributes( id, &attributes ) ) goto exit; /* This time, destroy the key. */ - PSA_ASSERT( psa_destroy_key( handle ) ); - handle = PSA_KEY_HANDLE_INIT; - TEST_EQUAL( psa_open_key( id, &handle ), - PSA_ERROR_DOES_NOT_EXIST ); + PSA_ASSERT( psa_destroy_key( id ) ); + TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: psa_reset_key_attributes( &attributes ); - psa_destroy_key( handle ); + psa_destroy_key( id ); PSA_DONE( ); psa_purge_storage( ); memset( &validate_slot_number_directions, 0, diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 0e2e203c8..629c924ed 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -333,7 +333,7 @@ void mock_import( int mock_alloc_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; @@ -357,7 +357,7 @@ void mock_import( int mock_alloc_return_value, psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); TEST_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) == expected_result ); + &returned_id ) == expected_result ); TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_import_data.called == @@ -385,7 +385,7 @@ void mock_import( int mock_alloc_return_value, if( expected_result == PSA_SUCCESS ) { - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); } exit: @@ -402,7 +402,7 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -428,15 +428,15 @@ void mock_export( int mock_export_return_value, int expected_result ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_export_key( handle, - exported, sizeof( exported ), - &exported_length ) == expected_result ); + TEST_ASSERT( psa_export_key( id, + exported, sizeof( exported ), + &exported_length ) == expected_result ); TEST_ASSERT( mock_export_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); @@ -456,7 +456,7 @@ void mock_generate( int mock_alloc_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mock_allocate_data.return_value = mock_alloc_return_value; @@ -477,7 +477,7 @@ void mock_generate( int mock_alloc_return_value, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &attributes, 8 ); - TEST_ASSERT( psa_generate_key( &attributes, &handle ) == expected_result ); + TEST_ASSERT( psa_generate_key( &attributes, &returned_id) == expected_result ); TEST_ASSERT( mock_allocate_data.called == 1 ); TEST_ASSERT( mock_generate_data.called == ( mock_alloc_return_value == PSA_SUCCESS? 1 : 0 ) ); @@ -504,7 +504,7 @@ void mock_generate( int mock_alloc_return_value, if( expected_result == PSA_SUCCESS ) { - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); } @@ -523,7 +523,7 @@ void mock_export_public( int mock_export_public_return_value, psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; uint8_t exported[sizeof( key_material )]; @@ -549,13 +549,13 @@ void mock_export_public( int mock_export_public_return_value, PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_export_public_key( handle, exported, sizeof(exported), + TEST_ASSERT( psa_export_public_key( id, exported, sizeof(exported), &exported_length ) == expected_result ); TEST_ASSERT( mock_export_public_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: @@ -573,7 +573,7 @@ void mock_sign( int mock_sign_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); @@ -607,16 +607,16 @@ void mock_sign( int mock_sign_return_value, int expected_result ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_sign_hash( handle, algorithm, + TEST_ASSERT( psa_sign_hash( id, algorithm, hash, sizeof( hash ), signature, sizeof( signature ), &signature_length) == expected_result ); TEST_ASSERT( mock_sign_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: @@ -634,7 +634,7 @@ void mock_verify( int mock_verify_return_value, int expected_result ) psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, 1 ); - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const uint8_t key_material[3] = {0xfa, 0xca, 0xde}; psa_algorithm_t algorithm = PSA_ALG_ECDSA(PSA_ALG_SHA_256); @@ -667,15 +667,15 @@ void mock_verify( int mock_verify_return_value, int expected_result ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), - &handle ) ); + &returned_id ) ); - TEST_ASSERT( psa_verify_hash( handle, algorithm, + TEST_ASSERT( psa_verify_hash( id, algorithm, hash, sizeof( hash ), signature, sizeof( signature ) ) == expected_result ); TEST_ASSERT( mock_verify_data.called == 1 ); - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( id ) ); TEST_ASSERT( mock_destroy_data.called == 1 ); exit: diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 2b3087ff9..4e959b6d2 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -164,5 +164,5 @@ invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT invalid handle: huge invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE -Open many transient handles -many_transient_handles:42 +Open many transient keys +many_transient_keys:42 diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 12cf3eac9..2f9d01b37 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -7,11 +7,11 @@ typedef enum { - CLOSE_BY_CLOSE, /**< Close the handle(s). */ - CLOSE_BY_DESTROY, /**< Destroy the handle(s). */ - CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing handles. */ - CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close handle(s) then deinit/reinit. */ - CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy handle(s) then deinit/reinit. */ + CLOSE_BY_CLOSE, /**< Close key(s). */ + CLOSE_BY_DESTROY, /**< Destroy key(s) */ + CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing keys. */ + CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close key(s) then deinit/reinit. */ + CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy key(s) then deinit/reinit. */ } close_method_t; typedef enum @@ -74,21 +74,22 @@ static void psa_purge_key_storage( void ) #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -/** Apply \p close_method to invalidate the specified handles: +/** Apply \p close_method to invalidate the specified key: * close it, destroy it, or do nothing; */ -static int invalidate_handle( close_method_t close_method, - psa_key_handle_t handle ) +static int invalidate_key( close_method_t close_method, + mbedtls_svc_key_id_t key ) { switch( close_method ) { + /* Closing the key invalidate only volatile keys, not permanent ones. */ case CLOSE_BY_CLOSE: case CLOSE_BY_CLOSE_WITH_SHUTDOWN: - PSA_ASSERT( psa_close_key( handle ) ); + PSA_ASSERT( psa_close_key( key ) ); break; case CLOSE_BY_DESTROY: case CLOSE_BY_DESTROY_WITH_SHUTDOWN: - PSA_ASSERT( psa_destroy_key( handle ) ); + PSA_ASSERT( psa_destroy_key( key ) ); break; case CLOSE_BY_SHUTDOWN: break; @@ -142,7 +143,7 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; close_method_t close_method = close_method_arg; - psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -152,21 +153,21 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + &key ) ); + TEST_ASSERT( ! mbedtls_svc_key_id_is_null( key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Do something that invalidates the handle. */ - if( ! invalidate_handle( close_method, handle ) ) + /* Do something that invalidates the key. */ + if( ! invalidate_key( close_method, key ) ) goto exit; if( ! invalidate_psa( close_method ) ) goto exit; - /* Test that the handle is now invalid. */ - TEST_EQUAL( psa_get_key_attributes( handle, &attributes ), + /* Test that the key is now invalid. */ + TEST_EQUAL( psa_get_key_attributes( key, &attributes ), PSA_ERROR_DOES_NOT_EXIST ); - TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_close_key( key ), PSA_ERROR_DOES_NOT_EXIST ); exit: PSA_DONE( ); @@ -186,6 +187,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; close_method_t close_method = close_method_arg; + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t read_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -195,14 +197,13 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) mbedtls_svc_key_id_t wrong_owner_id = mbedtls_svc_key_id_make( owner_id_arg + 1, id_arg ); - psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t invalid_svc_key_id = MBEDTLS_SVC_KEY_ID_INIT; #endif TEST_USES_KEY_ID( id ); PSA_ASSERT( psa_crypto_init( ) ); - /* Get a handle and import a key. */ psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, type ); @@ -210,15 +211,15 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_algorithm( &attributes, alg ); psa_set_key_enrollment_algorithm( &attributes, alg2 ); PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, - &handle ) ); - TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); + &returned_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ), PSA_ERROR_DOES_NOT_EXIST ); #endif - PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), id ) ); @@ -227,15 +228,16 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Close the key and reopen it. */ - PSA_ASSERT( psa_close_key( handle ) ); + /* Close the key and then open it. */ + PSA_ASSERT( psa_close_key( id ) ); #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_handle ), + TEST_EQUAL( psa_open_key( wrong_owner_id, &invalid_svc_key_id ), PSA_ERROR_DOES_NOT_EXIST ); #endif PSA_ASSERT( psa_open_key( id, &handle ) ); + TEST_ASSERT( ! psa_key_handle_is_null( handle ) ); PSA_ASSERT( psa_get_key_attributes( handle, &attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); TEST_ASSERT( mbedtls_svc_key_id_equal( @@ -245,13 +247,16 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); - /* Do something that invalidates the handle. */ - if( ! invalidate_handle( close_method, handle ) ) + /* + * Do something that wipes key data in volatile memory or destroy the + * key. + */ + if( ! invalidate_key( close_method, id ) ) goto exit; if( ! invalidate_psa( close_method ) ) goto exit; - /* Try to reopen the key. If we destroyed it, check that it doesn't + /* Try to reaccess the key. If we destroyed it, check that it doesn't * exist. Otherwise check that it still exists and has the expected * content. */ switch( close_method ) @@ -260,7 +265,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, case CLOSE_BY_CLOSE_WITH_SHUTDOWN: case CLOSE_BY_SHUTDOWN: PSA_ASSERT( psa_open_key( id, &handle ) ); - PSA_ASSERT( psa_get_key_attributes( handle, &read_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), psa_get_key_lifetime( &read_attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( @@ -278,17 +283,14 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, if( usage_flags & PSA_KEY_USAGE_EXPORT ) { ASSERT_ALLOC( reexported, key_data->len ); - PSA_ASSERT( psa_export_key( handle, - reexported, key_data->len, + PSA_ASSERT( psa_export_key( id, reexported, key_data->len, &reexported_length ) ); ASSERT_COMPARE( key_data->x, key_data->len, reexported, reexported_length ); } else { - TEST_EQUAL( psa_export_key( handle, - NULL, 0, - &reexported_length ), + TEST_EQUAL( psa_export_key( id, NULL, 0, &reexported_length ), PSA_ERROR_NOT_PERMITTED ); } PSA_ASSERT( psa_close_key( handle ) ); @@ -296,7 +298,14 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, case CLOSE_BY_DESTROY: case CLOSE_BY_DESTROY_WITH_SHUTDOWN: - TEST_EQUAL( psa_open_key( id, &handle ), + /* + * Test that the key handle and identifier are now not refering to an + * existing key. + */ + TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ), + PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_get_key_attributes( id, &read_attributes ), PSA_ERROR_DOES_NOT_EXIST ); break; } @@ -314,8 +323,7 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, { psa_key_lifetime_t lifetime = lifetime_arg; mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); - psa_key_handle_t handle1 = PSA_KEY_HANDLE_INIT; - psa_key_handle_t handle2 = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA; const uint8_t material1[5] = "a key"; @@ -336,26 +344,24 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, 0 ); PSA_ASSERT( psa_import_key( &attributes, material1, sizeof( material1 ), - &handle1 ) ); - TEST_ASSERT( ! psa_key_handle_is_null( handle1 ) ); + &returned_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( id, returned_id ) ); if( reopen_policy == CLOSE_BEFORE ) - PSA_ASSERT( psa_close_key( handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); /* Attempt to create a new key in the same slot. */ TEST_EQUAL( psa_import_key( &attributes, material2, sizeof( material2 ), - &handle2 ), + &returned_id ), PSA_ERROR_ALREADY_EXISTS ); - TEST_ASSERT( psa_key_handle_is_null( handle2 ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) ); if( reopen_policy == CLOSE_AFTER ) - PSA_ASSERT( psa_close_key( handle1 ) ); - if( reopen_policy == CLOSE_BEFORE || reopen_policy == CLOSE_AFTER ) - PSA_ASSERT( psa_open_key( id, &handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); /* Check that the original key hasn't changed. */ psa_reset_key_attributes( &attributes ); - PSA_ASSERT( psa_get_key_attributes( handle1, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( id, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes ), id ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime ); @@ -364,13 +370,13 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, TEST_EQUAL( psa_get_key_usage_flags( &attributes ), PSA_KEY_USAGE_EXPORT ); TEST_EQUAL( psa_get_key_algorithm( &attributes ), 0 ); - PSA_ASSERT( psa_export_key( handle1, + PSA_ASSERT( psa_export_key( id, reexported, sizeof( reexported ), &reexported_length ) ); ASSERT_COMPARE( material1, sizeof( material1 ), reexported, reexported_length ); - PSA_ASSERT( psa_close_key( handle1 ) ); + PSA_ASSERT( psa_close_key( id ) ); exit: PSA_DONE( ); @@ -404,7 +410,8 @@ void create_fail( int lifetime_arg, int id_arg, mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg ); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; - psa_key_handle_t handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); + mbedtls_svc_key_id_t returned_id = + mbedtls_svc_key_id_make( 0xdead, 0xdead ); uint8_t material[1] = {'k'}; TEST_USES_KEY_ID( id ); @@ -415,9 +422,9 @@ void create_fail( int lifetime_arg, int id_arg, psa_set_key_lifetime( &attributes, lifetime ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ), - &handle ), + &returned_id ), expected_status ); - TEST_ASSERT( psa_key_handle_is_null( handle ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( returned_id ) ); exit: PSA_DONE( ); @@ -443,16 +450,17 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, mbedtls_svc_key_id_make( source_owner_id_arg, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t source_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t source_type = type_arg; + mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_lifetime_t target_lifetime = target_lifetime_arg; mbedtls_svc_key_id_t target_id = mbedtls_svc_key_id_make( target_owner_id_arg, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t target_attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_usage_t expected_usage = expected_usage_arg; psa_algorithm_t expected_alg = expected_alg_arg; psa_algorithm_t expected_alg2 = expected_alg2_arg; @@ -473,9 +481,10 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, psa_set_key_enrollment_algorithm( &source_attributes, source_alg2_arg ); PSA_ASSERT( psa_import_key( &source_attributes, material->x, material->len, - &source_handle ) ); + &returned_source_id ) ); /* Update the attributes with the bit size. */ - PSA_ASSERT( psa_get_key_attributes( source_handle, &source_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( returned_source_id, + &source_attributes ) ); /* Prepare the target slot. */ psa_set_key_id( &target_attributes, target_id ); @@ -486,11 +495,11 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, psa_set_key_enrollment_algorithm( &target_attributes, target_alg2_arg ); /* Copy the key. */ - PSA_ASSERT( psa_copy_key( source_handle, - &target_attributes, &target_handle ) ); + PSA_ASSERT( psa_copy_key( returned_source_id, + &target_attributes, &returned_target_id ) ); /* Destroy the source to ensure that this doesn't affect the target. */ - PSA_ASSERT( psa_destroy_key( source_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_source_id ) ); /* If the target key is persistent, restart the system to make * sure that the material is still alive. */ @@ -503,7 +512,8 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, /* Test that the target slot has the expected content. */ psa_reset_key_attributes( &target_attributes ); - PSA_ASSERT( psa_get_key_attributes( target_handle, &target_attributes ) ); + PSA_ASSERT( psa_get_key_attributes( returned_target_id, + &target_attributes ) ); if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) { @@ -513,10 +523,9 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, else { #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( target_id ), + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( returned_target_id ), target_owner_id_arg ); #endif - TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( target_id ), 0 ); } TEST_EQUAL( target_lifetime, psa_get_key_lifetime( &target_attributes ) ); @@ -531,7 +540,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, { size_t length; ASSERT_ALLOC( export_buffer, material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( returned_target_id, export_buffer, material->len, &length ) ); ASSERT_COMPARE( material->x, material->len, export_buffer, length ); @@ -540,12 +549,12 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, { size_t length; /* Check that the key is actually non-exportable. */ - TEST_EQUAL( psa_export_key( target_handle, export_buffer, + TEST_EQUAL( psa_export_key( returned_target_id, export_buffer, material->len, &length ), PSA_ERROR_NOT_PERMITTED ); } - PSA_ASSERT( psa_destroy_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: PSA_DONE( ); @@ -569,16 +578,16 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, mbedtls_svc_key_id_make( 1, source_id_arg ); psa_key_usage_t source_usage = source_usage_arg; psa_algorithm_t source_alg = source_alg_arg; - psa_key_handle_t source_handle = PSA_KEY_HANDLE_INIT; psa_key_type_t source_type = source_type_arg; + mbedtls_svc_key_id_t returned_source_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_lifetime_t target_lifetime = target_lifetime_arg; mbedtls_svc_key_id_t target_id = mbedtls_svc_key_id_make( 1, target_id_arg ); psa_key_usage_t target_usage = target_usage_arg; psa_algorithm_t target_alg = target_alg_arg; - psa_key_handle_t target_handle = PSA_KEY_HANDLE_INIT; psa_key_type_t target_type = target_type_arg; - psa_key_handle_t new_handle = mbedtls_svc_key_id_make( 0xdead, 0xdead ); + mbedtls_svc_key_id_t returned_target_id = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t new_key = MBEDTLS_SVC_KEY_ID_INIT; uint8_t *export_buffer = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes1 = PSA_KEY_ATTRIBUTES_INIT; @@ -600,12 +609,12 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, psa_set_key_algorithm( &attributes, source_alg ); PSA_ASSERT( psa_import_key( &attributes, source_material->x, source_material->len, - &source_handle ) ); + &returned_source_id ) ); /* Populate the target slot. */ if( mbedtls_svc_key_id_equal( target_id, source_id ) ) { - target_handle = source_handle; + returned_target_id = returned_source_id; } else { @@ -616,20 +625,21 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, psa_set_key_algorithm( &attributes1, target_alg ); PSA_ASSERT( psa_import_key( &attributes1, target_material->x, target_material->len, - &target_handle ) ); + &returned_target_id ) ); } - PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes1 ) ); + + PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes1 ) ); /* Make a copy attempt. */ psa_set_key_id( &attributes, target_id ); psa_set_key_lifetime( &attributes, target_lifetime ); - TEST_EQUAL( psa_copy_key( source_handle, - &attributes, &new_handle ), + TEST_EQUAL( psa_copy_key( returned_source_id, + &attributes, &new_key ), PSA_ERROR_ALREADY_EXISTS ); - TEST_ASSERT( psa_key_handle_is_null( new_handle ) ); + TEST_ASSERT( mbedtls_svc_key_id_is_null( new_key ) ); /* Test that the target slot is unaffected. */ - PSA_ASSERT( psa_get_key_attributes( target_handle, &attributes2 ) ); + PSA_ASSERT( psa_get_key_attributes( returned_target_id, &attributes2 ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( psa_get_key_id( &attributes1 ), psa_get_key_id( &attributes2 ) ) ); @@ -647,15 +657,15 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, { size_t length; ASSERT_ALLOC( export_buffer, target_material->len ); - PSA_ASSERT( psa_export_key( target_handle, export_buffer, + PSA_ASSERT( psa_export_key( returned_target_id, export_buffer, target_material->len, &length ) ); ASSERT_COMPARE( target_material->x, target_material->len, export_buffer, length ); } - PSA_ASSERT( psa_destroy_key( source_handle ) ); - if( ! psa_key_handle_equal( target_handle, source_handle ) ) - PSA_ASSERT( psa_destroy_key( target_handle ) ); + PSA_ASSERT( psa_destroy_key( returned_source_id ) ); + if( ! mbedtls_svc_key_id_equal( target_id, source_id ) ) + PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: PSA_DONE( ); @@ -750,51 +760,51 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void many_transient_handles( int max_handles_arg ) +void many_transient_keys( int max_keys_arg ) { - psa_key_handle_t *handles = NULL; - size_t max_handles = max_handles_arg; + mbedtls_svc_key_id_t *keys = NULL; + size_t max_keys = max_keys_arg; size_t i, j; psa_status_t status; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t exported[sizeof( size_t )]; size_t exported_length; - ASSERT_ALLOC( handles, max_handles ); + ASSERT_ALLOC( keys, max_keys ); PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes, 0 ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); - for( i = 0; i < max_handles; i++ ) + for( i = 0; i < max_keys; i++ ) { status = psa_import_key( &attributes, (uint8_t *) &i, sizeof( i ), - &handles[i] ); + &keys[i] ); if( status == PSA_ERROR_INSUFFICIENT_MEMORY ) break; PSA_ASSERT( status ); - TEST_ASSERT( ! psa_key_handle_is_null( handles[i] ) ); + TEST_ASSERT( ! mbedtls_svc_key_id_is_null( keys[i] ) ); for( j = 0; j < i; j++ ) - TEST_ASSERT( ! psa_key_handle_equal( handles[i], handles[j] ) ); + TEST_ASSERT( ! mbedtls_svc_key_id_equal( keys[i], keys[j] ) ); } - max_handles = i; + max_keys = i; - for( i = 1; i < max_handles; i++ ) + for( i = 1; i < max_keys; i++ ) { - PSA_ASSERT( psa_close_key( handles[i - 1] ) ); - PSA_ASSERT( psa_export_key( handles[i], + PSA_ASSERT( psa_close_key( keys[i - 1] ) ); + PSA_ASSERT( psa_export_key( keys[i], exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) ); } - PSA_ASSERT( psa_close_key( handles[i - 1] ) ); + PSA_ASSERT( psa_close_key( keys[i - 1] ) ); exit: PSA_DONE( ); - mbedtls_free( handles ); + mbedtls_free( keys ); } /* END_CASE */ diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 1dd264264..9f2007d0b 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -161,7 +161,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, int cert_type ) { mbedtls_pk_context key; - psa_key_handle_t slot = PSA_KEY_HANDLE_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t md_alg_psa; mbedtls_x509write_csr req; unsigned char buf[4096]; @@ -178,7 +178,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); - TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 ); + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 ); mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_set_md_alg( &req, md_type ); @@ -202,7 +202,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, exit: mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); - psa_destroy_key( slot ); + psa_destroy_key( key_id ); PSA_DONE( ); } /* END_CASE */ From 39309979220294af8f534c2231676cf1dc62ad52 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Oct 2020 17:01:35 +0200 Subject: [PATCH 415/488] tests: slot mgmt: Add purge checks in volatile key lifecycle test Signed-off-by: Ronald Cron --- .../test_suite_psa_crypto_slot_management.function | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 2f9d01b37..9fc2eac6d 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -157,6 +157,16 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, TEST_ASSERT( ! mbedtls_svc_key_id_is_null( key ) ); PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); TEST_EQUAL( psa_get_key_type( &attributes ), type ); + psa_reset_key_attributes( &attributes ); + + /* + * Purge the key and make sure that it is still valid, as purging a + * volatile key shouldn't invalidate/destroy it. + */ + PSA_ASSERT( psa_purge_key( key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + TEST_EQUAL( psa_get_key_type( &attributes ), type ); + psa_reset_key_attributes( &attributes ); /* Do something that invalidates the key. */ if( ! invalidate_key( close_method, key ) ) From e7e86cfa3c7d4d023dc53f0875b5378619e2d140 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Oct 2020 17:24:41 +0200 Subject: [PATCH 416/488] tests: slot mgmt: Rename ways of invalidating keys Rename ways of invalidating keys before introducing key purging tests because the "CLOSE_BY" prefix doesn't get on well with the purge operation. Signed-off-by: Ronald Cron --- ...test_suite_psa_crypto_slot_management.data | 38 ++++----- ..._suite_psa_crypto_slot_management.function | 81 ++++++++++--------- 2 files changed, 64 insertions(+), 55 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 4e959b6d2..e5827b53c 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -1,65 +1,65 @@ Transient slot, check after closing -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Transient slot, check after closing and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE_WITH_SHUTDOWN +transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Transient slot, check after destroying -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Transient slot, check after destroying and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY_WITH_SHUTDOWN +transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN Transient slot, check after restart with live handles -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot, check after closing, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Persistent slot, check after closing and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Persistent slot, check after destroying, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Persistent slot, check after destroying and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Persistent slot, check after restart with live handle, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot, check after closing, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:129:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:129:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Persistent slot, check after destroying, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:130:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_DESTROY +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:130:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Persistent slot, check after restart, id=max -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:131:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:131:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDSA, exportable), close depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:132:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:132:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING Persistent slot: ECP keypair (ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:133:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:133:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDSA, exportable), restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:134:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:134:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:135:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:135:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:136:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:136:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN Attempt to overwrite: close before create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x1736:1:CLOSE_BEFORE diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 9fc2eac6d..3b9ff24c4 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -7,12 +7,21 @@ typedef enum { - CLOSE_BY_CLOSE, /**< Close key(s). */ - CLOSE_BY_DESTROY, /**< Destroy key(s) */ - CLOSE_BY_SHUTDOWN, /**< Deinit and reinit without closing keys. */ - CLOSE_BY_CLOSE_WITH_SHUTDOWN, /**< Close key(s) then deinit/reinit. */ - CLOSE_BY_DESTROY_WITH_SHUTDOWN, /**< Destroy key(s) then deinit/reinit. */ -} close_method_t; + /**< Close key(s) */ + INVALIDATE_BY_CLOSING, + + /**< Destroy key(s) */ + INVALIDATE_BY_DESTROYING, + + /**< Terminate and reinitialize without closing/destroying keys */ + INVALIDATE_BY_SHUTDOWN, + + /**< Close key(s) then terminate and re-initialize */ + INVALIDATE_BY_CLOSING_WITH_SHUTDOWN, + + /**< Destroy key(s) then terminate and re-initialize */ + INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN, +} invalidate_method_t; typedef enum { @@ -74,24 +83,24 @@ static void psa_purge_key_storage( void ) #define TEST_USES_KEY_ID( key_id ) ( (void) ( key_id ) ) #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -/** Apply \p close_method to invalidate the specified key: +/** Apply \p invalidate_method to invalidate the specified key: * close it, destroy it, or do nothing; */ -static int invalidate_key( close_method_t close_method, +static int invalidate_key( invalidate_method_t invalidate_method, mbedtls_svc_key_id_t key ) { - switch( close_method ) + switch( invalidate_method ) { /* Closing the key invalidate only volatile keys, not permanent ones. */ - case CLOSE_BY_CLOSE: - case CLOSE_BY_CLOSE_WITH_SHUTDOWN: + case INVALIDATE_BY_CLOSING: + case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: PSA_ASSERT( psa_close_key( key ) ); break; - case CLOSE_BY_DESTROY: - case CLOSE_BY_DESTROY_WITH_SHUTDOWN: + case INVALIDATE_BY_DESTROYING: + case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: PSA_ASSERT( psa_destroy_key( key ) ); break; - case CLOSE_BY_SHUTDOWN: + case INVALIDATE_BY_SHUTDOWN: break; } return( 1 ); @@ -99,20 +108,20 @@ exit: return( 0 ); } -/** Restart the PSA subsystem if \p close_method says so. */ -static int invalidate_psa( close_method_t close_method ) +/** Restart the PSA subsystem if \p invalidate_method says so. */ +static int invalidate_psa( invalidate_method_t invalidate_method ) { - switch( close_method ) + switch( invalidate_method ) { - case CLOSE_BY_CLOSE: - case CLOSE_BY_DESTROY: + case INVALIDATE_BY_CLOSING: + case INVALIDATE_BY_DESTROYING: return( 1 ); - case CLOSE_BY_CLOSE_WITH_SHUTDOWN: - case CLOSE_BY_DESTROY_WITH_SHUTDOWN: + case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: + case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: /* All keys must have been closed. */ PSA_DONE( ); break; - case CLOSE_BY_SHUTDOWN: + case INVALIDATE_BY_SHUTDOWN: /* Some keys may remain behind, and we're testing that this * properly closes them. */ mbedtls_psa_crypto_free( ); @@ -137,12 +146,12 @@ exit: /* BEGIN_CASE */ void transient_slot_lifecycle( int usage_arg, int alg_arg, int type_arg, data_t *key_data, - int close_method_arg ) + int invalidate_method_arg ) { psa_algorithm_t alg = alg_arg; psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; - close_method_t close_method = close_method_arg; + invalidate_method_t invalidate_method = invalidate_method_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -169,9 +178,9 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, psa_reset_key_attributes( &attributes ); /* Do something that invalidates the key. */ - if( ! invalidate_key( close_method, key ) ) + if( ! invalidate_key( invalidate_method, key ) ) goto exit; - if( ! invalidate_psa( close_method ) ) + if( ! invalidate_psa( invalidate_method ) ) goto exit; /* Test that the key is now invalid. */ @@ -188,7 +197,7 @@ exit: void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, int usage_arg, int alg_arg, int alg2_arg, int type_arg, data_t *key_data, - int close_method_arg ) + int invalidate_method_arg ) { psa_key_lifetime_t lifetime = lifetime_arg; mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( owner_id_arg, id_arg ); @@ -196,7 +205,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, psa_algorithm_t alg2 = alg2_arg; psa_key_usage_t usage_flags = usage_arg; psa_key_type_t type = type_arg; - close_method_t close_method = close_method_arg; + invalidate_method_t invalidate_method = invalidate_method_arg; mbedtls_svc_key_id_t returned_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_handle_t handle = PSA_KEY_HANDLE_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -261,19 +270,19 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, * Do something that wipes key data in volatile memory or destroy the * key. */ - if( ! invalidate_key( close_method, id ) ) + if( ! invalidate_key( invalidate_method, id ) ) goto exit; - if( ! invalidate_psa( close_method ) ) + if( ! invalidate_psa( invalidate_method ) ) goto exit; /* Try to reaccess the key. If we destroyed it, check that it doesn't * exist. Otherwise check that it still exists and has the expected * content. */ - switch( close_method ) + switch( invalidate_method ) { - case CLOSE_BY_CLOSE: - case CLOSE_BY_CLOSE_WITH_SHUTDOWN: - case CLOSE_BY_SHUTDOWN: + case INVALIDATE_BY_CLOSING: + case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: + case INVALIDATE_BY_SHUTDOWN: PSA_ASSERT( psa_open_key( id, &handle ) ); PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) ); TEST_EQUAL( psa_get_key_lifetime( &attributes ), @@ -306,8 +315,8 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, PSA_ASSERT( psa_close_key( handle ) ); break; - case CLOSE_BY_DESTROY: - case CLOSE_BY_DESTROY_WITH_SHUTDOWN: + case INVALIDATE_BY_DESTROYING: + case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: /* * Test that the key handle and identifier are now not refering to an * existing key. From 994b80546cb6c2a0dab05f0407b0409ff5f82002 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Oct 2020 17:59:45 +0200 Subject: [PATCH 417/488] tests: slot mgmt: Fix test data For persistent keys there were two successive INVALIDATE_BY_(CLOSING/DESTROYING) identical tests where the comments of the second test rather indicated that it should had been an INVALIDATE_BY_(CLOSING/DESTROYING)_WITH_SHUTDOWN test. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto_slot_management.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index e5827b53c..c3264895f 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -17,13 +17,13 @@ Persistent slot, check after closing, id=min persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Persistent slot, check after closing and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Persistent slot, check after destroying, id=min persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Persistent slot, check after destroying and restarting, id=min -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN Persistent slot, check after restart with live handle, id=min persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN From f67aefed3f3057aafa597dc7d3fdd1b3c22fd309 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 20 Oct 2020 17:50:24 +0200 Subject: [PATCH 418/488] tests: slot mgmt: Add psa_purge_key testing Signed-off-by: Ronald Cron --- .../test_suite_psa_crypto_slot_management.data | 17 +++++++++++++++++ ...st_suite_psa_crypto_slot_management.function | 15 +++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index c3264895f..bf5a89ecd 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -25,6 +25,12 @@ persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:126:PSA_KEY_ID_USER_MIN:0: Persistent slot, check after destroying and restarting, id=min persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN +Persistent slot, check after purging, id=min +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:200:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING + +Persistent slot, check after purging and restarting, id=min +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:201:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING_WITH_SHUTDOWN + Persistent slot, check after restart with live handle, id=min persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN @@ -34,6 +40,9 @@ persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:129:PSA_KEY_ID_USER_MAX:0: Persistent slot, check after destroying, id=max persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:130:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING +Persistent slot, check after purging, id=max +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:202:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING + Persistent slot, check after restart, id=max persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:131:PSA_KEY_ID_USER_MAX:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN @@ -45,6 +54,10 @@ Persistent slot: ECP keypair (ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:133:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN +Persistent slot: ECP keypair (ECDSA, exportable), purge +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:132:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_PURGING + Persistent slot: ECP keypair (ECDSA, exportable), restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:134:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN @@ -57,6 +70,10 @@ Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:136:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN +Persistent slot: ECP keypair (ECDH+ECDSA, exportable), purge +depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:135:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_PURGING + Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 3b9ff24c4..b334257ba 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -13,6 +13,9 @@ typedef enum /**< Destroy key(s) */ INVALIDATE_BY_DESTROYING, + /**< Purge key(s) */ + INVALIDATE_BY_PURGING, + /**< Terminate and reinitialize without closing/destroying keys */ INVALIDATE_BY_SHUTDOWN, @@ -21,6 +24,9 @@ typedef enum /**< Destroy key(s) then terminate and re-initialize */ INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN, + + /**< Purge key(s) then terminate and re-initialize */ + INVALIDATE_BY_PURGING_WITH_SHUTDOWN, } invalidate_method_t; typedef enum @@ -100,6 +106,11 @@ static int invalidate_key( invalidate_method_t invalidate_method, case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: PSA_ASSERT( psa_destroy_key( key ) ); break; + /* Purging the key just purge RAM data of persitent keys. */ + case INVALIDATE_BY_PURGING: + case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: + PSA_ASSERT( psa_purge_key( key ) ); + break; case INVALIDATE_BY_SHUTDOWN: break; } @@ -115,9 +126,11 @@ static int invalidate_psa( invalidate_method_t invalidate_method ) { case INVALIDATE_BY_CLOSING: case INVALIDATE_BY_DESTROYING: + case INVALIDATE_BY_PURGING: return( 1 ); case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: + case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: /* All keys must have been closed. */ PSA_DONE( ); break; @@ -282,6 +295,8 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, { case INVALIDATE_BY_CLOSING: case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: + case INVALIDATE_BY_PURGING: + case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: case INVALIDATE_BY_SHUTDOWN: PSA_ASSERT( psa_open_key( id, &handle ) ); PSA_ASSERT( psa_get_key_attributes( id, &read_attributes ) ); From fc9c5561273c1b18431612f7aaaa2f77999c42c4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 15 Oct 2020 19:24:49 +0200 Subject: [PATCH 419/488] Forbid volatile key identifiers for non volatile keys Volatile key identifiers in the vendor range are reserved to volatile keys thus don't allow them for persistent keys when creating a key. