From 0c29cf87b19cc7545a0719ab91582e5149e0ec0b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 29 Jan 2025 08:18:43 +0000 Subject: [PATCH 1/5] Move ssl_ticket to the PSA API Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto API. Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 2 + include/mbedtls/ssl_ticket.h | 11 +++-- library/ssl_ticket.c | 11 +---- programs/fuzz/fuzz_server.c | 11 +++-- programs/ssl/ssl_server2.c | 88 ++++++++++++++++++++++++++---------- 5 files changed, 81 insertions(+), 42 deletions(-) create mode 100644 ChangeLog.d/9874.txt diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt new file mode 100644 index 0000000000..efcaa3af95 --- /dev/null +++ b/ChangeLog.d/9874.txt @@ -0,0 +1,2 @@ +API changes + * Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto API. diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index c05e6401f9..6dfe371a2a 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -20,7 +20,6 @@ */ #include "mbedtls/ssl.h" -#include "mbedtls/cipher.h" #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" @@ -93,8 +92,12 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * \param ctx Context to be set up * \param f_rng RNG callback function (mandatory) * \param p_rng RNG callback context - * \param cipher AEAD cipher to use for ticket protection. - * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. + * \param alg Cryptographic algorithm to use recomended value + * PSA_ALG_GCM from include/psa/crypto_values.h. + * \param key_type Cryptographic key type to use recomended value + * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. + * \param key_bits Cryptographic key type to use recomended value + * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. * \param lifetime Tickets lifetime in seconds * Recommended value: 86400 (one day). * @@ -117,7 +120,7 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime); /** diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index b770a8846b..8653e2ddda 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -186,19 +186,10 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, + psa_algorithm_t alg, psa_key_type_t key_type, psa_key_bits_t key_bits, uint32_t lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t key_bits; - - psa_algorithm_t alg; - psa_key_type_t key_type; - - if (mbedtls_ssl_cipher_to_psa(cipher, TICKET_AUTH_TAG_BYTES, - &alg, &key_type, &key_bits) != PSA_SUCCESS) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } if (PSA_ALG_IS_AEAD(alg) == 0) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 64b35edb9b..28f9e336ca 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -131,10 +131,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) if (options & 0x4) { - if (mbedtls_ssl_ticket_setup(&ticket_ctx, - dummy_random, &ctr_drbg, - MBEDTLS_CIPHER_AES_256_GCM, - 86400) != 0) { + if (mbedtls_ssl_ticket_setup(&ticket_ctx, //context + dummy_random, //f_rng + &ctr_drbg, //p_rng + PSA_ALG_GCM, //alg + PSA_KEY_TYPE_AES, //key_type + 256, //key_bits + 86400) != 0) { //lifetime goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 579c0a190f..b1c1359389 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -115,7 +115,9 @@ int main(void) #define DFL_DUMMY_TICKET 0 #define DFL_TICKET_ROTATE 0 #define DFL_TICKET_TIMEOUT 86400 -#define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM +#define DFL_TICKET_ALG PSA_ALG_GCM +#define DFL_TICKET_KEY_TYPE PSA_KEY_TYPE_AES +#define DFL_TICKET_KEY_BITS 256 #define DFL_CACHE_MAX -1 #define DFL_CACHE_TIMEOUT -1 #define DFL_CACHE_REMOVE 0 @@ -661,7 +663,9 @@ struct options { int dummy_ticket; /* enable / disable dummy ticket generator */ int ticket_rotate; /* session ticket rotate (code coverage) */ int ticket_timeout; /* session ticket lifetime */ - int ticket_aead; /* session ticket protection */ + int ticket_alg; /* session ticket algorithm */ + int ticket_key_type; /* session ticket key type */ + int ticket_key_bits; /* session ticket key size in bits */ int cache_max; /* max number of session cache entries */ #if defined(MBEDTLS_HAVE_TIME) int cache_timeout; /* expiration delay of session cache entries*/ @@ -1472,38 +1476,71 @@ static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, static