From a98511164f334da4f8ec167eac576933e69ab69c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Jan 2019 16:37:10 +0000 Subject: [PATCH 01/25] Adapt ecdsa_verify_wrap() to new EC public key format Previously, PSA used SubjectPublicKeyInfo structures to serialize EC public keys. This has recently been changed to using ECPoint structures instead, but the wrapper making PSA ECDSA verification available through Mbed TLS' PK API hasn't yet been adapted accordingly - which is what this commit does. Luckily, Mbed TLS' PK API offers two functions mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der(), the latter exporting a SubjectPublicKeyInfo structure and the former exporting an ECPoint structure in case of EC public keys. For the adaptation of the ECDSA wrapper ecdsa_verify_wrap() it is therefore sufficient to use mbedtls_pk_write_pubkey() instead of mbedtls_pk_write_pubkey_der(). --- library/pk_wrap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 7f8abd488..332696dfd 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -553,7 +553,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, int key_len; /* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */ unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES]; - unsigned char *p = (unsigned char*) sig; + unsigned char *p; mbedtls_pk_info_t pk_info = mbedtls_eckey_info; psa_algorithm_t psa_sig_md, psa_md; psa_ecc_curve_t curve = mbedtls_psa_translate_ecc_group( @@ -567,7 +567,8 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, * re-construct one to make it happy */ key.pk_info = &pk_info; key.pk_ctx = ctx; - key_len = mbedtls_pk_write_pubkey_der( &key, buf, sizeof( buf ) ); + p = buf + sizeof( buf ); + key_len = mbedtls_pk_write_pubkey( &p, buf, &key ); if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -603,6 +604,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, goto cleanup; } + p = (unsigned char*) sig; if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf, signature_part_size ) ) != 0 ) { From af01b4b387c9817ef1464705cc857a293fbc3c07 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 28 Jan 2019 11:45:50 +0000 Subject: [PATCH 02/25] Update crypto submodule to sibling commit --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 2169a5e54..5d5e90a61 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 2169a5e54ded734f7844af1a16c39b993c2a992c +Subproject commit 5d5e90a610ffd78000e056043d2ea9184f060e52 From d6db9be598733f34c3734450bc943b5860b9a807 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 10 Jan 2019 05:27:10 -0500 Subject: [PATCH 03/25] Adapt mbedtls_ssl_get_key_exchange_md_tls1_2 to PSA hashing --- include/mbedtls/ssl_internal.h | 1 + library/ssl_tls.c | 65 ++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index fced2cbd7..a13feb55c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -765,6 +765,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) +// The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8fe93141f..99b99285e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -50,6 +50,11 @@ #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" +#include "psa/crypto.h" +#endif + #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/oid.h" #endif @@ -9972,6 +9977,64 @@ exit: #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg ) +{ + int ret = 0; + psa_hash_operation_t hash_operation; + psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); + + if( ( ret = psa_hash_setup( &hash_operation, hash_alg ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", ret ); + goto exit; + } + + if( ( ret = psa_hash_update( &hash_operation, ssl->handshake->randbytes, 64 ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", ret ); + goto exit; + } + + if( ( ret = psa_hash_update( &hash_operation, data, data_len ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", ret ); + goto exit; + } + + if( ( ret = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE, hashlen ) ) != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", ret ); + goto exit; + } + +exit: + if( ret != 0 ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + switch(ret) + { + case PSA_ERROR_NOT_SUPPORTED: + return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + case PSA_ERROR_BAD_STATE: // Intentional fallthrough + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + case PSA_ERROR_INSUFFICIENT_MEMORY: + return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + default: + return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED ); + } + } + return( 0 ); +} + +#else + int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, @@ -10026,6 +10089,8 @@ exit: return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ From 814feffd15c9d2b9ccb5bb5449d4da356b35f8a4 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 14 Jan 2019 04:35:19 -0500 Subject: [PATCH 04/25] Whitespace, logging and documentation fixes Introduce a psa_status_t status to handle return values. Add a debug message with API usage description. --- include/mbedtls/ssl_internal.h | 2 +- library/ssl_tls.c | 34 ++++++++++++++++++++++------------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index a13feb55c..f1148af32 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -765,7 +765,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) -// The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. +/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, unsigned char *data, size_t data_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 