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 +- library/psa_crypto_slot_management.c | 12 +++++++++--- library/psa_crypto_slot_management.h | 12 ++++++++---- .../suites/test_suite_psa_crypto_se_driver_hal.data | 13 +++++++++++-- .../test_suite_psa_crypto_se_driver_hal.function | 1 + 5 files changed, 30 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a437aeec9..17cec9756 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1792,7 +1792,7 @@ static psa_status_t psa_validate_key_attributes( { status = psa_validate_key_id( psa_get_key_id( attributes ), - psa_key_lifetime_is_external( lifetime ) ); + psa_key_lifetime_is_external( lifetime ), 0 ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 6471591b5..1e521d174 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -51,7 +51,8 @@ typedef struct static psa_global_data_t global_data; -psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ) +psa_status_t psa_validate_key_id( + mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok ) { psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); @@ -61,7 +62,12 @@ psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ) if( vendor_ok && ( PSA_KEY_ID_VENDOR_MIN <= key_id ) && - ( key_id <= PSA_KEY_ID_VENDOR_MAX ) ) + ( key_id < PSA_KEY_ID_VOLATILE_MIN ) ) + return( PSA_SUCCESS ); + + if( volatile_ok && + ( PSA_KEY_ID_VOLATILE_MIN <= key_id ) && + ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) ) return( PSA_SUCCESS ); return( PSA_ERROR_INVALID_HANDLE ); @@ -191,7 +197,7 @@ psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, if( ! global_data.key_slots_initialized ) return( PSA_ERROR_BAD_STATE ); - status = psa_validate_key_id( key, 1 ); + status = psa_validate_key_id( key, 1, 1 ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 98a1ce753..b1d66e4ee 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -155,13 +155,17 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ); /** Validate a key identifier. * - * \param[in] key The key identifier. - * \param[in] vendor_ok Non-zero to indicate that key identifiers in the - * vendor range are allowed, \c 0 otherwise. + * \param[in] key The key identifier. + * \param[in] vendor_ok Non-zero to indicate that key identifiers in the + * vendor range are allowed, volatile key identifiers + * excepted \c 0 otherwise. + * \param[in] volatile_ok Non-zero to indicate that volatile key identifiers + * are allowed \c 0 otherwise. * * \retval #PSA_SUCCESS The identifier is valid. * \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid. */ -psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ); +psa_status_t psa_validate_key_id( + mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 645e27d3c..239a68f2a 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -150,8 +150,17 @@ register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:-1:PSA_ERROR_NOT_SUPPORT Key registration: key id out of range register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_HANDLE -Key registration: key id in vendor range -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS +Key registration: key id min vendor +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MIN:1:PSA_SUCCESS + +Key registration: key id max vendor except volatile +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN-1:1:PSA_SUCCESS + +Key registration: key id min volatile +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN:1:PSA_ERROR_INVALID_HANDLE + +Key registration: key id max volatile +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MAX:1:PSA_ERROR_INVALID_HANDLE Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index e5f87e08b..28ab03f24 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -3,6 +3,7 @@ #include "psa/crypto_se_driver.h" #include "psa_crypto_se.h" +#include "psa_crypto_slot_management.h" #include "psa_crypto_storage.h" /* Invasive peeking: check the persistent data */ From 97c8ad5fee7672637f72a520872fdf63256f6363 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 15 Oct 2020 11:17:11 +0200 Subject: [PATCH 420/488] Merge search of loaded volatile and persistent keys Signed-off-by: Ronald Cron --- library/psa_crypto_slot_management.c | 95 ++++++++++++++++++---------- library/psa_crypto_slot_management.h | 15 +++++ 2 files changed, 76 insertions(+), 34 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 1e521d174..33149f059 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -73,37 +73,72 @@ psa_status_t psa_validate_key_id( return( PSA_ERROR_INVALID_HANDLE ); } -static psa_key_slot_t* psa_get_slot_from_volatile_key_id( - mbedtls_svc_key_id_t key ) +/** Search for the description of a key given its identifier. + * + * The descriptions of volatile keys and loaded persistent keys are + * stored in key slots. This function returns a pointer to the key slot + * containing the description of a key given its identifier. + * + * The function searches the key slots containing the description of the key + * with \p key identifier. The function does only read accesses to the key + * slots. The function does not load any persistent key thus does not access + * any storage. + * + * For volatile key identifiers, only one key slot is queried as a volatile + * key with identifier key_id can only be stored in slot of index + * ( key_id - PSA_KEY_ID_VOLATILE_MIN ). + * + * \param key Key identifier to query. + * \param[out] p_slot On success, `*p_slot` contains a pointer to the + * key slot containing the description of the key + * identified by \p key. + * + * \retval PSA_SUCCESS + * The pointer to the key slot containing the description of the key + * identified by \p key was returned. + * \retval PSA_ERROR_INVALID_HANDLE + * \p key is not a valid key identifier. + * \retval #PSA_ERROR_DOES_NOT_EXIST + * There is no key with key identifier \p key in the key slots. + */ +static psa_status_t psa_search_key_in_slots( + mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot ) { - psa_key_slot_t *slot; psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); + psa_key_slot_t *slot = NULL; - if( ( key_id < PSA_KEY_ID_VOLATILE_MIN ) || - ( key_id > PSA_KEY_ID_VOLATILE_MAX ) ) - return( NULL ); + psa_status_t status = psa_validate_key_id( key, 1, 1 ); + if( status != PSA_SUCCESS ) + return( status ); - slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ]; - - return( mbedtls_svc_key_id_equal( key, slot->attr.id ) ? slot : NULL ); -} - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -static psa_key_slot_t* psa_get_slot_from_key_id( - mbedtls_svc_key_id_t key ) -{ - psa_key_slot_t *slot = &global_data.key_slots[ PSA_KEY_SLOT_COUNT ]; - - while( slot > &global_data.key_slots[ 0 ] ) + if( psa_key_id_is_volatile( key_id ) ) { - slot--; - if( mbedtls_svc_key_id_equal( key, slot->attr.id ) ) - return( slot ); + slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ]; + + if( ! mbedtls_svc_key_id_equal( key, slot->attr.id ) ) + status = PSA_ERROR_DOES_NOT_EXIST; + } + else + { + status = PSA_ERROR_DOES_NOT_EXIST; + slot = &global_data.key_slots[ PSA_KEY_SLOT_COUNT ]; + + while( slot > &global_data.key_slots[ 0 ] ) + { + slot--; + if( mbedtls_svc_key_id_equal( key, slot->attr.id ) ) + { + status = PSA_SUCCESS; + break; + } + } } - return( NULL ); + if( status == PSA_SUCCESS ) + *p_slot = slot; + + return( status ); } -#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ psa_status_t psa_initialize_key_slots( void ) { @@ -191,27 +226,19 @@ exit: psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot ) { - psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; *p_slot = NULL; if( ! global_data.key_slots_initialized ) return( PSA_ERROR_BAD_STATE ); - status = psa_validate_key_id( key, 1, 1 ); - if( status != PSA_SUCCESS ) + status = psa_search_key_in_slots( key, p_slot ); + if( status != PSA_ERROR_DOES_NOT_EXIST ) return( status ); - *p_slot = psa_get_slot_from_volatile_key_id( key ); - if( *p_slot != NULL ) - return( PSA_SUCCESS ); - #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_key_id_t volatile_key_id; - *p_slot = psa_get_slot_from_key_id( key ); - if( *p_slot != NULL ) - return( PSA_SUCCESS ); - status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index b1d66e4ee..9470b3ef2 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -46,6 +46,21 @@ */ #define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX +/** Test whether a key identifier is a volatile key identifier. + * + * \param key_id Key identifier to test. + * + * \retval 1 + * The key identifier is a volatile key identifier. + * \retval 0 + * The key identifier is not a volatile key identifier. + */ +static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) +{ + return( ( key_id >= PSA_KEY_ID_VOLATILE_MIN ) && + ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) ); +} + /** Retrieve the description of a key given its identifier. * * The descriptions of volatile keys and loaded persistent keys are From 513451987d409673f0b2f4a6a96af8aa932f1fbe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 16 Oct 2020 16:07:03 +0200 Subject: [PATCH 421/488] Fix close/purge of a key In case of persistent keys, do not load the key in a slot before to close/purge it. Signed-off-by: Ronald Cron --- library/psa_crypto_slot_management.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 33149f059..b6f76ad26 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -332,7 +332,7 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) if( psa_key_handle_is_null( handle ) ) return( PSA_SUCCESS ); - status = psa_get_key_slot( handle, &slot ); + status = psa_search_key_in_slots( handle, &slot ); if( status != PSA_SUCCESS ) return( status ); @@ -344,7 +344,7 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) psa_status_t status; psa_key_slot_t *slot; - status = psa_get_key_slot( key, &slot ); + status = psa_search_key_in_slots( key, &slot ); if( status != PSA_SUCCESS ) return( status ); From 3c76a42475f270aba1037904d456d7ff962d20d0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 16 Oct 2020 12:17:04 +0200 Subject: [PATCH 422/488] Improve psa_key_start_creation description Signed-off-by: Ronald Cron --- library/psa_crypto.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 17cec9756..2f01bf25e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1834,7 +1834,9 @@ static psa_status_t psa_validate_key_attributes( * * \param method An identification of the calling function. * \param[in] attributes Key attributes for the new key. - * \param[out] key On success, identifier of the key. + * \param[out] key On success, identifier of the key. Note that the + * key identifier is also stored in the prepared + * slot. * \param[out] p_slot On success, a pointer to the prepared slot. * \param[out] p_drv On any return, the driver for the key, if any. * NULL for a transparent key. From 6b5ff53c01407238bb0bf8d2dfe1a50e626b5f25 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 16 Oct 2020 14:38:19 +0200 Subject: [PATCH 423/488] Add mbedtls_set_key_owner_id API Add the mbedtls_set_key_owner_id API, API specific to the MbedTLS PSA implementation. The API allows to define the owner of volatile keys. Signed-off-by: Ronald Cron --- include/psa/crypto.h | 19 +++++++++++++++++++ include/psa/crypto_struct.h | 8 ++++++++ 2 files changed, 27 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 15ffe2271..f1f5bd896 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -152,6 +152,25 @@ static psa_key_attributes_t psa_key_attributes_init(void); static void psa_set_key_id( psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key ); +#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +/** Set the owner identifier of a key. + * + * When key identifiers encode key owner identifiers, psa_set_key_id() does + * not allow to define in key attributes the owner of volatile keys as + * psa_set_key_id() enforces the key to be persistent. + * + * This function allows to set in key attributes the owner identifier of a + * key. It is intended to be used for volatile keys. For persistent keys, + * it is recommended to use the PSA Cryptography API psa_set_key_id() to define + * the owner of a key. + * + * \param[out] attributes The attribute structure to write to. + * \param owner_id The key owner identifier. + */ +static void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, + mbedtls_key_owner_id_t owner_id ); +#endif + /** Set the location of a persistent key. * * To make a key persistent, you must give it a persistent key identifier diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index be0e28015..bf178ec6e 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -385,6 +385,14 @@ static inline mbedtls_svc_key_id_t psa_get_key_id( return( attributes->core.id ); } +#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, + mbedtls_key_owner_id_t owner ) +{ + attributes->core.id.owner = owner; +} +#endif + static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime) { From 390f607f7f7efc98d61c678e9c835dbd91f1c656 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 16 Oct 2020 15:32:23 +0200 Subject: [PATCH 424/488] Add tests checking owner of volatile keys When key identifiers encode key owner, add tests checking that: . the key owner of an imported volatile key is the one specified. . a key identifier of a volatile key with a valid PSA key identifier but the wrong owner is rejected. Signed-off-by: Ronald Cron --- ...test_suite_psa_crypto_slot_management.data | 10 +++---- ..._suite_psa_crypto_slot_management.function | 26 ++++++++++++++++++- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index bf5a89ecd..4f31a23ec 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -1,17 +1,17 @@ Transient slot, check after closing -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING +transient_slot_lifecycle:0x1:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING Transient slot, check after closing and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN +transient_slot_lifecycle:0x13:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN Transient slot, check after destroying -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING +transient_slot_lifecycle:0x135:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING Transient slot, check after destroying and restarting -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN +transient_slot_lifecycle:0x1357:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN Transient slot, check after restart with live handles -transient_slot_lifecycle:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN +transient_slot_lifecycle:0x13579:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN Persistent slot, check after closing, id=min persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index b334257ba..75e1d8b82 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -157,7 +157,8 @@ exit: */ /* BEGIN_CASE */ -void transient_slot_lifecycle( int usage_arg, int alg_arg, +void transient_slot_lifecycle( int owner_id_arg, + int usage_arg, int alg_arg, int type_arg, data_t *key_data, int invalidate_method_arg ) { @@ -171,6 +172,14 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, PSA_ASSERT( psa_crypto_init( ) ); /* Import a key. */ + #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + mbedtls_key_owner_id_t owner_id = owner_id_arg; + + mbedtls_set_key_owner_id( &attributes, owner_id ); + #else + (void)owner_id_arg; + #endif + psa_set_key_usage_flags( &attributes, usage_flags ); psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, type ); @@ -181,6 +190,21 @@ void transient_slot_lifecycle( int usage_arg, int alg_arg, TEST_EQUAL( psa_get_key_type( &attributes ), type ); psa_reset_key_attributes( &attributes ); + #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + { + psa_key_handle_t handle; + mbedtls_svc_key_id_t key_with_invalid_owner = + mbedtls_svc_key_id_make( owner_id + 1, + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) ); + + TEST_ASSERT( mbedtls_key_owner_id_equal( + owner_id, + MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ) ) ); + TEST_EQUAL( psa_open_key( key_with_invalid_owner, &handle ), + PSA_ERROR_DOES_NOT_EXIST ); + } + #endif + /* * Purge the key and make sure that it is still valid, as purging a * volatile key shouldn't invalidate/destroy it. From f1ff9a83fa895e9c47103d755970e497131b5994 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 19 Oct 2020 08:44:19 +0200 Subject: [PATCH 425/488] tests: psa: Use PSA_KEY_LIFETIME_IS_VOLATILE where it should Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto.function | 4 ++-- tests/suites/test_suite_psa_crypto_slot_management.function | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 9b113b48e..204e36e98 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -112,7 +112,7 @@ int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) { /* At the moment, anything that isn't a built-in lifetime is either * a secure element or unassigned. */ - return( lifetime != PSA_KEY_LIFETIME_VOLATILE && + return( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) && lifetime != PSA_KEY_LIFETIME_PERSISTENT ); } #else @@ -245,7 +245,7 @@ int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) bits = psa_get_key_bits( &attributes ); /* Persistence */ - if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { TEST_ASSERT( ( PSA_KEY_ID_VOLATILE_MIN <= diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 75e1d8b82..817094bde 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -561,7 +561,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, /* If the target key is persistent, restart the system to make * sure that the material is still alive. */ - if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( target_lifetime ) ) { mbedtls_psa_crypto_free( ); PSA_ASSERT( psa_crypto_init( ) ); @@ -573,7 +573,7 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, PSA_ASSERT( psa_get_key_attributes( returned_target_id, &target_attributes ) ); - if( target_lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( target_lifetime ) ) { TEST_ASSERT( mbedtls_svc_key_id_equal( target_id, psa_get_key_id( &target_attributes ) ) ); @@ -657,7 +657,7 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, PSA_ASSERT( psa_crypto_init( ) ); /* Populate the source slot. */ - if( source_lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( source_lifetime ) ) { psa_set_key_id( &attributes, source_id ); psa_set_key_lifetime( &attributes, source_lifetime ); From 967835596cca5e7c208593eae5e303c0bcfa088b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 19 Oct 2020 12:06:30 +0200 Subject: [PATCH 426/488] psa: Fix references to macros in comments This commit tries to fix the usage of #MACRO_NAME to reference macros in comments. Signed-off-by: Ronald Cron --- include/psa/crypto.h | 45 +++++++++++---------- include/psa/crypto_accel_driver.h | 30 +++++++------- include/psa/crypto_entropy_driver.h | 4 +- include/psa/crypto_se_driver.h | 60 ++++++++++++++-------------- include/psa/crypto_values.h | 2 +- library/psa_crypto_core.h | 4 +- library/psa_crypto_invasive.h | 6 +-- library/psa_crypto_its.h | 38 +++++++++--------- library/psa_crypto_slot_management.c | 6 +-- library/psa_crypto_slot_management.h | 4 +- library/psa_crypto_storage.c | 18 ++++----- library/psa_crypto_storage.h | 30 +++++++------- 12 files changed, 124 insertions(+), 123 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index f1f5bd896..0a7f3c819 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -467,9 +467,9 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); * implementation-defined. * * \param source_key The key to copy. It must allow the usage - * PSA_KEY_USAGE_COPY. If a private or secret key is + * #PSA_KEY_USAGE_COPY. If a private or secret key is * being copied outside of a secure element it must - * also allow PSA_KEY_USAGE_EXPORT. + * also allow #PSA_KEY_USAGE_EXPORT. * \param[in] attributes The attributes for the new key. * They are used as follows: * - The key type and size may be 0. If either is @@ -535,7 +535,7 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, * key will cause the multipart operation to fail. * * \param key Identifier of the key to erase. If this is \c 0, do nothing and - * return PSA_SUCCESS. + * return #PSA_SUCCESS. * * \retval #PSA_SUCCESS * \p key was a valid identifier and the key material that it @@ -704,7 +704,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set. * * \param key Identifier of the key to export. It must allow the - * usage PSA_KEY_USAGE_EXPORT, unless it is a public + * usage #PSA_KEY_USAGE_EXPORT, unless it is a public * key. * \param[out] data Buffer where the key data is to be written. * \param data_size Size of the \p data buffer in bytes. @@ -1596,7 +1596,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * #psa_cipher_operation_t object to provide other forms of IV. * * \param key Identifier of the key to use for the operation. - * It must allow the usage PSA_KEY_USAGE_ENCRYPT. + * It must allow the usage #PSA_KEY_USAGE_ENCRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1643,7 +1643,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, * \param key Identifier of the key to use for the operation. * It must remain valid until the operation * terminates. It must allow the usage - * PSA_KEY_USAGE_DECRYPT. + * #PSA_KEY_USAGE_DECRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1764,7 +1764,7 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * \param key Identifier of the key to use for the operation. * It must remain valid until the operation * terminates. It must allow the usage - * PSA_KEY_USAGE_ENCRYPT. + * #PSA_KEY_USAGE_ENCRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -1828,7 +1828,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * \param key Identifier of the key to use for the operation. * It must remain valid until the operation * terminates. It must allow the usage - * PSA_KEY_USAGE_DECRYPT. + * #PSA_KEY_USAGE_DECRYPT. * \param alg The cipher algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). @@ -2070,7 +2070,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * * \param key Identifier of the key to use for the * operation. It must allow the usage - * PSA_KEY_USAGE_ENCRYPT. + * #PSA_KEY_USAGE_ENCRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2132,7 +2132,7 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, * * \param key Identifier of the key to use for the * operation. It must allow the usage - * PSA_KEY_USAGE_DECRYPT. + * #PSA_KEY_USAGE_DECRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2277,7 +2277,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \param key Identifier of the key to use for the operation. * It must remain valid until the operation * terminates. It must allow the usage - * PSA_KEY_USAGE_ENCRYPT. + * #PSA_KEY_USAGE_ENCRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2286,7 +2286,7 @@ static psa_aead_operation_t psa_aead_operation_init(void); * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -2344,7 +2344,7 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * \param key Identifier of the key to use for the operation. * It must remain valid until the operation * terminates. It must allow the usage - * PSA_KEY_USAGE_DECRYPT. + * #PSA_KEY_USAGE_DECRYPT. * \param alg The AEAD algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(\p alg) is true). @@ -2353,7 +2353,7 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. @@ -2396,7 +2396,7 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active aead encrypt - operation, with no nonce set). + * operation, with no nonce set). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p nonce buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2830,7 +2830,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * * \param key Identifier of the key to use for the operation. * It must be an asymmetric key pair. The key must - * allow the usage PSA_KEY_USAGE_SIGN_HASH. + * allow the usage #PSA_KEY_USAGE_SIGN_HASH. * \param alg A signature algorithm that is compatible with * the type of \p key. * \param[in] hash The hash or message to sign. @@ -2881,7 +2881,8 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, * * \param key Identifier of the key to use for the operation. It * must be a public key or an asymmetric key pair. The - * key must allow the usage PSA_KEY_USAGE_VERIFY_HASH. + * key must allow the usage + * #PSA_KEY_USAGE_VERIFY_HASH. * \param alg A signature algorithm that is compatible with * the type of \p key. * \param[in] hash The hash or message whose signature is to be @@ -2922,7 +2923,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, * \param key Identifer of the key to use for the operation. * It must be a public key or an asymmetric key * pair. It must allow the usage - * PSA_KEY_USAGE_ENCRYPT. + * #PSA_KEY_USAGE_ENCRYPT. * \param alg An asymmetric encryption algorithm that is * compatible with the type of \p key. * \param[in] input The message to encrypt. @@ -2982,7 +2983,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, * * \param key Identifier of the key to use for the operation. * It must be an asymmetric key pair. It must - * allow the usage PSA_KEY_USAGE_DECRYPT. + * allow the usage #PSA_KEY_USAGE_DECRYPT. * \param alg An asymmetric encryption algorithm that is * compatible with the type of \p key. * \param[in] input The message to decrypt. @@ -3288,7 +3289,7 @@ psa_status_t psa_key_derivation_input_bytes( * \param step Which step the input data is for. * \param key Identifier of the key. It must have an * appropriate type for step and must allow the - * usage PSA_KEY_USAGE_DERIVE. + * usage #PSA_KEY_USAGE_DERIVE. * * \retval #PSA_SUCCESS * Success. @@ -3340,7 +3341,7 @@ psa_status_t psa_key_derivation_input_key( * input of the type given by \p step. * \param step Which step the input data is for. * \param private_key Identifier of the private key to use. It must - * allow the usage PSA_KEY_USAGE_DERIVE. + * allow the usage #PSA_KEY_USAGE_DERIVE. * \param[in] peer_key Public key of the peer. The peer key must be in the * same format that psa_import_key() accepts for the * public key type corresponding to the type of @@ -3610,7 +3611,7 @@ psa_status_t psa_key_derivation_abort( * #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) * is true). * \param private_key Identifier of the private key to use. It must - * allow the usage PSA_KEY_USAGE_DERIVE. + * allow the usage #PSA_KEY_USAGE_DERIVE. * \param[in] peer_key Public key of the peer. It must be * in the same format that psa_import_key() * accepts. The standard formats for public diff --git a/include/psa/crypto_accel_driver.h b/include/psa/crypto_accel_driver.h index 1a193c5b9..4488ea8ad 100644 --- a/include/psa/crypto_accel_driver.h +++ b/include/psa/crypto_accel_driver.h @@ -75,7 +75,7 @@ typedef struct psa_drv_hash_context_s psa_drv_hash_context_t; * \param[in,out] p_context A structure that will contain the * hardware-specific hash context * - * \retval PSA_SUCCESS Success. + * \retval #PSA_SUCCESS Success. */ typedef psa_status_t (*psa_drv_hash_setup_t)(psa_drv_hash_context_t *p_context); @@ -120,7 +120,7 @@ typedef psa_status_t (*psa_drv_hash_update_t)(psa_drv_hash_context_t *p_context, * \param[out] p_output_length The number of bytes placed in `p_output` after * success * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_hash_finish_t)(psa_drv_hash_context_t *p_context, @@ -188,7 +188,7 @@ typedef struct psa_drv_accel_mac_context_s psa_drv_accel_mac_context_t; * to be used in the operation * \param[in] key_length The size in bytes of the key material * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_accel_mac_setup_t)(psa_drv_accel_mac_context_t *p_context, @@ -235,7 +235,7 @@ typedef psa_status_t (*psa_drv_accel_mac_update_t)(psa_drv_accel_mac_context_t * * \param[in] mac_length The size in bytes of the buffer that has been * allocated for the `p_mac` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_accel_mac_finish_t)(psa_drv_accel_mac_context_t *p_context, @@ -261,7 +261,7 @@ typedef psa_status_t (*psa_drv_accel_mac_finish_t)(psa_drv_accel_mac_context_t * * \param[in] mac_length The size in bytes of the data in the `p_mac` * buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the comparison matched */ typedef psa_status_t (*psa_drv_accel_mac_finish_verify_t)(psa_drv_accel_mac_context_t *p_context, @@ -335,7 +335,7 @@ typedef psa_status_t (*psa_drv_accel_mac_t)(const uint8_t *p_input, * \param[in] p_mac The MAC data to be compared * \param[in] mac_length The length in bytes of the `p_mac` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the comparison matched */ typedef psa_status_t (*psa_drv_accel_mac_verify_t)(const uint8_t *p_input, @@ -396,7 +396,7 @@ typedef struct psa_drv_accel_cipher_context_s psa_drv_accel_cipher_context_t; * to be used in the operation * \param[in] key_data_size The size in bytes of the key material * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_setup_t)(psa_drv_accel_cipher_context_t *p_context, psa_encrypt_or_decrypt_t direction, @@ -419,7 +419,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_setup_t)(psa_drv_accel_cipher_contex * \param[in] p_iv A buffer containing the initialization vecotr * \param[in] iv_length The size in bytes of the contents of `p_iv` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_set_iv_t)(psa_drv_accel_cipher_context_t *p_context, const uint8_t *p_iv, @@ -448,7 +448,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_set_iv_t)(psa_drv_accel_cipher_conte * \param[out] p_output_length After completion, will contain the number * of bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_update_t)(psa_drv_accel_cipher_context_t *p_context, const uint8_t *p_input, @@ -477,7 +477,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_update_t)(psa_drv_accel_cipher_conte * \param[out] p_output_length After completion, will contain the number of * bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_finish_t)(psa_drv_accel_cipher_context_t *p_context, uint8_t *p_output, @@ -499,7 +499,7 @@ typedef psa_status_t (*psa_drv_accel_cipher_finish_t)(psa_drv_accel_cipher_conte * \param[in,out] p_context A hardware-specific structure for the * previously started cipher operation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_cipher_abort_t)(psa_drv_accel_cipher_context_t *p_context); @@ -659,7 +659,7 @@ typedef psa_status_t (*psa_drv_accel_aead_decrypt_t)(const uint8_t *p_key, * \param[out] p_signature_length On success, the number of bytes * that make up the returned signature value * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_asymmetric_sign_t)(const uint8_t *p_key, size_t key_size, @@ -697,7 +697,7 @@ typedef psa_status_t (*psa_drv_accel_asymmetric_sign_t)(const uint8_t *p_key, * \param[in] p_signature Buffer containing the signature to verify * \param[in] signature_length Size of the `p_signature` buffer in bytes * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The signature is valid. */ typedef psa_status_t (*psa_drv_accel_asymmetric_verify_t)(const uint8_t *p_key, @@ -748,7 +748,7 @@ typedef psa_status_t (*psa_drv_accel_asymmetric_verify_t)(const uint8_t *p_key, * \param[out] p_output_length On success, the number of bytes * that make up the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_asymmetric_encrypt_t)(const uint8_t *p_key, size_t key_size, @@ -800,7 +800,7 @@ typedef psa_status_t (*psa_drv_accel_asymmetric_encrypt_t)(const uint8_t *p_key, * \param[out] p_output_length On success, the number of bytes * that make up the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_accel_asymmetric_decrypt_t)(const uint8_t *p_key, size_t key_size, diff --git a/include/psa/crypto_entropy_driver.h b/include/psa/crypto_entropy_driver.h index 61750448b..9b6546ee9 100644 --- a/include/psa/crypto_entropy_driver.h +++ b/include/psa/crypto_entropy_driver.h @@ -47,7 +47,7 @@ extern "C" { * containing any context information for * the implementation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_entropy_init_t)(void *p_context); @@ -75,7 +75,7 @@ typedef psa_status_t (*psa_drv_entropy_init_t)(void *p_context); * \param[out] p_received_entropy_bits The amount of entropy (in bits) * actually provided in `p_buffer` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_entropy_get_bits_t)(void *p_context, uint8_t *p_buffer, diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 46b2d645c..1fae57516 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -178,7 +178,7 @@ typedef uint64_t psa_key_slot_number_t; * \param[in] algorithm The algorithm to be used to underly the MAC * operation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_se_mac_setup_t)(psa_drv_se_context_t *drv_context, @@ -213,7 +213,7 @@ typedef psa_status_t (*psa_drv_se_mac_update_t)(void *op_context, * \param[out] p_mac_length After completion, will contain the number of * bytes placed in the `p_mac` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context, @@ -230,10 +230,10 @@ typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context, * will be compared against * \param[in] mac_length The size in bytes of the value stored in `p_mac` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the MACs matched each * other - * \retval PSA_ERROR_INVALID_SIGNATURE + * \retval #PSA_ERROR_INVALID_SIGNATURE * The operation completed successfully, but the calculated MAC did * not match the provided MAC */ @@ -264,7 +264,7 @@ typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *op_context); * \param[out] p_mac_length After completion, will contain the number of * bytes placed in the `output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. */ typedef psa_status_t (*psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_context, @@ -289,10 +289,10 @@ typedef psa_status_t (*psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_cont * be compared against * \param[in] mac_length The size in bytes of `mac` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The operation completed successfully and the MACs matched each * other - * \retval PSA_ERROR_INVALID_SIGNATURE + * \retval #PSA_ERROR_INVALID_SIGNATURE * The operation completed successfully, but the calculated MAC did * not match the provided MAC */ @@ -384,8 +384,8 @@ typedef struct { * \param[in] direction Indicates whether the operation is an encrypt * or decrypt * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED */ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, @@ -406,7 +406,7 @@ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_cont * \param[in] p_iv A buffer containing the initialization vector * \param[in] iv_length The size (in bytes) of the `p_iv` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context, const uint8_t *p_iv, @@ -428,7 +428,7 @@ typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context, * \param[out] p_output_length After completion, will contain the number * of bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context, const uint8_t *p_input, @@ -449,7 +449,7 @@ typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context, * \param[out] p_output_length After completion, will contain the number of * bytes placed in the `p_output` buffer * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context, uint8_t *p_output, @@ -484,8 +484,8 @@ typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context); * \param[in] output_size The allocated size in bytes of the `p_output` * buffer * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED */ typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -553,7 +553,7 @@ typedef struct { * \param[out] p_signature_length On success, the number of bytes * that make up the returned signature value * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -578,7 +578,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_c * \param[in] p_signature Buffer containing the signature to verify * \param[in] signature_length Size of the `p_signature` buffer in bytes * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The signature is valid. */ typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context, @@ -617,7 +617,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv * \param[out] p_output_length On success, the number of bytes that make up * the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -657,7 +657,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *dr * \param[out] p_output_length On success, the number of bytes * that make up the returned output * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -1195,7 +1195,7 @@ typedef struct { * \param[in] source_key The key to be used as the source material for * the key derivation * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, @@ -1215,7 +1215,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t * * \param[in] p_collateral A buffer containing the collateral data * \param[in] collateral_size The size in bytes of the collateral * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context, uint32_t collateral_id, @@ -1230,7 +1230,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context, * \param[in] dest_key The slot where the generated key material * should be placed * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context, psa_key_slot_number_t dest_key); @@ -1244,7 +1244,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context, * \param[out] p_output_length Upon success, contains the number of bytes of * key material placed in `p_output` * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS */ typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context, uint8_t *p_output, @@ -1353,7 +1353,7 @@ typedef struct { * \param location The location value through which this driver will * be exposed to applications. * This driver will be used for all keys such that - * `location == PSA_KEY_LIFETIME_LOCATION( lifetime )`. + * `location == #PSA_KEY_LIFETIME_GET_LOCATION( lifetime )`. * The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved * and may not be used for drivers. Implementations * may reserve other values. @@ -1362,22 +1362,22 @@ typedef struct { * module keeps running. It is typically a global * constant. * - * \return PSA_SUCCESS + * \return #PSA_SUCCESS * The driver was successfully registered. Applications can now * use \p lifetime to access keys through the methods passed to * this function. - * \return PSA_ERROR_BAD_STATE + * \return #PSA_ERROR_BAD_STATE * This function was called after the initialization of the * cryptography module, and this implementation does not support * driver registration at this stage. - * \return PSA_ERROR_ALREADY_EXISTS + * \return #PSA_ERROR_ALREADY_EXISTS * There is already a registered driver for this value of \p lifetime. - * \return PSA_ERROR_INVALID_ARGUMENT + * \return #PSA_ERROR_INVALID_ARGUMENT * \p lifetime is a reserved value. - * \return PSA_ERROR_NOT_SUPPORTED + * \return #PSA_ERROR_NOT_SUPPORTED * `methods->hal_version` is not supported by this implementation. - * \return PSA_ERROR_INSUFFICIENT_MEMORY - * \return PSA_ERROR_NOT_PERMITTED + * \return #PSA_ERROR_INSUFFICIENT_MEMORY + * \return #PSA_ERROR_NOT_PERMITTED */ psa_status_t psa_register_se_driver( psa_key_location_t location, diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 9828768a0..580b89e09 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1452,7 +1452,7 @@ * a key derivation function. * Usually, raw key agreement algorithms are constructed directly with * a \c PSA_ALG_xxx macro while non-raw key agreement algorithms are - * constructed with PSA_ALG_KEY_AGREEMENT(). + * constructed with #PSA_ALG_KEY_AGREEMENT(). * * \param alg An algorithm identifier (value of type #psa_algorithm_t). * diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 8d1f1bb28..86d804bd4 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -130,10 +130,10 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot, * * \param[in,out] slot The key slot to wipe. * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. This includes the case of a key slot that was * already fully wiped. - * \retval PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ); diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h index c609c777e..2b4ee1f34 100644 --- a/library/psa_crypto_invasive.h +++ b/library/psa_crypto_invasive.h @@ -62,12 +62,12 @@ * It is called by mbedtls_psa_crypto_free(). * By default this is mbedtls_entropy_free(). * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. - * \retval PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_NOT_PERMITTED * The caller does not have the permission to configure * entropy sources. - * \retval PSA_ERROR_BAD_STATE + * \retval #PSA_ERROR_BAD_STATE * The library has already been initialized. */ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index b671d63a5..11703a08f 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -72,12 +72,12 @@ struct psa_storage_info_t * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG - * \retval PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid - * \retval PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG + * \retval #PSA_ERROR_NOT_SUPPORTED The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE The operation failed because there was insufficient space on the storage medium + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`) * is invalid, for example is `NULL` or references memory the caller cannot access */ psa_status_t psa_its_set(psa_storage_uid_t uid, @@ -97,11 +97,11 @@ psa_status_t psa_its_set(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage - * \retval PSA_ERROR_INVALID_SIZE The operation failed because the data associated with provided uid is larger than `data_size` - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided `uid` value was not found in the storage + * \retval #PSA_ERROR_INVALID_SIZE The operation failed because the data associated with provided uid is larger than `data_size` + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_data`, `p_data_length`) * is invalid. For example is `NULL` or references memory the caller cannot access. * In addition, this can also happen if an invalid offset was provided. */ @@ -119,10 +119,10 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) - * \retval PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided uid value was not found in the storage + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_ERROR_INVALID_ARGUMENT The operation failed because one of the provided pointers(`p_info`) * is invalid, for example is `NULL` or references memory the caller cannot access */ psa_status_t psa_its_get_info(psa_storage_uid_t uid, @@ -135,10 +135,10 @@ psa_status_t psa_its_get_info(psa_storage_uid_t uid, * * \return A status indicating the success/failure of the operation * - * \retval PSA_SUCCESS The operation completed successfully - * \retval PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage - * \retval PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG - * \retval PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) + * \retval #PSA_SUCCESS The operation completed successfully + * \retval #PSA_ERROR_DOES_NOT_EXIST The operation failed because the provided key value was not found in the storage + * \retval #PSA_ERROR_NOT_PERMITTED The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG + * \retval #PSA_ERROR_STORAGE_FAILURE The operation failed because the physical storage has failed (Fatal error) */ psa_status_t psa_its_remove(psa_storage_uid_t uid); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index b6f76ad26..6f6ba07d2 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -86,17 +86,17 @@ psa_status_t psa_validate_key_id( * * For volatile key identifiers, only one key slot is queried as a volatile * key with identifier key_id can only be stored in slot of index - * ( key_id - PSA_KEY_ID_VOLATILE_MIN ). + * ( key_id - #PSA_KEY_ID_VOLATILE_MIN ). * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the * key slot containing the description of the key * identified by \p key. * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The pointer to the key slot containing the description of the key * identified by \p key was returned. - * \retval PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE * \p key is not a valid key identifier. * \retval #PSA_ERROR_DOES_NOT_EXIST * There is no key with key identifier \p key in the key slots. diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 9470b3ef2..2b90ce87b 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -33,7 +33,7 @@ * * The last PSA_KEY_SLOT_COUNT identifiers of the implementation range * of key identifiers are reserved for volatile key identifiers. - * A volatile key identifier is equal to PSA_KEY_ID_VOLATILE_MIN plus the + * A volatile key identifier is equal to #PSA_KEY_ID_VOLATILE_MIN plus the * index of the key slot containing the volatile key definition. */ @@ -97,7 +97,7 @@ psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, /** Initialize the key slot structures. * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * Currently this function always succeeds. */ psa_status_t psa_initialize_key_slots( void ); diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 2ab5903a3..1ebd20ee3 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -90,9 +90,9 @@ static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key ) * \param[out] data Buffer where the data is to be written. * \param data_size Size of the \c data buffer in bytes. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DOES_NOT_EXIST */ static psa_status_t psa_crypto_storage_load( const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size ) @@ -137,10 +137,10 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ) * \param data_length The number of bytes * that make up the data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_STORAGE - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_ALREADY_EXISTS + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_ALREADY_EXISTS */ static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key, const uint8_t *data, @@ -210,8 +210,8 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ) * is to be obtained. * \param[out] data_length The number of bytes that make up the data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_STORAGE_FAILURE */ static psa_status_t psa_crypto_storage_get_data_length( const mbedtls_svc_key_id_t key, diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 3def1b5e4..fbc94fc38 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -93,11 +93,11 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ); * \param[in] data Buffer containing the key data. * \param data_length The number of bytes that make up the key data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - * \retval PSA_ERROR_INSUFFICIENT_STORAGE - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_ALREADY_EXISTS + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_ALREADY_EXISTS */ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, const uint8_t *data, @@ -122,10 +122,10 @@ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, * \param[out] data Pointer to an allocated key data buffer on return. * \param[out] data_length The number of bytes that make up the key data. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - * \retval PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DOES_NOT_EXIST */ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, uint8_t **data, @@ -137,10 +137,10 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, * \param key Persistent identifier of the key to remove * from persistent storage. * - * \retval PSA_SUCCESS + * \retval #PSA_SUCCESS * The key was successfully removed, * or the key did not exist. - * \retval PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE */ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ); @@ -182,10 +182,10 @@ void psa_format_key_data_for_storage( const uint8_t *data, * \param[out] attr On success, the attribute structure is filled * with the loaded key metadata. * - * \retval PSA_SUCCESS - * \retval PSA_ERROR_INSUFFICIENT_STORAGE - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - * \retval PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_STORAGE_FAILURE */ psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, size_t storage_data_length, From 4067d1c1e571b2e0189cfd230671c6c52c6f274f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 19 Oct 2020 13:34:38 +0200 Subject: [PATCH 427/488] psa: Improve key creation documentation Signed-off-by: Ronald Cron --- include/psa/crypto.h | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 0a7f3c819..3c2324ac9 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -484,7 +484,9 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); * both sets of restrictions apply, as * described in the documentation of this function. * \param[out] target_key On success, an identifier for the newly created - * key. \c 0 on failure. + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE @@ -598,6 +600,8 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); * If the key size in \p attributes is nonzero, * it must be equal to the size from \p data. * \param[out] key On success, an identifier to the newly created key. + * For persistent keys, this is the key identifier + * defined in \p attributes. * \c 0 on failure. * \param[in] data Buffer containing the key data. The content of this * buffer is interpreted according to the type declared @@ -3530,7 +3534,9 @@ psa_status_t psa_key_derivation_output_bytes( * \param[in] attributes The attributes for the new key. * \param[in,out] operation The key derivation operation object to read from. * \param[out] key On success, an identifier for the newly created - * key. \c 0 on failure. + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. * * \retval #PSA_SUCCESS * Success. @@ -3706,7 +3712,9 @@ psa_status_t psa_generate_random(uint8_t *output, * * \param[in] attributes The attributes for the new key. * \param[out] key On success, an identifier for the newly created - * key. \c 0 on failure. + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. * * \retval #PSA_SUCCESS * Success. From d98059d599dc4745d480b052626718d70bae8ad7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 23 Oct 2020 18:00:55 +0200 Subject: [PATCH 428/488] psa: Fix tests/handling of lifetime incompatible with location The lifetime of key attributes now encodes whether a key is volatile/persistent or not AND its location. Fix PSA code where the fact that the lifetime encodes the key location was not taken into account properly. Fix the impacted tests and add two non regression tests. Signed-off-by: Ronald Cron --- include/psa/crypto_struct.h | 14 +++++++++++--- library/psa_crypto.c | 2 +- library/psa_crypto_slot_management.c | 2 +- tests/suites/test_suite_psa_crypto.data | 6 ++++++ .../test_suite_psa_crypto_se_driver_hal.function | 7 ++++++- 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index bf178ec6e..6a018e1f9 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -374,9 +374,17 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void ) static inline void psa_set_key_id( psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key ) { + psa_key_lifetime_t lifetime = attributes->core.lifetime; + attributes->core.id = key; - if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE ) - attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT; + + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + attributes->core.lifetime = + PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( + PSA_KEY_LIFETIME_PERSISTENT, + PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) ); + } } static inline mbedtls_svc_key_id_t psa_get_key_id( @@ -397,7 +405,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime) { attributes->core.lifetime = lifetime; - if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER attributes->core.id.key_id = 0; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2f01bf25e..82e25499c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1342,7 +1342,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) { status = psa_destroy_persistent_key( slot->attr.id ); if( overall_status == PSA_SUCCESS ) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 6f6ba07d2..7308f6fcc 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -348,7 +348,7 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) if( status != PSA_SUCCESS ) return( status ); - if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE ) + if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) return PSA_SUCCESS; return( psa_wipe_key_slot( slot ) ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8ba9ec10a..44f11a6e2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -13,12 +13,18 @@ persistence_attributes:-1:0:3:-1:0:0:0:3 PSA key attributes: id then back to volatile persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_VOLATILE:-1:0:0:0x5678:PSA_KEY_LIFETIME_VOLATILE +PSA key attributes: id then back to non local volatile +persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1):-1:0:0:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,1) + PSA key attributes: id then lifetime persistence_attributes:0x1234:0x5678:3:-1:0:0x1234:0x5678:3 PSA key attributes: lifetime then id persistence_attributes:0x1234:0x5678:3:0x1235:0x5679:0x1235:0x5679:3 +PSA key attributes: non local volatile lifetime then id +persistence_attributes:0x1234:0x5678:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_VOLATILE,3):0x1235:0x5679:0x1235:0x5679:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_LIFETIME_PERSISTENT,3) + PSA key attributes: slot number slot_number_attribute: diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 28ab03f24..c9f9dbe7c 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -969,7 +969,12 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( sizeof( key_material ) ) ); psa_set_key_slot_number( &attributes, min_slot ); - psa_set_key_id( &attributes, returned_id ); + + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + attributes.core.id = returned_id; + else + psa_set_key_id( &attributes, returned_id ); + if( ! check_key_attributes( returned_id, &attributes ) ) goto exit; From 65f38a3c2e5c22d7f8a008914dc90141f17b6336 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 23 Oct 2020 17:11:13 +0200 Subject: [PATCH 429/488] Add key id check when creating a volatile key Signed-off-by: Ronald Cron --- library/psa_crypto.c | 9 +++++++-- tests/suites/test_suite_psa_crypto.function | 5 +++++ .../test_suite_psa_crypto_se_driver_hal.function | 1 - .../test_suite_psa_crypto_slot_management.data | 3 +++ .../test_suite_psa_crypto_slot_management.function | 13 ++++++++++++- 5 files changed, 27 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 82e25499c..e45c52e0b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1777,6 +1777,7 @@ static psa_status_t psa_validate_key_attributes( { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); + mbedtls_svc_key_id_t key = psa_get_key_id( attributes ); status = psa_validate_key_location( psa_get_key_lifetime( attributes ), p_drv ); @@ -1787,8 +1788,12 @@ static psa_status_t psa_validate_key_attributes( if( status != PSA_SUCCESS ) return( status ); - /* Validate the key identifier only in the case of a persistent key. */ - if ( ! PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) != 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } + else { status = psa_validate_key_id( psa_get_key_id( attributes ), diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 204e36e98..82797681e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -2340,7 +2340,12 @@ void copy_success( int source_usage_arg, /* Prepare the target attributes. */ if( copy_attributes ) + { target_attributes = source_attributes; + /* Set volatile lifetime to reset the key identifier to 0. */ + psa_set_key_lifetime( &target_attributes, PSA_KEY_LIFETIME_VOLATILE ); + } + if( target_usage_arg != -1 ) psa_set_key_usage_flags( &target_attributes, target_usage_arg ); if( target_alg_arg != -1 ) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index c9f9dbe7c..04aecb6b7 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -911,7 +911,6 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) key_material, sizeof( key_material ), &returned_id ) ); - if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { /* For volatile keys, check no persistent data was created */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 4f31a23ec..253342559 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -114,6 +114,9 @@ Create failure: invalid key id (0) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C create_fail:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_ERROR_INVALID_HANDLE +Create failure: invalid key id (1) for a volatile key +create_fail:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT + Create failure: invalid key id (random seed UID) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C create_fail:PSA_KEY_LIFETIME_PERSISTENT:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_HANDLE diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 817094bde..66bf0a46e 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -476,8 +476,19 @@ void create_fail( int lifetime_arg, int id_arg, PSA_ASSERT( psa_crypto_init( ) ); - psa_set_key_id( &attributes, id ); psa_set_key_lifetime( &attributes, lifetime ); + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + /* + * Not possible to set a key identifier different from 0 through + * PSA key attributes APIs thus accessing to the attributes + * directly. + */ + attributes.core.id = id; + } + else + psa_set_key_id( &attributes, id ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); TEST_EQUAL( psa_import_key( &attributes, material, sizeof( material ), &returned_id ), From 54b900827b76143a1ba58039c9c78eac8e843133 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 29 Oct 2020 15:26:43 +0100 Subject: [PATCH 430/488] psa: Forbid creation/registration of keys in vendor range The identifier of keys created/registred should be in the application range. This is by spec for key creation. This may change for registered key. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 8 ++------ .../suites/test_suite_psa_crypto_persistent_key.data | 12 ++++++++++++ .../test_suite_psa_crypto_persistent_key.function | 1 + .../suites/test_suite_psa_crypto_se_driver_hal.data | 4 ++-- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e45c52e0b..2c4878d64 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1779,8 +1779,7 @@ static psa_status_t psa_validate_key_attributes( psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); mbedtls_svc_key_id_t key = psa_get_key_id( attributes ); - status = psa_validate_key_location( psa_get_key_lifetime( attributes ), - p_drv ); + status = psa_validate_key_location( lifetime, p_drv ); if( status != PSA_SUCCESS ) return( status ); @@ -1795,10 +1794,7 @@ static psa_status_t psa_validate_key_attributes( } else { - status = psa_validate_key_id( - psa_get_key_id( attributes ), - psa_key_lifetime_is_external( lifetime ), 0 ); - + status = psa_validate_key_id( psa_get_key_id( attributes ), 0, 0 ); if( status != PSA_SUCCESS ) return( status ); } diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 98db74d34..93f0fc07e 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -46,6 +46,18 @@ Persistent key import with restart (RSA) depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS +Persistent key import (RSA) invalid key id (VENDOR_MIN) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +persistent_key_import:256:PSA_KEY_ID_VENDOR_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_HANDLE + +Persistent key import (RSA) invalid key id (VOLATILE_MIN) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +persistent_key_import:256:PSA_KEY_ID_VOLATILE_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_HANDLE + +Persistent key import (RSA) invalid key id (VENDOR_MAX) +depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +persistent_key_import:256:PSA_KEY_ID_VENDOR_MAX:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_HANDLE + Persistent key import garbage data, should fail depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index ed30848ad..c4c2b75f6 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -10,6 +10,7 @@ #include #include "test/psa_crypto_helpers.h" +#include "psa_crypto_slot_management.h" #include "psa_crypto_storage.h" #include "mbedtls/md.h" diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 239a68f2a..18d1d748e 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -151,10 +151,10 @@ Key registration: key id out of range register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_HANDLE Key registration: key id min vendor -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MIN:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MIN:1:PSA_ERROR_INVALID_HANDLE Key registration: key id max vendor except volatile -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN-1:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN-1:1:PSA_ERROR_INVALID_HANDLE Key registration: key id min volatile register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN:1:PSA_ERROR_INVALID_HANDLE From f95a2b1190803ab8d3317fa579435a49ca7f2889 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 22 Oct 2020 15:24:49 +0200 Subject: [PATCH 431/488] psa: mgmt: Add key slot access counter Add key slot access counter to be able to state if a key slot containing the description of a permanent key can be reset or reset and re-used. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 243 ++++++++++++++++++++------- library/psa_crypto_core.h | 41 +++++ library/psa_crypto_slot_management.c | 49 +++++- library/psa_crypto_slot_management.h | 39 ++++- 4 files changed, 307 insertions(+), 65 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2c4878d64..a510e3c78 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1189,20 +1189,25 @@ static psa_status_t psa_restrict_key_policy( /** Retrieve a slot which must contain a key. The key must have allow all the * usage flags set in \p usage. If \p alg is nonzero, the key must allow - * operations with this algorithm. */ + * operations with this algorithm. + * + * On success, the access counter of the returned key slot is incremented by + * one. It is the responsibility of the caller to call + * psa_decrement_key_slot_access_count() when it does not access the key slot + * anymore. + */ static psa_status_t psa_get_key_from_slot( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, psa_key_usage_t usage, psa_algorithm_t alg ) { - psa_status_t status; - psa_key_slot_t *slot = NULL; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; - *p_slot = NULL; - - status = psa_get_key_slot( key, &slot ); + status = psa_get_key_slot( key, p_slot ); if( status != PSA_SUCCESS ) return( status ); + slot = *p_slot; /* Enforce that usage policy for the key slot contains all the flags * required by the usage parameter. There is one exception: public @@ -1210,15 +1215,22 @@ static psa_status_t psa_get_key_from_slot( mbedtls_svc_key_id_t key, * if they had the export flag. */ if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ) usage &= ~PSA_KEY_USAGE_EXPORT; + + status = PSA_ERROR_NOT_PERMITTED; if( ( slot->attr.policy.usage & usage ) != usage ) - return( PSA_ERROR_NOT_PERMITTED ); + goto error; /* Enforce that the usage policy permits the requested algortihm. */ if( alg != 0 && ! psa_key_policy_permits( &slot->attr.policy, alg ) ) - return( PSA_ERROR_NOT_PERMITTED ); + goto error; - *p_slot = slot; return( PSA_SUCCESS ); + +error: + *p_slot = NULL; + psa_decrement_key_slot_access_count( slot ); + + return( status ); } /** Retrieve a slot which must contain a transparent key. @@ -1228,6 +1240,11 @@ static psa_status_t psa_get_key_from_slot( mbedtls_svc_key_id_t key, * * This is a temporary function to use instead of psa_get_key_from_slot() * until secure element support is fully implemented. + * + * On success, the access counter of the returned key slot is incremented by + * one. It is the responsibility of the caller to call + * psa_decrement_key_slot_access_count() when it does not access the key slot + * anymore. */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) static psa_status_t psa_get_transparent_key( mbedtls_svc_key_id_t key, @@ -1238,11 +1255,14 @@ static psa_status_t psa_get_transparent_key( mbedtls_svc_key_id_t key, psa_status_t status = psa_get_key_from_slot( key, p_slot, usage, alg ); if( status != PSA_SUCCESS ) return( status ); + if( psa_key_slot_is_external( *p_slot ) ) { + psa_decrement_key_slot_access_count( *p_slot ); *p_slot = NULL; return( PSA_ERROR_NOT_SUPPORTED ); } + return( PSA_SUCCESS ); } #else /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -1473,8 +1493,9 @@ exit: psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; psa_reset_key_attributes( attributes ); @@ -1528,7 +1549,10 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) psa_reset_key_attributes( attributes ); - return( status ); + + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1688,8 +1712,9 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key, size_t data_size, size_t *data_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; /* Set the key to empty now, so that even when there are errors, we always * set data_length to a value between 0 and data_size. On error, setting @@ -1703,8 +1728,11 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key, status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_EXPORT, 0 ); if( status != PSA_SUCCESS ) return( status ); - return( psa_internal_export_key( slot, data, data_size, - data_length, 0 ) ); + + status = psa_internal_export_key( slot, data, data_size, data_length, 0 ); + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, @@ -1712,8 +1740,9 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, size_t data_size, size_t *data_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; /* Set the key to empty now, so that even when there are errors, we always * set data_length to a value between 0 and data_size. On error, setting @@ -1725,8 +1754,11 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, status = psa_get_key_from_slot( key, &slot, 0, 0 ); if( status != PSA_SUCCESS ) return( status ); - return( psa_internal_export_key( slot, data, data_size, - data_length, 1 ) ); + + status = psa_internal_export_key( slot, data, data_size, data_length, 1 ); + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } #if defined(static_assert) @@ -1833,6 +1865,11 @@ static psa_status_t psa_validate_key_attributes( * In case of failure at any step, stop the sequence and call * psa_fail_key_creation(). * + * On success, the access counter of the returned key slot is incremented by + * one. It is the responsibility of the caller to call + * psa_decrement_key_slot_access_count() when it does not access the key slot + * anymore. + * * \param method An identification of the calling function. * \param[in] attributes Key attributes for the new key. * \param[out] key On success, identifier of the key. Note that the @@ -1943,7 +1980,6 @@ static psa_status_t psa_start_key_creation( #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ *key = slot->attr.id; - return( PSA_SUCCESS ); } @@ -2203,6 +2239,9 @@ exit: psa_fail_key_creation( slot, driver ); *key = MBEDTLS_SVC_KEY_ID_INIT; } + else + status = psa_decrement_key_slot_access_count( slot ); + return( status ); } @@ -2233,9 +2272,10 @@ psa_status_t mbedtls_psa_register_se_key( exit: if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - } + else + status = psa_decrement_key_slot_access_count( slot ); + /* Registration doesn't keep the key in RAM. */ psa_close_key( key ); return( status ); @@ -2261,7 +2301,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *specified_attributes, mbedtls_svc_key_id_t *target_key ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *source_slot = NULL; psa_key_slot_t *target_slot = NULL; psa_key_attributes_t actual_attributes = *specified_attributes; @@ -2308,7 +2349,12 @@ exit: psa_fail_key_creation( target_slot, driver ); *target_key = MBEDTLS_SVC_KEY_ID_INIT; } - return( status ); + else + status = psa_decrement_key_slot_access_count( target_slot ); + + decrement_status = psa_decrement_key_slot_access_count( source_slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } @@ -3094,7 +3140,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_algorithm_t alg, int is_sign ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; size_t key_bits; psa_key_usage_t usage = @@ -3203,7 +3250,10 @@ exit: { operation->key_set = 1; } - return( status ); + + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation, @@ -3700,8 +3750,9 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, size_t signature_size, size_t *signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; *signature_length = signature_size; /* Immediately reject a zero-length signature buffer. This guarantees @@ -3807,7 +3858,10 @@ exit: memset( signature, '!', signature_size ); /* If signature_size is 0 then we have nothing to do. We must not call * memset because signature may be NULL in this case. */ - return( status ); + + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, @@ -3817,8 +3871,9 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, const uint8_t *signature, size_t signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg ); @@ -3834,7 +3889,7 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, signature_length ); if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) - return status; + goto exit; #if defined(MBEDTLS_RSA_C) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) @@ -3846,7 +3901,7 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, slot->data.key.bytes, &rsa ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; status = psa_rsa_verify( rsa, alg, @@ -3854,7 +3909,7 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, signature, signature_length ); mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - return( status ); + goto exit; } else #endif /* defined(MBEDTLS_RSA_C) */ @@ -3870,25 +3925,31 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, slot->data.key.bytes, &ecp ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; status = psa_ecdsa_verify( ecp, hash, hash_length, signature, signature_length ); mbedtls_ecp_keypair_free( ecp ); mbedtls_free( ecp ); - return( status ); + goto exit; } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } } else #endif /* defined(MBEDTLS_ECP_C) */ { - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; } + +exit: + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) @@ -3912,8 +3973,9 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, size_t output_size, size_t *output_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; (void) input; (void) input_length; @@ -3931,7 +3993,10 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, return( status ); if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) || PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } #if defined(MBEDTLS_RSA_C) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) @@ -3989,13 +4054,17 @@ rsa_exit: mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - return( status ); } else #endif /* defined(MBEDTLS_RSA_C) */ { - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; } + +exit: + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, @@ -4008,8 +4077,9 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, size_t output_size, size_t *output_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; (void) input; (void) input_length; @@ -4026,7 +4096,10 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) return( status ); if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } #if defined(MBEDTLS_RSA_C) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -4037,7 +4110,7 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, slot->data.key.bytes, &rsa ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; if( input_length != mbedtls_rsa_get_len( rsa ) ) { @@ -4084,13 +4157,17 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, rsa_exit: mbedtls_rsa_free( rsa ); mbedtls_free( rsa ); - return( status ); } else #endif /* defined(MBEDTLS_RSA_C) */ { - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; } + +exit: + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } @@ -4104,8 +4181,9 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, psa_algorithm_t alg, mbedtls_operation_t cipher_operation ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; int ret = 0; - psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_slot_t *slot; size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; @@ -4249,7 +4327,10 @@ exit: } else psa_cipher_abort( operation ); - return( status ); + + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation, @@ -4615,6 +4696,7 @@ typedef struct const mbedtls_cipher_info_t *cipher_info; union { + unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ #if defined(MBEDTLS_CCM_C) mbedtls_ccm_context ccm; #endif /* MBEDTLS_CCM_C */ @@ -4630,6 +4712,8 @@ typedef struct uint8_t tag_length; } aead_operation_t; +#define AEAD_OPERATION_INIT {0, 0, {0}, 0, 0, 0} + static void psa_aead_abort_internal( aead_operation_t *operation ) { switch( operation->core_alg ) @@ -4645,6 +4729,8 @@ static void psa_aead_abort_internal( aead_operation_t *operation ) break; #endif /* MBEDTLS_GCM_C */ } + + psa_decrement_key_slot_access_count( operation->slot ); } static psa_status_t psa_aead_setup( aead_operation_t *operation, @@ -4666,7 +4752,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits, &cipher_id ); if( operation->cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + { + status = PSA_ERROR_NOT_SUPPORTED; + goto cleanup; + } switch( PSA_ALG_AEAD_WITH_TAG_LENGTH( alg, 0 ) ) { @@ -4678,7 +4767,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, * The call to mbedtls_ccm_encrypt_and_tag or * mbedtls_ccm_auth_decrypt will validate the tag length. */ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->attr.type ) != 16 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto cleanup; + } mbedtls_ccm_init( &operation->ctx.ccm ); status = mbedtls_to_psa_error( mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id, @@ -4697,7 +4789,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, * The call to mbedtls_gcm_crypt_and_tag or * mbedtls_gcm_auth_decrypt will validate the tag length. */ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( operation->slot->attr.type ) != 16 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto cleanup; + } mbedtls_gcm_init( &operation->ctx.gcm ); status = mbedtls_to_psa_error( mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id, @@ -4714,7 +4809,10 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, operation->full_tag_length = 16; /* We only support the default tag length. */ if( alg != PSA_ALG_CHACHA20_POLY1305 ) - return( PSA_ERROR_NOT_SUPPORTED ); + { + status = PSA_ERROR_NOT_SUPPORTED; + goto cleanup; + } mbedtls_chachapoly_init( &operation->ctx.chachapoly ); status = mbedtls_to_psa_error( mbedtls_chachapoly_setkey( &operation->ctx.chachapoly, @@ -4725,7 +4823,8 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, #endif /* MBEDTLS_CHACHAPOLY_C */ default: - return( PSA_ERROR_NOT_SUPPORTED ); + status = PSA_ERROR_NOT_SUPPORTED; + goto cleanup; } if( PSA_AEAD_TAG_LENGTH( alg ) > operation->full_tag_length ) @@ -4755,7 +4854,7 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, size_t *ciphertext_length ) { psa_status_t status; - aead_operation_t operation; + aead_operation_t operation = AEAD_OPERATION_INIT; uint8_t *tag; *ciphertext_length = 0; @@ -4869,7 +4968,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, size_t *plaintext_length ) { psa_status_t status; - aead_operation_t operation; + aead_operation_t operation = AEAD_OPERATION_INIT; const uint8_t *tag = NULL; *plaintext_length = 0; @@ -5409,6 +5508,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut psa_fail_key_creation( slot, driver ); *key = MBEDTLS_SVC_KEY_ID_INIT; } + else + status = psa_decrement_key_slot_access_count( slot ); + return( status ); } @@ -5772,8 +5874,9 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_step_t step, mbedtls_svc_key_id_t key ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; status = psa_get_transparent_key( key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg ); @@ -5788,10 +5891,14 @@ psa_status_t psa_key_derivation_input_key( if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) operation->can_output_key = 1; - return( psa_key_derivation_input_internal( operation, - step, slot->attr.type, - slot->data.key.data, - slot->data.key.bytes ) ); + status = psa_key_derivation_input_internal( operation, + step, slot->attr.type, + slot->data.key.data, + slot->data.key.bytes ); + + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } @@ -5939,8 +6046,10 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o const uint8_t *peer_key, size_t peer_key_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_status_t status; + if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_transparent_key( private_key, &slot, @@ -5959,7 +6068,10 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) operation->can_output_key = 1; } - return( status ); + + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, @@ -5970,8 +6082,9 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, size_t output_size, size_t *output_length ) { - psa_key_slot_t *slot; - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot = NULL; if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ) { @@ -6001,7 +6114,10 @@ exit: psa_generate_random( output, output_size ); *output_length = output_size; } - return( status ); + + decrement_status = psa_decrement_key_slot_access_count( slot ); + + return( ( status == PSA_SUCCESS ) ? decrement_status : status ); } @@ -6250,6 +6366,9 @@ exit: psa_fail_key_creation( slot, driver ); *key = MBEDTLS_SVC_KEY_ID_INIT; } + else + status = psa_decrement_key_slot_access_count( slot ); + return( status ); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 86d804bd4..32d1d6077 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -36,6 +36,33 @@ typedef struct { psa_core_key_attributes_t attr; + + /* + * Number of on-going accesses, read and/or write, to the key slot by the + * library. + * + * This counter is incremented by one each time a library function + * retrieves through one of the dedicated internal API a pointer to the + * key slot. + * + * This counter is decremented by one each time a library function stops + * accessing to the key slot and states it by calling the + * psa_decrement_key_slot_access_count() API. + * + * This counter is used to prevent resetting the key slot while the library + * may access it. For example, such control is needed in the following + * scenarios: + * . In case of key slot starvation, all key slots contain the description + * of a key, and the library asks for the description of a permanent + * key not present in the key slots, the key slots currently accessed by + * the library cannot be reclaimed to free a key slot to load the + * permanent key. + * . In case of a multi-threaded application where one thread asks to close + * or purge or destroy a key while it is in used by the library through + * another thread. + */ + size_t access_count; + union { /* Dynamically allocated key data buffer. @@ -74,6 +101,20 @@ static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot ) return( slot->attr.type != 0 ); } +/** Test whether a key slot is accessed. + * + * A key slot is accessed iff its access counter is strickly greater than + * 0. + * + * \param[in] slot The key slot to test. + * + * \return 1 if the slot is accessed, 0 otherwise. + */ +static inline int psa_is_key_slot_accessed( const psa_key_slot_t *slot ) +{ + return( slot->access_count > 0 ); +} + /** Retrieve flags from psa_key_slot_t::attr::core::flags. * * \param[in] slot The key slot to query. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 7308f6fcc..e2074774d 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -88,6 +88,11 @@ psa_status_t psa_validate_key_id( * key with identifier key_id can only be stored in slot of index * ( key_id - #PSA_KEY_ID_VOLATILE_MIN ). * + * On success, the access counter of the returned key slot is incremented by + * one. It is the responsibility of the caller to call + * psa_decrement_key_slot_access_count() when it does not access the key slot + * anymore. + * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the * key slot containing the description of the key @@ -135,7 +140,10 @@ static psa_status_t psa_search_key_in_slots( } if( status == PSA_SUCCESS ) + { *p_slot = slot; + psa_increment_key_slot_access_count( slot ); + } return( status ); } @@ -177,9 +185,12 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( (psa_key_id_t)slot_idx ) - 1; + psa_increment_key_slot_access_count( *p_slot ); + return( PSA_SUCCESS ); } } + *p_slot = NULL; return( PSA_ERROR_INSUFFICIENT_MEMORY ); } @@ -232,6 +243,10 @@ psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, if( ! global_data.key_slots_initialized ) return( PSA_ERROR_BAD_STATE ); + /* + * On success, the pointer to the slot is passed directly to the caller + * thus no need to decrement the key slot access counter here. + */ status = psa_search_key_in_slots( key, p_slot ); if( status != PSA_ERROR_DOES_NOT_EXIST ) return( status ); @@ -257,6 +272,36 @@ psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, } +psa_status_t psa_decrement_key_slot_access_count( psa_key_slot_t *slot ) +{ + if( slot == NULL ) + return( PSA_SUCCESS ); + + if( slot->access_count > 0 ) + { + slot->access_count--; + return( PSA_SUCCESS ); + } + + /* + * As the return error code may not be handled in case of multiple errors, + * do our best to report if the access counter is equal to zero: if + * available call MBEDTLS_PARAM_FAILED that may terminate execution (if + * called as part of the execution of a unit test suite this will stop the + * test suite execution) and if MBEDTLS_PARAM_FAILED does not terminate + * execution ouput an error message on standard error output. + */ +#ifdef MBEDTLS_CHECK_PARAMS + MBEDTLS_PARAM_FAILED( slot->access_count > 0 ); +#endif +#ifdef MBEDTLS_PLATFORM_C + mbedtls_fprintf( stderr, + "\nFATAL psa_decrement_key_slot_access_count Decrementing a zero access counter.\n" ); +#endif + + return( PSA_ERROR_CORRUPTION_DETECTED ); +} + psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ) { @@ -315,7 +360,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) *handle = key; - return( PSA_SUCCESS ); + return( psa_decrement_key_slot_access_count( slot ) ); #else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ (void) key; @@ -349,7 +394,7 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) return( status ); if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) - return PSA_SUCCESS; + return( psa_decrement_key_slot_access_count( slot ) ); return( psa_wipe_key_slot( slot ) ); } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 2b90ce87b..d22e343bc 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -70,6 +70,11 @@ static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) * In case of a persistent key, the function loads the description of the key * into a key slot if not already done. * + * On success, the access counter of the returned key slot is incremented by + * one. It is the responsibility of the caller to call + * psa_decrement_key_slot_access_count() when it does not access the slot + * anymore. + * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the * key slot containing the description of the key @@ -110,7 +115,10 @@ void psa_wipe_all_key_slots( void ); /** Find a free key slot. * * This function returns a key slot that is available for use and is in its - * ground state (all-bits-zero). + * ground state (all-bits-zero). On success, the access counter of the + * returned key slot is incremented by one. It is the responsibility of the + * caller to call psa_decrement_key_slot_access_count() when it does not access + * the key slot anymore. * * \param[out] volatile_key_id On success, volatile key identifier * associated to the returned slot. @@ -123,6 +131,35 @@ void psa_wipe_all_key_slots( void ); psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ); +/** Increment slot access counter. + * + * This function increments the slot access counter by one. + * + * \param[in] slot The key slot. + */ +static inline void psa_increment_key_slot_access_count( psa_key_slot_t *slot ) +{ + slot->access_count++; +} + +/** Decrement slot access counter. + * + * This function decrements the slot access counter by one. + * + * \note To ease the handling of errors in retrieving a key slot + * a NULL input pointer is valid, and the function returns + * successfully without doing anything in that case. + * + * \param[in] slot The key slot. + * \retval #PSA_SUCCESS + * \p slot is NULL or the key slot access pointer has been + * decremented successfully. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * The access counter was equal to 0. + * + */ +psa_status_t psa_decrement_key_slot_access_count( psa_key_slot_t *slot ); + /** Test whether a lifetime designates a key in an external cryptoprocessor. * * \param lifetime The lifetime to test. From 0c3752a46beda8be9ddb6134ae4d12cb2f4b6b15 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 30 Oct 2020 11:54:03 +0100 Subject: [PATCH 432/488] psa: slot mgmt: Add unaccessed slots counter in stats Add a counter of unaccessed slots and use it in tests to check that at the end of PSA tests all key slot are unaccessed. Signed-off-by: Ronald Cron --- include/psa/crypto_extra.h | 2 ++ library/psa_crypto_slot_management.c | 4 ++++ tests/include/test/psa_crypto_helpers.h | 5 +++++ 3 files changed, 11 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 71adb9355..7986eb23b 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -231,6 +231,8 @@ typedef struct mbedtls_psa_stats_s size_t cache_slots; /** Number of slots that are not used for anything. */ size_t empty_slots; + /** Number of slots that are not accessed. */ + size_t unaccessed_slots; /** Largest key id value among open keys in internal persistent storage. */ psa_key_id_t max_open_internal_key_id; /** Largest key id value among open keys in secure elements. */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index e2074774d..2fa0a0d54 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -408,6 +408,10 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; + if( ! psa_is_key_slot_accessed( slot ) ) + { + ++stats->unaccessed_slots; + } if( ! psa_is_key_slot_occupied( slot ) ) { ++stats->empty_slots; diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index c8013a1a8..214ee87f3 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -24,6 +24,7 @@ #include "test/psa_helpers.h" #include +#include static int test_helper_is_psa_pristine( int line, const char *file ) { @@ -40,6 +41,10 @@ static int test_helper_is_psa_pristine( int line, const char *file ) msg = "An external slot has not been closed properly."; else if( stats.half_filled_slots != 0 ) msg = "A half-filled slot has not been cleared properly."; + else if( stats.unaccessed_slots != PSA_KEY_SLOT_COUNT ) + { + msg = "Some slots are still marked as accessed."; + } /* If the test has already failed, don't overwrite the failure * information. Do keep the stats lookup above, because it can be From ddd3d058034d5a2f808a568cedcf19ed23a9dbc2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 30 Oct 2020 14:07:07 +0100 Subject: [PATCH 433/488] psa: Add access counter check in slot wipe Signed-off-by: Ronald Cron --- library/psa_crypto.c | 21 +++++++++++++++++++++ library/psa_crypto_slot_management.c | 1 + 2 files changed, 22 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a510e3c78..04a6514d5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1299,6 +1299,27 @@ static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot ) psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) { psa_status_t status = psa_remove_key_data_from_memory( slot ); + + /* + * As the return error code may not be handled in case of multiple errors, + * do our best to report an unexpected access counter: if available + * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as + * part of the execution of a test suite this will stop the test suite + * execution) and if MBEDTLS_PARAM_FAILED does not terminate execution + * ouput an error message on standard error output. + */ + if( slot->access_count != 1 ) + { +#ifdef MBEDTLS_CHECK_PARAMS + MBEDTLS_PARAM_FAILED( slot->access_count == 1 ); +#endif +#ifdef MBEDTLS_PLATFORM_C + mbedtls_fprintf( stderr, + "\nFATAL psa_wipe_key_slot Unexpected access counter value\n."); +#endif + status = PSA_ERROR_CORRUPTION_DETECTED; + } + /* Multipart operations may still be using the key. This is safe * because all multipart operation objects are independent from * the key slot: if they need to access the key after the setup diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 2fa0a0d54..7bfcc4d37 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -164,6 +164,7 @@ void psa_wipe_all_key_slots( void ) for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; + slot->access_count = 1; (void) psa_wipe_key_slot( slot ); } global_data.key_slots_initialized = 0; From f291111007cb6dd6962e190aae340052c308622d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 29 Oct 2020 17:51:10 +0100 Subject: [PATCH 434/488] psa: Do not reset a key slot under access When psa_close/destroy/purge_key is called, do not reset a key slot containing the description of a persistent key if it is currently accessed. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 20 ++++++++++++++++++++ library/psa_crypto_slot_management.c | 12 ++++++++---- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 04a6514d5..1f69b55e1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1344,10 +1344,30 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) if( mbedtls_svc_key_id_is_null( key ) ) return( PSA_SUCCESS ); + /* + * Get the description of the key in a key slot. In case of a permanent + * key, this will load the key description from persistent memory if not + * done yet. We cannot avoid this loading as without it we don't know if + * the key is operated by an SE or not and this information is needed by + * the current implementation. + */ status = psa_get_key_slot( key, &slot ); if( status != PSA_SUCCESS ) return( status ); + /* + * If the key slot containing the key description is under access by the + * library (apart from the present access), the key cannot be destroyed + * yet. For the time being, just return in error. Eventually (to be + * implemented), the key should be destroyed when all accesses have + * stopped. + */ + if( slot->access_count > 1 ) + { + psa_decrement_key_slot_access_count( slot ); + return( PSA_ERROR_GENERIC_ERROR ); + } + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) driver = psa_get_se_driver_entry( slot->attr.lifetime ); if( driver != NULL ) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 7bfcc4d37..9271e1451 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -382,7 +382,10 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) if( status != PSA_SUCCESS ) return( status ); - return( psa_wipe_key_slot( slot ) ); + if( slot->access_count <= 1 ) + return( psa_wipe_key_slot( slot ) ); + else + return( psa_decrement_key_slot_access_count( slot ) ); } psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) @@ -394,10 +397,11 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) if( status != PSA_SUCCESS ) return( status ); - if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) + if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && + ( slot->access_count <= 1 ) ) + return( psa_wipe_key_slot( slot ) ); + else return( psa_decrement_key_slot_access_count( slot ) ); - - return( psa_wipe_key_slot( slot ) ); } void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) From a5b894f7e21e116ce3822441bcbbab58b84a0d7a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 21 Oct 2020 09:04:34 +0200 Subject: [PATCH 435/488] psa: mgmt: Add key slot reuse When looking for an empty key slot to store the description of a key, if all key slots are in use, reuse the first encountered and unaccessed key slot containing the description of a permanent key. Signed-off-by: Ronald Cron --- library/psa_crypto_slot_management.c | 63 ++++-- ...test_suite_psa_crypto_slot_management.data | 20 ++ ..._suite_psa_crypto_slot_management.function | 186 ++++++++++++++++++ 3 files changed, 255 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 9271e1451..5a1fc741f 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -173,27 +173,62 @@ void psa_wipe_all_key_slots( void ) psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t slot_idx; + psa_key_slot_t *selected_slot, *unaccessed_permanent_key_slot; if( ! global_data.key_slots_initialized ) - return( PSA_ERROR_BAD_STATE ); - - for( slot_idx = PSA_KEY_SLOT_COUNT; slot_idx > 0; slot_idx-- ) { - *p_slot = &global_data.key_slots[ slot_idx - 1 ]; - if( ! psa_is_key_slot_occupied( *p_slot ) ) - { - *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + - ( (psa_key_id_t)slot_idx ) - 1; - - psa_increment_key_slot_access_count( *p_slot ); - - return( PSA_SUCCESS ); - } + status = PSA_ERROR_BAD_STATE; + goto error; } + selected_slot = unaccessed_permanent_key_slot = NULL; + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) + { + psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; + if( ! psa_is_key_slot_occupied( slot ) ) + { + selected_slot = slot; + break; + } + + if( ( unaccessed_permanent_key_slot == NULL ) && + ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && + ( ! psa_is_key_slot_accessed( slot ) ) ) + unaccessed_permanent_key_slot = slot; + } + + /* + * If there is no unused key slot and there is at least one unaccessed key + * slot containing the description of a permament key, recycle the first + * such key slot we encountered. If we need later on to operate on the + * permanent key we evict now, we will reload its description from storage. + */ + if( ( selected_slot == NULL ) && + ( unaccessed_permanent_key_slot != NULL ) ) + { + selected_slot = unaccessed_permanent_key_slot; + selected_slot->access_count = 1; + psa_wipe_key_slot( selected_slot ); + } + + if( selected_slot != NULL ) + { + *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + + ( (psa_key_id_t)( selected_slot - global_data.key_slots ) ); + *p_slot = selected_slot; + psa_increment_key_slot_access_count( selected_slot ); + + return( PSA_SUCCESS ); + } + status = PSA_ERROR_INSUFFICIENT_MEMORY; + +error: *p_slot = NULL; - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + *volatile_key_id = 0; + + return( status ); } #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index 253342559..d2d6c01b9 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -186,3 +186,23 @@ invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HA Open many transient keys many_transient_keys:42 + +# Eviction from a key slot to be able to import a new permanent key. +Key slot eviction to import a new permanent key +key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_PERSISTENT + +# Eviction from a key slot to be able to import a new volatile key. +Key slot eviction to import a new volatile key +key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_VOLATILE + +# Check that non reusable key slots are not deleted/overwritten in case of key +# slot starvation: +# . An attempt to access a permanent key while all RAM key slots are occupied +# by volatile keys fails and does not lead to volatile key data to be +# spoiled. +# . With all key slot in use with one containing a permanent key, an attempt +# to copy the permanent key fails (the permanent key slot cannot be reclaimed +# as it is accessed by the copy process) without the permament key data and +# volatile key data being spoiled. +Non reusable key slots integrity in case of key slot starvation +non_reusable_key_slots_integrity_in_case_of_key_slot_starvation diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 66bf0a46e..94bcade12 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -877,3 +877,189 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +void key_slot_eviction_to_import_new_key( int lifetime_arg ) +{ + psa_key_lifetime_t lifetime = (psa_key_lifetime_t)lifetime_arg; + size_t i; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t exported[sizeof( size_t )]; + size_t exported_length; + mbedtls_svc_key_id_t key, returned_key_id; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); + psa_set_key_algorithm( &attributes, 0 ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); + + /* + * Create PSA_KEY_SLOT_COUNT persistent keys. + */ + for( i = 0; i < PSA_KEY_SLOT_COUNT; i++ ) + { + key = mbedtls_svc_key_id_make( i, i + 1 ); + psa_set_key_id( &attributes, key ); + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &i, sizeof( i ), + &returned_key_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key ) ); + } + + /* + * Create a new persistent or volatile key. When creating the key, + * one of the description of the previously created persistent key + * is removed from the RAM key slots. This makes room to store its + * description in RAM. + */ + i = PSA_KEY_SLOT_COUNT; + key = mbedtls_svc_key_id_make( i, i + 1 ); + psa_set_key_id( &attributes, key ); + + if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) + psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_VOLATILE ); + + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &i, sizeof( i ), + &returned_key_id ) ); + if( lifetime != PSA_KEY_LIFETIME_VOLATILE ) + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key ) ); + + /* + * Check that we can export all ( PSA_KEY_SLOT_COUNT + 1 ) keys, + * that they have the expected value and destroy them. In that process, + * the description of the persistent key that was evicted from the RAM + * slots when creating the last key is restored in a RAM slot to export + * its value. + */ + for( i = 0; i <= PSA_KEY_SLOT_COUNT; i++ ) + { + if( i < PSA_KEY_SLOT_COUNT ) + key = mbedtls_svc_key_id_make( i, i + 1 ); + else + key = returned_key_id; + + PSA_ASSERT( psa_export_key( key, + exported, sizeof( exported ), + &exported_length ) ); + ASSERT_COMPARE( exported, exported_length, + (uint8_t *) &i, sizeof( i ) ); + PSA_ASSERT( psa_destroy_key( key ) ); + } + +exit: + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) +{ + psa_status_t status; + size_t i; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t exported[sizeof( size_t )]; + size_t exported_length; + mbedtls_svc_key_id_t permanent_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t permanent_key2 = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t *keys = NULL; + + TEST_ASSERT( PSA_KEY_SLOT_COUNT >= 1 ); + + ASSERT_ALLOC( keys, PSA_KEY_SLOT_COUNT ); + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY ); + psa_set_key_algorithm( &attributes, 0 ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); + + /* + * Create a permanent key + */ + permanent_key = mbedtls_svc_key_id_make( 0x100, 0x205 ); + psa_set_key_id( &attributes, permanent_key ); + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &permanent_key, + sizeof( permanent_key ), + &returned_key_id ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, permanent_key ) ); + + /* + * Create PSA_KEY_SLOT_COUNT volatile keys + */ + psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_VOLATILE ); + for( i = 0; i < PSA_KEY_SLOT_COUNT; i++ ) + { + PSA_ASSERT( psa_import_key( &attributes, + (uint8_t *) &i, sizeof( i ), + &keys[i]) ); + } + psa_reset_key_attributes( &attributes ); + + /* + * Check that we cannot access the persistent key as all slots are + * occupied by volatile keys and the implementation needs to load the + * persistent key description in a slot to be able to access it. + */ + status = psa_get_key_attributes( permanent_key, &attributes ); + TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); + + /* + * Check we can export the volatile key created last and that it has the + * expected value. Then, destroy it. + */ + PSA_ASSERT( psa_export_key( keys[PSA_KEY_SLOT_COUNT - 1], + exported, sizeof( exported ), + &exported_length ) ); + i = PSA_KEY_SLOT_COUNT - 1; + ASSERT_COMPARE( exported, exported_length, (uint8_t *) &i, sizeof( i ) ); + PSA_ASSERT( psa_destroy_key( keys[PSA_KEY_SLOT_COUNT - 1] ) ); + + /* + * Check that we can now access the persistent key again. + */ + PSA_ASSERT( psa_get_key_attributes( permanent_key, &attributes ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( attributes.core.id, + permanent_key ) ); + + /* + * Check that we cannot copy the persistent key as all slots are occupied + * by the permanent key and the volatile keys and the slot containing the + * permanent key cannot be reclaimed as it contains the key to copy. + */ + permanent_key2 = mbedtls_svc_key_id_make( 0x100, 0x204 ); + psa_set_key_id( &attributes, permanent_key2 ); + status = psa_copy_key( permanent_key, &attributes, &returned_key_id ); + TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); + + /* + * Check we can export the remaining volatile keys and that they have the + * expected values. + */ + for( i = 0; i < ( PSA_KEY_SLOT_COUNT - 1 ); i++ ) + { + PSA_ASSERT( psa_export_key( keys[i], + exported, sizeof( exported ), + &exported_length ) ); + ASSERT_COMPARE( exported, exported_length, + (uint8_t *) &i, sizeof( i ) ); + PSA_ASSERT( psa_destroy_key( keys[i] ) ); + } + + /* + * Check we can export the persistent key and that it have the expected + * value. + */ + + PSA_ASSERT( psa_export_key( permanent_key, exported, sizeof( exported ), + &exported_length ) ); + ASSERT_COMPARE( exported, exported_length, + (uint8_t *) &permanent_key, sizeof( permanent_key ) ); +exit: + psa_destroy_key( permanent_key ); + PSA_DONE( ); + mbedtls_free( keys ); +} +/* END_CASE */ From 77c89f5ad64ee8e7e1de611e6fde539907008a09 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Nov 2020 17:45:56 +0100 Subject: [PATCH 436/488] Fix several typos Signed-off-by: Ronald Cron --- include/mbedtls/config.h | 2 +- programs/psa/key_ladder_demo.c | 2 +- tests/suites/test_suite_psa_crypto_slot_management.function | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c930a8ff3..a85b0a45f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1266,7 +1266,7 @@ * which is currently hard-coded to be int32_t. * * Note that this option is meant for internal use only and may be removed - * without notice. It is incompatible with PSA_USE_PSA_CRYPTO. + * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO. */ //#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index c36b67faf..47d5de642 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -574,7 +574,7 @@ static psa_status_t run( enum program_mode mode, exit: /* Destroy any remaining key. Deinitializing the crypto library would do * this anyway since they are volatile keys, but explicitly destroying - * keys makes the code easier. */ + * keys makes the code easier to reuse. */ (void) psa_destroy_key( derivation_key ); (void) psa_destroy_key( wrapping_key ); /* Deinitialize the PSA crypto library. */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 94bcade12..321ce4f33 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -106,7 +106,7 @@ static int invalidate_key( invalidate_method_t invalidate_method, case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: PSA_ASSERT( psa_destroy_key( key ) ); break; - /* Purging the key just purge RAM data of persitent keys. */ + /* Purging the key just purges RAM data of persistent keys. */ case INVALIDATE_BY_PURGING: case INVALIDATE_BY_PURGING_WITH_SHUTDOWN: PSA_ASSERT( psa_purge_key( key ) ); From 19daca9b2e46c4f9fa16af9091b1dea3014ef1fa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Nov 2020 18:08:03 +0100 Subject: [PATCH 437/488] Prefer persistent over permanent For consistency across the code base, prefer persistent over permanent to qualify a key stored in persistent storage. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 +- library/psa_crypto_core.h | 4 +- library/psa_crypto_slot_management.c | 15 +++---- ...test_suite_psa_crypto_slot_management.data | 14 +++---- ..._suite_psa_crypto_slot_management.function | 40 +++++++++---------- 5 files changed, 38 insertions(+), 37 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1f69b55e1..3e174f9c2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1345,7 +1345,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) return( PSA_SUCCESS ); /* - * Get the description of the key in a key slot. In case of a permanent + * Get the description of the key in a key slot. In case of a persistent * key, this will load the key description from persistent memory if not * done yet. We cannot avoid this loading as without it we don't know if * the key is operated by an SE or not and this information is needed by diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 32d1d6077..489be31e2 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -53,10 +53,10 @@ typedef struct * may access it. For example, such control is needed in the following * scenarios: * . In case of key slot starvation, all key slots contain the description - * of a key, and the library asks for the description of a permanent + * of a key, and the library asks for the description of a persistent * key not present in the key slots, the key slots currently accessed by * the library cannot be reclaimed to free a key slot to load the - * permanent key. + * persistent key. * . In case of a multi-threaded application where one thread asks to close * or purge or destroy a key while it is in used by the library through * another thread. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 5a1fc741f..a114eecdb 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -175,7 +175,7 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t slot_idx; - psa_key_slot_t *selected_slot, *unaccessed_permanent_key_slot; + psa_key_slot_t *selected_slot, *unaccessed_persistent_key_slot; if( ! global_data.key_slots_initialized ) { @@ -183,7 +183,7 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, goto error; } - selected_slot = unaccessed_permanent_key_slot = NULL; + selected_slot = unaccessed_persistent_key_slot = NULL; for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; @@ -193,22 +193,23 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, break; } - if( ( unaccessed_permanent_key_slot == NULL ) && + if( ( unaccessed_persistent_key_slot == NULL ) && ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && ( ! psa_is_key_slot_accessed( slot ) ) ) - unaccessed_permanent_key_slot = slot; + unaccessed_persistent_key_slot = slot; } /* * If there is no unused key slot and there is at least one unaccessed key * slot containing the description of a permament key, recycle the first * such key slot we encountered. If we need later on to operate on the - * permanent key we evict now, we will reload its description from storage. + * persistent key we evict now, we will reload its description from + * storage. */ if( ( selected_slot == NULL ) && - ( unaccessed_permanent_key_slot != NULL ) ) + ( unaccessed_persistent_key_slot != NULL ) ) { - selected_slot = unaccessed_permanent_key_slot; + selected_slot = unaccessed_persistent_key_slot; selected_slot->access_count = 1; psa_wipe_key_slot( selected_slot ); } diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index d2d6c01b9..396cdfb53 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -187,8 +187,8 @@ invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HA Open many transient keys many_transient_keys:42 -# Eviction from a key slot to be able to import a new permanent key. -Key slot eviction to import a new permanent key +# Eviction from a key slot to be able to import a new persistent key. +Key slot eviction to import a new persistent key key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_PERSISTENT # Eviction from a key slot to be able to import a new volatile key. @@ -197,12 +197,12 @@ key_slot_eviction_to_import_new_key:PSA_KEY_LIFETIME_VOLATILE # Check that non reusable key slots are not deleted/overwritten in case of key # slot starvation: -# . An attempt to access a permanent key while all RAM key slots are occupied +# . An attempt to access a persistent key while all RAM key slots are occupied # by volatile keys fails and does not lead to volatile key data to be # spoiled. -# . With all key slot in use with one containing a permanent key, an attempt -# to copy the permanent key fails (the permanent key slot cannot be reclaimed -# as it is accessed by the copy process) without the permament key data and -# volatile key data being spoiled. +# . With all key slot in use with one containing a persistent key, an attempt +# to copy the persistent key fails (the persistent key slot cannot be +# reclaimed as it is accessed by the copy process) without the persistent key +# data and volatile key data being spoiled. Non reusable key slots integrity in case of key slot starvation non_reusable_key_slots_integrity_in_case_of_key_slot_starvation diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 321ce4f33..ac2e6f7fc 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -97,7 +97,7 @@ static int invalidate_key( invalidate_method_t invalidate_method, { switch( invalidate_method ) { - /* Closing the key invalidate only volatile keys, not permanent ones. */ + /* Closing the key invalidate only volatile keys, not persistent ones. */ case INVALIDATE_BY_CLOSING: case INVALIDATE_BY_CLOSING_WITH_SHUTDOWN: PSA_ASSERT( psa_close_key( key ) ); @@ -960,8 +960,8 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t exported[sizeof( size_t )]; size_t exported_length; - mbedtls_svc_key_id_t permanent_key = MBEDTLS_SVC_KEY_ID_INIT; - mbedtls_svc_key_id_t permanent_key2 = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t persistent_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t persistent_key2 = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t returned_key_id = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t *keys = NULL; @@ -976,15 +976,15 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA ); /* - * Create a permanent key + * Create a persistent key */ - permanent_key = mbedtls_svc_key_id_make( 0x100, 0x205 ); - psa_set_key_id( &attributes, permanent_key ); + persistent_key = mbedtls_svc_key_id_make( 0x100, 0x205 ); + psa_set_key_id( &attributes, persistent_key ); PSA_ASSERT( psa_import_key( &attributes, - (uint8_t *) &permanent_key, - sizeof( permanent_key ), + (uint8_t *) &persistent_key, + sizeof( persistent_key ), &returned_key_id ) ); - TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, permanent_key ) ); + TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, persistent_key ) ); /* * Create PSA_KEY_SLOT_COUNT volatile keys @@ -1003,7 +1003,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) * occupied by volatile keys and the implementation needs to load the * persistent key description in a slot to be able to access it. */ - status = psa_get_key_attributes( permanent_key, &attributes ); + status = psa_get_key_attributes( persistent_key, &attributes ); TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); /* @@ -1020,18 +1020,18 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) /* * Check that we can now access the persistent key again. */ - PSA_ASSERT( psa_get_key_attributes( permanent_key, &attributes ) ); + PSA_ASSERT( psa_get_key_attributes( persistent_key, &attributes ) ); TEST_ASSERT( mbedtls_svc_key_id_equal( attributes.core.id, - permanent_key ) ); + persistent_key ) ); /* * Check that we cannot copy the persistent key as all slots are occupied - * by the permanent key and the volatile keys and the slot containing the - * permanent key cannot be reclaimed as it contains the key to copy. + * by the persistent key and the volatile keys and the slot containing the + * persistent key cannot be reclaimed as it contains the key to copy. */ - permanent_key2 = mbedtls_svc_key_id_make( 0x100, 0x204 ); - psa_set_key_id( &attributes, permanent_key2 ); - status = psa_copy_key( permanent_key, &attributes, &returned_key_id ); + persistent_key2 = mbedtls_svc_key_id_make( 0x100, 0x204 ); + psa_set_key_id( &attributes, persistent_key2 ); + status = psa_copy_key( persistent_key, &attributes, &returned_key_id ); TEST_EQUAL( status, PSA_ERROR_INSUFFICIENT_MEMORY ); /* @@ -1053,12 +1053,12 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) * value. */ - PSA_ASSERT( psa_export_key( permanent_key, exported, sizeof( exported ), + PSA_ASSERT( psa_export_key( persistent_key, exported, sizeof( exported ), &exported_length ) ); ASSERT_COMPARE( exported, exported_length, - (uint8_t *) &permanent_key, sizeof( permanent_key ) ); + (uint8_t *) &persistent_key, sizeof( persistent_key ) ); exit: - psa_destroy_key( permanent_key ); + psa_destroy_key( persistent_key ); PSA_DONE( ); mbedtls_free( keys ); } From a577c18501d4a2f4beaf80fcc28f9abd5d93f1d6 Mon Sep 17 00:00:00 2001 From: Omer Shapira Date: Tue, 3 Nov 2020 10:48:05 -0800 Subject: [PATCH 438/488] [minor] Added Cscope to .gitignore Added CScope index files to .gitignore Signed-off-by: Omer Shapira --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index ee2cd4640..39cdc4ea5 100644 --- a/.gitignore +++ b/.gitignore @@ -54,4 +54,5 @@ massif-* /GSYMS /GTAGS /TAGS +/cscope*.out /tags From 6ba40d1faace828c4ae945672c05fe36943089c9 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 10 Nov 2020 08:50:04 -0800 Subject: [PATCH 439/488] Corrected guards in PSA library based on review comments Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx guards based on review comments. Corrected guards in psa test driver to use _ACCEL version instead of _BUILTIN version. Updated check_config_psa.h to include additional dependency checks for more algorithms. Renamed some of the new tests to be a little more clear on the purpose. Signed-off-by: John Durkop --- include/mbedtls/check_config_psa.h | 48 +++++++++ include/mbedtls/config_psa.h | 2 + library/psa_crypto.c | 166 ++++++++++++++++------------- tests/scripts/all.sh | 24 ++--- tests/src/drivers/key_management.c | 21 ++-- 5 files changed, 168 insertions(+), 93 deletions(-) diff --git a/include/mbedtls/check_config_psa.h b/include/mbedtls/check_config_psa.h index 3fb5850c6..483aa0e06 100644 --- a/include/mbedtls/check_config_psa.h +++ b/include/mbedtls/check_config_psa.h @@ -36,4 +36,52 @@ #error "MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) && \ + !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) +#error "MBEDTLS_PSA_BUILTIN_ALG_ECDSA defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && \ + !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) +#error "MBEDTLS_PSA_BUILTIN_ALG_ECDH defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) && \ + !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) && \ + !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) && \ + !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) && \ + !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS defined, but not all prerequisites" +#endif + #endif /* MBEDTLS_CHECK_CONFIG_PSA_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 48046e07b..0690ee719 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -91,6 +91,7 @@ extern "C" { #if defined(PSA_WANT_ALG_HKDF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #define MBEDTLS_HKDF_C #define MBEDTLS_MD_C @@ -187,6 +188,7 @@ extern "C" { #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_HKDF_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #endif /* MBEDTLS_HKDF_C */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 31506ef3b..78d0b9a3f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -371,7 +371,9 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ) { @@ -440,7 +442,9 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, } } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || + * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, size_t bits ) @@ -593,6 +597,16 @@ exit: #endif /* MBEDTLS_PK_PARSE_C */ } +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + /** Export an RSA key to export representation * * \param[in] type The type of key (public/private) to export @@ -716,15 +730,15 @@ exit: return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || + +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /** Load the contents of a key buffer into an internal ECP representation * * \param[in] type The type of key contained in \p data. @@ -824,7 +838,14 @@ exit: return( status ); } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) /** Export an ECP key to export representation * * \param[in] type The type of key (public/private) to export @@ -1444,7 +1465,11 @@ psa_status_t psa_get_key_domain_parameters( return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) static psa_status_t psa_get_rsa_public_exponent( const mbedtls_rsa_context *rsa, @@ -1485,7 +1510,11 @@ exit: mbedtls_free( buffer ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. @@ -1513,7 +1542,11 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, switch( slot->attr.type ) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: @@ -1541,7 +1574,11 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, mbedtls_free( rsa ); } break; -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ default: /* Nothing else to do. */ @@ -1671,7 +1708,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, } else { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_keypair *ecp = NULL; psa_status_t status = psa_load_ecp_representation( slot->attr.type, @@ -2884,7 +2922,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( (int) key_bits, mode ) ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static size_t psa_get_hash_block_size( psa_algorithm_t alg ) { switch( alg ) @@ -2911,7 +2949,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) return( 0 ); } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ @@ -2955,13 +2993,13 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) { mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); return( psa_hash_abort( &hmac->hash_ctx ) ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) { @@ -3032,7 +3070,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation, } #endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, const uint8_t *key, size_t key_length, @@ -3094,7 +3132,7 @@ cleanup: return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_key_handle_t handle, @@ -3266,7 +3304,7 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, uint8_t *mac, size_t mac_size ) @@ -3304,7 +3342,7 @@ exit: mbedtls_platform_zeroize( tmp, hash_size ); return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, uint8_t *mac, @@ -3433,11 +3471,8 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, @@ -3481,7 +3516,6 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, psa_algorithm_t alg, const uint8_t *hash, @@ -3544,7 +3578,6 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, *signature_length = mbedtls_rsa_get_len( rsa ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR */ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, psa_algorithm_t alg, @@ -3610,16 +3643,11 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, return( PSA_ERROR_INVALID_SIGNATURE ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ -#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) && \ - ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() * (even though these functions don't modify it). */ @@ -3718,10 +3746,8 @@ cleanup: mbedtls_mpi_free( &s ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) && - ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ psa_status_t psa_sign_hash( psa_key_handle_t handle, psa_algorithm_t alg, @@ -3764,7 +3790,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, goto exit; /* If the operation was not supported by any accelerator, try fallback. */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -3786,9 +3813,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, mbedtls_free( rsa ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ @@ -3824,8 +3850,6 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle, } } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ { status = PSA_ERROR_NOT_SUPPORTED; } @@ -3870,8 +3894,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, psa_key_lifetime_is_external( slot->attr.lifetime ) ) return status; -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -3892,10 +3916,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ @@ -3924,8 +3946,6 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle, } } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3973,8 +3993,8 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle, PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { mbedtls_rsa_context *rsa = NULL; @@ -4034,9 +4054,7 @@ rsa_exit: } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -4072,7 +4090,8 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle, if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; @@ -4131,7 +4150,8 @@ rsa_exit: return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -5855,8 +5875,7 @@ psa_status_t psa_key_derivation_input_key( /* Key agreement */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, size_t peer_key_length, const mbedtls_ecp_keypair *our_key, @@ -5907,7 +5926,7 @@ exit: return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES @@ -5921,8 +5940,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, { switch( alg ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) case PSA_ALG_ECDH: if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -5941,7 +5959,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, mbedtls_ecp_keypair_free( ecp ); mbedtls_free( ecp ); return( status ); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ default: (void) private_key; (void) peer_key; @@ -6105,7 +6123,8 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed, } #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ + defined(MBEDTLS_GENPRIME) static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, size_t domain_parameters_size, int *exponent ) @@ -6131,7 +6150,8 @@ static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, *exponent = acc; return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && + * defined(MBEDTLS_GENPRIME) */ static psa_status_t psa_generate_key_internal( psa_key_slot_t *slot, size_t bits, @@ -6169,7 +6189,8 @@ static psa_status_t psa_generate_key_internal( } else -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ + defined(MBEDTLS_GENPRIME) if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context rsa; @@ -6217,7 +6238,8 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && + * defined(MBEDTLS_GENPRIME) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 138849c54..592d878a3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1324,7 +1324,7 @@ component_test_psa_crypto_config_no_driver() { } # This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. -component_build_psa_want_ecdsa_disabled_software() { +component_build_psa_accel_alg_ecdsa() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA # without MBEDTLS_ECDSA_C # PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already @@ -1342,7 +1342,7 @@ component_build_psa_want_ecdsa_disabled_software() { } # This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. -component_build_psa_want_ecdh_disabled_software() { +component_build_psa_accel_alg_ecdh() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH # without MBEDTLS_ECDH_C msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" @@ -1361,7 +1361,7 @@ component_build_psa_want_ecdh_disabled_software() { } # This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. -component_build_psa_want_ecc_key_pair() { +component_build_psa_accel_key_type_ecc_key_pair() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR" scripts/config.py full @@ -1375,7 +1375,7 @@ component_build_psa_want_ecc_key_pair() { } # This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. -component_build_psa_want_ecc_public_key() { +component_build_psa_accel_key_type_ecc_public_key() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" scripts/config.py full @@ -1389,7 +1389,7 @@ component_build_psa_want_ecc_public_key() { } # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. -component_build_psa_want_hmac() { +component_build_psa_accel_alg_hmac() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" scripts/config.py full @@ -1401,7 +1401,7 @@ component_build_psa_want_hmac() { } # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. -component_build_psa_want_hkdf_disabled_software() { +component_build_psa_accel_alg_hkdf() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF # without MBEDTLS_HKDF_C msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" @@ -1417,7 +1417,7 @@ component_build_psa_want_hkdf_disabled_software() { } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_want_rsa_pkcs1v15_crypt() { +component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full @@ -1433,7 +1433,7 @@ component_build_psa_want_rsa_pkcs1v15_crypt() { } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_want_rsa_pkcs1v15_sign() { +component_build_psa_accel_alg_rsa_pkcs1v15_sign() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full @@ -1449,7 +1449,7 @@ component_build_psa_want_rsa_pkcs1v15_sign() { } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_want_rsa_oaep() { +component_build_psa_accel_alg_rsa_oaep() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full @@ -1465,7 +1465,7 @@ component_build_psa_want_rsa_oaep() { } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_want_rsa_pss() { +component_build_psa_accel_alg_rsa_pss() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full @@ -1481,7 +1481,7 @@ component_build_psa_want_rsa_pss() { } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_want_rsa_key_pair() { +component_build_psa_accel_key_type_rsa_key_pair() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS" scripts/config.py full @@ -1495,7 +1495,7 @@ component_build_psa_want_rsa_key_pair() { } # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_want_rsa_public_key() { +component_build_psa_accel_key_type_rsa_public_key() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" scripts/config.py full diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index a788934fa..d6d75b3ed 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -43,10 +43,11 @@ psa_status_t test_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ) { -#if !