int parse_cipher(char *buf) { + int rc = 0; if (strcmp(buf, "AES-128-CCM")) { - return MBEDTLS_CIPHER_AES_128_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "AES-128-GCM")) { - return MBEDTLS_CIPHER_AES_128_GCM; + opt.ticket_alg = PSA_ALG_GCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "AES-192-CCM")) { - return MBEDTLS_CIPHER_AES_192_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-192-GCM")) { - return MBEDTLS_CIPHER_AES_192_GCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-256-CCM")) { - return MBEDTLS_CIPHER_AES_256_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_AES; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "ARIA-128-CCM")) { - return MBEDTLS_CIPHER_ARIA_128_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "ARIA-128-GCM")) { - return MBEDTLS_CIPHER_ARIA_128_GCM; + opt.ticket_alg = PSA_ALG_GCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "ARIA-192-CCM")) { - return MBEDTLS_CIPHER_ARIA_192_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-192-GCM")) { - return MBEDTLS_CIPHER_ARIA_192_GCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-256-CCM")) { - return MBEDTLS_CIPHER_ARIA_256_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "ARIA-256-GCM")) { - return MBEDTLS_CIPHER_ARIA_256_GCM; + opt.ticket_alg = PSA_ALG_GCM; + opt.ticket_key_type = PSA_KEY_TYPE_ARIA; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "CAMELLIA-128-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_128_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; + opt.ticket_key_bits = 128; } else if (strcmp(buf, "CAMELLIA-192-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_192_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; + opt.ticket_key_bits = 192; } else if (strcmp(buf, "CAMELLIA-256-CCM")) { - return MBEDTLS_CIPHER_CAMELLIA_256_CCM; + opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_key_type = PSA_KEY_TYPE_CAMELLIA; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "CHACHA20-POLY1305")) { - return MBEDTLS_CIPHER_CHACHA20_POLY1305; + opt.ticket_alg = PSA_ALG_CHACHA20_POLY1305; + opt.ticket_key_type = PSA_KEY_TYPE_CHACHA20; + opt.ticket_key_bits = 256; + } else { + rc = -1; } - return MBEDTLS_CIPHER_NONE; + return rc; } int main(int argc, char *argv[]) @@ -1740,7 +1777,9 @@ int main(int argc, char *argv[]) opt.dummy_ticket = DFL_DUMMY_TICKET; opt.ticket_rotate = DFL_TICKET_ROTATE; opt.ticket_timeout = DFL_TICKET_TIMEOUT; - opt.ticket_aead = DFL_TICKET_AEAD; + opt.ticket_alg = DFL_TICKET_ALG; + opt.ticket_key_type = DFL_TICKET_KEY_TYPE; + opt.ticket_key_bits = DFL_TICKET_KEY_BITS; opt.cache_max = DFL_CACHE_MAX; #if defined(MBEDTLS_HAVE_TIME) opt.cache_timeout = DFL_CACHE_TIMEOUT; @@ -2191,9 +2230,7 @@ usage: goto usage; } } else if (strcmp(p, "ticket_aead") == 0) { - opt.ticket_aead = parse_cipher(q); - - if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) { + if (parse_cipher(q) != 0) { goto usage; } } else if (strcmp(p, "cache_max") == 0) { @@ -2963,8 +3000,11 @@ usage: #endif /* MBEDTLS_HAVE_TIME */ { if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx, - rng_get, &rng, - opt.ticket_aead, + rng_get, + &rng, + opt.ticket_alg, + opt.ticket_key_type, + opt.ticket_key_bits, opt.ticket_timeout)) != 0) { mbedtls_printf( " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n", From d0498803a131c2822d4984873ead6e6b14d4ecd4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 3 Feb 2025 11:33:25 +0000 Subject: [PATCH 2/5] Correct typos in comments Correct the typos in the mbedtls_ssl_ticket_setup function docs Signed-off-by: Ben Taylor --- include/mbedtls/ssl_ticket.