99b99285e..675150d56 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9984,44 +9984,51 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, unsigned char *data, size_t data_len, mbedtls_md_type_t md_alg ) { - int ret = 0; + psa_status_t status; psa_hash_operation_t hash_operation; psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); - if( ( ret = psa_hash_setup( &hash_operation, hash_alg ) ) != PSA_SUCCESS ) + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Perform PSA-based computation of digest \ + of ServerKeyExchange" ) ); + + if( ( status = psa_hash_setup( &hash_operation, + hash_alg ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status ); goto exit; } - if( ( ret = psa_hash_update( &hash_operation, ssl->handshake->randbytes, 64 ) ) != PSA_SUCCESS ) + if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes, + 64 ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); goto exit; } - if( ( ret = psa_hash_update( &hash_operation, data, data_len ) ) != PSA_SUCCESS ) + if( ( status = psa_hash_update( &hash_operation, + data, data_len ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); goto exit; } - if( ( ret = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE, hashlen ) ) != PSA_SUCCESS ) + if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE, + hashlen ) ) != PSA_SUCCESS ) { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status ); goto exit; } exit: - if( ret != 0 ) + if( status != PSA_SUCCESS ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - switch(ret) + switch( status ) { case PSA_ERROR_NOT_SUPPORTED: return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); - case PSA_ERROR_BAD_STATE: // Intentional fallthrough + case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */ case PSA_ERROR_BUFFER_TOO_SMALL: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); case PSA_ERROR_INSUFFICIENT_MEMORY: @@ -10045,6 +10052,9 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); *hashlen = mbedtls_md_get_size( md_info ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Perform mbedtls-based computation of digest \ + of ServerKeyExchange" ) ); + mbedtls_md_init( &ctx ); /* From e85414edd03e69d606cc0eb93ee46f6a50723da9 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 15 Jan 2019 05:23:59 -0500 Subject: [PATCH 05/25] ssl-opt: add a check for PSA computation of digest of ServerKeyExchange --- library/ssl_tls.c | 8 ++++---- tests/ssl-opt.sh | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 675150d56..3d87bfc9e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9988,8 +9988,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, psa_hash_operation_t hash_operation; psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Perform PSA-based computation of digest \ - of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based computation of digest " + "of ServerKeyExchange" ) ); if( ( status = psa_hash_setup( &hash_operation, hash_alg ) ) != PSA_SUCCESS ) @@ -10052,8 +10052,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); *hashlen = mbedtls_md_get_size( md_info ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Perform mbedtls-based computation of digest \ - of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform mbedtls-based computation of digest " + "of ServerKeyExchange" ) ); mbedtls_md_init( &ctx ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ccecc4b1..30753b779 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -765,6 +765,7 @@ run_test_psa() { -C "Failed to setup PSA-based cipher context"\ -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ + -c "Perform PSA-based computation of digest of ServerKeyExchange" \ -S "error" \ -C "error" } From 5615dabeefdbb2af7a2285845cf66e6aa01fffb5 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 16 Jan 2019 05:26:25 -0500 Subject: [PATCH 06/25] ssl_tls: remove line breaks from a debug message --- library/ssl_tls.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3d87bfc9e..a79999ac8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9988,8 +9988,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, psa_hash_operation_t hash_operation; psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based computation of digest " - "of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); if( ( status = psa_hash_setup( &hash_operation, hash_alg ) ) != PSA_SUCCESS ) @@ -10052,8 +10051,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); *hashlen = mbedtls_md_get_size( md_info ); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform mbedtls-based computation of digest " - "of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) ); mbedtls_md_init( &ctx ); From c929a82a6bbec9e1af7c538175ce16e4a21b0882 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 14 Jan 2019 03:51:11 -0500 Subject: [PATCH 07/25] Implement tls_prf_generic using the PSA API --- library/ssl_tls.