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) && \ - !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) (void)attributes; -#endif /* !MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR && !MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */ +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR && + * !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ ++test_driver_key_management_hooks.hits; if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) @@ -63,8 +64,8 @@ psa_status_t test_transparent_generate_key( } /* Copied from psa_crypto.c */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) ) && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) ) { @@ -120,7 +121,8 @@ psa_status_t test_transparent_generate_key( return( status ); } else -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ return( PSA_ERROR_NOT_SUPPORTED ); } @@ -145,8 +147,8 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) return( test_driver_key_management_hooks.forced_status ); -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) psa_key_type_t type = psa_get_key_type( attributes ); if ( PSA_KEY_TYPE_IS_ECC( type ) ) { @@ -242,7 +244,8 @@ ecp_exit: (void) data_length; (void) bits; return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From b6f7afcb5cd24a08dd95f2055028b14beb99317c Mon Sep 17 00:00:00 2001 From: John Durkop Date: Thu, 12 Nov 2020 11:36:06 -0800 Subject: [PATCH 440/488] Move check config feature for PSA_WANT Moved from doing the dependency checks for MBEDTLS_PSA_BUILTIN to checking the PSA_WANT macros for the dependency checks. This required moving the file into the include/psa directory and having the file be included by crypto_config.h instead of config_psa.h. Signed-off-by: John Durkop --- include/mbedtls/check_config_psa.h | 87 ------------------------------ include/mbedtls/config_psa.h | 2 - include/psa/check_crypto_config.h | 67 +++++++++++++++++++++++ include/psa/crypto_config.h | 2 + visualc/VS2010/mbedTLS.vcxproj | 2 +- 5 files changed, 70 insertions(+), 90 deletions(-) delete mode 100644 include/mbedtls/check_config_psa.h create mode 100644 include/psa/check_crypto_config.h diff --git a/include/mbedtls/check_config_psa.h b/include/mbedtls/check_config_psa.h deleted file mode 100644 index 483aa0e06..000000000 --- a/include/mbedtls/check_config_psa.h +++ /dev/null @@ -1,87 +0,0 @@ -/** - * \file check_config_psa.h - * - * \brief Consistency checks for PSA configuration options - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * It is recommended to include this file from your config_psa.h - * in order to catch dependency issues early. - */ - -#ifndef MBEDTLS_CHECK_CONFIG_PSA_H -#define MBEDTLS_CHECK_CONFIG_PSA_H - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && \ - !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) -#error "MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) && \ - !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) -#error "MBEDTLS_PSA_BUILTIN_ALG_ECDSA defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && \ - !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) -#error "MBEDTLS_PSA_BUILTIN_ALG_ECDH defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) && \ - !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) -#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) && \ - !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) -#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) && \ - !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) -#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP defined, but not all prerequisites" -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) && \ - !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) -#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS defined, but not all prerequisites" -#endif - -#endif /* MBEDTLS_CHECK_CONFIG_PSA_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 0690ee719..a64710647 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -207,8 +207,6 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ -#include "mbedtls/check_config_psa.h" - #ifdef __cplusplus } #endif diff --git a/include/psa/check_crypto_config.h b/include/psa/check_crypto_config.h new file mode 100644 index 000000000..dc9c7257a --- /dev/null +++ b/include/psa/check_crypto_config.h @@ -0,0 +1,67 @@ +/** + * \file check_crypto_config.h + * + * \brief Consistency checks for PSA configuration options + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * It is recommended to include this file from your crypto_config.h + * in order to catch dependency issues early. + */ + +#ifndef MBEDTLS_CHECK_CRYPTO_CONFIG_H +#define MBEDTLS_CHECK_CRYPTO_CONFIG_H + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \ + !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_ECDSA) && \ + !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_OAEP) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites" +#endif + +#if defined(PSA_WANT_ALG_RSA_PSS) && \ + !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ) +#error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites" +#endif + +#endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 3fd137465..8deb3ada4 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -64,4 +64,6 @@ #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 +#include "psa/check_crypto_config.h" + #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index cf9f21248..e66b37800 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -157,7 +157,6 @@ - @@ -222,6 +221,7 @@ + From 7587ae49cb4f4fb6e1270dc376bab7110456d5ec Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 11 Nov 2020 15:04:25 +0100 Subject: [PATCH 441/488] Miscellaneous documentation improvements Signed-off-by: Ronald Cron --- library/psa_crypto.c | 3 +++ library/psa_crypto_slot_management.h | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3e174f9c2..4384a4310 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1191,6 +1191,9 @@ static psa_status_t psa_restrict_key_policy( * usage flags set in \p usage. If \p alg is nonzero, the key must allow * operations with this algorithm. * + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. + * * On success, the access counter of the returned key slot is incremented by * one. It is the responsibility of the caller to call * psa_decrement_key_slot_access_count() when it does not access the key slot diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index d22e343bc..8d3c3840a 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -82,7 +82,8 @@ static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) * * \retval #PSA_SUCCESS * The pointer to the key slot containing the description of the key - * identified by \p key was returned. + * identified by \p key was returned. The key slot counter was + * implemented. * \retval #PSA_ERROR_BAD_STATE * The library has not been initialized. * \retval #PSA_ERROR_INVALID_HANDLE From 7d54f661d3450ef1ad41d13891a03474826835ac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 11 Nov 2020 15:19:20 +0100 Subject: [PATCH 442/488] Miscellaneous coding style fixes Signed-off-by: Ronald Cron --- .../test_suite_psa_crypto_slot_management.function | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index ac2e6f7fc..08f1f7e49 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -172,13 +172,13 @@ void transient_slot_lifecycle( int owner_id_arg, PSA_ASSERT( psa_crypto_init( ) ); /* Import a key. */ - #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) mbedtls_key_owner_id_t owner_id = owner_id_arg; mbedtls_set_key_owner_id( &attributes, owner_id ); - #else +#else (void)owner_id_arg; - #endif +#endif psa_set_key_usage_flags( &attributes, usage_flags ); psa_set_key_algorithm( &attributes, alg ); @@ -190,7 +190,7 @@ void transient_slot_lifecycle( int owner_id_arg, TEST_EQUAL( psa_get_key_type( &attributes ), type ); psa_reset_key_attributes( &attributes ); - #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) { psa_key_handle_t handle; mbedtls_svc_key_id_t key_with_invalid_owner = @@ -203,7 +203,7 @@ void transient_slot_lifecycle( int owner_id_arg, TEST_EQUAL( psa_open_key( key_with_invalid_owner, &handle ), PSA_ERROR_DOES_NOT_EXIST ); } - #endif +#endif /* * Purge the key and make sure that it is still valid, as purging a From d460323783007eee7e4ca2c88980c462c9d510ff Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Thu, 12 Nov 2020 17:10:36 +0000 Subject: [PATCH 443/488] Fixes two _POSIX_C_SOURCE typos. Contribution from gufe44. Signed-off-by: Chris Jones --- library/platform_util.c | 4 ++-- library/threading.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 4e1d617bd..98fe5deb2 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -84,7 +84,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -98,7 +98,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, struct tm *tm_buf ) diff --git a/library/threading.c b/library/threading.c index 9268da188..2bb932d2d 100644 --- a/library/threading.c +++ b/library/threading.c @@ -42,7 +42,7 @@ #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) /* * This is a convenience shorthand macro to avoid checking the long * preprocessor conditions above. Ideally, we could expose this macro in @@ -57,7 +57,7 @@ #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) || \ ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ - _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */ + _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ From 5cc8dfb40489b2eeb0180a746d89d099caf1f813 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Fri, 13 Nov 2020 04:54:15 -0800 Subject: [PATCH 444/488] Removed final MBEDLTS_MD_C guard in PSA crypto library There was one lingering MBEDTLS_MD_C that needed to be removed since it is no longer needed. Signed-off-by: John Durkop --- library/psa_crypto.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 78d0b9a3f..42d141c19 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -453,9 +453,7 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, switch( type ) { case PSA_KEY_TYPE_RAW_DATA: -#if defined(MBEDTLS_MD_C) case PSA_KEY_TYPE_HMAC: -#endif case PSA_KEY_TYPE_DERIVE: break; #if defined(MBEDTLS_AES_C) From b2679984d973c43f02cdf2d288aacb2236613409 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 5 Nov 2020 10:50:35 +0100 Subject: [PATCH 445/488] Note that crypto_sizes.h needs config_psa.h as well Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index bf969f5e6..1f4fef3e9 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/10/13 17:05:02 GMT" +Time-stamp: "2020/11/05 09:50:28 GMT" ## Introduction @@ -111,7 +111,7 @@ These symbols are not part of the public interface of Mbed TLS towards applicati When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. -When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library, including `psa/crypto_struct.h` (where the layout of some structures depends on the configuration). Therefore, `psa/crypto_struct.h` (or a header that is included before it) needs to include `mbedtls/config_psa.h`. +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library and code that uses these parts. Note that `psa/crypto_struct.h` and `psa/crypto_sizes.h` include definitions that depend on the configuration, so `mbedtls/config_psa.h` needs to be included in or before these headers (it isn't enough to include it only from files in `library`). `mbedtls/config_psa.h` includes two header files: From 993c2492426ab49a0644afa2e38cfe52dab6a504 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 13 Nov 2020 22:45:13 +0100 Subject: [PATCH 446/488] Add a section explaining the uses of PSA_WANT_xxx PSA_WANT_xxx is useful regardless of how the symbols are defined: explicitly (with MBEDTLS_PSA_CRYPTO_CONFIG) or implicitly (without MBEDTLS_PSA_CRYPTO_CONFIG). Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 1f4fef3e9..383bf5f00 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/05 09:50:28 GMT" +Time-stamp: "2020/11/13 21:45:08 GMT" ## Introduction @@ -68,6 +68,14 @@ A PSA crypto configuration symbol is a C preprocessor symbol whose name starts w * If the symbol is defined to a preprocessor expression with the value `1`, the corresponding feature is included. * If the symbol is defined with a different value, the behavior is currently undefined and reserved for future use. +#### Configuration symbol usage + +The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptogrraphic mechanism, including: + +* In Mbed TLS test code. +* In Mbed TLS library code using `MBEDTLS_USE_PSA_CRYPTO`, for example in TLS to determine which cipher suites to enable. +* In application code that provides additional features based on crypto capabilities, for example additional key parsing and formatting functions, or cipher suite availability for network protocols. + #### Configuration symbol semantics If a feature is not requested for inclusion in the PSA crypto configuration file, it may still be included in the build, either because the feature has been requested in some other way, or because the library does not support the exclusion of this feature. Mbed TLS should make a best effort to support the exclusion of all features, but in some cases this may be judged too much effort for too little benefit. From 9e069070de459a39f48f68ae59741284b61695d4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Nov 2020 10:26:01 +0100 Subject: [PATCH 447/488] Fix typos Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 383bf5f00..238688bcc 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/13 21:45:08 GMT" +Time-stamp: "2020/11/16 09:25:51 GMT" ## Introduction @@ -51,18 +51,18 @@ The current model is difficult to adapt to the PSA interface for several reasons ### PSA Crypto configuration file -The PSA crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` describes the feature that the symbol enables. The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below. +The PSA Crypto configuration file `psa/crypto_config.h` defines a series of symbols of the form `PSA_WANT_xxx` where `xxx` describes the feature that the symbol enables. The symbols are documented in the section [“PSA Crypto configuration symbols”](#psa-crypto-configuration-symbols) below. The symbol `MBEDTLS_PSA_CRYPTO_CONFIG` in `mbedtls/config.h` determines whether `psa/crypto_config.h` is used. * If `MBEDTLS_PSA_CRYPTO_CONFIG` is unset, which is the default at least in Mbed TLS 2.x versions, things are as they are today: the PSA subsystem includes generic code unconditionally, and includes support for specific mechanisms conditionally based on the existing `MBEDTLS_xxx_` symbols. -* If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`. +* If `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the necessary software implementations of cryptographic algorithms are included based on both the content of the PSA Crypto configuration file and the Mbed TLS configuration file. For example, the code in `aes.c` is enabled if either `mbedtls/config.h` contains `MBEDTLS_AES_C` or `psa/crypto_config.h` contains `PSA_WANT_KEY_TYPE_AES`. ### PSA Crypto configuration symbols #### Configuration symbol syntax -A PSA crypto configuration symbol is a C preprocessor symbol whose name starts with `PSA_WANT_`. +A PSA Crypto configuration symbol is a C preprocessor symbol whose name starts with `PSA_WANT_`. * If the symbol is not defined, the corresponding feature is not included. * If the symbol is defined to a preprocessor expression with the value `1`, the corresponding feature is included. @@ -70,7 +70,7 @@ A PSA crypto configuration symbol is a C preprocessor symbol whose name starts w #### Configuration symbol usage -The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptogrraphic mechanism, including: +The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptographic mechanism, including: * In Mbed TLS test code. * In Mbed TLS library code using `MBEDTLS_USE_PSA_CRYPTO`, for example in TLS to determine which cipher suites to enable. @@ -78,7 +78,7 @@ The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines #### Configuration symbol semantics -If a feature is not requested for inclusion in the PSA crypto configuration file, it may still be included in the build, either because the feature has been requested in some other way, or because the library does not support the exclusion of this feature. Mbed TLS should make a best effort to support the exclusion of all features, but in some cases this may be judged too much effort for too little benefit. +If a feature is not requested for inclusion in the PSA Crypto configuration file, it may still be included in the build, either because the feature has been requested in some other way, or because the library does not support the exclusion of this feature. Mbed TLS should make a best effort to support the exclusion of all features, but in some cases this may be judged too much effort for too little benefit. #### Configuration symbols for key types @@ -117,7 +117,7 @@ These symbols are not part of the public interface of Mbed TLS towards applicati #### Definition of internal inclusion symbols -When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. +When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library and code that uses these parts. Note that `psa/crypto_struct.h` and `psa/crypto_sizes.h` include definitions that depend on the configuration, so `mbedtls/config_psa.h` needs to be included in or before these headers (it isn't enough to include it only from files in `library`). @@ -158,7 +158,7 @@ Since configuration symbols must be undefined or 1, any other value should trigg A lot of the preprocessor symbol manipulation is systematic calculations that analyze the configuration. `mbedtls/config_psa.h` and `library/psa_check_config.h` should be generated automatically, in the same manner as `version_features.c`. -### Structure of PSA crypto library code +### Structure of PSA Crypto library code #### Conditional inclusion of library entry points From 1b1f3fb96d4b8e4a1fbbe64fcc4e08b253d2d3ea Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Nov 2020 12:02:01 +0100 Subject: [PATCH 448/488] Minor clarifications Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 238688bcc..2107b395b 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/16 09:25:51 GMT" +Time-stamp: "2020/11/16 11:00:23 GMT" ## Introduction @@ -70,11 +70,11 @@ A PSA Crypto configuration symbol is a C preprocessor symbol whose name starts w #### Configuration symbol usage -The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptographic mechanism, including: +The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available through the PSA API. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptographic mechanism, including: * In Mbed TLS test code. * In Mbed TLS library code using `MBEDTLS_USE_PSA_CRYPTO`, for example in TLS to determine which cipher suites to enable. -* In application code that provides additional features based on crypto capabilities, for example additional key parsing and formatting functions, or cipher suite availability for network protocols. +* In application code that provides additional features based on cryptographic capabilities, for example additional key parsing and formatting functions, or cipher suite availability for network protocols. #### Configuration symbol semantics @@ -119,7 +119,7 @@ These symbols are not part of the public interface of Mbed TLS towards applicati When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. -When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library and code that uses these parts. Note that `psa/crypto_struct.h` and `psa/crypto_sizes.h` include definitions that depend on the configuration, so `mbedtls/config_psa.h` needs to be included in or before these headers (it isn't enough to include it only from files in `library`). +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). The definitions in `mbedtls/config_psa.h` are only needed to build the PSA parts of the library and code that uses these parts. Note that `psa/crypto_struct.h` and `psa/crypto_sizes.h` include definitions that depend on the configuration, so `mbedtls/config_psa.h` needs to be included in or before these headers (it isn't enough to include it only from files in `library`). `mbedtls/config_psa.h` includes two header files: From 198024cd020f2251d7f6320a17c5bec825df9c39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Nov 2020 12:04:40 +0100 Subject: [PATCH 449/488] Note that application code needs PSA_WANT_xxx too Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 2107b395b..feface74d 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/16 11:00:23 GMT" +Time-stamp: "2020/11/16 11:04:35 GMT" ## Introduction @@ -119,7 +119,7 @@ These symbols are not part of the public interface of Mbed TLS towards applicati When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. -When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). The definitions in `mbedtls/config_psa.h` are only needed to build the PSA parts of the library and code that uses these parts. Note that `psa/crypto_struct.h` and `psa/crypto_sizes.h` include definitions that depend on the configuration, so `mbedtls/config_psa.h` needs to be included in or before these headers (it isn't enough to include it only from files in `library`). +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that contains code that's specific to a given cryptographic mechanism (which is reflected in Mbed TLS in code under `MBEDTLS_USE_PSA_CRYPTO` and in conditional compilation guards in tests and sample programs). `mbedtls/config_psa.h` includes two header files: From bb483f6af8ee9452a8aec23455f122b6d369ec77 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Nov 2020 14:35:12 +0100 Subject: [PATCH 450/488] Improve explanations around config_psa.h Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 21 +++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index feface74d..3327acee9 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/16 11:04:35 GMT" +Time-stamp: "2020/11/16 13:35:03 GMT" ## Introduction @@ -115,18 +115,25 @@ These symbols are not part of the public interface of Mbed TLS towards applicati ### Architecture of symbol definitions -#### Definition of internal inclusion symbols +#### New-style definition of configuration symbols When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA Crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols. -When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that contains code that's specific to a given cryptographic mechanism (which is reflected in Mbed TLS in code under `MBEDTLS_USE_PSA_CRYPTO` and in conditional compilation guards in tests and sample programs). +`mbedtls/config_psa.h` includes `psa/crypto_config.h`, the user-editable file that defines application requirements. -`mbedtls/config_psa.h` includes two header files: +#### New-style definition of configuration symbols -* `psa/crypto_config.h` is the user-editable file that defines application requirements. It is only included when `MBEDTLS_PSA_CRYPTO_CONFIG` is set. -* `mbedtls/crypto_drivers.h` is a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback. +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. Furthermore, a new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). -The following table summarized where symbols are defined depending on the configuration mode. +The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that's specific to a given cryptographic mechanism. In Mbed TLS itself, code under `MBEDTLS_USE_PSA_CRYPTO` and conditional compilation guards in tests and sample programs need `PSA_WANT_xxx`. + +Since some existing applications use a handwritten `mbedtls/config.h` or an edited copy of `mbedtls/config.h` from an earlier version of Mbed TLS, `mbedtls/config_psa.h` must be included via an already existing header that is not `mbedtls/config.h`, so it is included via `psa/crypto.h` (for example from `psa/crypto_platform.h`). + +#### Summary of definitions of configuration symbols + +Both with and without `MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls/config_psa.h` includes `mbedtls/crypto_drivers.h`, a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback. + +The following table summarizes where symbols are defined depending on the configuration mode. * (U) indicates a symbol that is defined by the user (application). * (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS. From 67aed9ada68437b614e9f54b0d2dfb0683a452cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Nov 2020 15:14:10 +0100 Subject: [PATCH 451/488] Simplify conditional guards in error.c Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY. No longer include superfluous headers and definition: platform.h is only needed for MBEDTLS_ERROR_C; time_t is not needed at all. Signed-off-by: Gilles Peskine --- library/error.c | 16 +++++++--------- scripts/data_files/error.fmt | 16 +++++++--------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/library/error.c b/library/error.c index 0d9f736b9..901a3699a 100644 --- a/library/error.c +++ b/library/error.c @@ -19,20 +19,20 @@ #include "common.h" +#include "mbedtls/error.h" + +#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + #if defined(MBEDTLS_ERROR_C) -#include -#endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include #if defined(MBEDTLS_AES_C) #include "mbedtls/aes.h" @@ -960,8 +960,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -973,6 +971,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 1c8a79036..9e479bbfd 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -19,20 +19,20 @@ #include "common.h" +#include "mbedtls/error.h" + +#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) + #if defined(MBEDTLS_ERROR_C) -#include -#endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else #define mbedtls_snprintf snprintf -#define mbedtls_time_t time_t #endif -#if defined(MBEDTLS_ERROR_C) - #include +#include HEADER_INCLUDED @@ -149,8 +149,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #else /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ @@ -162,6 +160,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) buf[0] = '\0'; } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - #endif /* MBEDTLS_ERROR_C */ + +#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ From d8c27ccab009c66da57b582bce96c02081d8f0f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Nov 2020 21:44:23 +0100 Subject: [PATCH 452/488] Fix copypasta; minor wording improvements Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 3327acee9..39ae0f9d4 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/16 13:35:03 GMT" +Time-stamp: "2020/11/16 20:44:13 GMT" ## Introduction @@ -70,7 +70,7 @@ A PSA Crypto configuration symbol is a C preprocessor symbol whose name starts w #### Configuration symbol usage -The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available through the PSA API. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptographic mechanism, including: +The presence of a symbol `PSA_WANT_xxx` in the Mbed TLS configuration determines whether a feature is available through the PSA API. These symbols should be used in any place that requires conditional compilation based on the availability of a cryptographic mechanism through the PSA API, including: * In Mbed TLS test code. * In Mbed TLS library code using `MBEDTLS_USE_PSA_CRYPTO`, for example in TLS to determine which cipher suites to enable. @@ -121,7 +121,7 @@ When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` need `mbedtls/config_psa.h` includes `psa/crypto_config.h`, the user-editable file that defines application requirements. -#### New-style definition of configuration symbols +#### Old-style definition of configuration symbols When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. Furthermore, a new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). @@ -131,7 +131,7 @@ Since some existing applications use a handwritten `mbedtls/config.h` or an edit #### Summary of definitions of configuration symbols -Both with and without `MBEDTLS_PSA_CRYPTO_CONFIG`, `mbedtls/config_psa.h` includes `mbedtls/crypto_drivers.h`, a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback. +Whether `MBEDTLS_PSA_CRYPTO_CONFIG` is set or not, `mbedtls/config_psa.h` includes `mbedtls/crypto_drivers.h`, a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback. The following table summarizes where symbols are defined depending on the configuration mode. From 7953329d73ad1c15c3e5f384849307ec53717882 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Maroneze?= Date: Thu, 12 Nov 2020 09:37:42 +0100 Subject: [PATCH 453/488] Fix another use of uinitialized memory in ssl_parse_encrypted_pms MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Complement to 0a8352b4: peer_pmslen is not initialized when decryption fails, so '|= peer_pmslen' may access uninitialized memory, as indicated by Frama-C/Eva. Co-authored-by: Gilles Peskine Signed-off-by: André Maroneze --- library/ssl_srv.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 070a5915f..a5c5caf1a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3929,11 +3929,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, /* In case of a failure in decryption, the decryption may write less than * 2 bytes of output, but we always read the first two bytes. It doesn't * matter in the end because diff will be nonzero in that case due to - * peer_pmslen being less than 48, and we only care whether diff is 0. - * But do initialize peer_pms for robustness anyway. This also makes - * memory analyzers happy (don't access uninitialized memory, even - * if it's an unsigned char). */ + * ret being nonzero, and we only care whether diff is 0. + * But do initialize peer_pms and peer_pmslen for robustness anyway. This + * also makes memory analyzers happy (don't access uninitialized memory, + * even if it's an unsigned char). */ peer_pms[0] = peer_pms[1] = ~0; + peer_pmslen = 0; ret = ssl_decrypt_encrypted_pms( ssl, p, end, peer_pms, From 07cc04a8adea51419626dbf521ca0b1e64253f7c Mon Sep 17 00:00:00 2001 From: John Durkop Date: Mon, 16 Nov 2020 22:08:34 -0800 Subject: [PATCH 454/488] Updates to PSA crypto library based on review comments Moved new check_crypto_config.h file from include/psa to library directory and the file is now included from *.c instead of the crypto_config.h file. Fixed guards in PSA crypto library based on review comments for new PSA crypto config features. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 119 +++++---- include/mbedtls/ssl.h | 7 +- include/mbedtls/ssl_internal.h | 9 +- include/psa/crypto_config.h | 14 +- .../psa => library}/check_crypto_config.h | 5 + library/psa_crypto.c | 232 +++++++++--------- tests/scripts/all.sh | 2 +- visualc/VS2010/mbedTLS.vcxproj | 2 +- 8 files changed, 216 insertions(+), 174 deletions(-) rename {include/psa => library}/check_crypto_config.h (92%) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index a64710647..5cf1aa77d 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -40,13 +40,6 @@ extern "C" { #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#if defined(PSA_WANT_ALG_ECDSA) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 -#define MBEDTLS_ECDSA_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ -#endif /* PSA_WANT_ALG_ECDSA */ - #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) #if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 @@ -66,38 +59,26 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ #endif /* PSA_WANT_ALG_ECDH */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ - -#if defined(PSA_WANT_ALG_HMAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define MBEDTLS_MD_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ -#endif /* PSA_WANT_ALG_HMAC */ +#if defined(PSA_WANT_ALG_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 +#define MBEDTLS_ECDSA_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ +#endif /* PSA_WANT_ALG_ECDSA */ #if defined(PSA_WANT_ALG_HKDF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 -#define MBEDTLS_HKDF_C -#define MBEDTLS_MD_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ +#if defined(PSA_WANT_ALG_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ +#endif /* PSA_WANT_ALG_HMAC */ + #if defined(PSA_WANT_ALG_RSA_OAEP) #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 @@ -105,19 +86,10 @@ extern "C" { #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C #define MBEDTLS_PKCS1_V21 +#define MBEDTLS_MD_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ #endif /* PSA_WANT_ALG_RSA_OAEP */ -#if defined(PSA_WANT_ALG_RSA_PSS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V21 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ -#endif /* PSA_WANT_ALG_RSA_PSS */ - #if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) #if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 @@ -135,9 +107,49 @@ extern "C" { #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C #define MBEDTLS_PKCS1_V15 +#define MBEDTLS_MD_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ #endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ +#if defined(PSA_WANT_ALG_RSA_PSS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V21 +#define MBEDTLS_MD_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ +#endif /* PSA_WANT_ALG_RSA_PSS */ + +#if defined(PSA_WANT_ALG_TLS12_PRF) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */ +#endif /* PSA_WANT_ALG_TLS12_PRF */ + +#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */ +#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 @@ -145,6 +157,9 @@ extern "C" { #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C #define MBEDTLS_GENPRIME +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */ #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ @@ -154,7 +169,9 @@ extern "C" { #define MBEDTLS_RSA_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C -#define MBEDTLS_GENPRIME +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ @@ -164,6 +181,10 @@ extern "C" { * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG * is not defined */ +#if defined(MBEDTLS_ECDH_C) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 +#endif /* MBEDTLS_ECDH_C */ + #if defined(MBEDTLS_ECDSA_C) #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 @@ -174,24 +195,22 @@ extern "C" { #endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 -#endif /* MBEDTLS_ECDH_C */ - #if defined(MBEDTLS_ECP_C) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif /* MBEDTLS_ECP_C */ -#if defined(MBEDTLS_MD_C) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#endif /* MBEDTLS_MD_C */ - #if defined(MBEDTLS_HKDF_C) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #endif /* MBEDTLS_HKDF_C */ +#if defined(MBEDTLS_MD_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 +#endif /* MBEDTLS_MD_C */ + #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_PKCS1_V15) #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c35f65e90..03c587740 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -42,7 +42,12 @@ #include "mbedtls/dhm.h" #endif -#if defined(MBEDTLS_ECDH_C) || defined(PSA_WANT_ALG_ECDH) +/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due + * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap + * in functionality that access to ecdh_ctx structure is needed for + * MBEDTLS_ECDSA_C which does not seem correct. + */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) #include "mbedtls/ecdh.h" #endif diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 406d22463..f41d1946c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -437,7 +437,12 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_DHM_C) mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ #endif -#if defined(MBEDTLS_ECDH_C) || defined(PSA_WANT_ALG_ECDH) +/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due + * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap + * in functionality that access to ecdh_ctx structure is needed for + * MBEDTLS_ECDSA_C which does not seem correct. + */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -447,7 +452,7 @@ struct mbedtls_ssl_handshake_params unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t ecdh_psa_peerkey_len; #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_ECDH_C || PSA_WANT_ALG_ECDH */ +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 8deb3ada4..c12a52200 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -50,20 +50,20 @@ #ifndef PSA_CRYPTO_CONFIG_H #define PSA_CRYPTO_CONFIG_H -#define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 #define PSA_WANT_ALG_ECDH 1 -#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_HKDF 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 -#define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PSS 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 -#include "psa/check_crypto_config.h" - #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/include/psa/check_crypto_config.h b/library/check_crypto_config.h similarity index 92% rename from include/psa/check_crypto_config.h rename to library/check_crypto_config.h index dc9c7257a..cac90a0df 100644 --- a/include/psa/check_crypto_config.h +++ b/library/check_crypto_config.h @@ -64,4 +64,9 @@ #error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites" #endif +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR defined, but not all prerequisites" +#endif + #endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 42d141c19..97b522dd5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -22,6 +22,10 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#include "check_crypto_config.h" +#endif + #include "psa_crypto_service_integration.h" #include "psa/crypto.h" @@ -370,6 +374,11 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +/* For now the MBEDTLS_PSA_ACCEL_ guards are also used here since the + * current test driver in key_management.c is using this function + * when accelerators are used for ECC key pair and public key. + * Once that dependency is resolved these guards can be removed. + */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ @@ -502,7 +511,6 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) -#if defined(MBEDTLS_PK_PARSE_C) /* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes * that are not a multiple of 8) well. For example, there is only * mbedtls_rsa_get_len(), which returns a number of bytes, and no @@ -524,7 +532,6 @@ static psa_status_t psa_check_rsa_key_byte_aligned( mbedtls_mpi_free( &n ); return( status ); } -#endif /* MBEDTLS_PK_PARSE_C */ /** Load the contents of a key buffer into an internal RSA representation * @@ -541,7 +548,6 @@ static psa_status_t psa_load_rsa_representation( psa_key_type_t type, size_t data_length, mbedtls_rsa_context **p_rsa ) { -#if defined(MBEDTLS_PK_PARSE_C) psa_status_t status; mbedtls_pk_context ctx; size_t bits; @@ -586,13 +592,6 @@ static psa_status_t psa_load_rsa_representation( psa_key_type_t type, exit: mbedtls_pk_free( &ctx ); return( status ); -#else - (void) data; - (void) data_length; - (void) type; - (void) rsa; - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* MBEDTLS_PK_PARSE_C */ } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || @@ -1463,11 +1462,7 @@ psa_status_t psa_get_key_domain_parameters( return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) static psa_status_t psa_get_rsa_public_exponent( const mbedtls_rsa_context *rsa, @@ -1508,11 +1503,7 @@ exit: mbedtls_free( buffer ); return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. @@ -1540,11 +1531,7 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, switch( slot->attr.type ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: case PSA_KEY_TYPE_RSA_PUBLIC_KEY: @@ -1572,11 +1559,7 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle, mbedtls_free( rsa ); } break; -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ default: /* Nothing else to do. */ @@ -2352,8 +2335,7 @@ exit: /* Message digests */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) @@ -2399,8 +2381,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) return( NULL ); } } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ @@ -2947,7 +2928,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) return( 0 ); } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) */ /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ @@ -3525,10 +3506,6 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; -#if !defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - (void)hash; - (void)signature; -#endif /* !MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); if( status != PSA_SUCCESS ) @@ -3587,10 +3564,6 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; -#if !defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - (void)hash; - (void)signature; -#endif /* !MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); if( status != PSA_SUCCESS ) @@ -5014,6 +4987,12 @@ exit: /* Generators */ /****************************************************************/ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) +#define AT_LEAST_ONE_BUILTIN_KDF +#endif + #define HKDF_STATE_INIT 0 /* no input yet */ #define HKDF_STATE_STARTED 1 /* got salt */ #define HKDF_STATE_KEYED 2 /* got key */ @@ -5028,7 +5007,6 @@ static psa_algorithm_t psa_key_derivation_get_kdf_alg( return( operation->alg ); } - psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation ) { psa_status_t status = PSA_SUCCESS; @@ -5046,7 +5024,11 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation mbedtls_free( operation->ctx.hkdf.info ); status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac ); } - else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { @@ -5070,7 +5052,8 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * mbedtls_platform_zeroize() in the end of this function. */ } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */ { status = PSA_ERROR_BAD_STATE; } @@ -5171,7 +5154,10 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg ) @@ -5318,7 +5304,8 @@ static psa_status_t psa_key_derivation_tls12_prf_read( return( PSA_SUCCESS ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || + * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -5326,9 +5313,7 @@ psa_status_t psa_key_derivation_output_bytes( size_t output_length ) { psa_status_t status; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); -#endif if( operation->alg == 0 ) { @@ -5364,15 +5349,19 @@ psa_status_t psa_key_derivation_output_bytes( output, output_length ); } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf, kdf_alg, output, output_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || + * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ { return( PSA_ERROR_BAD_STATE ); } @@ -5482,22 +5471,36 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut /* Key derivation */ /****************************************************************/ +#ifdef AT_LEAST_ONE_BUILTIN_KDF static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg ) { -#if !defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - (void)kdf_alg; -#endif + int is_kdf_alg_supported; + /* Make sure that operation->ctx is properly zero-initialised. (Macro * initialisers for this union leave some bytes unspecified.) */ memset( &operation->ctx, 0, sizeof( operation->ctx ) ); /* Make sure that kdf_alg is a supported key derivation algorithm. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) || - PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + if( PSA_ALG_IS_HKDF( kdf_alg ) ) + is_kdf_alg_supported = 1; + else +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) + is_kdf_alg_supported = 1; + else +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + is_kdf_alg_supported = 1; + else +#endif + is_kdf_alg_supported = 0; + + if( is_kdf_alg_supported ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); size_t hash_size = PSA_HASH_SIZE( hash_alg ); @@ -5512,10 +5515,10 @@ static psa_status_t psa_key_derivation_setup_kdf( operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ - return( PSA_ERROR_NOT_SUPPORTED ); + + return( PSA_ERROR_NOT_SUPPORTED ); } +#endif /* AT_LEAST_ONE_BUILTIN_KDF */ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation, psa_algorithm_t alg ) @@ -5527,6 +5530,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); +#ifdef AT_LEAST_ONE_BUILTIN_KDF else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) { psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); @@ -5536,6 +5540,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation { status = psa_key_derivation_setup_kdf( operation, alg ); } +#endif else return( PSA_ERROR_INVALID_ARGUMENT ); @@ -5609,7 +5614,10 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_ERROR_INVALID_ARGUMENT ); } } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf, const uint8_t *data, size_t data_length ) @@ -5650,41 +5658,6 @@ static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf, return( PSA_SUCCESS ); } -static psa_status_t psa_tls12_prf_psk_to_ms_set_key( - psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, - const uint8_t *data, - size_t data_length ) -{ - psa_status_t status; - uint8_t pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ]; - uint8_t *cur = pms; - - if( data_length > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - /* Quoting RFC 4279, Section 2: - * - * The premaster secret is formed as follows: if the PSK is N octets - * long, concatenate a uint16 with the value N, N zero octets, a second - * uint16 with the value N, and the PSK itself. - */ - - *cur++ = ( data_length >> 8 ) & 0xff; - *cur++ = ( data_length >> 0 ) & 0xff; - memset( cur, 0, data_length ); - cur += data_length; - *cur++ = pms[0]; - *cur++ = pms[1]; - memcpy( cur, data, data_length ); - cur += data_length; - - status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms ); - - mbedtls_platform_zeroize( pms, sizeof( pms ) ); - return( status ); -} - static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf, const uint8_t *data, size_t data_length ) @@ -5725,6 +5698,44 @@ static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf, return( PSA_ERROR_INVALID_ARGUMENT ); } } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || + * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) +static psa_status_t psa_tls12_prf_psk_to_ms_set_key( + psa_tls12_prf_key_derivation_t *prf, + psa_algorithm_t hash_alg, + const uint8_t *data, + size_t data_length ) +{ + psa_status_t status; + uint8_t pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ]; + uint8_t *cur = pms; + + if( data_length > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Quoting RFC 4279, Section 2: + * + * The premaster secret is formed as follows: if the PSK is N octets + * long, concatenate a uint16 with the value N, N zero octets, a second + * uint16 with the value N, and the PSK itself. + */ + + *cur++ = ( data_length >> 8 ) & 0xff; + *cur++ = ( data_length >> 0 ) & 0xff; + memset( cur, 0, data_length ); + cur += data_length; + *cur++ = pms[0]; + *cur++ = pms[1]; + memcpy( cur, data, data_length ); + cur += data_length; + + status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms ); + + mbedtls_platform_zeroize( pms, sizeof( pms ) ); + return( status ); +} static psa_status_t psa_tls12_prf_psk_to_ms_input( psa_tls12_prf_key_derivation_t *prf, @@ -5741,7 +5752,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input( return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. @@ -5785,12 +5796,7 @@ static psa_status_t psa_key_derivation_input_internal( size_t data_length ) { psa_status_t status; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); -#else - (void)data; - (void)data_length; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ status = psa_key_derivation_check_input_type( step, key_type ); if( status != PSA_SUCCESS ) @@ -5803,20 +5809,26 @@ static psa_status_t psa_key_derivation_input_internal( PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } - else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { status = psa_tls12_prf_input( &operation->ctx.tls12_prf, PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } - else if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf, PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ { /* This can't happen unless the operation object was not initialized */ return( PSA_ERROR_BAD_STATE ); @@ -6121,8 +6133,7 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed, } #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ - defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, size_t domain_parameters_size, int *exponent ) @@ -6148,8 +6159,7 @@ static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters, *exponent = acc; return( PSA_SUCCESS ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && - * defined(MBEDTLS_GENPRIME) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ static psa_status_t psa_generate_key_internal( psa_key_slot_t *slot, size_t bits, @@ -6187,8 +6197,7 @@ static psa_status_t psa_generate_key_internal( } else -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ - defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context rsa; @@ -6236,8 +6245,7 @@ static psa_status_t psa_generate_key_internal( return( status ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && - * defined(MBEDTLS_GENPRIME) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 592d878a3..a7f4d948e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1369,7 +1369,7 @@ component_build_psa_accel_key_type_ecc_key_pair() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY + scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index e66b37800..0af414517 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -221,7 +221,6 @@ - @@ -246,6 +245,7 @@ + From 43818f861401b1118a65e5150ee57c40ee5e06ff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Nov 2020 11:24:11 +0100 Subject: [PATCH 455/488] Copyediting Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 39ae0f9d4..83fd88df2 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/16 20:44:13 GMT" +Time-stamp: "2020/11/19 10:24:03 GMT" ## Introduction @@ -123,7 +123,7 @@ When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` need #### Old-style definition of configuration symbols -When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. Furthermore, a new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). +When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. Furthermore, the new header file **`mbedtls/config_psa.h`** deduces PSA configuration symbols (`PSA_WANT_xxx`, `MBEDTLS_PSA_BUILTIN_xxx`) from classic configuration symbols (`MBEDTLS_xxx`). The `PSA_WANT_xxx` definitions in `mbedtls/config_psa.h` are needed not only to build the PSA parts of the library, but also to build code that uses these parts. This includes structure definitions in `psa/crypto_struct.h`, size calculations in `psa/crypto_sizes.h`, and application code that's specific to a given cryptographic mechanism. In Mbed TLS itself, code under `MBEDTLS_USE_PSA_CRYPTO` and conditional compilation guards in tests and sample programs need `PSA_WANT_xxx`. From f473d8b44b05a0cfa117e28bfd8212e55e353e24 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 12 Nov 2020 10:07:21 +0100 Subject: [PATCH 456/488] psa: slot mgmt: Improve psa_search_key_in_slots implementation In case of a volatile key identifier, no need to check first the validity of the key identifier, a volatile key identifier is valid. Move to a forward search for non-volatile key identifiers as now key slots with small index are allocated first by psa_get_empty_key_slot(). Signed-off-by: Ronald Cron --- library/psa_crypto_slot_management.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a114eecdb..9075beb4e 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -109,34 +109,31 @@ psa_status_t psa_validate_key_id( static psa_status_t psa_search_key_in_slots( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); + size_t slot_idx; psa_key_slot_t *slot = NULL; - psa_status_t status = psa_validate_key_id( key, 1, 1 ); - if( status != PSA_SUCCESS ) - return( status ); - if( psa_key_id_is_volatile( key_id ) ) { slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ]; - - if( ! mbedtls_svc_key_id_equal( key, slot->attr.id ) ) - status = PSA_ERROR_DOES_NOT_EXIST; + status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ? + PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; } else { - status = PSA_ERROR_DOES_NOT_EXIST; - slot = &global_data.key_slots[ PSA_KEY_SLOT_COUNT ]; + status = psa_validate_key_id( key, 1, 1 ); + if( status != PSA_SUCCESS ) + return( status ); - while( slot > &global_data.key_slots[ 0 ] ) + for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { - slot--; + slot = &global_data.key_slots[ slot_idx ]; if( mbedtls_svc_key_id_equal( key, slot->attr.id ) ) - { - status = PSA_SUCCESS; break; - } } + status = ( slot_idx < PSA_KEY_SLOT_COUNT ) ? + PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; } if( status == PSA_SUCCESS ) From cbd7beab0d8ce79bf2c5d044ac7a5a86ec2b9277 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 11 Nov 2020 14:57:44 +0100 Subject: [PATCH 457/488] psa: slot mgmt: Simplify psa_validate_key_id Special handling of volatile key identifiers is not needed eventually, they can be handled just as key identifier in the vendor range. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 +- library/psa_crypto_slot_management.c | 11 +++-------- library/psa_crypto_slot_management.h | 5 +---- 3 files changed, 5 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4384a4310..61f0ad4a4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1870,7 +1870,7 @@ static psa_status_t psa_validate_key_attributes( } else { - status = psa_validate_key_id( psa_get_key_id( attributes ), 0, 0 ); + status = psa_validate_key_id( psa_get_key_id( attributes ), 0 ); if( status != PSA_SUCCESS ) return( status ); } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 9075beb4e..d8a3ca8ec 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -52,7 +52,7 @@ typedef struct static psa_global_data_t global_data; psa_status_t psa_validate_key_id( - mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok ) + mbedtls_svc_key_id_t key, int vendor_ok ) { psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); @@ -62,12 +62,7 @@ psa_status_t psa_validate_key_id( if( vendor_ok && ( PSA_KEY_ID_VENDOR_MIN <= key_id ) && - ( key_id < PSA_KEY_ID_VOLATILE_MIN ) ) - return( PSA_SUCCESS ); - - if( volatile_ok && - ( PSA_KEY_ID_VOLATILE_MIN <= key_id ) && - ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) ) + ( key_id <= PSA_KEY_ID_VENDOR_MAX ) ) return( PSA_SUCCESS ); return( PSA_ERROR_INVALID_HANDLE ); @@ -122,7 +117,7 @@ static psa_status_t psa_search_key_in_slots( } else { - status = psa_validate_key_id( key, 1, 1 ); + status = psa_validate_key_id( key, 1 ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 8d3c3840a..75ce0ac6c 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -212,13 +212,10 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ); * \param[in] vendor_ok Non-zero to indicate that key identifiers in the * vendor range are allowed, volatile key identifiers * excepted \c 0 otherwise. - * \param[in] volatile_ok Non-zero to indicate that volatile key identifiers - * are allowed \c 0 otherwise. * * \retval #PSA_SUCCESS The identifier is valid. * \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid. */ -psa_status_t psa_validate_key_id( - mbedtls_svc_key_id_t key, int vendor_ok, int volatile_ok ); +psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ From 9e12f8f425a9b38ec47f67868b1411b4756755ab Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Nov 2020 09:46:44 +0100 Subject: [PATCH 458/488] tests: psa crypto: Fix lifetime_is_secure_element() Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto.function | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 82797681e..b03df3d4b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -108,12 +108,10 @@ static const size_t INVALID_EXPORT_LENGTH = ~0U; #endif #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) +int lifetime_is_dynamic_secure_element( psa_key_lifetime_t lifetime ) { - /* At the moment, anything that isn't a built-in lifetime is either - * a secure element or unassigned. */ - return( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) && - lifetime != PSA_KEY_LIFETIME_PERSISTENT ); + return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) != + PSA_KEY_LOCATION_LOCAL_STORAGE ); } #else int lifetime_is_secure_element( psa_key_lifetime_t lifetime ) @@ -263,7 +261,7 @@ int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) /* randomly-generated 64-bit constant, should never appear in test data */ psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; psa_status_t status = psa_get_key_slot_number( &attributes, &slot_number ); - if( lifetime_is_secure_element( lifetime ) ) + if( lifetime_is_dynamic_secure_element( lifetime ) ) { /* Mbed Crypto currently always exposes the slot number to * applications. This is not mandated by the PSA specification From c9851141a2e16fe98793f687e4e919cf76b072b6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Nov 2020 10:08:52 +0100 Subject: [PATCH 459/488] programs: ssl: Fix printf parameter type cast Signed-off-by: Ronald Cron --- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f92a73e4b..fc6906117 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -3580,7 +3580,7 @@ exit: ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { mbedtls_printf( "Failed to destroy key slot %u - error was %d", - (int) slot, (int) status ); + (unsigned) slot, (int) status ); if( ret == 0 ) ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c5ff30354..ceeb2245e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -4521,7 +4521,7 @@ exit: ( opt.query_config_mode == DFL_QUERY_CONFIG_MODE ) ) { mbedtls_printf( "Failed to destroy key slot %u - error was %d", - (int) psk_slot, (int) status ); + (unsigned) psk_slot, (int) status ); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED && From 4640c15deb49c98ec4e697b2e5e53a6f06f6770e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Nov 2020 10:11:01 +0100 Subject: [PATCH 460/488] psa: Remove error message output Remove error message output in case of unexpected access counter as Signed-off-by: Ronald Cron --- library/psa_crypto.c | 7 +------ library/psa_crypto_slot_management.c | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 61f0ad4a4..6b2b500c7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1308,17 +1308,12 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) * do our best to report an unexpected access counter: if available * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as * part of the execution of a test suite this will stop the test suite - * execution) and if MBEDTLS_PARAM_FAILED does not terminate execution - * ouput an error message on standard error output. + * execution). */ if( slot->access_count != 1 ) { #ifdef MBEDTLS_CHECK_PARAMS MBEDTLS_PARAM_FAILED( slot->access_count == 1 ); -#endif -#ifdef MBEDTLS_PLATFORM_C - mbedtls_fprintf( stderr, - "\nFATAL psa_wipe_key_slot Unexpected access counter value\n."); #endif status = PSA_ERROR_CORRUPTION_DETECTED; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index d8a3ca8ec..5d20532e8 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -317,16 +317,11 @@ psa_status_t psa_decrement_key_slot_access_count( psa_key_slot_t *slot ) * do our best to report if the access counter is equal to zero: if * available call MBEDTLS_PARAM_FAILED that may terminate execution (if * called as part of the execution of a unit test suite this will stop the - * test suite execution) and if MBEDTLS_PARAM_FAILED does not terminate - * execution ouput an error message on standard error output. + * test suite execution). */ #ifdef MBEDTLS_CHECK_PARAMS MBEDTLS_PARAM_FAILED( slot->access_count > 0 ); #endif -#ifdef MBEDTLS_PLATFORM_C - mbedtls_fprintf( stderr, - "\nFATAL psa_decrement_key_slot_access_count Decrementing a zero access counter.\n" ); -#endif return( PSA_ERROR_CORRUPTION_DETECTED ); } From cbf6a1d651a07726c527a2b7d7355fecee35ae23 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 13 Nov 2020 15:59:59 +0100 Subject: [PATCH 461/488] psa: slot mgmt: Add access counter overflow check It adds a bit a code for not much but that way we are such that a count overflow cannot occur. Signed-off-by: Ronald Cron --- library/psa_crypto_slot_management.c | 10 +++++++--- library/psa_crypto_slot_management.h | 13 ++++++++++++- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 5d20532e8..943923f5d 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -133,8 +133,9 @@ static psa_status_t psa_search_key_in_slots( if( status == PSA_SUCCESS ) { - *p_slot = slot; - psa_increment_key_slot_access_count( slot ); + status = psa_increment_key_slot_access_count( slot ); + if( status == PSA_SUCCESS ) + *p_slot = slot; } return( status ); @@ -208,10 +209,13 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, if( selected_slot != NULL ) { + status = psa_increment_key_slot_access_count( selected_slot ); + if( status != PSA_SUCCESS ) + goto error; + *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + ( (psa_key_id_t)( selected_slot - global_data.key_slots ) ); *p_slot = selected_slot; - psa_increment_key_slot_access_count( selected_slot ); return( PSA_SUCCESS ); } diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 75ce0ac6c..db5acba3b 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -137,10 +137,21 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, * This function increments the slot access counter by one. * * \param[in] slot The key slot. + * + * \retval #PSA_SUCCESS + The access count was incremented. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * The access count already reached its maximum value and was not + * increased. */ -static inline void psa_increment_key_slot_access_count( psa_key_slot_t *slot ) +static inline psa_status_t psa_increment_key_slot_access_count( psa_key_slot_t *slot ) { + if( slot->access_count >= SIZE_MAX ) + return( PSA_ERROR_CORRUPTION_DETECTED ); + slot->access_count++; + + return( PSA_SUCCESS ); } /** Decrement slot access counter. From 5097294be9f0327fdfae5c578bfea003d6c9d1ff Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Nov 2020 11:28:25 +0100 Subject: [PATCH 462/488] psa: Decrement slot access count when finalizing key creation Decrement the slot access count in psa_finish_key_creation() when the finalization succeeds instead of in functions calling psa_finish_key_creation(). That way the decrementation cannot be forgotten and it reduces the code size. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6b2b500c7..ac525d538 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2030,6 +2030,10 @@ static psa_status_t psa_start_key_creation( * See the documentation of psa_start_key_creation() for the intended use * of this function. * + * If the finalization succeeds, the function decreases the slot access + * counter (that was incremented as part of psa_start_key_creation()) and the + * slot cannot be accessed anymore as part of the key creation process. + * * \param[in,out] slot Pointer to the slot with key material. * \param[in] driver The secure element driver for the key, * or NULL for a transparent key. @@ -2093,11 +2097,12 @@ static psa_status_t psa_finish_key_creation( return( status ); } status = psa_crypto_stop_transaction( ); - if( status != PSA_SUCCESS ) - return( status ); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + if( status == PSA_SUCCESS ) + status = psa_decrement_key_slot_access_count( slot ); + return( status ); } @@ -2278,8 +2283,6 @@ exit: psa_fail_key_creation( slot, driver ); *key = MBEDTLS_SVC_KEY_ID_INIT; } - else - status = psa_decrement_key_slot_access_count( slot ); return( status ); } @@ -2312,8 +2315,6 @@ psa_status_t mbedtls_psa_register_se_key( exit: if( status != PSA_SUCCESS ) psa_fail_key_creation( slot, driver ); - else - status = psa_decrement_key_slot_access_count( slot ); /* Registration doesn't keep the key in RAM. */ psa_close_key( key ); @@ -2388,8 +2389,6 @@ exit: psa_fail_key_creation( target_slot, driver ); *target_key = MBEDTLS_SVC_KEY_ID_INIT; } - else - status = psa_decrement_key_slot_access_count( target_slot ); decrement_status = psa_decrement_key_slot_access_count( source_slot ); @@ -5547,8 +5546,6 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut psa_fail_key_creation( slot, driver ); *key = MBEDTLS_SVC_KEY_ID_INIT; } - else - status = psa_decrement_key_slot_access_count( slot ); return( status ); } @@ -6405,8 +6402,6 @@ exit: psa_fail_key_creation( slot, driver ); *key = MBEDTLS_SVC_KEY_ID_INIT; } - else - status = psa_decrement_key_slot_access_count( slot ); return( status ); } From 81709fc78ebe4eee999972a82f4b2108c80fb153 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Nov 2020 12:10:32 +0100 Subject: [PATCH 463/488] psa: Move key identifier return to psa_finish_key_creation() Move the return of the identifier of a created key from psa_start_key_creation() to psa_finish_key_creation(). That way in case of creation error, it is less likely to return the identifier that was temporarily assigned to the key while trying to create it. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 62 +++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 32 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ac525d538..41a2263ee 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1911,9 +1911,6 @@ static psa_status_t psa_validate_key_attributes( * * \param method An identification of the calling function. * \param[in] attributes Key attributes for the new key. - * \param[out] key On success, identifier of the key. Note that the - * key identifier is also stored in the prepared - * slot. * \param[out] p_slot On success, a pointer to the prepared slot. * \param[out] p_drv On any return, the driver for the key, if any. * NULL for a transparent key. @@ -1926,7 +1923,6 @@ static psa_status_t psa_validate_key_attributes( static psa_status_t psa_start_key_creation( psa_key_creation_method_t method, const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key, psa_key_slot_t **p_slot, psa_se_drv_table_entry_t **p_drv ) { @@ -2018,7 +2014,6 @@ static psa_status_t psa_start_key_creation( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - *key = slot->attr.id; return( PSA_SUCCESS ); } @@ -2037,6 +2032,8 @@ static psa_status_t psa_start_key_creation( * \param[in,out] slot Pointer to the slot with key material. * \param[in] driver The secure element driver for the key, * or NULL for a transparent key. + * \param[out] key On success, identifier of the key. Note that the + * key identifier is also stored in the key slot. * * \retval #PSA_SUCCESS * The key was successfully created. @@ -2045,7 +2042,8 @@ static psa_status_t psa_start_key_creation( */ static psa_status_t psa_finish_key_creation( psa_key_slot_t *slot, - psa_se_drv_table_entry_t *driver ) + psa_se_drv_table_entry_t *driver, + mbedtls_svc_key_id_t *key) { psa_status_t status = PSA_SUCCESS; (void) slot; @@ -2101,7 +2099,12 @@ static psa_status_t psa_finish_key_creation( #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ if( status == PSA_SUCCESS ) + { + *key = slot->attr.id; status = psa_decrement_key_slot_access_count( slot ); + if( status != PSA_SUCCESS ) + *key = MBEDTLS_SVC_KEY_ID_INIT; + } return( status ); } @@ -2228,6 +2231,8 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + *key = MBEDTLS_SVC_KEY_ID_INIT; + /* Reject zero-length symmetric keys (including raw data key objects). * This also rejects any key which might be encoded as an empty string, * which is never valid. */ @@ -2235,7 +2240,7 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes, - key, &slot, &driver ); + &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -2276,13 +2281,10 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, if( status != PSA_SUCCESS ) goto exit; - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, key ); exit: if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - *key = MBEDTLS_SVC_KEY_ID_INIT; - } return( status ); } @@ -2306,11 +2308,11 @@ psa_status_t mbedtls_psa_register_se_key( return( PSA_ERROR_NOT_SUPPORTED ); status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes, - &key, &slot, &driver ); + &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, &key ); exit: if( status != PSA_SUCCESS ) @@ -2348,6 +2350,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, psa_key_attributes_t actual_attributes = *specified_attributes; psa_se_drv_table_entry_t *driver = NULL; + *target_key = MBEDTLS_SVC_KEY_ID_INIT; + status = psa_get_transparent_key( source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 ); if( status != PSA_SUCCESS ) @@ -2363,9 +2367,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, if( status != PSA_SUCCESS ) goto exit; - status = psa_start_key_creation( PSA_KEY_CREATION_COPY, - &actual_attributes, - target_key, &target_slot, &driver ); + status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes, + &target_slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -2382,13 +2385,10 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, if( status != PSA_SUCCESS ) goto exit; - status = psa_finish_key_creation( target_slot, driver ); + status = psa_finish_key_creation( target_slot, driver, target_key ); exit: if( status != PSA_SUCCESS ) - { psa_fail_key_creation( target_slot, driver ); - *target_key = MBEDTLS_SVC_KEY_ID_INIT; - } decrement_status = psa_decrement_key_slot_access_count( source_slot ); @@ -5516,6 +5516,8 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + *key = MBEDTLS_SVC_KEY_ID_INIT; + /* Reject any attempt to create a zero-length key so that we don't * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ if( psa_get_key_bits( attributes ) == 0 ) @@ -5524,8 +5526,8 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut if( ! operation->can_output_key ) return( PSA_ERROR_NOT_PERMITTED ); - status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, - attributes, key, &slot, &driver ); + status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes, + &slot, &driver ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( driver != NULL ) { @@ -5540,12 +5542,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut operation ); } if( status == PSA_SUCCESS ) - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, key ); if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - *key = MBEDTLS_SVC_KEY_ID_INIT; - } return( status ); } @@ -6374,13 +6373,15 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; + *key = MBEDTLS_SVC_KEY_ID_INIT; + /* Reject any attempt to create a zero-length key so that we don't * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ if( psa_get_key_bits( attributes ) == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, - attributes, key, &slot, &driver ); + status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes, + &slot, &driver ); if( status != PSA_SUCCESS ) goto exit; @@ -6396,12 +6397,9 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, exit: if( status == PSA_SUCCESS ) - status = psa_finish_key_creation( slot, driver ); + status = psa_finish_key_creation( slot, driver, key ); if( status != PSA_SUCCESS ) - { psa_fail_key_creation( slot, driver ); - *key = MBEDTLS_SVC_KEY_ID_INIT; - } return( status ); } From ab79bd27b6fe7c91a77246138f1c26c2d77f396f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Nov 2020 14:19:11 +0100 Subject: [PATCH 464/488] tests: slot mgmt: Improve key_slot_eviction_to_import_new_key test Signed-off-by: Ronald Cron --- .../suites/test_suite_psa_crypto_slot_management.function | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 08f1f7e49..474fbe7c9 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -915,15 +915,16 @@ void key_slot_eviction_to_import_new_key( int lifetime_arg ) i = PSA_KEY_SLOT_COUNT; key = mbedtls_svc_key_id_make( i, i + 1 ); psa_set_key_id( &attributes, key ); - - if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) - psa_set_key_lifetime( &attributes, PSA_KEY_LIFETIME_VOLATILE ); + psa_set_key_lifetime( &attributes, lifetime ); PSA_ASSERT( psa_import_key( &attributes, (uint8_t *) &i, sizeof( i ), &returned_key_id ) ); if( lifetime != PSA_KEY_LIFETIME_VOLATILE ) TEST_ASSERT( mbedtls_svc_key_id_equal( returned_key_id, key ) ); + else + TEST_ASSERT( psa_key_id_is_volatile( + MBEDTLS_SVC_KEY_ID_GET_KEY_ID( returned_key_id ) ) ); /* * Check that we can export all ( PSA_KEY_SLOT_COUNT + 1 ) keys, From 5c522920ba90522550de5007b3f77d5712100701 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 14 Nov 2020 16:35:34 +0100 Subject: [PATCH 465/488] psa: Rename functions to get a key slot Rename functions to get a key slot: . to make their naming more consistent . to emphasize that those functions set a lock on the key slot they return to protect it from being wiped out and re-used while some part of the library is accessing it. Signed-off-by: Ronald Cron --- include/psa/crypto_extra.h | 4 +- library/psa_crypto.c | 219 ++++++++++++------------ library/psa_crypto_core.h | 18 +- library/psa_crypto_slot_management.c | 92 +++++----- library/psa_crypto_slot_management.h | 53 +++--- tests/include/test/psa_crypto_helpers.h | 4 +- 6 files changed, 196 insertions(+), 194 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 7986eb23b..0c90cb2d1 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -231,8 +231,8 @@ typedef struct mbedtls_psa_stats_s size_t cache_slots; /** Number of slots that are not used for anything. */ size_t empty_slots; - /** Number of slots that are not accessed. */ - size_t unaccessed_slots; + /** Number of slots that are not locked. */ + size_t unlocked_slots; /** Largest key id value among open keys in internal persistent storage. */ psa_key_id_t max_open_internal_key_id; /** Largest key id value among open keys in secure elements. */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 41a2263ee..6a07cbd0b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1187,27 +1187,28 @@ static psa_status_t psa_restrict_key_policy( return( PSA_SUCCESS ); } -/** Retrieve a slot which must contain a key. The key must have allow all the - * usage flags set in \p usage. If \p alg is nonzero, the key must allow - * operations with this algorithm. +/** Get the description of a key given its identifier and policy constraints + * and lock it. * - * In case of a persistent key, the function loads the description of the key - * into a key slot if not already done. + * The key must have allow all the usage flags set in \p usage. If \p alg is + * nonzero, the key must allow operations with this algorithm. * - * On success, the access counter of the returned key slot is incremented by - * one. It is the responsibility of the caller to call - * psa_decrement_key_slot_access_count() when it does not access the key slot - * anymore. + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. + * + * On success, the returned key slot is locked. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. */ -static psa_status_t psa_get_key_from_slot( mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static psa_status_t psa_get_and_lock_key_slot_with_policy( + mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot, + psa_key_usage_t usage, + psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_get_key_slot( key, p_slot ); + status = psa_get_and_lock_key_slot( key, p_slot ); if( status != PSA_SUCCESS ) return( status ); slot = *p_slot; @@ -1231,37 +1232,38 @@ static psa_status_t psa_get_key_from_slot( mbedtls_svc_key_id_t key, error: *p_slot = NULL; - psa_decrement_key_slot_access_count( slot ); + psa_unlock_key_slot( slot ); return( status ); } -/** Retrieve a slot which must contain a transparent key. +/** Get a key slot containing a transparent key and lock it. * * A transparent key is a key for which the key material is directly * available, as opposed to a key in a secure element. * - * This is a temporary function to use instead of psa_get_key_from_slot() - * until secure element support is fully implemented. + * This is a temporary function to use instead of + * psa_get_and_lock_key_slot_with_policy() until secure element support is + * fully implemented. * - * On success, the access counter of the returned key slot is incremented by - * one. It is the responsibility of the caller to call - * psa_decrement_key_slot_access_count() when it does not access the key slot - * anymore. + * On success, the returned key slot is locked. It is the responsibility of the + * caller to unlock the key slot when it does not access it anymore. */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static psa_status_t psa_get_transparent_key( mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot, - psa_key_usage_t usage, - psa_algorithm_t alg ) +static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( + mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot, + psa_key_usage_t usage, + psa_algorithm_t alg ) { - psa_status_t status = psa_get_key_from_slot( key, p_slot, usage, alg ); + psa_status_t status = psa_get_and_lock_key_slot_with_policy( key, p_slot, + usage, alg ); if( status != PSA_SUCCESS ) return( status ); if( psa_key_slot_is_external( *p_slot ) ) { - psa_decrement_key_slot_access_count( *p_slot ); + psa_unlock_key_slot( *p_slot ); *p_slot = NULL; return( PSA_ERROR_NOT_SUPPORTED ); } @@ -1270,8 +1272,8 @@ static psa_status_t psa_get_transparent_key( mbedtls_svc_key_id_t key, } #else /* MBEDTLS_PSA_CRYPTO_SE_C */ /* With no secure element support, all keys are transparent. */ -#define psa_get_transparent_key( key, p_slot, usage, alg ) \ - psa_get_key_from_slot( key, p_slot, usage, alg ) +#define psa_get_and_lock_transparent_key_slot_with_policy( key, p_slot, usage, alg ) \ + psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ /** Wipe key data from a slot. Preserve metadata such as the policy. */ @@ -1305,15 +1307,15 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) /* * As the return error code may not be handled in case of multiple errors, - * do our best to report an unexpected access counter: if available + * do our best to report an unexpected lock counter: if available * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as * part of the execution of a test suite this will stop the test suite * execution). */ - if( slot->access_count != 1 ) + if( slot->lock_count != 1 ) { #ifdef MBEDTLS_CHECK_PARAMS - MBEDTLS_PARAM_FAILED( slot->access_count == 1 ); + MBEDTLS_PARAM_FAILED( slot->lock_count == 1 ); #endif status = PSA_ERROR_CORRUPTION_DETECTED; } @@ -1349,7 +1351,7 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) * the key is operated by an SE or not and this information is needed by * the current implementation. */ - status = psa_get_key_slot( key, &slot ); + status = psa_get_and_lock_key_slot( key, &slot ); if( status != PSA_SUCCESS ) return( status ); @@ -1360,9 +1362,9 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) * implemented), the key should be destroyed when all accesses have * stopped. */ - if( slot->access_count > 1 ) + if( slot->lock_count > 1 ) { - psa_decrement_key_slot_access_count( slot ); + psa_unlock_key_slot( slot ); return( PSA_ERROR_GENERIC_ERROR ); } @@ -1533,12 +1535,12 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; psa_reset_key_attributes( attributes ); - status = psa_get_key_from_slot( key, &slot, 0, 0 ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 ); if( status != PSA_SUCCESS ) return( status ); @@ -1589,9 +1591,9 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) psa_reset_key_attributes( attributes ); - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1752,7 +1754,7 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key, size_t *data_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; /* Set the key to empty now, so that even when there are errors, we always @@ -1762,16 +1764,18 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key, *data_length = 0; /* Export requires the EXPORT flag. There is an exception for public keys, - * which don't require any flag, but psa_get_key_from_slot takes - * care of this. */ - status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_EXPORT, 0 ); + * which don't require any flag, but + * psa_get_and_lock_key_slot_with_policy() takes care of this. + */ + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_EXPORT, 0 ); if( status != PSA_SUCCESS ) return( status ); status = psa_internal_export_key( slot, data, data_size, data_length, 0 ); - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, @@ -1780,7 +1784,7 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, size_t *data_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; /* Set the key to empty now, so that even when there are errors, we always @@ -1790,14 +1794,14 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, *data_length = 0; /* Exporting a public key doesn't require a usage flag. */ - status = psa_get_key_from_slot( key, &slot, 0, 0 ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 ); if( status != PSA_SUCCESS ) return( status ); status = psa_internal_export_key( slot, data, data_size, data_length, 1 ); - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } #if defined(static_assert) @@ -1904,10 +1908,8 @@ static psa_status_t psa_validate_key_attributes( * In case of failure at any step, stop the sequence and call * psa_fail_key_creation(). * - * On success, the access counter of the returned key slot is incremented by - * one. It is the responsibility of the caller to call - * psa_decrement_key_slot_access_count() when it does not access the key slot - * anymore. + * On success, the key slot is locked. It is the responsibility of the caller + * to unlock the key slot when it does not access it anymore. * * \param method An identification of the calling function. * \param[in] attributes Key attributes for the new key. @@ -2025,9 +2027,9 @@ static psa_status_t psa_start_key_creation( * See the documentation of psa_start_key_creation() for the intended use * of this function. * - * If the finalization succeeds, the function decreases the slot access - * counter (that was incremented as part of psa_start_key_creation()) and the - * slot cannot be accessed anymore as part of the key creation process. + * If the finalization succeeds, the function unlocks the key slot (it was + * locked by