Commit Graph

15457 Commits

Author SHA1 Message Date
Hanno Becker
83e3671d87 Don't check ciphersuite and compression in SSL session cache lookup
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.

This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.

This commit
- adds an explicit ciphersuite and compression consistency check after
  the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
  Mbed TLS' session cache reference implementation.

Don't use ssl_check_xxx() for functions with void return

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-19 05:09:56 +01:00
Gilles Peskine
54650b3892
Merge pull request #4505 from d3zd3z/bp2x-posix-define
Backport 2.x: Check if feature macro is defined before define it
2021-05-17 12:09:59 +02:00
Gilles Peskine
bed4e9e214
Merge pull request #4357 from gabor-mezei-arm/3267_Implement_psa_sign_message_and_verify
Implement psa_sign_message and psa_verify_message
2021-05-17 10:14:46 +02:00
gabor-mezei-arm
c97b8ab0fd
Update key type name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-14 10:11:48 +02:00
David Brown
be2db1687e Add changelog for posix definition
Signed-off-by: David Brown <david.brown@linaro.org>
2021-05-12 15:00:55 -06:00
Flavio Ceolin
a79c30b8f4 Check if feature macro is defined before define it
Zephyr's native posix port define _POSIX_C_SOURCE with a higher value
during the build, so when mbedTLS defines it with a different value
breaks the build.

As Zephyr is already defining a higher value is guaranteed that mbedTLS
required features will be available. So, just define it in case it was
not defined before.

[taken from Zephyr mbedtls module:
76dcd6eeca]

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2021-05-12 15:00:48 -06:00
Ronald Cron
456d547973
Merge pull request #4486 from gilles-peskine-arm/tniessen-typos-in-header-files-2.x
Backport 2.x: Fix typos in C header files
Enough to have only one reviewer.
2021-05-12 18:22:27 +02:00
gabor-mezei-arm
f25c9767a9
Enable fallback to software implementation in psa_sign/verify_message driver
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 11:12:25 +02:00
gabor-mezei-arm
c979578a83
Unify variable type and rename to be unambiguous
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 11:03:09 +02:00
gabor-mezei-arm
63c7a66320
Update documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 10:49:27 +02:00
gabor-mezei-arm
41b5ec6fd2
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 10:48:55 +02:00
Tobias Nießen
02b6fba7f5 Fix typos in C header files
Signed-off-by: Tobias Nießen <tniessen@tnie.de>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-12 10:39:58 +02:00
Gilles Peskine
456cde1081
Merge pull request #4479 from stevew817/backport_4247
Backport 2.x: Dispatch MAC operations through the driver interface
2021-05-11 20:21:17 +02:00
Steven Cooreman
bbb1952414 Refactor out mac_sign_setup and mac_verify_setup
Since they became equivalent after moving the is_sign checking back to
the PSA core, they're now redundant, and the generic mac_setup function
can just be called directly.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
f8ad2123f9 Be explicit about why the zero-length check is there
Since a valid mac operation context would guarantee that the stored
mac size is >= 4, it wasn't immediately obvious that the zero-length
check is meant for static analyzers and a bit of robustness.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
be21dab099 Apply mbedtls namespacing to MAC driver test hooks
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
a6474de2ac Supply actual key bits to PSA_MAC_LENGTH during MAC setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
9621f444a7 Correctly mark unused arguments when MAC algorithms are compiled out
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
63fa40e593 Add sanity tests for CMAC-(3)DES through PSA Crypto
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
aaf9944db3 Use the proper define guards in the MAC driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
2a18f56b4e Remove superfluous checking from MAC driver
The PSA core checks the key type and algorithm combination before
calling the driver, so the driver doesn't have to do this once more.

The PSA core will also not start an operation with a requested length
which is larger than the full MAC output size, so the output length check
in the driver isn't needed as long as the driver returns an error on
mac_setup if it doesn't support the underlying hash algorithm.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
15f0d92a48 Move is_sign and mac_size checking back to PSA core scope
It makes sense to do the length checking in the core rather than expect
each driver to deal with it themselves. This puts the onus on the core to
dictate which algorithm/key combinations are valid before calling a driver.

