From 45bcb6aac847645439f35416bf229e709a963a5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Mar 2023 11:40:48 +0100 Subject: [PATCH 1/3] Fix dependencies of 1.2 ECDSA key exchanges MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2... Also, move the definition of PSA_HAVE_FULL_ECDSA outside the MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 20 +++++++++++++++++--- include/mbedtls/config_psa.h | 10 +++++----- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 2e02e9a5c2..7b1c70cb01 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -279,9 +279,20 @@ #error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" #endif +/* Helper for ECDSA dependencies, will be undefined at the end of the file */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(PSA_HAVE_FULL_ECDSA) +#define MBEDTLS_PK_HAVE_ECDSA +#endif +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_PK_HAVE_ECDSA +#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_ECDH_C) || \ - !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \ + !defined(MBEDTLS_PK_HAVE_ECDSA) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -313,9 +324,9 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_ECDH_C) || \ - !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \ + !defined(MBEDTLS_PK_HAVE_ECDSA) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -1068,6 +1079,9 @@ #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif +/* Undefine helper symbols */ +#undef MBEDTLS_PK_HAVE_ECDSA + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 77cb1a9e19..568d8c2bfc 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -310,11 +310,6 @@ extern "C" { #define PSA_HAVE_SOFT_BLOCK_AEAD 1 #endif -#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define PSA_HAVE_FULL_ECDSA 1 -#endif - #if defined(PSA_WANT_KEY_TYPE_AES) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define PSA_HAVE_SOFT_KEY_TYPE_AES 1 @@ -848,6 +843,11 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ +#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#define PSA_HAVE_FULL_ECDSA 1 +#endif + /* These features are always enabled. */ #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 From 439dbc5c607387461df3faefc408bfa0bf3b0472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Mar 2023 12:33:15 +0100 Subject: [PATCH 2/3] Fix dependency for TLS 1.3 as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Turns out TLS 1.3 is using the PK layer for signature generation & verification, and the PK layer is influenced by USE_PSA_CRYPTO. Also update docs/use-psa-crypto.md accordingly. Signed-off-by: Manuel Pégourié-Gonnard --- docs/use-psa-crypto.md | 15 +++++++++------ include/mbedtls/check_config.h | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index fc5317af89..c63e65a9a9 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -11,12 +11,15 @@ General considerations `psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK module. -**Scope:** `MBEDTLS_USE_PSA_CRYPTO` has no effect on the parts of the code that -are specific to TLS 1.3; those parts always use PSA Crypto. The parts of the -TLS 1.3 code that are common with TLS 1.2, however, follow this option; -currently this is the record protection code, computation of the running -handshake hash, and X.509. You need to enable `MBEDTLS_USE_PSA_CRYPTO` if you -want TLS 1.3 to use PSA everywhere. +**Scope:** `MBEDTLS_USE_PSA_CRYPTO` has no effect on the most of the TLS 1.3 +code, which always uses PSA crypto. The parts of the TLS 1.3 code that will +use PSA Crypto or not depending on the value of this option are: +- record protection; +- running handshake hash; +- asymmetric signature verification & generation; +- X.509 certificate chain verification. +You need to enable `MBEDTLS_USE_PSA_CRYPTO` if you want TLS 1.3 to use PSA +everywhere. New APIs / API extensions ------------------------- diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7b1c70cb01..ca60a9d92d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -783,7 +783,7 @@ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #if !( defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_PKCS1_V21) ) ) + ( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif From c2495f78e6f5687271bd17b3b57ae1822d8c4a95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Mar 2023 12:04:33 +0100 Subject: [PATCH 3/3] Add a ChangeLog entry for driver-only ECDSA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-ecdsa.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/driver-only-ecdsa.txt diff --git a/ChangeLog.d/driver-only-ecdsa.txt b/ChangeLog.d/driver-only-ecdsa.txt new file mode 100644 index 0000000000..645a723748 --- /dev/null +++ b/ChangeLog.d/driver-only-ecdsa.txt @@ -0,0 +1,7 @@ +Features + * When a PSA driver for ECDSA is present, it is now possible to disable + MBEDTLS_ECDSA_C in the build in order to save code size. For PK, X.509 + and TLS to fully work, this requires MBEDTLS_USE_PSA_CRYPTO to be enabled. + Restartable/interruptible ECDSA operations in PK, X.509 and TLS are not + supported in those builds yet, as driver support for interruptible ECDSA + operations is not present yet.