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8fe93141f..d0fadfdc6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -54,6 +54,10 @@ #include "mbedtls/oid.h" #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" +#endif + static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ); @@ -490,6 +494,73 @@ static int tls1_prf( const unsigned char *secret, size_t slen, #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int tls_prf_generic( mbedtls_md_type_t md_type, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ) +{ + psa_status_t status; + psa_algorithm_t alg; + psa_key_policy_t policy; + psa_key_slot_t master_slot; + psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + + status = mbedtls_psa_get_free_key_slot( &master_slot ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if( md_type == MBEDTLS_MD_SHA384 ) + alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); + else + alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); + + psa_key_policy_init( &policy ); + psa_key_policy_set_usage( &policy, + PSA_KEY_USAGE_DERIVE, + alg ); + status = psa_set_key_policy( master_slot, &policy ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + status = psa_import_key( master_slot, PSA_KEY_TYPE_DERIVE, secret, slen ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + status = psa_key_derivation( &generator, + master_slot, alg, + random, rlen, + (unsigned char const *) label, + (size_t) strlen( label ), + dlen ); + if( status != PSA_SUCCESS ) + { + psa_generator_abort( &generator ); + psa_destroy_key( master_slot ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_generator_read( &generator, dstbuf, dlen ); + if( status != PSA_SUCCESS ) + { + psa_generator_abort( &generator ); + psa_destroy_key( master_slot ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_generator_abort( &generator ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + status = psa_destroy_key( master_slot ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + return 0; +} + +#else /* MBEDTLS_USE_PSA_CRYPTO */ + static int tls_prf_generic( mbedtls_md_type_t md_type, const unsigned char *secret, size_t slen, const char *label, @@ -552,7 +623,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, return( 0 ); } - +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SHA256_C) static int tls_prf_sha256( const unsigned char *secret, size_t slen, const char *label, From 70737ca8275f6339c6c0495e6de6b9ca909c0222 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 14 Jan 2019 05:37:13 -0500 Subject: [PATCH 08/25] ssl_tls: add key destruction upon generator failure --- library/ssl_tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d0fadfdc6..cbb3c62a0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -550,7 +550,10 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, status = psa_generator_abort( &generator ); if( status != PSA_SUCCESS ) + { + psa_destroy_key( master_slot ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } status = psa_destroy_key( master_slot ); if( status != PSA_SUCCESS ) From 33171268196b23a7e00af0b6a492442e4adea31e Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 15 Jan 2019 03:25:18 -0500 Subject: [PATCH 09/25] ssl_tls: add missing return brackets --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cbb3c62a0..86fc26042 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -559,7 +559,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - return 0; + return( 0 ); } #else /* MBEDTLS_USE_PSA_CRYPTO */ From ac5dc3423a87497b3dba34b229067dfc3e2dfa34 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 23 Jan 2019 06:57:34 -0500 Subject: [PATCH 10/25] Fix key allocation for tls_prf_generic --- library/ssl_tls.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 86fc26042..b1bfb6760 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -504,10 +504,12 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, psa_status_t status; psa_algorithm_t alg; psa_key_policy_t policy; - psa_key_slot_t master_slot; + psa_key_handle_t master_slot; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - status = mbedtls_psa_get_free_key_slot( &master_slot ); + if( ( status = psa_allocate_key( PSA_KEY_TYPE_DERIVE, + slen * 8, &master_slot ) ) != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); if( md_type == MBEDTLS_MD_SHA384 ) From 2f76075b784bad194ef920804b356dc8abeec10c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 28 Jan 2019 08:08:15 -0500 Subject: [PATCH 11/25] ssl_tls: adjust to the new key policy initialization and key allocation --- library/ssl_tls.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b1bfb6760..8819cf48c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -507,8 +507,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, psa_key_handle_t master_slot; psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; - if( ( status = psa_allocate_key( PSA_KEY_TYPE_DERIVE, - slen * 8, &master_slot ) ) != PSA_SUCCESS ) + if( ( status = psa_allocate_key( &master_slot ) ) != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); @@ -517,7 +516,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, else alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); - psa_key_policy_init( &policy ); + policy = psa_key_policy_init(); psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DERIVE, alg ); From 2d4faa6afa1dca88d8b8f226a87da617ce6f1b32 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 29 Jan 2019 03:14:15 -0500 Subject: [PATCH 12/25] ssl_tls: remove redundant status check --- library/ssl_tls.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8819cf48c..fca03fc83 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -509,8 +509,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, if( ( status = psa_allocate_key( &master_slot ) ) != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if( md_type == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); else From ccf574e030c214914c7b36ca676242d4a1c08923 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 29 Jan 2019 08:26:15 +0000 Subject: [PATCH 13/25] Fix outdated comment in ecdsa_verify_wrap() --- library/pk_wrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 332696dfd..c7f879ab5 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -563,7 +563,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( curve == 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - /* mbedlts_pk_write_pubkey_der() expects a full PK context, + /* mbedtls_pk_write_pubkey() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; key.pk_ctx = ctx; From 62efb9c3ba31b36c57c135325124049087aceadb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 29 Jan 2019 10:14:20 +0000 Subject: [PATCH 14/25] Update crypto submodule to merge commit of sibling PR --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 5d5e90a61..472c20b4f 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 5d5e90a610ffd78000e056043d2ea9184f060e52 +Subproject commit 472c20b4f2c8bde9ef8aa8d6d64c254fd14a5f87 From eb342241a57f8ebddf0278416163ae3be2c519e7 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 29 Jan 2019 09:14:33 -0500 Subject: [PATCH 15/25] ssl_tls: use PSA to compute running handshake hash for TLS 1.2 --- include/mbedtls/ssl_internal.h | 12 +++ library/ssl_tls.c | 173 +++++++++++++++++++++++++++++---- 2 files changed, 168 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index fced2cbd7..58f9e3698 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -27,6 +27,10 @@ #include "ssl.h" #include "cipher.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#endif + #if defined(MBEDTLS_MD5_C) #include "md5.h" #endif @@ -370,11 +374,19 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_operation_t fin_sha256_psa; +#else mbedtls_sha256_context fin_sha256; #endif +#endif #if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_operation_t fin_sha512_psa; +#else mbedtls_sha512_context fin_sha512; #endif +#endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8fe93141f..159291fb6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1347,7 +1347,7 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); - mbedtls_md5_finish_ret( &md5, hash ); + mbedtls_md5_finish_ret( &md5, hash ); mbedtls_sha1_finish_ret( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); @@ -1364,6 +1364,28 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) #if defined(MBEDTLS_SHA256_C) void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_status_t status; + psa_hash_operation_t sha256_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) ); + status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 32 ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); +#else mbedtls_sha256_context sha256; mbedtls_sha256_init( &sha256 ); @@ -1377,7 +1399,7 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); mbedtls_sha256_free( &sha256 ); - +#endif /* MBEDTLS_USE_PSA_CRYPTO */ return; } #endif /* MBEDTLS_SHA256_C */ @@ -1385,6 +1407,28 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32 #if defined(MBEDTLS_SHA512_C) void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_status_t status; + psa_hash_operation_t sha512_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) ); + status = psa_hash_clone( &ssl->handshake->fin_sha512_psa, &sha512_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha512_psa, hash, 48, &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, 48 ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); +#else mbedtls_sha512_context sha512; mbedtls_sha512_init( &sha512 ); @@ -1398,7 +1442,7 @@ void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48 MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); mbedtls_sha512_free( &sha512 ); - +#endif /* MBEDTLS_USE_PSA_CRYPTO */ return; } #endif /* MBEDTLS_SHA512_C */ @@ -6169,11 +6213,19 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); +#else mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); #endif +#endif #if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_setup( &ssl->handshake->fin_sha512_psa, PSA_ALG_SHA_384 ); +#else mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); #endif +#endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -6187,11 +6239,19 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); +#else mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); #endif +#endif #if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha512_psa, buf, len ); +#else mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); #endif +#endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -6210,7 +6270,11 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); +#else mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); +#endif } #endif @@ -6218,7 +6282,11 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_update( &ssl->handshake->fin_sha512_psa, buf, len ); +#else mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); +#endif } #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -6374,13 +6442,44 @@ static void ssl_calc_finished_tls_sha256( { int len = 12; const char *sender; - mbedtls_sha256_context sha256; unsigned char padbuf[32]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_hash_operation_t sha256_psa; + psa_status_t status; +#else + mbedtls_sha256_context sha256; +#endif mbedtls_ssl_session *session = ssl->session_negotiate; if( !session ) session = ssl->session; + sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + ? "client finished" + : "server finished"; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + sha256_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) ); + + status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 ); +#else + mbedtls_sha256_init( &sha256 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); @@ -6398,19 +6497,15 @@ static void ssl_calc_finished_tls_sha256( sha256.state, sizeof( sha256.state ) ); #endif - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) - ? "client finished" - : "server finished"; - mbedtls_sha256_finish_ret( &sha256, padbuf ); + mbedtls_sha256_free( &sha256 ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 32, buf, len ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); - mbedtls_sha256_free( &sha256 ); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); @@ -6423,13 +6518,43 @@ static void ssl_calc_finished_tls_sha384( { int len = 12; const char *sender; - mbedtls_sha512_context sha512; unsigned char padbuf[48]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t hash_size; + psa_hash_operation_t sha512_psa; + psa_status_t status; +#else + mbedtls_sha512_context sha512; +#endif mbedtls_ssl_session *session = ssl->session_negotiate; if( !session ) session = ssl->session; + sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + ? "client finished" + : "server finished"; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + sha512_psa = psa_hash_operation_init(); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) ); + + status = psa_hash_clone( &ssl->handshake->fin_sha512_psa, &sha512_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return; + } + + status = psa_hash_finish( &sha512_psa, padbuf, sizeof( padbuf ), &hash_size ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return; + } + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 ); +#else mbedtls_sha512_init( &sha512 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); @@ -6447,19 +6572,15 @@ static void ssl_calc_finished_tls_sha384( sha512.state, sizeof( sha512.state ) ); #endif - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) - ? "client finished" - : "server finished"; - mbedtls_sha512_finish_ret( &sha512, padbuf ); + mbedtls_sha512_free( &sha512 ); +#endif ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 48, buf, len ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); - mbedtls_sha512_free( &sha512 ); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); @@ -6770,13 +6891,23 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + handshake->fin_sha256_psa = psa_hash_operation_init(); + psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); +#else mbedtls_sha256_init( &handshake->fin_sha256 ); mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); #endif +#endif #if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + handshake->fin_sha512_psa = psa_hash_operation_init(); + psa_hash_setup( &handshake->fin_sha512_psa, PSA_ALG_SHA_384 ); +#else mbedtls_sha512_init( &handshake->fin_sha512 ); mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); #endif +#endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ handshake->update_checksum = ssl_update_checksum_start; @@ -9079,11 +9210,19 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort( &handshake->fin_sha256_psa ); +#else mbedtls_sha256_free( &handshake->fin_sha256 ); #endif +#endif #if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort( &handshake->fin_sha512_psa ); +#else mbedtls_sha512_free( &handshake->fin_sha512 ); #endif +#endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_DHM_C) From 972fba51ed382be9c5f0c672999bac20a73d7749 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 30 Jan 2019 03:29:12 -0500 Subject: [PATCH 16/25] ssl_tls: rename sha_512_psa to sha_384_psa --- include/mbedtls/ssl_internal.h | 2 +- library/ssl_tls.c | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 58f9e3698..d9f98021d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -382,7 +382,7 @@ struct mbedtls_ssl_handshake_params #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_operation_t fin_sha512_psa; + psa_hash_operation_t fin_sha384_psa; #else mbedtls_sha512_context fin_sha512; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 159291fb6..c34ab624b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1410,17 +1410,17 @@ void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48 #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; psa_status_t status; - psa_hash_operation_t sha512_psa = psa_hash_operation_init(); + psa_hash_operation_t sha384_psa = psa_hash_operation_init(); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha512_psa, &sha512_psa ); + status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); if( status != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); return; } - status = psa_hash_finish( &sha512_psa, hash, 48, &hash_size ); + status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size ); if( status != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); @@ -6221,7 +6221,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_setup( &ssl->handshake->fin_sha512_psa, PSA_ALG_SHA_384 ); + psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); #else mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); #endif @@ -6247,7 +6247,7 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha512_psa, buf, len ); + psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); #else mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); #endif @@ -6283,7 +6283,7 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha512_psa, buf, len ); + psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); #else mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); #endif @@ -6521,7 +6521,7 @@ static void ssl_calc_finished_tls_sha384( unsigned char padbuf[48]; #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; - psa_hash_operation_t sha512_psa; + psa_hash_operation_t sha384_psa; psa_status_t status; #else mbedtls_sha512_context sha512; @@ -6536,18 +6536,18 @@ static void ssl_calc_finished_tls_sha384( : "server finished"; #if defined(MBEDTLS_USE_PSA_CRYPTO) - sha512_psa = psa_hash_operation_init(); + sha384_psa = psa_hash_operation_init(); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha512_psa, &sha512_psa ); + status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); if( status != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); return; } - status = psa_hash_finish( &sha512_psa, padbuf, sizeof( padbuf ), &hash_size ); + status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size ); if( status != PSA_SUCCESS ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); @@ -6901,8 +6901,8 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - handshake->fin_sha512_psa = psa_hash_operation_init(); - psa_hash_setup( &handshake->fin_sha512_psa, PSA_ALG_SHA_384 ); + handshake->fin_sha384_psa = psa_hash_operation_init(); + psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); #else mbedtls_sha512_init( &handshake->fin_sha512 ); mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); @@ -9218,7 +9218,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &handshake->fin_sha512_psa ); + psa_hash_abort( &handshake->fin_sha384_psa ); #else mbedtls_sha512_free( &handshake->fin_sha512 ); #endif From 2ad229725cf22ec118e2369c7dd453a9dce20d40 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 30 Jan 2019 03:32:12 -0500 Subject: [PATCH 17/25] ssl_tls: add psa_hash_abort when reseting checksum --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c34ab624b..0cfeb0930 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6214,6 +6214,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort( &ssl->handshake->fin_sha256_psa ); psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); #else mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); @@ -6221,6 +6222,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort( &ssl->handshake->fin_sha384_psa ); psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); #else mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); From 683d77e836378f48f3afff5c445f98e5566326e0 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 30 Jan 2019 03:50:42 -0500 Subject: [PATCH 18/25] ssl_opt: check client and server output for PSA calc verify in PSA tests Increase debug level to 2 in PSA tests and check for "PSA calc verify" to ensure that the PSA code is being run. --- tests/ssl-opt.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ccecc4b1..9b35c3220 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -755,13 +755,15 @@ run_test() { run_test_psa() { requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA-supported ciphersuite: $1" \ - "$P_SRV debug_level=1 force_version=tls1_2" \ - "$P_CLI debug_level=1 force_version=tls1_2 force_ciphersuite=$1" \ + "$P_SRV debug_level=2 force_version=tls1_2" \ + "$P_CLI debug_level=2 force_version=tls1_2 force_ciphersuite=$1" \ 0 \ -c "Successfully setup PSA-based decryption cipher context" \ -c "Successfully setup PSA-based encryption cipher context" \ + -c "PSA calc verify" \ -s "Successfully setup PSA-based decryption cipher context" \ -s "Successfully setup PSA-based encryption cipher context" \ + -s "PSA calc verify" \ -C "Failed to setup PSA-based cipher context"\ -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ From 92dd4d0307b3ed3de7226f57e6721da69280c4b4 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 30 Jan 2019 04:10:19 -0500 Subject: [PATCH 19/25] ssl-opt.sh: add a test for "calc PSA finished" log to the PSA tests --- tests/ssl-opt.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9b35c3220..42ffa1041 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -761,9 +761,11 @@ run_test_psa() { -c "Successfully setup PSA-based decryption cipher context" \ -c "Successfully setup PSA-based encryption cipher context" \ -c "PSA calc verify" \ + -c "calc PSA finished" \ -s "Successfully setup PSA-based decryption cipher context" \ -s "Successfully setup PSA-based encryption cipher context" \ -s "PSA calc verify" \ + -s "calc PSA finished" \ -C "Failed to setup PSA-based cipher context"\ -S "Failed to setup PSA-based cipher context"\ -s "Protocol is TLSv1.2" \ From 4fb8db23b942ae1cee42480b036cd4e4c1f11fd1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 09:57:20 +0000 Subject: [PATCH 20/25] Update pointer in PSA-based mbedtls_pk_write_pubkey() --- library/pkwrite.