Commit Graph

8980 Commits

Author SHA1 Message Date
Hanno Becker
58fc9aab54 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 16:33:01 +00:00
Hanno Becker
55e2e3d5cc Implement PSA-based version of mbedtls_cipher_crypt() 2018-11-22 16:33:01 +00:00
Hanno Becker
edda8b8830 Implement mbedtls_cipher_setkey() for PSA-based cipher contexts
This commit implements the internal key slot management performed
by PSA-based cipher contexts. Specifically, `mbedtls_cipher_setkey()`
wraps the provided raw key material into a key slot, and
`mbedtls_cipher_free()` destroys that key slot.
2018-11-22 16:33:01 +00:00
Hanno Becker
6118e43d15 Add PSA-specific cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker
ce1ddee13a Add psa_enabled field to cipher ctx and add dummy implementations
This field determines whether a cipher context should
use an external implementation of the PSA Crypto API for
cryptographic operations, or Mbed TLS' own crypto library.

The commit also adds dummy implementations for the cipher API.
2018-11-22 16:33:01 +00:00
Hanno Becker
4ccfc40aef Add declaration and dummy-definition of mbedtls_cipher_setup_psa() 2018-11-22 16:33:01 +00:00
Hanno Becker
73907f842b Improve wording in documentation of mbedtls_cipher_setup() 2018-11-22 16:33:01 +00:00
Hanno Becker
f28d344832 Expand documentation of mbedtls_cipher_list() 2018-11-22 16:33:01 +00:00
Hanno Becker
18597cd3c4 Fix style in cipher.c 2018-11-22 16:33:01 +00:00
Hanno Becker
c8b699dfa4 Fix style in cipher.h 2018-11-22 16:33:01 +00:00
Hanno Becker
0953ba1899 Fix style in NUM_CIPHERS definition in cipher_wrap.c
Use brackets around `sizeof()` arguments as well as the entire macro.
2018-11-22 16:33:01 +00:00
Hanno Becker
2e009fe013 Fix style in definition of mbedtls_cipher_mode_t 2018-11-22 16:33:01 +00:00
Hanno Becker
4ba0901bfc Merge branch 'gcm_through_cipher_api_tests' into gcm_through_cipher_api_tests_tmp 2018-11-22 16:32:30 +00:00
Hanno Becker
4097578207 Initialize PSA key slot as invalid in ssl_client2.c
Otherwise, if `mbedtls_psa_get_free_key_slot()` fails to find a fresh
key slot, the slot value will be undefined, and the call to
`psa_destroy_key()` at the end of `main()` is undefined behavior.
2018-11-22 16:30:20 +00:00
Hanno Becker
e9bf0f4c32 Share code for PSK identity configuration
This commit shares the code for setting the PSK identity hint between
the functions mbedtls_ssl_conf_psk() and mbedtls_ssl_conf_psk_opaque().
2018-11-22 16:30:20 +00:00
Hanno Becker
ed437a674e Fix typo in documentation of mbedtls_ssl_conf_psk() 2018-11-22 16:30:20 +00:00
Hanno Becker
a6f1d18afe Automatically allocate opaque PSK key slots in ssl_{client/server}2
Previously, command line arguments `psk_slot` and `psk_list_slot`
could be used to indicate the PSA key slots that the example
applications should use to store the PSK(s) provided.

