Commit Graph

8928 Commits

Author SHA1 Message Date
Andrzej Kurek
ea84233e02 pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig
Fix a double free error in ecdsa_verify_wrap
2018-11-22 11:17:37 -05:00
Andrzej Kurek
6376d638b8 pk_wrap: cosmetic changes
Adjust whitespaces and variable names
2018-11-22 11:17:37 -05:00
Andrzej Kurek
8b036a6082 pk_wrap.c: add support for ecdsa signature verification using PSA
Use PSA internally to verify signatures.
Add a conversion to a raw signature format.
2018-11-22 11:17:37 -05:00
Manuel Pégourié-Gonnard
cfdf8f4d8f Implement key_opaque option to ssl_client2 2018-11-22 14:35:11 +00:00
Manuel Pégourié-Gonnard
ef68be4553 Add option key_opaque to ssl_client2 (skeleton)
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
2018-11-22 14:35:11 +00:00
Hanno Becker
e9420c2aff Rename PSA test in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker
a0dc9cf8ec Remove superfluous quotes in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker
cb1cc80cf5 Use PSA-based ciphers for record protections in TLS-1.2 only
Reasons:
- For the first release, we attempt to support TLS-1.2 only,
- At least TLS-1.0 is known to not work at the moment, as
  for CBC ciphersuites the code in mbedtls_ssl_decrypt_buf()
  and mbedtls_ssl_encrypt_buf() assumes that mbedtls_cipher_crypt()
  updates the structure field for the IV in the cipher context,
  which the PSA-based implementation currently doesn't.
2018-11-22 14:05:54 +00:00
Hanno Becker
679d8ceb13 Use PSA-based ciphers for SSL ticket protection
This commit modifies the default SSL ticket implementation
from `library/ssl_ticket.c` to use PSA-based cipher context
for ticket creation and parsing.

As in mbedtls_ssl_derive_keys() adapted in an earlier commit,
we allow fallback to the ordinary mbedtls_cipher_setup()
if the provided cipher is not known. We do this even though
we always call mbedtls_ssl_ticket_setup() with AES-GCM
in our own code since this function is public and might
be used with other ciphers by users.
2018-11-22 14:05:54 +00:00
Hanno Becker
d140d0828e Introduce macros for constants in SSL ticket implementation 2018-11-22 14:05:54 +00:00
Hanno Becker
9b5853c846 Add runs for specific PSA-supported ciphersuites to ssl-opt.sh
So far, make sure we test the following ciphersuites
without any fallback to non-PSA ciphers:

TLS-ECDHE-ECDSA-WITH-AES-128-CCM
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-256-CCM
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2018-11-22 14:05:54 +00:00
Hanno Becker
9d76d56d81 Omit tests from ssl-opt.sh which force a disabled ciphersuite 2018-11-22 14:05:54 +00:00
Hanno Becker
f704befee8 Setup PSA-based cipher context in mbedtls_ssl_derive_keys()
This commit changes the code path in mbedtls_ssl_derive_keys()
responsible for setting up record protection cipher contexts
to attempt to use the new API mbedtls_cipher_setup_psa() in
case MBEDTLS_USE_PSA_CRYPTO is set.

For that, the AEAD tag length must be provided, which is already
computed earlier in mbedtls_ssl_derive_keys() and only needs to be
stored a function scope to be available for mbedtls_cipher_setup_psa().

If mbedtls_cipher_setup_psa() fails cleanly indicating that the
requested cipher is not supported in PSA, we fall through to
the default setup using mbedtls_cipher_setup(). However, we print
a debug message in this case, to allow catching the fallthrough in
tests where we know we're using a cipher which should be supported
by PSA.
2018-11-22 14:05:54 +00:00
Hanno Becker
7909c4c875 Improve doc wording of PSA status field of mbedtls_cipher_context_t 2018-11-22 14:03:39 +00:00
Hanno Becker
a654c3e38a Return 'Feature unavailable' error for ciphers unsupported by PSA 2018-11-22 14:03:39 +00:00
Hanno Becker
115e1a4e5b Don't use multiline comments in enums to silence check-names.sh
The sanity checking script tests/scripts/check-names.sh uses a
simple state machine paired with a sequence of `sed` commands to
extract enumeration constants from the code. This code, however,
doesn't work properly when using multiline comments in enumerations
such as recently done in the constants MBEDTLS_CIPHER_PSA_KEY_XXX.

This commit doesn't attempt to make check-names.sh more robust
but instead uses /* ... */ comment indicators in each comment line,
while silences check-names.sh.

Increasing the robustness of check-names.sh is instead tracked
in #2210.
2018-11-22 14:03:39 +00:00
Hanno Becker
b1b2c01df4 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 14:03:39 +00:00
Hanno Becker
625f94b2fd Minor rewording in documentation of PSA-based cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
ce61a32e6a Use enum for slot state in PSA-based cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
8d88a6e20d Check support for cipher in mbedtls_cipher_setup_psa()
mbedtls_cipher_setup_psa() should return
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE when the requested
cipher is not supported by PSA, so that the caller can
try the original mbedtls_cipher_setup() instead.