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 11a2a6145..943dbca01 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -181,7 +181,8 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, } else { - memmove( *p - len, start, len ); + *p -= len; + memmove( *p, start, len ); } } else From 812e12452a4ecb084df2eef5d8d70022ee3b7b5d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 10:06:51 +0000 Subject: [PATCH 21/25] Add function to find OID for PSA ECC curve identifiers --- include/mbedtls/psa_util.h | 76 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a78c1a96c..634857c08 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -155,6 +155,82 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg /* Translations for ECC. */ +static inline int mbedtls_psa_get_ecc_oid_from_id( + psa_ecc_curve_t curve, char const **oid, size_t *oid_len ) +{ + switch( curve ) + { +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) + case PSA_ECC_CURVE_SECP192R1: + *oid = MBEDTLS_OID_EC_GRP_SECP192R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) + case PSA_ECC_CURVE_SECP224R1: + *oid = MBEDTLS_OID_EC_GRP_SECP224R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case PSA_ECC_CURVE_SECP256R1: + *oid = MBEDTLS_OID_EC_GRP_SECP256R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case PSA_ECC_CURVE_SECP384R1: + *oid = MBEDTLS_OID_EC_GRP_SECP384R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case PSA_ECC_CURVE_SECP521R1: + *oid = MBEDTLS_OID_EC_GRP_SECP521R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) + case PSA_ECC_CURVE_SECP192K1: + *oid = MBEDTLS_OID_EC_GRP_SECP192K1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) + case PSA_ECC_CURVE_SECP224K1: + *oid = MBEDTLS_OID_EC_GRP_SECP224K1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + case PSA_ECC_CURVE_SECP256K1: + *oid = MBEDTLS_OID_EC_GRP_SECP256K1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) + case PSA_ECC_CURVE_BRAINPOOL_P256R1: + *oid = MBEDTLS_OID_EC_GRP_BP256R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) + case PSA_ECC_CURVE_BRAINPOOL_P384R1: + *oid = MBEDTLS_OID_EC_GRP_BP384R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) + case PSA_ECC_CURVE_BRAINPOOL_P512R1: + *oid = MBEDTLS_OID_EC_GRP_BP512R1; + *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 ); + return( 0 ); +#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ + } + + return( -1 ); +} + static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid ) { switch( grpid ) From 493c171a1c7a86c01a2d0de1fd1f3b301a9b5a29 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 10:07:07 +0000 Subject: [PATCH 22/25] Adapt mbedtls_pk_write_pubkey_der() to the new PSA public key format Context: There are two public key writing functions in Mbed TLS. First, mbedtls_pk_write_pubkey(), which exports a public key in the form of a SubjectPublicKey structure containing the raw keying material (for example, EC point coordinates for an EC public key, without reference to the underlying curve). Secondly, mbedtls_pk_write_pubkey_der(), which exports a public key in the form of a SubjectPublicKeyInfo structure, wrapping the SubjectPublicKey structure by additional information identifying the type of public key (and for ECC, e.g., it'd also contain the ECC group identifier). The implementation of mbedtls_pk_write_pubkey_der() calls mbedtls_pk_write_pubkey() first and then adds the corresponding algorithm identifier wrapper. Both of these functions need to be provided for PSA-based opaque PK contexts, based on PSA's public key export function. Previously, PSA used the SubjectPublicKeyInfo structure as its export format, so mbedtls_pk_write_pubkey_der() could be easily implemented, while mbedtls_pk_write_pubkey() would need to trim the output of the PSA export. The previous implementation of mbedtls_pk_write_pubkey() is not quite right because it calls PSA export doesn't do any trimming, hence exporting the large SubjectPublicKeyInfo structure instead of the small SubjectPublicKey. mbedtls_pk_write_pubkey_der(), in turn, immediately returns after calling mbedtls_pk_write_pubkey(), hence also returning the SubjectPublicKeyInfo structure, which is correct. By now, the PSA public key export format has changed to the smaller SubjectPublicKey structure. This means that, now, mbedtls_pk_write_pubkey() can be implemented by just calling the PSA export, and that mbedtls_pk_write_pubkey_der() needs to add the algorithm information around it, just as in the other types of PK contexts. While not correct for the old format, the existing code for mbedtls_pk_write_pubkey() is therefore correct for the new PSA public key format, and needs no change apart from the missing pointer shift in the last commit. The implementation of mbedtls_pk_write_pubkey_der() needs a special code path for PSA-based opaque PK contexts, as the PK context only contains the PSA key handle, and the PSA API needs to be used to extract the underlying EC curve to be able to write the AlgorithmParameter structure that's part of the SubjectPublicKeyInfo structure. That's what this commit does, (hopefully) making both mbedtls_pk_write_pubkey() and mbedtls_pk_write_pubkey_der() export the correctly formatted public key based on the new PSA public key format. --- include/mbedtls/psa_util.h | 1 + library/pkwrite.c | 52 ++++++++++++++++++++++++++++++-------- 2 files changed, 42 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 634857c08..3684e9835 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -41,6 +41,7 @@ #include "ecp.h" #include "md.h" #include "pk.h" +#include "oid.h" /* Translations for symmetric crypto. */ diff --git a/library/pkwrite.c b/library/pkwrite.c index 943dbca01..c9b2674c2 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -197,16 +197,13 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si int ret; unsigned char *c; size_t len = 0, par_len = 0, oid_len; + mbedtls_pk_type_t pk_type; const char *oid; c = buf + size; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) ); - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE ) - { - return( (int) len ); - } if( c - buf < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); @@ -221,18 +218,51 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) ); - if( ( ret = mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_get_type( key ), - &oid, &oid_len ) ) != 0 ) - { - return( ret ); - } - + pk_type = mbedtls_pk_get_type( key ); #if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) + if( pk_type == MBEDTLS_PK_ECKEY ) { MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) ); } #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( pk_type == MBEDTLS_PK_OPAQUE ) + { + psa_status_t status; + psa_key_type_t key_type; + psa_key_handle_t handle; + psa_ecc_curve_t curve; + + handle = *((psa_key_handle_t*) key->pk_ctx ); + + status = psa_get_key_information( handle, &key_type, + NULL /* bitsize not needed */ ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); + + curve = PSA_KEY_TYPE_GET_CURVE( key_type ); + if( curve == 0 ) + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + ret = mbedtls_psa_get_ecc_oid_from_id( curve, &oid, &oid_len ); + if( ret != 0 ) + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + + /* Write EC algorithm parameters; that's akin + * to pk_write_ec_param() above. */ + MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf, + oid, oid_len ) ); + + /* The rest of the function works as for legacy EC contexts. */ + pk_type = MBEDTLS_PK_ECKEY; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid, + &oid_len ) ) != 0 ) + { + return( ret ); + } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len, par_len ) ); From 56104ea9bb216c4438dc48d99834c51a42b1c684 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 11:48:19 +0000 Subject: [PATCH 23/25] Adapt test in test_suite_pk to work with new PSA public key format --- tests/suites/test_suite_pk.function | 57 ++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 18 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 120c1716b..e469318bd 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -778,44 +778,65 @@ exit: void pk_psa_sign( ) { mbedtls_pk_context pk; - psa_key_handle_t key; - unsigned char hash[50], sig[100], pkey[100]; - size_t sig_len, klen = 0; + unsigned char hash[50], sig[100], pkey_legacy[100], pkey_psa[100]; + unsigned char *pkey_legacy_start, *pkey_psa_start; + size_t sig_len, klen_legacy, klen_psa; + int ret; + psa_key_handle_t handle; /* * This tests making signatures with a wrapped PSA key: - * - generate a fresh PSA key + * - generate a fresh ECP legacy PK context * - wrap it in a PK context and make a signature this way * - extract the public key * - parse it to a PK context and verify the signature this way */ + /* Create legacy EC public/private key in PK context. */ mbedtls_pk_init( &pk ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( MBEDTLS_ECP_DP_SECP256R1, + (mbedtls_ecp_keypair*) pk.pk_ctx, + rnd_std_rand, NULL ) == 0 ); + + /* Export underlying public key for re-importing in a legacy context. */ + ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy, + sizeof( pkey_legacy ) ); + TEST_ASSERT( ret >= 0 ); + klen_legacy = (size_t) ret; + /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ + pkey_legacy_start = pkey_legacy + sizeof( pkey_legacy ) - klen_legacy; + + /* Turn PK context into an opaque one. */ + TEST_ASSERT( psa_allocate_key( &handle ) == PSA_SUCCESS ); + TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &pk, &handle, + PSA_ALG_SHA_256 ) == 0 ); memset( hash, 0x2a, sizeof hash ); memset( sig, 0, sizeof sig ); - memset( pkey, 0, sizeof pkey ); - - key = pk_psa_genkey(); - TEST_ASSERT( key != 0 ); - - TEST_ASSERT( mbedtls_pk_setup_opaque( &pk, key ) == 0 ); TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, sig, &sig_len, NULL, NULL ) == 0 ); - mbedtls_pk_free( &pk ); + /* Export underlying public key for re-importing in a psa context. */ + ret = mbedtls_pk_write_pubkey_der( &pk, pkey_psa, + sizeof( pkey_psa ) ); + TEST_ASSERT( ret >= 0 ); + klen_psa = (size_t) ret; + /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ + pkey_psa_start = pkey_psa + sizeof( pkey_psa ) - klen_psa; - TEST_ASSERT( PSA_SUCCESS == psa_export_public_key( - key, pkey, sizeof( pkey ), &klen ) ); - TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) ); + TEST_ASSERT( klen_psa == klen_legacy ); + TEST_ASSERT( memcmp( pkey_psa_start, pkey_legacy_start, klen_psa ) == 0 ); + + mbedtls_pk_free( &pk ); + TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( handle ) ); mbedtls_pk_init( &pk ); - - TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey, klen ) == 0 ); - - + TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey_legacy_start, + klen_legacy ) == 0 ); TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, sig, sig_len ) == 0 ); From 65935d90c9bbf54e698d26512bdb9574a030d309 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 11:55:03 +0000 Subject: [PATCH 24/25] Add missing include to library/pkwrite.c --- library/pkwrite.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/pkwrite.c b/library/pkwrite.c index c9b2674c2..ab4f7f537 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -48,6 +48,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" +#include "mbedtls/psa_util.h" #endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" From 70fc6550cce5b490b7bbc1c56c4b766e21cf5ed7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Feb 2019 13:08:38 +0000 Subject: [PATCH 25/25] Update Crypto submodule to merge of sibling PR --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 472c20b4f..acdf07c03 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 472c20b4f2c8bde9ef8aa8d6d64c254fd14a5f87 +Subproject commit acdf07c033bb7ce11f595ddbe0c66d438b46597c