Commit graph

9075 commits

Author SHA1 Message Date
Andrzej Kurek 6f249de706 pkwrite: add opaque key handling for public key exporting
Return early from mbedtls_pk_write_pubkey_der - public opaque key
exporting is expected to contain all of the needed data, therefore it shouldn't
be written again.
2018-11-22 12:43:53 -05:00
Gilles Peskine 30b4641011
Merge pull request #219 from ARMmbed/enable_entropy_injection
always compile mbedtls_psa_inject_entropy (#219)
2018-11-22 17:50:54 +01:00
Netanel Gonen 596e65e1a5 Fix indentation 2018-11-22 18:41:43 +02:00
Manuel Pégourié-Gonnard f83d31260d Implement key_opaque option to ssl_client2 2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard ca906fb8b9 Add option key_opaque to ssl_client2 (skeleton)
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard e31411a814 Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 72d94be0de Improve description of a test 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 2614562212 Add test utility function: wrap_as_opaque()
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 29a1325b0d Guard against PSA generating invalid signature
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard f4427678ae Use shared function for error translation 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 1e48ebd306 Fix a compliance issue in signature encoding
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 615530728f Improve documentation of an internal function 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard f127e6080e Get rid of large stack buffers in PSA sign wrapper 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard fe8607350c Add new macro to detemine ECDSA signature length
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71

This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 35a7ff9366 Improve documentation of mbedtls_pk_setup_opaque() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 276cb64e6c Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 7d51255ca7 Implement pk_sign() for opaque ECDSA keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 99af2f0dd1 Add tests for unsupported operations/functions 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 07b103fe07 Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 683632b78e Add support for get_(bit)len on opaque keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 06c631859c Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 274f521b9a Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 3bc2029a33 Clarify return value of pk_check_pair() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 1ecf92c364 Skeleton for PK_OPAQUE_PSA 2018-11-22 16:39:39 +00:00
Hanno Becker 0110add3d6 Rename PSA test in ssl-opt.sh 2018-11-22 16:38:06 +00:00
Hanno Becker 5b6425a931 Remove superfluous quotes in ssl-opt.sh 2018-11-22 16:38:06 +00:00
Hanno Becker fc20c14e76 Use PSA-based ciphers for record protections in TLS-1.2 only
Reasons:
- For the first release, we attempt to support TLS-1.2 only,
- At least TLS-1.0 is known to not work at the moment, as
  for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf()
  and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt()
  updates the structure field for the IV in the cipher context,
  which the PSA-based implementation currently doesn't.
2018-11-22 16:38:06 +00:00
Hanno Becker 329919eadf Use PSA-based ciphers for SSL ticket protection
This commit modifies the default SSL ticket implementation
from `library/ssl_ticket.c` to use PSA-based cipher context
for ticket creation and parsing.

As in mbedtls_ssl_derive_keys() adapted in an earlier commit,
we allow fallback to the ordinary mbedtls_cipher_setup()
if the provided cipher is not known. We do this even though
we always call mbedtls_ssl_ticket_setup() with AES-GCM
in our own code since this function is public and might
be used with other ciphers by users.
2018-11-22 16:38:06 +00:00
Hanno Becker 4724645e28 Introduce macros for constants in SSL ticket implementation 2018-11-22 16:38:06 +00:00
Hanno Becker f43177d1d0 Add runs for specific PSA-supported ciphersuites to ssl-opt.sh
So far, make sure we test the following ciphersuites
without any fallback to non-PSA ciphers:

TLS-ECDHE-ECDSA-WITH-AES-128-CCM
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-256-CCM
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2018-11-22 16:38:06 +00:00
Hanno Becker 2dd04907e2 Omit tests from ssl-opt.sh which force a disabled ciphersuite 2018-11-22 16:38:06 +00:00
Hanno Becker be3ffba33d Setup PSA-based cipher context in mbedtls_ssl_derive_keys()
This commit changes the code path in mbedtls_ssl_derive_keys()
responsible for setting up record protection cipher contexts
to attempt to use the new API mbedtls_cipher_setup_psa() in
case MBEDTLS_USE_PSA_CRYPTO is set.

For that, the AEAD tag length must be provided, which is already
computed earlier in mbedtls_ssl_derive_keys() and only needs to be
stored a function scope to be available for mbedtls_cipher_setup_psa().

