Commit Graph

8861 Commits

Author SHA1 Message Date
Hanno Becker
a654c3e38a Return 'Feature unavailable' error for ciphers unsupported by PSA 2018-11-22 14:03:39 +00:00
Hanno Becker
115e1a4e5b Don't use multiline comments in enums to silence check-names.sh
The sanity checking script tests/scripts/check-names.sh uses a
simple state machine paired with a sequence of `sed` commands to
extract enumeration constants from the code. This code, however,
doesn't work properly when using multiline comments in enumerations
such as recently done in the constants MBEDTLS_CIPHER_PSA_KEY_XXX.

This commit doesn't attempt to make check-names.sh more robust
but instead uses /* ... */ comment indicators in each comment line,
while silences check-names.sh.

Increasing the robustness of check-names.sh is instead tracked
in #2210.
2018-11-22 14:03:39 +00:00
Hanno Becker
b1b2c01df4 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 14:03:39 +00:00
Hanno Becker
625f94b2fd Minor rewording in documentation of PSA-based cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
ce61a32e6a Use enum for slot state in PSA-based cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
8d88a6e20d Check support for cipher in mbedtls_cipher_setup_psa()
mbedtls_cipher_setup_psa() should return
MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE when the requested
cipher is not supported by PSA, so that the caller can
try the original mbedtls_cipher_setup() instead.

The previous version of mbedtls_cipher_setup_psa(), however,
only attempted to translate the cipher mode (GCM, CCM, CBC,
ChaChaPoly, Stream), but didn't consider the underlying
cipher primitive. Hence, it wouldn't fail when attempting
to setup a cipher context for, say, 3DES-CBC, where CBC
is currently supported by PSA but 3DES isn't.

This commit adds a check to mbedtls_cipher_setup_psa()
for whether the requested cipher primitive is available
in the underlying PSA Crypto implementation, and fails
cleanly with MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE if
it is isn't.
2018-11-22 14:03:39 +00:00
Hanno Becker
b0c05e242c Test PSA-based GCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
5cec718191 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 14:03:39 +00:00
Hanno Becker
a13272d6d2 Test PSA-based CCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
56150afd1a Implement PSA-based AEAD enc/dec cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
f133640475 Add AEAD tag length to new mbedtls_cipher_setup_psa()
For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
2018-11-22 14:03:39 +00:00
Hanno Becker
884f6af590 Always configure PSA-based keys for encryption and decryption
Mbed TLS cipher layer allows usage of keys for other purposes
than indicated in the `operation` parameter of `mbedtls_cipher_setkey()`.
The semantics of the PSA Crypto API, in contrast, checks key
usage against the key policy.

As a remedy, this commit modifies the PSA key slot setup to
always allow both encryption and decryption.
2018-11-22 14:03:39 +00:00
Hanno Becker
e43164e8f1 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 14:03:39 +00:00
Hanno Becker
3c852a9c35 Implement PSA-based version of mbedtls_cipher_crypt() 2018-11-22 14:03:39 +00:00
Hanno Becker
d9ca5cfd60 Implement mbedtls_cipher_setkey() for PSA-based cipher contexts
This commit implements the internal key slot management performed
by PSA-based cipher contexts. Specifically, `mbedtls_cipher_setkey()`
wraps the provided raw key material into a key slot, and
`mbedtls_cipher_free()` destroys that key slot.
2018-11-22 14:03:39 +00:00
Hanno Becker
73f59fc3e9 Add PSA-specific cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
1cb36530be Add psa_enabled field to cipher ctx and add dummy implementations
This field determines whether a cipher context should
use an external implementation of the PSA Crypto API for
cryptographic operations, or Mbed TLS' own crypto library.

The commit also adds dummy implementations for the cipher API.
2018-11-22 14:03:39 +00:00
Hanno Becker
098c9de2af Add declaration and dummy-definition of mbedtls_cipher_setup_psa() 2018-11-22 14:03:39 +00:00
Hanno Becker
b1f0872ce6 Improve wording in documentation of mbedtls_cipher_setup() 2018-11-22 14:03:39 +00:00
Hanno Becker
d7503a72d0 Expand documentation of mbedtls_cipher_list() 2018-11-22 14:03:39 +00:00
Hanno Becker
21967c5bff Fix style in cipher.c 2018-11-22 14:03:39 +00:00
Hanno Becker
f4fb876be9 Fix style in cipher.h 2018-11-22 14:03:39 +00:00
Hanno Becker
c3d25b31ab Fix style in NUM_CIPHERS definition in cipher_wrap.c
Use brackets around `sizeof()` arguments as well as the entire macro.
2018-11-22 14:03:39 +00:00
Hanno Becker
e5a0450809 Fix style in definition of mbedtls_cipher_mode_t 2018-11-22 14:03:39 +00:00
Hanno Becker
6767cca100 Merge branch 'gcm_through_cipher_api_tests' into psa_cipher_ 2018-11-22 14:03:14 +00:00
Hanno Becker
c0c882cd67 Add missing dependencies in test_suite_cipher.gcm 2018-11-22 13:41:53 +00:00
Hanno Becker
f79aa9e3ca Adapt ChangeLog 2018-11-22 13:41:53 +00:00
Hanno Becker
ef42f22edd Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2018-11-22 13:41:07 +00:00
Manuel Pégourié-Gonnard
23a1ccd23f Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 12:21:20 +01:00
Simon Butcher
3459c749fb Create a block list for Travis CI, and fix the Coverity email 2018-11-22 10:14:03 +00:00
Hanno Becker
e10f191543 Remove MBEDTLS_PSA_CRYPTO_SPM from config.pl
This configuration option has been removed by now.
2018-11-22 09:43:35 +00:00
Manuel Pégourié-Gonnard
fa9a1ca967 Improve description of a test 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
347a00e07e Add test utility function: wrap_as_opaque()
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
59eecb0e9e Guard against PSA generating invalid signature
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
9a5a77ba7c Use shared function for error translation 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
45013a1d54 Fix a compliance issue in signature encoding
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
509aff111f Improve documentation of an internal function 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
d8454bc515 Get rid of large stack buffers in PSA sign wrapper 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
2f2b396b7a Add new macro to detemine ECDSA signature length
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71

This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
392dc045c9 Improve documentation of mbedtls_pk_setup_opaque() 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
69baf70984 Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
3686771dfa Implement pk_sign() for opaque ECDSA keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
d97390e97d Add tests for unsupported operations/functions 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
920c063bad Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
0184b3c69b Add support for get_(bit)len on opaque keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
01a12c49aa Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
7b5fe041f1 Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
eaeb7b23ff Clarify return value of pk_check_pair() 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
20678b2ae2 Skeleton for PK_OPAQUE_PSA 2018-11-22 09:59:34 +01:00
Hanno Becker
c44e0a4bd1 Initialize PSA key slot as invalid in ssl_client2.c
Otherwise, if `mbedtls_psa_get_free_key_slot()` fails to find a fresh
key slot, the slot value will be undefined, and the call to
`psa_destroy_key()` at the end of `main()` is undefined behavior.
2018-11-21 21:12:58 +00:00