psa_start_key_creation()) and the key slot cannot be accessed + * anymore as part of the key creation process. * * \param[in,out] slot Pointer to the slot with key material. * \param[in] driver The secure element driver for the key, @@ -2101,7 +2103,7 @@ static psa_status_t psa_finish_key_creation( if( status == PSA_SUCCESS ) { *key = slot->attr.id; - status = psa_decrement_key_slot_access_count( slot ); + status = psa_unlock_key_slot( slot ); if( status != PSA_SUCCESS ) *key = MBEDTLS_SVC_KEY_ID_INIT; } @@ -2344,7 +2346,7 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, mbedtls_svc_key_id_t *target_key ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *source_slot = NULL; psa_key_slot_t *target_slot = NULL; psa_key_attributes_t actual_attributes = *specified_attributes; @@ -2352,8 +2354,8 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, *target_key = MBEDTLS_SVC_KEY_ID_INIT; - status = psa_get_transparent_key( source_key, &source_slot, - PSA_KEY_USAGE_COPY, 0 ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 ); if( status != PSA_SUCCESS ) goto exit; @@ -2390,9 +2392,9 @@ exit: if( status != PSA_SUCCESS ) psa_fail_key_creation( target_slot, driver ); - decrement_status = psa_decrement_key_slot_access_count( source_slot ); + unlock_status = psa_unlock_key_slot( source_slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } @@ -3179,7 +3181,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, int is_sign ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; size_t key_bits; psa_key_usage_t usage = @@ -3199,7 +3201,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, if( is_sign ) operation->is_sign = 1; - status = psa_get_transparent_key( key, &slot, usage, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, usage, alg ); if( status != PSA_SUCCESS ) goto exit; key_bits = psa_get_key_slot_bits( slot ); @@ -3289,9 +3292,9 @@ exit: operation->key_set = 1; } - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation, @@ -3789,7 +3792,7 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, size_t *signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; *signature_length = signature_size; @@ -3800,7 +3803,9 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, if( signature_size == 0 ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_SIGN_HASH, alg ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_SIGN_HASH, + alg ); if( status != PSA_SUCCESS ) goto exit; if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) @@ -3897,9 +3902,9 @@ exit: /* If signature_size is 0 then we have nothing to do. We must not call * memset because signature may be NULL in this case. */ - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, @@ -3910,11 +3915,12 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, size_t signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_get_key_from_slot( key, &slot, - PSA_KEY_USAGE_VERIFY_HASH, alg ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_VERIFY_HASH, + alg ); if( status != PSA_SUCCESS ) return( status ); @@ -3985,9 +3991,9 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, } exit: - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) @@ -4012,7 +4018,7 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; (void) input; @@ -4026,7 +4032,8 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) || @@ -4100,9 +4107,9 @@ rsa_exit: } exit: - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, @@ -4116,7 +4123,7 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; (void) input; @@ -4130,7 +4137,8 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); if( status != PSA_SUCCESS ) return( status ); if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) @@ -4203,9 +4211,9 @@ rsa_exit: } exit: - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } @@ -4220,7 +4228,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, mbedtls_operation_t cipher_operation ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; int ret = 0; psa_key_slot_t *slot; size_t key_bits; @@ -4238,7 +4246,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, return( PSA_ERROR_INVALID_ARGUMENT ); /* Fetch key material from key storage. */ - status = psa_get_key_from_slot( key, &slot, usage, alg ); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg ); if( status != PSA_SUCCESS ) goto exit; @@ -4366,9 +4374,9 @@ exit: else psa_cipher_abort( operation ); - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation, @@ -4768,7 +4776,7 @@ static void psa_aead_abort_internal( aead_operation_t *operation ) #endif /* MBEDTLS_GCM_C */ } - psa_decrement_key_slot_access_count( operation->slot ); + psa_unlock_key_slot( operation->slot ); } static psa_status_t psa_aead_setup( aead_operation_t *operation, @@ -4780,7 +4788,8 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, size_t key_bits; mbedtls_cipher_id_t cipher_id; - status = psa_get_transparent_key( key, &operation->slot, usage, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &operation->slot, usage, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -5910,11 +5919,11 @@ psa_status_t psa_key_derivation_input_key( mbedtls_svc_key_id_t key ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_get_transparent_key( key, &slot, - PSA_KEY_USAGE_DERIVE, operation->alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg ); if( status != PSA_SUCCESS ) { psa_key_derivation_abort( operation ); @@ -5931,9 +5940,9 @@ psa_status_t psa_key_derivation_input_key( slot->data.key.data, slot->data.key.bytes ); - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } @@ -6082,13 +6091,13 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o size_t peer_key_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_transparent_key( private_key, &slot, - PSA_KEY_USAGE_DERIVE, operation->alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg ); if( status != PSA_SUCCESS ) return( status ); status = psa_key_agreement_internal( operation, step, @@ -6104,9 +6113,9 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o operation->can_output_key = 1; } - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, @@ -6118,7 +6127,7 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t decrement_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ) @@ -6126,8 +6135,8 @@ psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - status = psa_get_transparent_key( private_key, &slot, - PSA_KEY_USAGE_DERIVE, alg ); + status = psa_get_and_lock_transparent_key_slot_with_policy( + private_key, &slot, PSA_KEY_USAGE_DERIVE, alg ); if( status != PSA_SUCCESS ) goto exit; @@ -6150,9 +6159,9 @@ exit: *output_length = output_size; } - decrement_status = psa_decrement_key_slot_access_count( slot ); + unlock_status = psa_unlock_key_slot( slot ); - return( ( status == PSA_SUCCESS ) ? decrement_status : status ); + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 489be31e2..1492d1943 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -38,8 +38,7 @@ typedef struct psa_core_key_attributes_t attr; /* - * Number of on-going accesses, read and/or write, to the key slot by the - * library. + * Number of locks, read and/or write, to the key slot by the library. * * This counter is incremented by one each time a library function * retrieves through one of the dedicated internal API a pointer to the @@ -47,7 +46,7 @@ typedef struct * * This counter is decremented by one each time a library function stops * accessing to the key slot and states it by calling the - * psa_decrement_key_slot_access_count() API. + * psa_unlock_key_slot() API. * * This counter is used to prevent resetting the key slot while the library * may access it. For example, such control is needed in the following @@ -61,7 +60,7 @@ typedef struct * or purge or destroy a key while it is in used by the library through * another thread. */ - size_t access_count; + size_t lock_count; union { @@ -101,18 +100,17 @@ static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot ) return( slot->attr.type != 0 ); } -/** Test whether a key slot is accessed. +/** Test whether a key slot is locked. * - * A key slot is accessed iff its access counter is strickly greater than - * 0. + * A key slot is locked iff its lock counter is strickly greater than 0. * * \param[in] slot The key slot to test. * - * \return 1 if the slot is accessed, 0 otherwise. + * \return 1 if the slot is locked, 0 otherwise. */ -static inline int psa_is_key_slot_accessed( const psa_key_slot_t *slot ) +static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot ) { - return( slot->access_count > 0 ); + return( slot->lock_count > 0 ); } /** Retrieve flags from psa_key_slot_t::attr::core::flags. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 943923f5d..3e1866871 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -68,25 +68,23 @@ psa_status_t psa_validate_key_id( return( PSA_ERROR_INVALID_HANDLE ); } -/** Search for the description of a key given its identifier. +/** Get the description in memory of a key given its identifier and lock it. * - * The descriptions of volatile keys and loaded persistent keys are - * stored in key slots. This function returns a pointer to the key slot - * containing the description of a key given its identifier. + * The descriptions of volatile keys and loaded persistent keys are + * stored in key slots. This function returns a pointer to the key slot + * containing the description of a key given its identifier. * - * The function searches the key slots containing the description of the key - * with \p key identifier. The function does only read accesses to the key - * slots. The function does not load any persistent key thus does not access - * any storage. + * The function searches the key slots containing the description of the key + * with \p key identifier. The function does only read accesses to the key + * slots. The function does not load any persistent key thus does not access + * any storage. * - * For volatile key identifiers, only one key slot is queried as a volatile - * key with identifier key_id can only be stored in slot of index - * ( key_id - #PSA_KEY_ID_VOLATILE_MIN ). + * For volatile key identifiers, only one key slot is queried as a volatile + * key with identifier key_id can only be stored in slot of index + * ( key_id - #PSA_KEY_ID_VOLATILE_MIN ). * - * On success, the access counter of the returned key slot is incremented by - * one. It is the responsibility of the caller to call - * psa_decrement_key_slot_access_count() when it does not access the key slot - * anymore. + * On success, the function locks the key slot. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the @@ -101,7 +99,7 @@ psa_status_t psa_validate_key_id( * \retval #PSA_ERROR_DOES_NOT_EXIST * There is no key with key identifier \p key in the key slots. */ -static psa_status_t psa_search_key_in_slots( +static psa_status_t psa_get_and_lock_key_slot_in_memory( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -133,7 +131,7 @@ static psa_status_t psa_search_key_in_slots( if( status == PSA_SUCCESS ) { - status = psa_increment_key_slot_access_count( slot ); + status = psa_lock_key_slot( slot ); if( status == PSA_SUCCESS ) *p_slot = slot; } @@ -157,7 +155,7 @@ void psa_wipe_all_key_slots( void ) for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; - slot->access_count = 1; + slot->lock_count = 1; (void) psa_wipe_key_slot( slot ); } global_data.key_slots_initialized = 0; @@ -168,7 +166,7 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t slot_idx; - psa_key_slot_t *selected_slot, *unaccessed_persistent_key_slot; + psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot; if( ! global_data.key_slots_initialized ) { @@ -176,7 +174,7 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, goto error; } - selected_slot = unaccessed_persistent_key_slot = NULL; + selected_slot = unlocked_persistent_key_slot = NULL; for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; @@ -186,30 +184,30 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, break; } - if( ( unaccessed_persistent_key_slot == NULL ) && + if( ( unlocked_persistent_key_slot == NULL ) && ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && - ( ! psa_is_key_slot_accessed( slot ) ) ) - unaccessed_persistent_key_slot = slot; + ( ! psa_is_key_slot_locked( slot ) ) ) + unlocked_persistent_key_slot = slot; } /* - * If there is no unused key slot and there is at least one unaccessed key + * If there is no unused key slot and there is at least one unlocked key * slot containing the description of a permament key, recycle the first * such key slot we encountered. If we need later on to operate on the * persistent key we evict now, we will reload its description from * storage. */ if( ( selected_slot == NULL ) && - ( unaccessed_persistent_key_slot != NULL ) ) + ( unlocked_persistent_key_slot != NULL ) ) { - selected_slot = unaccessed_persistent_key_slot; - selected_slot->access_count = 1; + selected_slot = unlocked_persistent_key_slot; + selected_slot->lock_count = 1; psa_wipe_key_slot( selected_slot ); } if( selected_slot != NULL ) { - status = psa_increment_key_slot_access_count( selected_slot ); + status = psa_lock_key_slot( selected_slot ); if( status != PSA_SUCCESS ) goto error; @@ -267,8 +265,8 @@ exit: } #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot ) +psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -278,9 +276,9 @@ psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, /* * On success, the pointer to the slot is passed directly to the caller - * thus no need to decrement the key slot access counter here. + * thus no need to unlock the key slot here. */ - status = psa_search_key_in_slots( key, p_slot ); + status = psa_get_and_lock_key_slot_in_memory( key, p_slot ); if( status != PSA_ERROR_DOES_NOT_EXIST ) return( status ); @@ -305,26 +303,26 @@ psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, } -psa_status_t psa_decrement_key_slot_access_count( psa_key_slot_t *slot ) +psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ) { if( slot == NULL ) return( PSA_SUCCESS ); - if( slot->access_count > 0 ) + if( slot->lock_count > 0 ) { - slot->access_count--; + slot->lock_count--; return( PSA_SUCCESS ); } /* * As the return error code may not be handled in case of multiple errors, - * do our best to report if the access counter is equal to zero: if + * do our best to report if the lock counter is equal to zero: if * available call MBEDTLS_PARAM_FAILED that may terminate execution (if * called as part of the execution of a unit test suite this will stop the * test suite execution). */ #ifdef MBEDTLS_CHECK_PARAMS - MBEDTLS_PARAM_FAILED( slot->access_count > 0 ); + MBEDTLS_PARAM_FAILED( slot->lock_count > 0 ); #endif return( PSA_ERROR_CORRUPTION_DETECTED ); @@ -379,7 +377,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) psa_status_t status; psa_key_slot_t *slot; - status = psa_get_key_slot( key, &slot ); + status = psa_get_and_lock_key_slot( key, &slot ); if( status != PSA_SUCCESS ) { *handle = PSA_KEY_HANDLE_INIT; @@ -388,7 +386,7 @@ psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) *handle = key; - return( psa_decrement_key_slot_access_count( slot ) ); + return( psa_unlock_key_slot( slot ) ); #else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ (void) key; @@ -405,14 +403,14 @@ psa_status_t psa_close_key( psa_key_handle_t handle ) if( psa_key_handle_is_null( handle ) ) return( PSA_SUCCESS ); - status = psa_search_key_in_slots( handle, &slot ); + status = psa_get_and_lock_key_slot_in_memory( handle, &slot ); if( status != PSA_SUCCESS ) return( status ); - if( slot->access_count <= 1 ) + if( slot->lock_count <= 1 ) return( psa_wipe_key_slot( slot ) ); else - return( psa_decrement_key_slot_access_count( slot ) ); + return( psa_unlock_key_slot( slot ) ); } psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) @@ -420,15 +418,15 @@ psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) psa_status_t status; psa_key_slot_t *slot; - status = psa_search_key_in_slots( key, &slot ); + status = psa_get_and_lock_key_slot_in_memory( key, &slot ); if( status != PSA_SUCCESS ) return( status ); if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && - ( slot->access_count <= 1 ) ) + ( slot->lock_count <= 1 ) ) return( psa_wipe_key_slot( slot ) ); else - return( psa_decrement_key_slot_access_count( slot ) ); + return( psa_unlock_key_slot( slot ) ); } void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) @@ -440,9 +438,9 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; - if( ! psa_is_key_slot_accessed( slot ) ) + if( ! psa_is_key_slot_locked( slot ) ) { - ++stats->unaccessed_slots; + ++stats->unlocked_slots; } if( ! psa_is_key_slot_occupied( slot ) ) { diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index db5acba3b..8b9d7463a 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -61,19 +61,17 @@ static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) ); } -/** Retrieve the description of a key given its identifier. +/** Get the description of a key given its identifier and lock it. * - * The descriptions of volatile keys and loaded persistent keys are - * stored in key slots. This function returns a pointer to the key slot - * containing the description of a key given its identifier. + * The descriptions of volatile keys and loaded persistent keys are stored in + * key slots. This function returns a pointer to the key slot containing the + * description of a key given its identifier. * - * In case of a persistent key, the function loads the description of the key - * into a key slot if not already done. + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. * - * On success, the access counter of the returned key slot is incremented by - * one. It is the responsibility of the caller to call - * psa_decrement_key_slot_access_count() when it does not access the slot - * anymore. + * On success, the returned key slot is locked. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the @@ -98,8 +96,8 @@ static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_CORRUPT */ -psa_status_t psa_get_key_slot( mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot ); +psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot ); /** Initialize the key slot structures. * @@ -116,10 +114,9 @@ void psa_wipe_all_key_slots( void ); /** Find a free key slot. * * This function returns a key slot that is available for use and is in its - * ground state (all-bits-zero). On success, the access counter of the - * returned key slot is incremented by one. It is the responsibility of the - * caller to call psa_decrement_key_slot_access_count() when it does not access - * the key slot anymore. + * ground state (all-bits-zero). On success, the key slot is locked. It is + * the responsibility of the caller to unlock the key slot when it does not + * access it anymore. * * \param[out] volatile_key_id On success, volatile key identifier * associated to the returned slot. @@ -132,31 +129,31 @@ void psa_wipe_all_key_slots( void ); psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot ); -/** Increment slot access counter. +/** Lock a key slot. * - * This function increments the slot access counter by one. + * This function increments the key slot lock counter by one. * * \param[in] slot The key slot. * * \retval #PSA_SUCCESS - The access count was incremented. + The key slot lock counter was incremented. * \retval #PSA_ERROR_CORRUPTION_DETECTED - * The access count already reached its maximum value and was not + * The lock counter already reached its maximum value and was not * increased. */ -static inline psa_status_t psa_increment_key_slot_access_count( psa_key_slot_t *slot ) +static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot ) { - if( slot->access_count >= SIZE_MAX ) + if( slot->lock_count >= SIZE_MAX ) return( PSA_ERROR_CORRUPTION_DETECTED ); - slot->access_count++; + slot->lock_count++; return( PSA_SUCCESS ); } -/** Decrement slot access counter. +/** Unlock a key slot. * - * This function decrements the slot access counter by one. + * This function decrements the key slot lock counter by one. * * \note To ease the handling of errors in retrieving a key slot * a NULL input pointer is valid, and the function returns @@ -164,13 +161,13 @@ static inline psa_status_t psa_increment_key_slot_access_count( psa_key_slot_t * * * \param[in] slot The key slot. * \retval #PSA_SUCCESS - * \p slot is NULL or the key slot access pointer has been + * \p slot is NULL or the key slot lock counter has been * decremented successfully. * \retval #PSA_ERROR_CORRUPTION_DETECTED - * The access counter was equal to 0. + * The lock counter was equal to 0. * */ -psa_status_t psa_decrement_key_slot_access_count( psa_key_slot_t *slot ); +psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ); /** Test whether a lifetime designates a key in an external cryptoprocessor. * diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 214ee87f3..09171ae76 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -41,9 +41,9 @@ static int test_helper_is_psa_pristine( int line, const char *file ) msg = "An external slot has not been closed properly."; else if( stats.half_filled_slots != 0 ) msg = "A half-filled slot has not been cleared properly."; - else if( stats.unaccessed_slots != PSA_KEY_SLOT_COUNT ) + else if( stats.unlocked_slots != PSA_KEY_SLOT_COUNT ) { - msg = "Some slots are still marked as accessed."; + msg = "Some slots are still marked as locked."; } /* If the test has already failed, don't overwrite the failure From 1ad1eeeaf105190961e8d9be7e5d1c3de844bc41 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 15 Nov 2020 14:21:04 +0100 Subject: [PATCH 466/488] psa stats: Count locked slots instead of unlocked ones Count locked slots and not unlocked ones to align with the other statistics counters. Signed-off-by: Ronald Cron --- include/psa/crypto_extra.h | 4 ++-- library/psa_crypto_slot_management.c | 4 ++-- tests/include/test/psa_crypto_helpers.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 0c90cb2d1..b25addc85 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -231,8 +231,8 @@ typedef struct mbedtls_psa_stats_s size_t cache_slots; /** Number of slots that are not used for anything. */ size_t empty_slots; - /** Number of slots that are not locked. */ - size_t unlocked_slots; + /** Number of slots that are locked. */ + size_t locked_slots; /** Largest key id value among open keys in internal persistent storage. */ psa_key_id_t max_open_internal_key_id; /** Largest key id value among open keys in secure elements. */ diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3e1866871..1d2e51fec 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -438,9 +438,9 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) for( slot_idx = 0; slot_idx < PSA_KEY_SLOT_COUNT; slot_idx++ ) { const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; - if( ! psa_is_key_slot_locked( slot ) ) + if( psa_is_key_slot_locked( slot ) ) { - ++stats->unlocked_slots; + ++stats->locked_slots; } if( ! psa_is_key_slot_occupied( slot ) ) { diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 09171ae76..01b0547cf 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -41,7 +41,7 @@ static int test_helper_is_psa_pristine( int line, const char *file ) msg = "An external slot has not been closed properly."; else if( stats.half_filled_slots != 0 ) msg = "A half-filled slot has not been cleared properly."; - else if( stats.unlocked_slots != PSA_KEY_SLOT_COUNT ) + else if( stats.locked_slots != 0 ) { msg = "Some slots are still marked as locked."; } From a3d9daca92048e7d0e39e2a4e44f3b769eaa69be Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sun, 15 Nov 2020 15:44:34 +0100 Subject: [PATCH 467/488] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/psa-openless.txt | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 ChangeLog.d/psa-openless.txt diff --git a/ChangeLog.d/psa-openless.txt b/ChangeLog.d/psa-openless.txt new file mode 100644 index 000000000..2e40cdff8 --- /dev/null +++ b/ChangeLog.d/psa-openless.txt @@ -0,0 +1,17 @@ +Features + * In the PSA API, it is no longer necessary to open persistent keys: + operations now accept the key identifier. The type psa_key_handle_t is now + identical to psa_key_id_t instead of being platform-defined. This bridges + the last major gap to compliance with the PSA Cryptography specification + version 1.0.0. Opening persistent keys is still supported for backward + compatibility, but will be deprecated and later removed in future + releases. + +Bugfix + * psa_set_key_id() now also sets the lifetime to persistent for keys located + in a secure element. + * Attempting to create a volatile key with a non-zero key identifier now + fails. Previously the key identifier was just ignored when creating a + volatile key. + * Attempting to create or register a key with a key identifier in the vendor + range now fails. From 8346c7a9f07bd75fd7fabb2a32be2d6399742d4d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Nov 2020 11:50:08 +0100 Subject: [PATCH 468/488] Add abstract target names for index generation Signed-off-by: Gilles Peskine --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 663df86a7..f8d26d2b2 100644 --- a/Makefile +++ b/Makefile @@ -142,7 +142,10 @@ tags: $(C_SOURCE_FILES) $(CTAGS) $@ $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES) etags -o $@ $(C_SOURCE_FILES) +global: GPATH GRTAGS GSYMS GTAGS GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc +cscope: cscope.in.out cscope.po.out cscope.out cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES) +.PHONY: cscope global From 1d12d87d18d38db568b307c6971d41cc371367ef Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 18 Nov 2020 17:21:22 +0100 Subject: [PATCH 469/488] Improve/fix documentation Signed-off-by: Ronald Cron --- include/psa/crypto.h | 10 ---------- include/psa/crypto_compat.h | 2 +- library/psa_crypto_core.h | 6 +++--- library/psa_crypto_slot_management.c | 15 ++++++++++++--- library/psa_crypto_slot_management.h | 6 +++--- ...test_suite_psa_crypto_slot_management.function | 2 +- 6 files changed, 20 insertions(+), 21 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 3c2324ac9..b41a20bfc 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -36,16 +36,6 @@ * @{ */ -/** \brief Key handle. - * - * This type represents open handles to keys. It must be an unsigned integral - * type. The choice of type is implementation-dependent. - * - * 0 is not a valid key handle. How other handle values are assigned is - * implementation-dependent. - */ -typedef _unsigned_integral_type_ psa_key_handle_t; - /**@}*/ #endif /* __DOXYGEN_ONLY__ */ diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 642be1a55..339ef270e 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -35,7 +35,7 @@ extern "C" { #endif /* - * To support temporary both openless APIs and psa_open_key(), define + * To support both openless APIs and psa_open_key() temporarily, define * psa_key_handle_t to be equal to mbedtls_svc_key_id_t. Do not mark the * type and its utility macros and functions deprecated yet. This will be done * in a subsequent phase. diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 1492d1943..f61ef9550 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -38,14 +38,14 @@ typedef struct psa_core_key_attributes_t attr; /* - * Number of locks, read and/or write, to the key slot by the library. + * Number of locks on the key slot held by the library. * * This counter is incremented by one each time a library function * retrieves through one of the dedicated internal API a pointer to the * key slot. * * This counter is decremented by one each time a library function stops - * accessing to the key slot and states it by calling the + * accessing the key slot and states it by calling the * psa_unlock_key_slot() API. * * This counter is used to prevent resetting the key slot while the library @@ -102,7 +102,7 @@ static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot ) /** Test whether a key slot is locked. * - * A key slot is locked iff its lock counter is strickly greater than 0. + * A key slot is locked iff its lock counter is strictly greater than 0. * * \param[in] slot The key slot to test. * diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 1d2e51fec..4c4ad0331 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -110,6 +110,15 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( if( psa_key_id_is_volatile( key_id ) ) { slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ]; + + /* + * Check if both the PSA key identifier key_id and the owner + * identifier of key match those of the key slot. + * + * Note that, if the key slot is not occupied, its PSA key identifier + * is equal to zero. This is an invalid value for a PSA key identifier + * and thus cannot be equal to the valid PSA key identifier key_id. + */ status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; } @@ -192,9 +201,9 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, /* * If there is no unused key slot and there is at least one unlocked key - * slot containing the description of a permament key, recycle the first - * such key slot we encountered. If we need later on to operate on the - * persistent key we evict now, we will reload its description from + * slot containing the description of a persistent key, recycle the first + * such key slot we encountered. If we later need to operate on the + * persistent key we are evicting now, we will reload its description from * storage. */ if( ( selected_slot == NULL ) && diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 8b9d7463a..ef0814ac9 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -79,9 +79,9 @@ static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) * identified by \p key. * * \retval #PSA_SUCCESS - * The pointer to the key slot containing the description of the key - * identified by \p key was returned. The key slot counter was - * implemented. + * \p *p_slot contains a pointer to the key slot containing the + * description of the key identified by \p key. + * The key slot counter has been incremented. * \retval #PSA_ERROR_BAD_STATE * The library has not been initialized. * \retval #PSA_ERROR_INVALID_HANDLE diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 474fbe7c9..edc1886fe 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -908,7 +908,7 @@ void key_slot_eviction_to_import_new_key( int lifetime_arg ) /* * Create a new persistent or volatile key. When creating the key, - * one of the description of the previously created persistent key + * one of the descriptions of the previously created persistent keys * is removed from the RAM key slots. This makes room to store its * description in RAM. */ From 3a4f0e3cc4bb8a289b724f415c10dd83cd2b9ffe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 19 Nov 2020 17:55:23 +0100 Subject: [PATCH 470/488] tests: psa: Reset key attributes where needed After a call to psa_get_key_attributes() to retrieve the attributes of a key into a psa_key_attributes_t structure, a call to psa_reset_key_attributes() is mandated to free the resources that may be referenced by the psa_key_attributes_t structure. Not calling psa_reset_key_attributes() may result in a memory leak. When a test function calls psa_get_key_parameters() the associated key attributes are systematically reset in the clean-up part of the function with a comment to emphasize the need for the reset and make it more visible. Signed-off-by: Ronald Cron --- tests/suites/test_suite_pk.function | 12 ++ tests/suites/test_suite_psa_crypto.function | 148 ++++++++++++++++-- ...t_suite_psa_crypto_persistent_key.function | 10 ++ ...st_suite_psa_crypto_se_driver_hal.function | 23 +++ ..._suite_psa_crypto_slot_management.function | 45 ++++++ 5 files changed, 226 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 9803f9051..98016c652 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -200,6 +200,12 @@ void pk_psa_utils( ) TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + mbedtls_pk_free( &pk ); /* redundant except upon error */ mbedtls_pk_free( &pk2 ); PSA_DONE( ); @@ -1289,6 +1295,12 @@ void pk_psa_sign( int grpid_arg, hash, sizeof hash, sig, sig_len ) == 0 ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + mbedtls_pk_free( &pk ); PSA_DONE( ); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b03df3d4b..8e71610ac 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -292,7 +292,12 @@ int check_key_attributes_sanity( mbedtls_svc_key_id_t key ) ok = 1; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + return( ok ); } @@ -445,6 +450,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, iv_length = PSA_BLOCK_CIPHER_BLOCK_SIZE( psa_get_key_type( &attributes ) ); maybe_invalid_padding = ! PSA_ALG_IS_STREAM_CIPHER( alg ); + psa_reset_key_attributes( &attributes ); } PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) ); PSA_ASSERT( psa_cipher_set_iv( &operation, @@ -717,8 +723,13 @@ static psa_status_t key_agreement_with_self( operation, PSA_KEY_DERIVATION_INPUT_SECRET, key, public_key, public_key_length ); exit: - mbedtls_free( public_key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); return( status ); } @@ -754,8 +765,13 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, public_key, public_key_length, output, sizeof( output ), &output_length ); exit: - mbedtls_free( public_key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( public_key ); return( status ); } @@ -1033,8 +1049,13 @@ static int exercise_export_key( mbedtls_svc_key_id_t key, exported, exported_length ); exit: - mbedtls_free( exported ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); return( ok ); } @@ -1069,8 +1090,13 @@ static int exercise_export_public_key( mbedtls_svc_key_id_t key ) exported, exported_length ); exit: - mbedtls_free( exported ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + mbedtls_free( exported ); return( ok ); } @@ -1205,7 +1231,12 @@ static int test_operations_on_invalid_key( mbedtls_svc_key_id_t key ) ok = 1; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + return( ok ); } @@ -1479,8 +1510,13 @@ void import_with_policy( int type_arg, test_operations_on_invalid_key( key ); exit: - psa_destroy_key( key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1518,8 +1554,13 @@ void import_with_data( data_t *data, int type_arg, test_operations_on_invalid_key( key ); exit: - psa_destroy_key( key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1567,6 +1608,12 @@ void import_large_key( int type_arg, int byte_size_arg, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( buffer ); @@ -1696,9 +1743,14 @@ destroy: test_operations_on_invalid_key( key ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &got_attributes ); + mbedtls_free( exported ); mbedtls_free( reexported ); - psa_reset_key_attributes( &got_attributes ); PSA_DONE( ); } /* END_CASE */ @@ -1749,9 +1801,14 @@ void import_export_public_key( data_t *data, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + mbedtls_free( exported ); psa_destroy_key( key ); - psa_reset_key_attributes( &attributes ); PSA_DONE( ); } /* END_CASE */ @@ -1792,8 +1849,14 @@ void import_and_exercise_key( data_t *data, test_operations_on_invalid_key( key ); exit: - psa_destroy_key( key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -1832,8 +1895,13 @@ void effective_key_attributes( int type_arg, int expected_type_arg, TEST_EQUAL( psa_get_key_algorithm( &attributes ), expected_alg ); exit: - psa_destroy_key( key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + psa_destroy_key( key ); PSA_DONE( ); } /* END_CASE */ @@ -2087,8 +2155,13 @@ void asymmetric_encryption_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_destroy_key( key ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( buffer ); } @@ -2265,6 +2338,12 @@ void key_policy_alg2( int key_type_arg, data_t *key_data, goto exit; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &got_attributes ); + psa_destroy_key( key ); PSA_DONE( ); } @@ -2385,8 +2464,13 @@ void copy_success( int source_usage_arg, PSA_ASSERT( psa_destroy_key( target_key ) ); exit: + /* + * Source and target key attributes may have been returned by + * psa_get_key_attributes() thus reset them as required. + */ psa_reset_key_attributes( &source_attributes ); psa_reset_key_attributes( &target_attributes ); + PSA_DONE( ); mbedtls_free( export_buffer ); } @@ -4138,7 +4222,12 @@ void sign_deterministic( int key_type_arg, data_t *key_data, #endif /* MBEDTLS_TEST_DEPRECATED */ exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); @@ -4259,7 +4348,12 @@ void sign_verify( int key_type_arg, data_t *key_data, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); mbedtls_free( signature ); PSA_DONE( ); @@ -4409,7 +4503,12 @@ void asymmetric_encrypt( int key_type_arg, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); mbedtls_free( output ); PSA_DONE( ); @@ -4473,7 +4572,12 @@ void asymmetric_encrypt_decrypt( int key_type_arg, output2, output2_length ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); mbedtls_free( output ); mbedtls_free( output2 ); @@ -5080,8 +5184,13 @@ void derive_key_exercise( int alg_arg, goto exit; exit: - psa_key_derivation_abort( &operation ); + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + + psa_key_derivation_abort( &operation ); psa_destroy_key( base_key ); psa_destroy_key( derived_key ); PSA_DONE( ); @@ -5511,7 +5620,12 @@ void generate_key( int type_arg, goto exit; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &got_attributes ); + psa_destroy_key( key ); PSA_DONE( ); } @@ -5612,7 +5726,12 @@ void generate_key_rsa( int bits_arg, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() or + * set by psa_set_key_domain_parameters() thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( e_read_buffer ); @@ -5741,7 +5860,12 @@ void persistent_key_load_key_from_storage( data_t *data, goto exit; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + mbedtls_free( first_export ); mbedtls_free( second_export ); psa_key_derivation_abort( &operation ); diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index c4c2b75f6..8e10158f6 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -240,7 +240,12 @@ void persistent_key_import( int owner_id_arg, int key_id_arg, int type_arg, PSA_ASSERT( psa_destroy_key( key_id ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + psa_destroy_persistent_key( key_id ); PSA_DONE(); } @@ -308,7 +313,12 @@ void import_export_persistent_key( data_t *data, int type_arg, TEST_EQUAL( psa_is_key_present_in_storage( key_id ), 0 ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + mbedtls_free( exported ); PSA_DONE( ); psa_destroy_persistent_key( key_id ); diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 04aecb6b7..1add9b4a7 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -578,6 +578,12 @@ static int check_key_attributes( ok = 1; exit: + /* + * Actual key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &actual_attributes ); + return( ok ); } @@ -753,7 +759,12 @@ static int smoke_test_key( mbedtls_svc_key_id_t key ) ok = 1; exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ psa_reset_key_attributes( &attributes ); + return( ok ); } @@ -1080,6 +1091,12 @@ void key_creation_in_chosen_slot( int slot_arg, TEST_EQUAL( psa_open_key( id, &handle ), PSA_ERROR_DOES_NOT_EXIST ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); ram_slots_reset( ); psa_purge_storage( ); @@ -1431,6 +1448,12 @@ void sign_verify( int flow, PSA_ERROR_INVALID_SIGNATURE ); exit: + /* + * Driver key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &drv_attributes ); + psa_destroy_key( id ); psa_destroy_key( sw_key ); PSA_DONE( ); diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index edc1886fe..57d478982 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -226,6 +226,12 @@ void transient_slot_lifecycle( int owner_id_arg, TEST_EQUAL( psa_close_key( key ), PSA_ERROR_DOES_NOT_EXIST ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); } /* END_CASE */ @@ -369,6 +375,13 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, } exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + psa_reset_key_attributes( &read_attributes ); + PSA_DONE( ); psa_purge_key_storage( ); mbedtls_free( reexported ); @@ -437,6 +450,12 @@ void create_existent( int lifetime_arg, int owner_id_arg, int id_arg, PSA_ASSERT( psa_close_key( id ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); psa_purge_key_storage( ); } @@ -626,6 +645,13 @@ void copy_across_lifetimes( int source_lifetime_arg, int source_owner_id_arg, PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: + /* + * Source and target key attributes may have been returned by + * psa_get_key_attributes() thus reset them as required. + */ + psa_reset_key_attributes( &source_attributes ); + psa_reset_key_attributes( &target_attributes ); + PSA_DONE( ); mbedtls_free( export_buffer ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -737,6 +763,13 @@ void copy_to_occupied( int source_lifetime_arg, int source_id_arg, PSA_ASSERT( psa_destroy_key( returned_target_id ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes1 ); + psa_reset_key_attributes( &attributes2 ); + PSA_DONE( ); mbedtls_free( export_buffer ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -824,6 +857,12 @@ void invalid_handle( int handle_construction, PSA_ASSERT( psa_close_key( valid_handle ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + PSA_DONE( ); } /* END_CASE */ @@ -1059,6 +1098,12 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation( ) ASSERT_COMPARE( exported, exported_length, (uint8_t *) &persistent_key, sizeof( persistent_key ) ); exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes( &attributes ); + psa_destroy_key( persistent_key ); PSA_DONE( ); mbedtls_free( keys ); From b9b844220bcf6df2f9a5c9efc36bcc95a6759ea0 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 14 Oct 2020 14:39:20 +0200 Subject: [PATCH 471/488] Plug in the entry point for public key export through driver Including test. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 16 ++- library/psa_crypto_driver_wrappers.c | 53 +++++++++ library/psa_crypto_driver_wrappers.h | 5 + tests/include/test/drivers/key_management.h | 19 ++- tests/src/drivers/key_management.c | 111 +++++++++++++++++- ...test_suite_psa_crypto_driver_wrappers.data | 16 +++ ..._suite_psa_crypto_driver_wrappers.function | 67 +++++++++++ 7 files changed, 276 insertions(+), 11 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 97b522dd5..8a2e41383 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1656,14 +1656,24 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, /* Exporting private -> private */ return( psa_internal_export_key_buffer( slot, data, data_size, data_length ) ); } + /* Need to export the public part of a private key, - * so conversion is needed */ + * so conversion is needed. Try the accelerators first. */ + psa_status_t status = psa_driver_wrapper_export_public_key( slot, + data, + data_size, + data_length ); + + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + return( status ); + if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) mbedtls_rsa_context *rsa = NULL; - psa_status_t status = psa_load_rsa_representation( + status = psa_load_rsa_representation( slot->attr.type, slot->data.key.data, slot->data.key.bytes, @@ -1692,7 +1702,7 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot, #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_keypair *ecp = NULL; - psa_status_t status = psa_load_ecp_representation( + status = psa_load_ecp_representation( slot->attr.type, slot->data.key.data, slot->data.key.bytes, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 4040b36b6..c3ea6f142 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -438,6 +438,59 @@ psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attrib #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } +psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, + uint8_t *data, + size_t data_size, + size_t *data_length ) +{ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = test_transparent_export_public_key( &attributes, + slot->data.key.data, + slot->data.key.bytes, + data, + data_size, + data_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + /* Fell through, meaning no accelerator supports this operation */ + return( PSA_ERROR_NOT_SUPPORTED ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( test_opaque_export_public_key( &attributes, + slot->data.key.data, + slot->data.key.bytes, + data, + data_size, + data_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + default: + /* Key is declared with a lifetime not known to us */ + return( status ); + } +#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + (void) slot; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +} + /* * Cipher functions */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index b0b483bb5..6b5143781 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -55,6 +55,11 @@ psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attrib size_t data_length, size_t *bits ); +psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot, + uint8_t *data, + size_t data_size, + size_t *data_length ); + /* * Cipher functions */ diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 56f3ef82e..90f8c587c 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -58,10 +58,21 @@ psa_status_t test_opaque_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); -psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits); +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits); + +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */ diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index d6d75b3ed..d08969119 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -137,10 +137,11 @@ psa_status_t test_opaque_generate_key( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - size_t *bits) +psa_status_t test_transparent_validate_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + size_t *bits ) { ++test_driver_key_management_hooks.hits; @@ -248,4 +249,106 @@ ecp_exit: * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ } +psa_status_t test_transparent_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + ++test_driver_keygen_hooks.hits; + + if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_keygen_hooks.forced_status ); + + if( test_driver_keygen_hooks.forced_output != NULL ) + { + if( test_driver_keygen_hooks.forced_output_length > data_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( data, test_driver_keygen_hooks.forced_output, + test_driver_keygen_hooks.forced_output_length ); + *data_length = test_driver_keygen_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + if( key == NULL || key_length == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + psa_key_type_t keytype = psa_get_key_type( attributes ); + +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) + if( PSA_KEY_TYPE_IS_ECC( keytype ) ) + { + if( !PSA_KEY_TYPE_IS_KEY_PAIR( keytype ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Mostly copied from psa_crypto.c */ + mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair ecp; + mbedtls_test_rnd_pseudo_info rnd_info; + memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); + + if( attributes->domain_parameters_size != 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + + grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( keytype ), + PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ); + if( grp_id == MBEDTLS_ECP_DP_NONE ) + return( PSA_ERROR_NOT_SUPPORTED ); + + mbedtls_ecp_keypair_init( &ecp ); + + status = mbedtls_to_psa_error( + mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_read_key( ecp.grp.id, + &ecp, + key, + key_length ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + /* Calculate the public key */ + status = mbedtls_to_psa_error( + mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); + if( status != PSA_SUCCESS ) + goto ecp_exit; + + status = mbedtls_to_psa_error( + mbedtls_ecp_point_write_binary( &ecp.grp, &ecp.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + data_length, + data, + data_size ) ); + if( status != PSA_SUCCESS ) + memset( data, 0, data_size ); +ecp_exit: + mbedtls_ecp_keypair_free( &ecp ); + return( status ); + } +#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR || + * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t test_opaque_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) data; + (void) data_size; + (void) data_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 1f1ee39cd..2b1400b35 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -59,6 +59,22 @@ validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_ validate key through transparent driver: error validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR +export_key private to public through driver: fake +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_SUCCESS:"0102030405":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_SUCCESS + +export_key private to public through driver: in-driver +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_SUCCESS:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS + +export_key private to public through driver: fallback +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS + +export_key private to public through driver: error +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR + PSA symmetric encrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a0140d2cb..50415ca3d 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -218,6 +218,73 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +void export_key( int force_status_arg, + data_t *fake_output, + int key_in_type_arg, + data_t *key_in, + int key_out_type_arg, + data_t *expected_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_key_handle_t handle = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t input_key_type = key_in_type_arg; + psa_key_type_t output_key_type = key_out_type_arg; + const uint8_t *expected_output_ptr = NULL; + size_t expected_output_length = 0; + psa_status_t actual_status; + uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0}; + size_t actual_output_length; + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + + psa_set_key_type( &attributes, input_key_type ); + psa_set_key_bits( &attributes, 256 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT ); + + PSA_ASSERT( psa_crypto_init( ) ); + PSA_ASSERT( psa_import_key( &attributes, key_in->x, key_in->len, &handle ) ); + + if( fake_output->len > 0 ) + { + expected_output_ptr = test_driver_keygen_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_keygen_hooks.forced_output_length = + fake_output->len; + } + else + { + expected_output_ptr = expected_output->x; + expected_output_length = expected_output->len; + } + + test_driver_keygen_hooks.hits = 0; + test_driver_keygen_hooks.forced_status = force_status; + + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) ) + actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + else + actual_status = psa_export_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); + TEST_EQUAL( actual_status, expected_status ); + + if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) && + !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) ) + TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); + + if( actual_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( actual_output, actual_output_length, + expected_output_ptr, expected_output_length ); + } +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( handle ); + PSA_DONE( ); + test_driver_keygen_hooks = test_driver_keygen_hooks_init(); +} +/* END_CASE */ + /* BEGIN_CASE */ void cipher_encrypt( int alg_arg, int key_type_arg, data_t *key, data_t *iv, From 0737c09c7b7abf7cd45f46bb10c68877314e0892 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 14 Oct 2020 14:44:25 +0200 Subject: [PATCH 472/488] Added changelog Signed-off-by: Steven Cooreman --- ChangeLog.d/add_export_public_key_driver.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add_export_public_key_driver.txt diff --git a/ChangeLog.d/add_export_public_key_driver.txt b/ChangeLog.d/add_export_public_key_driver.txt new file mode 100644 index 000000000..a9bffbc06 --- /dev/null +++ b/ChangeLog.d/add_export_public_key_driver.txt @@ -0,0 +1,3 @@ +Features + * Implementation of the export_public_key interface for PSA Crypto + accelerator drivers, as defined in #3493. Contributed in #3786. From 383c245142971a76ff8923fe41f86ea067ce1e6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Nov 2020 13:59:43 +0100 Subject: [PATCH 473/488] Move "internal use" sentence attached to the wrong function Signed-off-by: Gilles Peskine --- include/mbedtls/sha512.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 9036ed499..4a8ab4256 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -131,8 +131,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, /** * \brief This function finishes the SHA-512 operation, and writes - * the result to the output buffer. This function is for - * internal use only. + * the result to the output buffer. * * \param ctx The SHA-512 context. This must be initialized * and have a hash operation started. @@ -148,6 +147,7 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, /** * \brief This function processes a single data block within * the ongoing SHA-512 computation. + * This function is for internal use only. * * \param ctx The SHA-512 context. This must be initialized. * \param data The buffer holding one block of data. This From c24023649ed41fdc4919dc01adb4559019977815 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Nov 2020 18:47:43 +0100 Subject: [PATCH 474/488] Rename test_driver_keygen to test_driver_key_management ``` perl -i -pe 's/test_driver_keygen/test_driver_key_management/g' tests/src/drivers/key_management.c tests/suites/test_suite_psa_crypto_driver_wrappers.function ``` Follow-up of c4813a6e809a38d42db12804f23585518b725d88 Signed-off-by: Gilles Peskine --- tests/src/drivers/key_management.c | 16 ++++++++-------- ...est_suite_psa_crypto_driver_wrappers.function | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index d08969119..c79069b7a 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -254,18 +254,18 @@ psa_status_t test_transparent_export_public_key( const uint8_t *key, size_t key_length, uint8_t *data, size_t data_size, size_t *data_length ) { - ++test_driver_keygen_hooks.hits; + ++test_driver_key_management_hooks.hits; - if( test_driver_keygen_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_keygen_hooks.forced_status ); + if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_key_management_hooks.forced_status ); - if( test_driver_keygen_hooks.forced_output != NULL ) + if( test_driver_key_management_hooks.forced_output != NULL ) { - if( test_driver_keygen_hooks.forced_output_length > data_size ) + if( test_driver_key_management_hooks.forced_output_length > data_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, test_driver_keygen_hooks.forced_output, - test_driver_keygen_hooks.forced_output_length ); - *data_length = test_driver_keygen_hooks.forced_output_length; + memcpy( data, test_driver_key_management_hooks.forced_output, + test_driver_key_management_hooks.forced_output_length ); + *data_length = test_driver_key_management_hooks.forced_output_length; return( PSA_SUCCESS ); } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 50415ca3d..ed11a3cc7 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -238,7 +238,7 @@ void export_key( int force_status_arg, psa_status_t actual_status; uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0}; size_t actual_output_length; - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); psa_set_key_type( &attributes, input_key_type ); psa_set_key_bits( &attributes, 256 ); @@ -249,8 +249,8 @@ void export_key( int force_status_arg, if( fake_output->len > 0 ) { - expected_output_ptr = test_driver_keygen_hooks.forced_output = fake_output->x; - expected_output_length = test_driver_keygen_hooks.forced_output_length = + expected_output_ptr = test_driver_key_management_hooks.forced_output = fake_output->x; + expected_output_length = test_driver_key_management_hooks.forced_output_length = fake_output->len; } else @@ -259,8 +259,8 @@ void export_key( int force_status_arg, expected_output_length = expected_output->len; } - test_driver_keygen_hooks.hits = 0; - test_driver_keygen_hooks.forced_status = force_status; + test_driver_key_management_hooks.hits = 0; + test_driver_key_management_hooks.forced_status = force_status; if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) ) actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length ); @@ -270,7 +270,7 @@ void export_key( int force_status_arg, if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) ) - TEST_EQUAL( test_driver_keygen_hooks.hits, 1 ); + TEST_EQUAL( test_driver_key_management_hooks.hits, 1 ); if( actual_status == PSA_SUCCESS ) { @@ -281,7 +281,7 @@ exit: psa_reset_key_attributes( &attributes ); psa_destroy_key( handle ); PSA_DONE( ); - test_driver_keygen_hooks = test_driver_keygen_hooks_init(); + test_driver_key_management_hooks = test_driver_key_management_hooks_init(); } /* END_CASE */ From e13fb810f250b4447b721275e254d27a012d84e2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 22 Nov 2020 19:33:11 +0100 Subject: [PATCH 475/488] A variable is unused in some configurations Signed-off-by: Gilles Peskine --- tests/src/drivers/key_management.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c index c79069b7a..00d2b4519 100644 --- a/tests/src/drivers/key_management.c +++ b/tests/src/drivers/key_management.c @@ -273,6 +273,7 @@ psa_status_t test_transparent_export_public_key( return( PSA_ERROR_INVALID_ARGUMENT ); psa_key_type_t keytype = psa_get_key_type( attributes ); + (void) keytype; #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) From 28b3a946e917f627d0c0e1eb9ead4b821807178e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 13:08:11 +0100 Subject: [PATCH 476/488] Fix copypasta Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index b193d1ca1..21b724d12 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -190,7 +190,7 @@ The signature of a driver entry point generally looks like the signature of the * For entry points that involve a multi-part operation, the operation state type (`psa_XXX_operation_t`) is replaced by a driver-specific operation state type (*prefix*`_XXX_operation_t`). * For entry points that are involved in key creation, the `psa_key_id_t *` output parameter is replaced by a sequence of parameters that convey the key context: - 1. `const uint8_t *key_buffer`: a buffer for the key material or key context. + 1. `uint8_t *key_buffer`: a buffer for the key material or key context. 2. `size_t key_buffer_size`: the size of the key buffer in bytes. 2. `size_t *key_buffer_length`: the length of the data written to the key buffer in bytes. @@ -316,7 +316,7 @@ TODO ### Driver entry points for key management -The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-transparent-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. +The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-opaque-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. The entry points that create or format key data have the following prototypes for a driver with the prefix `"acme"`: From 99e52f6313e2c8232019860b752c496d03c022ba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 13:09:50 +0100 Subject: [PATCH 477/488] Clarifications around key import Rework the section describing key import, in particular to clarify key size determination and checking. There is no intended semantic change. Note an open question around support for implementation-specific import formats. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 21b724d12..b42c4b174 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -5,7 +5,7 @@ This document describes an interface for cryptoprocessor drivers in the PSA cryp This specification is work in progress and should be considered to be in a beta stage. There is ongoing work to implement this interface in Mbed TLS, which is the reference implementation of the PSA Cryptography API. At this stage, Arm does not expect major changes, but minor changes are expected based on experience from the first implementation and on external feedback. -Time-stamp: "2020/10/27 17:31:13 GMT" +Time-stamp: "2020/11/24 11:03:32 GMT" ## Introduction @@ -327,7 +327,7 @@ psa_status_t acme_import_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, - size_t *bits); + size_t *bits); // additional parameter, see below psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, @@ -338,7 +338,7 @@ TODO: derivation, copy * The key attributes (`attributes`) have the same semantics as in the PSA Cryptography application interface. * For the `"import_key"` entry point, the input in the `data` buffer is either the export format or an implementation-specific format that the core documents as an acceptable input format for `psa_import_key()`. -* The size of the key data buffer is sufficient for the internal representation of the key. For a transparent driver, this is the key's [export format](#key-format-for-transparent-drivers). For an opaque driver, this is the size determined from the driver description and the key attributes, as specified in the section [“Key format for opaque drivers”](#key-format-for-opaque-drivers). +* The size of the key data buffer `key_buffer` is sufficient for the internal representation of the key. For a transparent driver, this is the key's [export format](#key-format-for-transparent-drivers). For an opaque driver, this is the size determined from the driver description and the key attributes, as specified in the section [“Key format for opaque drivers”](#key-format-for-opaque-drivers). * For an opaque driver with an `"allocate_key"` entry point, the content of the key data buffer on entry is the output of that entry point. * The `"import_key"` entry point must determine or validate the key size and set `*bits` as described in the section [“Key size determination on import”](#key-size-determination-on-import) below. @@ -346,14 +346,15 @@ All key creation entry points must ensure that the resulting key is valid as spe #### Key size determination on import -The `"import_key"` entry point may need to determine the key size. +The `"import_key"` entry point must determine or validate the key size. The PSA Cryptography API exposes the key size as part of the key attributes. -When importing a key, the key size recorded in the key attributes may be `0`, which indicates that the size must be calculated from the data. -In this case, the core will call the `"import_key"` entry point with an `attributes` structure such that `psa_get_key_bits(attributes)` returns 0, and the `"import_key"` entry point must return the actual key size in the `bits` output parameter. The semantics of `bits` is as follows: +When importing a key, the key size recorded in the key attributes can be either a size specified by the caller of the API (who may not be trusted), or `0` which indicates that the size must be calculated from the data. + +When the core calls the `"import_key"` entry point to process a call to `psa_import_key`, it passes an `attributes` structure such that `psa_get_key_bits(attributes)` is the size passed by the caller of `psa_import_key`. If this size is `0`, the `"import_key"` entry point must set the `bits` input-output parameter to the correct key size. The semantics of `bits` is as follows: * The core sets `*bits` to `psa_get_key_bits(attributes)` before calling the `"import_key"` entry point. * If `*bits == 0`, the driver must determine the key size from the data and set `*bits` to this size. If the key size cannot be determined from the data, the driver must return `PSA_ERROR_INVALID_ARGUMENT` (as of version 1.0 of the PSA Cryptography API specification, it is possible to determine the key size for all standard key types). -* If `*bits != 0`, the driver must check the value of `*bits` against the data and return an error if it does not match. If the driver entry point changes `*bits` to a different value but returns `PSA_SUCCESS`, the core will consider the key as invalid and the import will fail. +* If `*bits != 0`, the driver must check the value of `*bits` against the data and return `PSA_ERROR_INVALID_ARGUMENT` if it does not match. If the driver entry point changes `*bits` to a different value but returns `PSA_SUCCESS`, the core will consider the key as invalid and the import will fail. #### Key validation @@ -409,7 +410,7 @@ Transparent drivers are not involved when exporting, copying or destroying keys, #### Key import with transparent drivers -The key import entry points has the following prototype for a driver with the prefix `"acme"`: +As discussed in [the general section about key management entry points](#driver-entry-points-for-key-management), the key import entry points has the following prototype for a driver with the prefix `"acme"`: ``` psa_status_t acme_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, @@ -762,6 +763,12 @@ The specification doesn't mention when the public key might be calculated. The c Should the entry point be called for symmetric keys as well? +#### Support for custom import formats + +[“Driver entry points for key management”](#driver-entry-points-for-key-management) states that the input to `"import_key"` can be an implementation-defined format. Is this a good idea? It reduces driver portability, since a core that accepts a custom format would not work with a driver that doesn't accept this format. On the other hand, if a driver accepts a custom format, the core should let it through because the driver presumably handles it more efficiently (in terms of speed and code size) than the core could. + +Allowing custom formats also causes a problem with import: the core can't know the size of the key representation until it knows the bit-size of the key, but determining the bit-size of the key is part of the job of the `"import_key"` entry point. For standard key types, this could plausibly be an issue for RSA private keys, where an implementation might accept a custom format that omits the CRT parameters (or that omits *d*). + ### Opaque drivers #### Opaque driver persistent state From 4228671d0fcf3f3f0927242e9a629055fd7182cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Nov 2020 13:10:58 +0100 Subject: [PATCH 478/488] Copyediting Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index b42c4b174..2e061e543 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -362,7 +362,7 @@ Key creation entry points must produce valid key data. Key data is _valid_ if op * If a cryptographic mechanism is defined as having keying material of a certain size, or if the keying material involves integers that have to be in a certain range, key creation must ensure that the keying material has an appropriate size and falls within an appropriate range. * If a cryptographic operation involves a division by an integer which is provided as part of a key, key creation must ensure that this integer is nonzero. -* If a cryptographic operation involves two keys A and B (or more), then the creation of A must ensure that using it does not risk compromising B. This applies even if A's policy does not explicitly allow a problematic operation, but A is exportable. In particular, public keys that can potentially be used for key agreement are considered invalid and must not be created if they risk compromising the private key.. +* If a cryptographic operation involves two keys A and B (or more), then the creation of A must ensure that using it does not risk compromising B. This applies even if A's policy does not explicitly allow a problematic operation, but A is exportable. In particular, public keys that can potentially be used for key agreement are considered invalid and must not be created if they risk compromising the private key. * On the other hand, it is acceptable for import to accept a key that cannot be verified as valid if using this key would at most compromise the key itself and material that is secured with this key. For example, RSA key import does not need to verify that the primes are actually prime. Key import may accept an insecure key if the consequences of the insecurity are no worse than a leak of the key prior to its import. With opaque drivers, the key context can only be used by code from the same driver, so key validity is primarily intended to report key creation errors at creation time rather than during an operation. With transparent drivers, the key context can potentially be used by code from a different provider, so key validity is critical for interoperability. @@ -424,7 +424,7 @@ psa_status_t acme_import_key(const psa_key_attributes_t *attributes, This entry point has several roles: 1. Parse the key data in the input buffer `data`. The driver must support the export format for the key types that the entry point is declared for. It may support additional formats as specified in the description of [`psa_import_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) in the PSA Cryptography API specification. -2. Validate the key data. The necessary validation is described in the section [“Key validation with transparent drivers”](#key-validation-with-transparent-drivers) below. +2. Validate the key data. The necessary validation is described in the section [“Key validation with transparent drivers”](#key-validation-with-transparent-drivers) above. 3. [Determine the key size](#key-size-determination-on-import) and output it through `*bits`. 4. Copy the validated key data from `data` to `key_buffer`. The output must be in the canonical format documented for [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) or [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key), so if the input is not in this format, the entry point must convert it. From 2630f6720df59a2084220b1c06f4730a0a330ea0 Mon Sep 17 00:00:00 2001 From: Rodrigo Dias Correa Date: Wed, 4 Nov 2020 01:55:38 -0300 Subject: [PATCH 479/488] Fix build failure on gcc-11 Function prototypes changed to use array parameters instead of pointers. Signed-off-by: Rodrigo Dias Correa --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 041578e68..ec890d7dc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -680,20 +680,20 @@ static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ) #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char *, size_t * ); +static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char [36], size_t * ); static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char *, size_t * ); +static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char [32], size_t * ); static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); #endif #if defined(MBEDTLS_SHA512_C) static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char *, size_t * ); +static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char [48], size_t * ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From 2c424570e2a85e21273313808e8c5efcf1cfc9d7 Mon Sep 17 00:00:00 2001 From: Rodrigo Dias Correa Date: Tue, 10 Nov 2020 01:38:00 -0300 Subject: [PATCH 480/488] Fix mismatched function parameters (prototype/definition) In GCC 11, parameters declared as arrays in function prototypes cannot be declared as pointers in the function definition. The same is true for the other way around. The definition of `mbedtls_aes_cmac_prf_128` was changed to match its public prototype in `cmac.h`. The type `output` was `unsigned char *`, now is `unsigned char [16]`. In `ssl_tls.c`, all the `ssl_calc_verify_*` variants now use pointers for the output `hash` parameter. The array parameters were removed because those functions must be compatible with the function pointer `calc_verify` (defined in `ssl_internal.h`). Signed-off-by: Rodrigo Dias Correa --- library/cmac.c | 2 +- library/ssl_tls.c | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/cmac.c b/library/cmac.c index 816bf13da..59ece155e 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -420,7 +420,7 @@ exit: */ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, const unsigned char *input, size_t in_len, - unsigned char *output ) + unsigned char output[16] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ec890d7dc..9d4c46228 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -680,20 +680,20 @@ static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ) #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char [36], size_t * ); +static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * ); static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char [32], size_t * ); +static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); #endif #if defined(MBEDTLS_SHA512_C) static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char [48], size_t * ); +static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -1667,7 +1667,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_SSL3) void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, - unsigned char hash[36], + unsigned char *hash, size_t *hlen ) { mbedtls_md5_context md5; @@ -1720,7 +1720,7 @@ void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, - unsigned char hash[36], + unsigned char *hash, size_t *hlen ) { mbedtls_md5_context md5; @@ -1752,7 +1752,7 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, - unsigned char hash[32], + unsigned char *hash, size_t *hlen ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1801,7 +1801,7 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SHA512_C) void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, - unsigned char hash[48], + unsigned char *hash, size_t *hlen ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) From 80448aae2c93b7bfe73a05410196e237ef2dd8e1 Mon Sep 17 00:00:00 2001 From: Rodrigo Dias Correa Date: Tue, 10 Nov 2020 02:28:50 -0300 Subject: [PATCH 481/488] Fix GCC warning about `test_snprintf` GCC 11 generated the warnings because the parameter `ret_buf` was declared as `const char[10]`, but some of the arguments provided in `run_test_snprintf` are shorter literals, like "". Now the type of `ret_buf` is `const char *`. Both implementations of `test_snprintf` were fixed. Signed-off-by: Rodrigo Dias Correa --- programs/test/selftest.c | 2 +- tests/suites/host_test.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 2aa379b1c..41d704073 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -158,7 +158,7 @@ static int calloc_self_test( int verbose ) } #endif /* MBEDTLS_SELF_TEST */ -static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) +static int test_snprintf( size_t n, const char *ref_buf, int ref_ret ) { int ret; char buf[10] = "xxxxxxxxx"; diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index db53e9784..872a3a43a 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -335,7 +335,7 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store #if defined(__GNUC__) __attribute__((__noinline__)) #endif -static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret ) +static int test_snprintf( size_t n, const char *ref_buf, int ref_ret ) { int ret; char buf[10] = "xxxxxxxxx"; From eb5d014d8ec82cfebfdd008d890d0e1a114c2abc Mon Sep 17 00:00:00 2001 From: Rodrigo Dias Correa Date: Tue, 10 Nov 2020 02:51:51 -0300 Subject: [PATCH 482/488] Fix GCC warning in `ssl_calc_finished_tls_sha384` GCC 11 generated a warning because `padbuf` was too small to be used as an argument for `mbedtls_sha512_finish_ret`. The `output` parameter of `mbedtls_sha512_finish_ret` has the type `unsigned char[64]`, but `padbuf` was only 48 bytes long. Even though `ssl_calc_finished_tls_sha384` uses only 48 bytes for the hash output, the size of `padbuf` was increased to 64 bytes. Signed-off-by: Rodrigo Dias Correa --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9d4c46228..c69de3f1d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3202,7 +3202,7 @@ static void ssl_calc_finished_tls_sha384( { int len = 12; const char *sender; - unsigned char padbuf[48]; + unsigned char padbuf[64]; #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT; From 683028a2f721980fa541e49a42cfdce3cc3f1c1d Mon Sep 17 00:00:00 2001 From: Rodrigo Dias Correa Date: Tue, 10 Nov 2020 03:17:36 -0300 Subject: [PATCH 483/488] Add changelog entry file to `ChangeLog.d` Signed-off-by: Rodrigo Dias Correa --- ChangeLog.d/bugfix_3782.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/bugfix_3782.txt diff --git a/ChangeLog.d/bugfix_3782.txt b/ChangeLog.d/bugfix_3782.txt new file mode 100644 index 000000000..25e18cb18 --- /dev/null +++ b/ChangeLog.d/bugfix_3782.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix build failures on GCC 11. Fixes #3782. From d596ca8a1e34b6ef2fda293250829d014e5d33af Mon Sep 17 00:00:00 2001 From: Rodrigo Dias Correa Date: Wed, 25 Nov 2020 00:42:28 -0300 Subject: [PATCH 484/488] Fix GCC warning in `ssl_calc_finished_tls_sha384` This commit fixes the same warning fixed by baeedbf9, but without wasting RAM. By casting `mbedtls_sha512_finish_ret()`, `padbuf` could be kept 48 bytes long without triggering any warnings. Signed-off-by: Rodrigo Dias Correa --- library/ssl_tls.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c69de3f1d..79348bd8d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3197,12 +3197,15 @@ static void ssl_calc_finished_tls_sha256( #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) + +typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char[48]); + static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) { int len = 12; const char *sender; - unsigned char padbuf[64]; + unsigned char padbuf[48]; #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT; @@ -3255,8 +3258,14 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) sha512.state, sizeof( sha512.state ) ); #endif + /* + * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long. + * However, to avoid stringop-overflow warning in gcc, we have to cast + * mbedtls_sha512_finish_ret(). + */ + finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret; + finish( &sha512, padbuf ); - mbedtls_sha512_finish_ret( &sha512, padbuf ); mbedtls_sha512_free( &sha512 ); #endif From f06a6144e23a1a8dcc3dd749b993ad88a96063fb Mon Sep 17 00:00:00 2001 From: Rodrigo Dias Correa Date: Wed, 25 Nov 2020 07:30:26 -0300 Subject: [PATCH 485/488] Change function casting in `ssl_calc_finished_tls_sha384` `finish_sha384_t` was made more generic by using `unsigned char*` instead of `unsigned char[48]` as the second parameter. This change tries to make the function casting more robust against future improvements of gcc analysis. Signed-off-by: Rodrigo Dias Correa --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 79348bd8d..a1a5859f0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3198,7 +3198,7 @@ static void ssl_calc_finished_tls_sha256( #if defined(MBEDTLS_SHA512_C) -typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char[48]); +typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*); static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) From 89b98142b89c5579f1460bedafc79ab84d026125 Mon Sep 17 00:00:00 2001 From: "Wu, Jheng-Jhong" Date: Thu, 26 Nov 2020 09:27:17 +0800 Subject: [PATCH 486/488] Remove psa header files in uninstall part Uninstall psa header files which installed to DESTDIR. Signed-off-by: Wu, Jheng-Jhong Signed-off-by: Victor Wu --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index f8d26d2b2..9344e71d9 100644 --- a/Makefile +++ b/Makefile @@ -45,6 +45,7 @@ install: no_test uninstall: rm -rf $(DESTDIR)/include/mbedtls + rm -rf $(DESTDIR)/include/psa rm -f $(DESTDIR)/lib/libmbedtls.* rm -f $(DESTDIR)/lib/libmbedx509.* rm -f $(DESTDIR)/lib/libmbedcrypto.* From f0a9721c18ee8d9ebe06f48ff4fc0f04779d4af3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Nov 2020 10:31:32 +0100 Subject: [PATCH 487/488] Use GitHub-compatible table formatting Also fix a stray `. Signed-off-by: Gilles Peskine --- docs/proposed/psa-conditional-inclusion-c.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md index 83fd88df2..52138b174 100644 --- a/docs/proposed/psa-conditional-inclusion-c.md +++ b/docs/proposed/psa-conditional-inclusion-c.md @@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA. -Time-stamp: "2020/11/19 10:24:03 GMT" +Time-stamp: "2020/11/26 09:30:50 GMT" ## Introduction @@ -139,15 +139,13 @@ The following table summarizes where symbols are defined depending on the config * (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS. * (G) indicates a symbol that is generated from driver descriptions. ------------------------------------------------------------------------------------------------- -Symbols With `MBEDTLS_PSA_CRYPTO_CONFIG` Without `MBEDTLS_PSA_CRYPTO_CONFIG` -------------------------- -------------------------------- ----------------------------------- -`MBEDTLS_xxx_C` `mbedtls/config.h` (U) or `mbedtls/config.h` (U) - `mbedtls/config_psa.h` (D) -`PSA_WANT_xxx` `psa/crypto_config.h` (U) `mbedtls/config_psa.h (D) -`MBEDTLS_PSA_BUILTIN_xxx` `mbedtls/config_psa.h` (D) `mbedtls/config_psa.h` (D) -`MBEDTLS_PSA_ACCEL_xxx` `mbedtls/crypto_drivers.h` (G) N/A ------------------------------------------------------------------------------------------------- +| Symbols | With `MBEDTLS_PSA_CRYPTO_CONFIG` | Without `MBEDTLS_PSA_CRYPTO_CONFIG` | +| ------------------------- | -------------------------------- | ----------------------------------- | +| `MBEDTLS_xxx_C` | `mbedtls/config.h` (U) or | `mbedtls/config.h` (U) | +| | `mbedtls/config_psa.h` (D) | | +| `PSA_WANT_xxx` | `psa/crypto_config.h` (U) | `mbedtls/config_psa.h` (D) | +| `MBEDTLS_PSA_BUILTIN_xxx` | `mbedtls/config_psa.h` (D) | `mbedtls/config_psa.h` (D) | +| `MBEDTLS_PSA_ACCEL_xxx` | `mbedtls/crypto_drivers.h` (G) | N/A | #### Visibility of internal symbols From d4585ff3c56ef2df2a6158e4f6a9bb19b2b2b158 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 27 Nov 2020 17:00:42 +0100 Subject: [PATCH 488/488] Fix removal of deprecated PSA constants MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Due to a misplaced #endif, the (non-functional) macro definitions were not properly removed from crypto_compat.h if MBEDTLS_DEPRECATED_REMOVED was declared. Signed-off-by: Bence Szépkúti --- include/psa/crypto_compat.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 339ef270e..86aa27158 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -134,10 +134,6 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key return psa_verify_hash( key, alg, hash, hash_length, signature, signature_length ); } - - -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /* * Size-specific elliptic curve families. */ @@ -244,6 +240,8 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key #define PSA_DH_GROUP_CUSTOM \ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM ) +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + /** Open a handle to an existing persistent key. * * Open a handle to a persistent key. A key is persistent if it was created