The previous version of mbedtls_cipher_setup_psa(), however,
only attempted to translate the cipher mode (GCM, CCM, CBC,
ChaChaPoly, Stream), but didn't consider the underlying
cipher primitive. Hence, it wouldn't fail when attempting
to setup a cipher context for, say, 3DES-CBC, where CBC
is currently supported by PSA but 3DES isn't.

This commit adds a check to mbedtls_cipher_setup_psa()
for whether the requested cipher primitive is available
in the underlying PSA Crypto implementation, and fails
cleanly with MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE if
it is isn't.
2018-11-22 14:03:39 +00:00
Hanno Becker
b0c05e242c Test PSA-based GCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
5cec718191 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 14:03:39 +00:00
Hanno Becker
a13272d6d2 Test PSA-based CCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
56150afd1a Implement PSA-based AEAD enc/dec cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
f133640475 Add AEAD tag length to new mbedtls_cipher_setup_psa()
For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
2018-11-22 14:03:39 +00:00
Hanno Becker
884f6af590 Always configure PSA-based keys for encryption and decryption
Mbed TLS cipher layer allows usage of keys for other purposes
than indicated in the `operation` parameter of `mbedtls_cipher_setkey()`.
The semantics of the PSA Crypto API, in contrast, checks key
usage against the key policy.

As a remedy, this commit modifies the PSA key slot setup to
always allow both encryption and decryption.
2018-11-22 14:03:39 +00:00
Hanno Becker
e43164e8f1 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 14:03:39 +00:00
Hanno Becker
3c852a9c35 Implement PSA-based version of mbedtls_cipher_crypt() 2018-11-22 14:03:39 +00:00
Hanno Becker
d9ca5cfd60 Implement mbedtls_cipher_setkey() for PSA-based cipher contexts
This commit implements the internal key slot management performed
by PSA-based cipher contexts. Specifically, `mbedtls_cipher_setkey()`
wraps the provided raw key material into a key slot, and
`mbedtls_cipher_free()` destroys that key slot.
2018-11-22 14:03:39 +00:00
Hanno Becker
73f59fc3e9 Add PSA-specific cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
1cb36530be Add psa_enabled field to cipher ctx and add dummy implementations
This field determines whether a cipher context should
use an external implementation of the PSA Crypto API for
cryptographic operations, or Mbed TLS' own crypto library.

The commit also adds dummy implementations for the cipher API.
2018-11-22 14:03:39 +00:00
Hanno Becker
098c9de2af Add declaration and dummy-definition of mbedtls_cipher_setup_psa() 2018-11-22 14:03:39 +00:00
Hanno Becker
b1f0872ce6 Improve wording in documentation of mbedtls_cipher_setup() 2018-11-22 14:03:39 +00:00
Hanno Becker
d7503a72d0 Expand documentation of mbedtls_cipher_list() 2018-11-22 14:03:39 +00:00
Hanno Becker
21967c5bff Fix style in cipher.c 2018-11-22 14:03:39 +00:00
Hanno Becker
f4fb876be9 Fix style in cipher.h 2018-11-22 14:03:39 +00:00
Hanno Becker
c3d25b31ab Fix style in NUM_CIPHERS definition in cipher_wrap.c
Use brackets around `sizeof()` arguments as well as the entire macro.
2018-11-22 14:03:39 +00:00
Hanno Becker
e5a0450809 Fix style in definition of mbedtls_cipher_mode_t 2018-11-22 14:03:39 +00:00
Hanno Becker
6767cca100 Merge branch 'gcm_through_cipher_api_tests' into psa_cipher_ 2018-11-22 14:03:14 +00:00
Hanno Becker
c0c882cd67 Add missing dependencies in test_suite_cipher.gcm 2018-11-22 13:41:53 +00:00
Hanno Becker
f79aa9e3ca Adapt ChangeLog 2018-11-22 13:41:53 +00:00
Hanno Becker
ef42f22edd Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2018-11-22 13:41:07 +00:00
Manuel Pégourié-Gonnard
23a1ccd23f Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 12:21:20 +01:00
Simon Butcher
3459c749fb Create a block list for Travis CI, and fix the Coverity email 2018-11-22 10:14:03 +00:00
Hanno Becker
e10f191543 Remove MBEDTLS_PSA_CRYPTO_SPM from config.pl
This configuration option has been removed by now.
2018-11-22 09:43:35 +00:00
Manuel Pégourié-Gonnard
fa9a1ca967 Improve description of a test 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
347a00e07e Add test utility function: wrap_as_opaque()
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
59eecb0e9e Guard against PSA generating invalid signature
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
9a5a77ba7c Use shared function for error translation 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
45013a1d54 Fix a compliance issue in signature encoding
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
2018-11-22 09:59:34 +01:00