Additionally, this commit also updates the psa_mac_sign_finish function
to better deal with output buffer sanitation, as per the review comments
on #4247.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
7dccfce5fb Add PSA_ACCEL test dependencies in MAC driver wrappers tests
To avoid the MAC tests from being run when only part of the driver
wrappers (not including MAC) are being configured for test.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
dabac4283b Convert mbedTLS to PSA dependencies for the driver wrapper tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
bd1f60868a Minor documentation and language fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
dba0644818 Remove superfluous check
As psa_mac_sign_finish / psa_mac_verify_finish already checks that the
operation structure is valid (id is non-zero), the driver itself doesn't
have to check for that anymore. If the operation has a driver ID assigned,
it means that driver has returned success from its setup function, so the
algorithm value will be set correctly.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
e68bb52afd Remove unused variable from MAC driver structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
af81a71b8b Remove superfluous length check
The key passed to the driver has been imported by the PSA Core, meaning
its length has already been verified, and the driver can rely on the
buffer length and key attributes being consistent.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
9878a160c6 Code flow and style improvements
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
22dea1d527 Base the PSA implementation of TLS 1.2 PRF on the MAC API
This means there is no longer a need to have an internal HMAC API, so
it is being removed in this commit as well.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
b27e3506fe Make HKDF use the generic MAC API
Such that the underlying HMAC can be accelerated if such a driver is present

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
c2cbac017f Use the correct guards on the context structures for MAC/HKDF/PRF
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
4f7cae6cbe Rename HMAC operation structure
Prefix with 'mbedtls_psa' as per the other types which implement some
sort of algorithm in software.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
a2a1b803da Make safer_memcmp available to all compile units under PSA
Now renamed to mbedtls_psa_safer_memcmp, it provides a single location
for buffer comparison.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
b4b9b2879c Remove redundant key_set from MAC operation structure
The purpose of key_set was to guard the operation structure from being
used for update/finish before a key was set. Now that the implementation
fully adheres to the PSA API, that function is covered by the `alg`
variable instead. It's set to the algorithm in use when a key is set, and
is zero when the operation is reset/invalid.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
6e6451ec01 Code flow/readability improvements after review
* Early return since there's nothing to clean up
* Get rid of unnecessary local variable
* Check algorithm validity for MAC in the PSA core instead of in the driver

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
5c85ef0a56 Remove unused items from MAC operation context structure
Apparently it was at some point assumed that there would be
support for MAC algorithms with IV, but that hasn't been
implemented yet. Until that time, these context structure
members are superfluous and can be removed.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
2d9a3f946e Add testing of the MAC driver entry points
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
09832b126e Add CMAC to standard PSA config
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
f64b25e205 Rename internal HMAC structure type to match convention
Typedef'ed structures are suffixed _t
Also updated the initialiser macro with content that actually
matches the structure's content.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
76720f6389 Complete, document and fully use internal HMAC API
Since HMAC moved into its own compilation unit, the internal API needed
to be documented and finalized. This means no more reaching deep into
the operation structure from within the PSA Crypto core. This will make
future refactoring work easier, since internal HMAC is now opaque to the
core.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
6f32bcacfa Add CMAC and HMAC driver testing to all.sh
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
87885df795 Migrate MAC finish calls into the software driver
Step 3/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Copied the implementation of safer_memcmp from psa_crypto into
  psa_cipher_mac since the mac_verify driver implementation
  depends on it, and it isn't available through external linkage

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
11743f91de Migrate MAC update call into the software driver
Step 2/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Early-return success on input with zero-length to mac_update, to
  avoid NULL pointers getting passed into the driver dispatch

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
0789783c17 Migrate MAC setup/abort calls into the software driver
Step 1/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of just moving code:
* Added a sanity check on the key buffer size for CMAC.
* Transfered responsibility for resetting the core members of the
  PSA MAC operation structure back to the core (from the driver
  wrapper layer)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
32d569449b Move internal HMAC implementation into internal MAC driver
This is a temporary measure. Other operations in the PSA Core which rely
on this internal HMAC API should be rewritten to use the MAC API instead,
since they can then leverage accelerated HMAC should a platform provide
such acceleration support.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
6e3c2cbb52 Move the MAC operation structure into the driver headers
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
896d51e584 Add boilerplate for dispatching MAC operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
aecf0d3e70 Add include headers for composite operation contexts and move hmac
Modeled after the include chain of the primitive operation contexts.
Also moved the HMAC context structure to the builtin composites file,
since that is where it conceptually belongs. This is a preparatory
step for implementing driver dispatch of MAC multipart operations.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
Steven Cooreman
14d09f4223 Move the cipher operation structure declaration for grouping
Cipher and Hash are grouped, since they are 'primitive' operations.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00