This commit changes this approach to use the utility function
`mbedtls_psa_get_free_key_slot()` to obtain free key slots from
the PSA Crypto implementation automatically, so that users only
need to pass boolean flags `psk_opaque` and `psk_list_opaque`
on the command line to enable / disable PSA-based opaque PSKs.
2018-11-22 16:30:20 +00:00
Hanno Becker
01612e2886 Destroy PSA-based temporary opaque PSKs at the end of ssl_server2 2018-11-22 16:30:20 +00:00
Hanno Becker
923cd655e0 Destroy PSA-based temporary opaque PSK key at the end of ssl_client2 2018-11-22 16:30:20 +00:00
Hanno Becker
39eb4274bb Remove overly long line in ssl_client2.c 2018-11-22 16:30:20 +00:00
Hanno Becker
bffefae305 Safe-guard ssl_conf_remove_psk() for simultaneous raw-opaque PSKs
The code maintains the invariant that raw and opaque PSKs are never
configured simultaneously, so strictly speaking `ssl_conf_remove_psk()`
need not consider clearing the raw PSK if it has already cleared an
opaque one - and previously, it didn't. However, it doesn't come at
any cost to keep this check as a safe-guard to future unforeseen
situations where opaque and raw PSKs _are_ both present.
2018-11-22 16:30:20 +00:00
Hanno Becker
4d057f61a7 Don't use 48 as a magic number in ssl_derive_keys()
In multiple places, it occurrs as the fixed length of
the master secret, so use a constant with a descriptive
name instead. This is reinforced by the fact the some
further occurrences of '48' are semantically different.
2018-11-22 16:30:20 +00:00
Hanno Becker
5916c99cc3 Don't use idiom if( func() ) but always add explicit value check 2018-11-22 16:30:20 +00:00
Hanno Becker
3d4261bb21 Fix typo in documentation of mbedtls_ssl_conf_opaque_psk() 2018-11-22 16:30:20 +00:00
Hanno Becker
5a1d6da8f8 Add tests to ssl-opt.sh exercising server-side opaque PSK 2018-11-22 16:30:20 +00:00
Hanno Becker
4855c2d4c2 Add server-support for opaque PSKs 2018-11-22 16:30:20 +00:00
Hanno Becker
8bb28b9470 Rename ssl_conf_has_[raw_]_psk to ssl_conf_has_static_[raw_]psk
This is to differentiate the function from the functions relevant
on the server-side, which also need to take into the PSK callback.
2018-11-22 16:30:20 +00:00
Hanno Becker
ef29b2c3c9 Add support for opaque PSKs to ssl_server2 example application
This commit adds command line parameters `psk_slot` and `psk_list_slot`
to the example application `programs/ssl/ssl_server2`. These have the
following semantics:

- `psk_slot`: The same semantics as for the `ssl_client2` example
   application. That is, if a PSK is configured through the use
   of the command line parameters `psk` and `psk_identity`, then
   `psk_slot=X` can be used to import the PSK into PSA key slot X
   and registering it statically with the SSL configuration through
   the new API call mbedtls_ssl_conf_hs_opaque().
- `psk_list_slot`: In addition to the static PSK registered in the
   the SSL configuration, servers can register a callback for picking
   the PSK corresponding to the PSK identity that the client chose.
   The `ssl_server2` example application uses such a callback to select
   the PSK from a list of PSKs + Identities provided through the
   command line parameter `psk_list`, and to register the selected
   PSK via `mbedtls_ssl_set_hs_psk()`. In this case, the new parameter
   `psk_list_slot=X` has the effect of registering all PSKs provided in
   in `psk_list` as PSA keys in the key slots starting from slot `X`,
   and having the PSK selection callback register the chosen PSK
   through the new API function `mbedtls_ssl_set_hs_psk_opaque()`.
2018-11-22 16:30:20 +00:00
Hanno Becker
f5e56299ea Add tests to ssl-opt.sh exercising client-side opaque PSK 2018-11-22 16:30:20 +00:00
Hanno Becker
21e98b4114 Skip PMS generation on client if opaque PSK is used
For opaque PSKs, the PSK-to-MS expansion is performed atomatically
on the PSA-side.
2018-11-22 16:30:20 +00:00
Hanno Becker
b7aaf1e641 Implement PSA-based PSK-to-MS derivation in mbedtls_ssl_derive_keys 2018-11-22 16:30:20 +00:00
Hanno Becker
1e414e5d1d Simplify master secret derivation in mbedtls_ssl_derive_keys() 2018-11-22 16:30:20 +00:00
Hanno Becker
a32400bc6b Allow opaque PSKs in pure-PSK ciphersuites only
In contrast, RSA-PSK, ECDHE-PSK and DHE-PSK are explicitly excluded
for the moment.
2018-11-22 16:30:20 +00:00
Hanno Becker
a5ce0fd77f Don't suggest the use of a PSK suite if no PSK configured on client 2018-11-22 16:30:20 +00:00
Hanno Becker
fac92db771 Add support for opaque PSKs in ssl_client2 example program
This commit adds support for the use of PSA-based opaque PSKs
in the TLS client example application programs/ssl/ssl_client2.