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 6dfe371a2a..ef97e8f024 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -92,12 +92,9 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * \param ctx Context to be set up * \param f_rng RNG callback function (mandatory) * \param p_rng RNG callback context - * \param alg Cryptographic algorithm to use recomended value - * PSA_ALG_GCM from include/psa/crypto_values.h. - * \param key_type Cryptographic key type to use recomended value - * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. - * \param key_bits Cryptographic key type to use recomended value - * PSA_KEY_TYPE_AES from include/psa/crypto_values.h. + * \param alg AEAD cipher to use for ticket protection. + * \param key_type Cryptographic key type to use. + * \param key_bits Cryptographic key size to use in bits. * \param lifetime Tickets lifetime in seconds * Recommended value: 86400 (one day). * From 837130cf656d48b0ad73a36de716b1dc5d4e646a Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Feb 2025 07:40:59 +0000 Subject: [PATCH 3/5] Improve Changelog and correct alg selection Improve the description of the API changes in the changelog and fix some incorrect alg selection variables in ssl_server2.c. Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 5 ++++- programs/ssl/ssl_server2.c | 12 ++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt index efcaa3af95..8f264ec1be 100644 --- a/ChangeLog.d/9874.txt +++ b/ChangeLog.d/9874.txt @@ -1,2 +1,5 @@ API changes - * Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto API. + * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. + Instead of taking a mbedtls_cipher_type_t as an argument, this function now takes 3 + new arguments: a PSA algorithm, key type and key size, to specify the AEAD for ticket + protection. diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b1c1359389..d9e57018ae 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1476,7 +1476,7 @@ static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, static int parse_cipher(char *buf) { - int rc = 0; + int ret = 0; if (strcmp(buf, "AES-128-CCM")) { opt.ticket_alg = PSA_ALG_CCM; opt.ticket_key_type = PSA_KEY_TYPE_AES; @@ -1490,13 +1490,13 @@ static int parse_cipher(char *buf) opt.ticket_key_type = PSA_KEY_TYPE_AES; opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-192-GCM")) { - opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_alg = PSA_ALG_GCM; opt.ticket_key_type = PSA_KEY_TYPE_AES; opt.ticket_key_bits = 192; } else if (strcmp(buf, "AES-256-CCM")) { opt.ticket_alg = PSA_ALG_CCM; opt.ticket_key_type = PSA_KEY_TYPE_AES; - opt.ticket_key_bits = 128; + opt.ticket_key_bits = 256; } else if (strcmp(buf, "ARIA-128-CCM")) { opt.ticket_alg = PSA_ALG_CCM; opt.ticket_key_type = PSA_KEY_TYPE_ARIA; @@ -1510,7 +1510,7 @@ static int parse_cipher(char *buf) opt.ticket_key_type = PSA_KEY_TYPE_ARIA; opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-192-GCM")) { - opt.ticket_alg = PSA_ALG_CCM; + opt.ticket_alg = PSA_ALG_GCM; opt.ticket_key_type = PSA_KEY_TYPE_ARIA; opt.ticket_key_bits = 192; } else if (strcmp(buf, "ARIA-256-CCM")) { @@ -1538,9 +1538,9 @@ static int parse_cipher(char *buf) opt.ticket_key_type = PSA_KEY_TYPE_CHACHA20; opt.ticket_key_bits = 256; } else { - rc = -1; + ret = -1; } - return rc; + return ret; } int main(int argc, char *argv[]) From b6fb07bc48034384b1e9009f524672ceabf760ee Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Feb 2025 09:08:02 +0000 Subject: [PATCH 4/5] Change Changelog entry to a maximum of 80 charactors Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt index 8f264ec1be..21fe22e4e5 100644 --- a/ChangeLog.d/9874.txt +++ b/ChangeLog.d/9874.txt @@ -1,5 +1,5 @@ API changes * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function now takes 3 - new arguments: a PSA algorithm, key type and key size, to specify the AEAD for ticket - protection. + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to + specify the AEAD for ticket protection. From 7d4c48ba4ff8e8d65a907d05138c9de515008222 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 4 Feb 2025 15:27:53 +0000 Subject: [PATCH 5/5] fixed trailing whitespace Signed-off-by: Ben Taylor --- ChangeLog.d/9874.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/9874.txt b/ChangeLog.d/9874.txt index 21fe22e4e5..a4d2e032ee 100644 --- a/ChangeLog.d/9874.txt +++ b/ChangeLog.d/9874.txt @@ -1,5 +1,5 @@ API changes * Align the mbedtls_ssl_ticket_setup() function with the PSA Crypto API. - Instead of taking a mbedtls_cipher_type_t as an argument, this function - now takes 3 new arguments: a PSA algorithm, key type and key size, to + Instead of taking a mbedtls_cipher_type_t as an argument, this function + now takes 3 new arguments: a PSA algorithm, key type and key size, to specify the AEAD for ticket protection.