If mbedtls_cipher_setup_psa() fails cleanly indicating that the
requested cipher is not supported in PSA, we fall through to
the default setup using mbedtls_cipher_setup(). However, we print
a debug message in this case, to allow catching the fallthrough in
tests where we know we're using a cipher which should be supported
by PSA.
2018-11-22 16:38:06 +00:00
Hanno Becker 432084d3f8 Improve doc wording of PSA status field of mbedtls_cipher_context_t 2018-11-22 16:33:01 +00:00
Hanno Becker 7b05629641 Return 'Feature unavailable' error for ciphers unsupported by PSA 2018-11-22 16:33:01 +00:00
Hanno Becker 9de97d7773 Don't use multiline comments in enums to silence check-names.sh
The sanity checking script tests/scripts/check-names.sh uses a
simple state machine paired with a sequence of `sed` commands to
extract enumeration constants from the code. This code, however,
doesn't work properly when using multiline comments in enumerations
such as recently done in the constants MBEDTLS_CIPHER_PSA_KEY_XXX.

This commit doesn't attempt to make check-names.sh more robust
but instead uses /* ... */ comment indicators in each comment line,
while silences check-names.sh.

Increasing the robustness of check-names.sh is instead tracked
in #2210.
2018-11-22 16:33:01 +00:00
Hanno Becker 91cb605032 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 16:33:01 +00:00
Hanno Becker fea4915459 Minor rewording in documentation of PSA-based cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker 1908655231 Use enum for slot state in PSA-based cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker 4ee7e76378 Check support for cipher in mbedtls_cipher_setup_psa()
mbedtls_cipher_setup_psa() should return
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE when the requested
cipher is not supported by PSA, so that the caller can
try the original mbedtls_cipher_setup() instead.

The previous version of mbedtls_cipher_setup_psa(), however,
only attempted to translate the cipher mode (GCM, CCM, CBC,
ChaChaPoly, Stream), but didn't consider the underlying
cipher primitive. Hence, it wouldn't fail when attempting
to setup a cipher context for, say, 3DES-CBC, where CBC
is currently supported by PSA but 3DES isn't.

This commit adds a check to mbedtls_cipher_setup_psa()
for whether the requested cipher primitive is available
in the underlying PSA Crypto implementation, and fails
cleanly with MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE if
it is isn't.
2018-11-22 16:33:01 +00:00
Hanno Becker e15c71ca72 Test PSA-based GCM cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker 78115ac478 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 16:33:01 +00:00
Hanno Becker 1ccb1d614d Test PSA-based CCM cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker fe73adee5a Implement PSA-based AEAD enc/dec cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker 20120b373e Add AEAD tag length to new mbedtls_cipher_setup_psa()
For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
2018-11-22 16:33:01 +00:00
Hanno Becker a395d8f1e9 Always configure PSA-based keys for encryption and decryption
Mbed TLS cipher layer allows usage of keys for other purposes
than indicated in the `operation` parameter of `mbedtls_cipher_setkey()`.
The semantics of the PSA Crypto API, in contrast, checks key
usage against the key policy.

As a remedy, this commit modifies the PSA key slot setup to
always allow both encryption and decryption.
2018-11-22 16:33:01 +00:00
Hanno Becker 58fc9aab54 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 16:33:01 +00:00
Hanno Becker 55e2e3d5cc Implement PSA-based version of mbedtls_cipher_crypt() 2018-11-22 16:33:01 +00:00
Hanno Becker edda8b8830 Implement mbedtls_cipher_setkey() for PSA-based cipher contexts
This commit implements the internal key slot management performed
by PSA-based cipher contexts. Specifically, `mbedtls_cipher_setkey()`
wraps the provided raw key material into a key slot, and
`mbedtls_cipher_free()` destroys that key slot.
2018-11-22 16:33:01 +00:00
Hanno Becker 6118e43d15 Add PSA-specific cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker ce1ddee13a Add psa_enabled field to cipher ctx and add dummy implementations
This field determines whether a cipher context should
use an external implementation of the PSA Crypto API for
cryptographic operations, or Mbed TLS' own crypto library.

The commit also adds dummy implementations for the cipher API.
2018-11-22 16:33:01 +00:00