Specifically, a numerical command line option `psk_slot` with
the following constraints and semantics is added:
- It can only be used alongside the provisioning of a raw PSK
  through the preexisting `psk` command line option.
- It can only be used if both TLS 1.2 and a PSK-only ciphersuite
  are enforced through the appropriate use of the `min_version`
  and `force_ciphersuite` command line options.
- If the previous conditions are met, setting `psk_slot=d` will
  result in the PSA key slot with identifier `d` being populated
  with the raw PSK data specified through the `psk` parameter
  and passed to Mbed TLS via `mbedtls_ssl_conf_psk_opaque()`
  prior to the handshake.

Enforcing the TLS version and ciphersuite is necessary to determine
the exact KDF algorithm the PSK will be used for. This is required
as it is currently not possible to set up a key without specifying
exactly one algorithm the key may be used with.
2018-11-22 16:30:20 +00:00
Hanno Becker
c6b8d400a0 Implement API for configuration of opaque PSKs
This commit adds implementations of the two new API functions

mbedtls_ssl_conf_psk_opaque()
mbedtls_ssl_set_hs_psk_opaque().
2018-11-22 16:30:20 +00:00
Hanno Becker
b94493cbc5 Add opaque PSK identifier to SSL configuration 2018-11-22 16:30:20 +00:00
Hanno Becker
ce620dd8b0 Add opaque PSK identifier to mbedtls_ssl_handshake_params
This commit adds a field `psk_opaque` to the handshake parameter
struct `mbedtls_ssl_handshake_params` which indicates if the user
has configured the use of an opaque PSK.
2018-11-22 16:30:20 +00:00
Hanno Becker
866fc7e3a7 Add API for configuration of opaque PSK
This commit adds two public API functions

mbedtls_ssl_conf_psk_opaque()
mbedtls_ssl_set_hs_psk_opaque()

which allow to configure the use of opaque, PSA-maintained PSKs
at configuration time or run time.
2018-11-22 16:30:20 +00:00
Hanno Becker
12bd57b8c8 Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh 2018-11-22 16:27:57 +00:00
Hanno Becker
fc359fd837 Remove double white space 2018-11-22 16:27:57 +00:00
Hanno Becker
47a6291445 Use MBEDTLS_PSA_UTIL_H instead of MBEDTLS_PSA_COMPAT_H in psa_util.h
This is still an artifact from when psa_util.h was called psa_compat.h.
2018-11-22 16:27:57 +00:00
Hanno Becker
56a78dd4ad State explicitly that any API depending on PSA is unstable 2018-11-22 16:27:57 +00:00
Hanno Becker
77030426a0 Update VisualC files 2018-11-22 16:27:57 +00:00
Hanno Becker
4d9e1e0ac4 Improve documentation of mbedtls_psa_err_translate_pk() 2018-11-22 16:27:57 +00:00
Hanno Becker
dec64735e2 Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode()
In case of AEAD ciphers, the cipher mode (and not even the entire content
of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t
because it doesn't specify the AEAD tag length, which however is included
in psa_algorithm_t identifiers.

This commit adds a tag length value to mbedtls_psa_translate_cipher_mode()
to account for that ambiguity.
2018-11-22 16:27:57 +00:00
Hanno Becker
14f78b03bb Add function to translate PSA errors to PK module errors 2018-11-22 16:27:57 +00:00
Hanno Becker
639a4320ca Fix Doxygen annotation in psa_util.h 2018-11-22 16:27:57 +00:00
Hanno Becker
06b6f34e9f Initialize PSA Crypto implementation in ssl_server2 2018-11-22 16:27:57 +00:00
Hanno Becker
50955d1c18 Initialize PSA Crypto implementation in ssl_client2.c 2018-11-22 16:27:56 +00:00