From 9624a5932e4ab296ed81bfe44411e7a7651f15cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Oct 2022 20:52:34 +0200 Subject: [PATCH 01/11] Add mbedtls_dhm_parse_dhmfile test case with DER input dh.optlen.der is the result of converting dh.optlen.pem from PEM to DER. Signed-off-by: Gilles Peskine --- tests/data_files/dh.optlen.der | Bin 0 -> 530 bytes tests/suites/test_suite_dhm.data | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 tests/data_files/dh.optlen.der diff --git a/tests/data_files/dh.optlen.der b/tests/data_files/dh.optlen.der new file mode 100644 index 0000000000000000000000000000000000000000..3c3bf1780ea3b148899d2d22dc85b45b5f3c2165 GIT binary patch literal 530 zcmV+t0`2`Uf&vZ#f&l>lvl43R^l?+i)_*`SFtU=hy;^LZt{fA3^FW9E;-hL;jc~=q zV67|Ll1xfXzTyfNalUZ_&WGOmc94lSfIYs-V8cEViNT;c!p6kplm+FGFQ8d!9J;8L z%s?$t6YWZ0A6uxk;q5)CQKZCmuj>q^V7E4mILPP;^McuG;htdJm`-8KLbc!5BQh$_ zGJl>yJlbRc!CYG|q53pHU4xh}xUM{F1$Kw`K+0NA+!Ox#|HaBttyz+zLeV)8q)y U Date: Tue, 11 Oct 2022 20:53:20 +0200 Subject: [PATCH 02/11] test_suite_dhm: Add missing dependencies on MBEDTLS_PEM_PARSE_C Signed-off-by: Gilles Peskine --- tests/suites/test_suite_dhm.data | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index c17cfd1d08..2ab5c43746 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -109,10 +109,12 @@ dhm_make_public:MBEDTLS_MPI_MAX_SIZE:"5":0 Diffie-Hellman MPI_MAX_SIZE + 1 modulus dhm_make_public:MBEDTLS_MPI_MAX_SIZE + 1:"5":MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Diffie-Hellman load parameters from file [#1] +DH load parameters from PEM file (1024-bit, g=2) +depends_on:MBEDTLS_PEM_PARSE_C dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128 -Diffie-Hellman load parameters from file [#2] +DH load parameters from PEM file (2048-bit, large g, privateValueLength) +depends_on:MBEDTLS_PEM_PARSE_C dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256 DH load parameters from DER file (2048-bit, large g, privateValueLength) From 58e5d804ee2bed03a6d41e7288d5378a9150c657 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Oct 2022 20:57:38 +0200 Subject: [PATCH 03/11] test_suite_pk: Add missing dependencies on MBEDTLS_PEM_PARSE_C Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.data | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 3dc2b8ba1b..bd5d31ec41 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -521,23 +521,23 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED Check pair #1 (EC, OK) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 Check pair #2 (EC, bad) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA Check pair #3 (RSA, OK) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0 Check pair #4 (RSA, bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED Check pair #5 (RSA vs EC) -depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH RSA hash_len overflow (size_t vs unsigned int) From fd94304f9d547f826e2cbc044e9cfb725f539a95 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Oct 2022 20:59:29 +0200 Subject: [PATCH 04/11] PSA RSA needs pk_write The PSA crypto code needs mbedtls_pk_write_key_der() and mbedtls_pk_write_pubkey() when using RSA without drivers. We were already forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_rsa_needs_pk.txt | 3 +++ include/mbedtls/build_info.h | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/psa_rsa_needs_pk.txt diff --git a/ChangeLog.d/psa_rsa_needs_pk.txt b/ChangeLog.d/psa_rsa_needs_pk.txt new file mode 100644 index 0000000000..3421affc7a --- /dev/null +++ b/ChangeLog.d/psa_rsa_needs_pk.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not + MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 6195ac979b..21e63f125f 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -74,7 +74,22 @@ #include MBEDTLS_USER_CONFIG_FILE #endif -#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) +/* The PK wrappers need pk_write functions to format RSA key objects + * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, + * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). + * PSA crypto also needs pk_write to export RSA keys (otherwise the build + * goes through but psa_export_key() and psa_export_public_key() fail on + * RSA keys). + */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_PK_C +#define MBEDTLS_PK_WRITE_C +#endif + +/* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions + * to pass ECC keys to PSA. */ +#if defined(MBEDTLS_PK_C) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_C) #define MBEDTLS_PK_WRITE_C #endif From aef1ba679d6a9e09aa08912c0a704570141d3cba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Oct 2022 21:05:06 +0200 Subject: [PATCH 05/11] Add build with a typical configuration for a PSA crypto service Disable non-crypto features that can't be called through the PSA API, as well as algorithms that have no PSA interface. This serves as a non-regression test for #6408 and #6409. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a1b47f4669..fa41604158 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1554,6 +1554,33 @@ component_build_crypto_full () { are_empty_libraries library/libmbedx509.* library/libmbedtls.* } +component_build_crypto_light () { + msg "build: make, config for PSA crypto service" + scripts/config.py crypto + scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + # Disable things that are not needed for just cryptography, to + # reach a configuration that would be typical for a PSA cryptography + # service providing all implemented PSA algorithms. + # System stuff + scripts/config.py unset MBEDTLS_ERROR_C + scripts/config.py unset MBEDTLS_TIMING_C + scripts/config.py unset MBEDTLS_VERSION_FEATURES_C + # Crypto stuff with no PSA interface + scripts/config.py unset MBEDTLS_BASE64_C + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset MBEDTLS_PEM_PARSE_C + scripts/config.py unset MBEDTLS_PEM_WRITE_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_PKCS5_C + # MBEDTLS_PK_WRITE_C is actually currently needed for RSA key export, + # but build_info.h will reenable it. + scripts/config.py unset MBEDTLS_PK_WRITE_C + # At this time, we can't unset MBEDTLS_PK_PARSE_C, because it's needed + # for RSA in PSA (see https://github.com/Mbed-TLS/mbedtls/issues/6408). + make CFLAGS='-O1 -Werror' all test + are_empty_libraries library/libmbedx509.* library/libmbedtls.* +} + component_build_crypto_baremetal () { msg "build: make, crypto only, baremetal config" scripts/config.py crypto_baremetal From fcee740b835f6dcbca1fa4aa42998c3269caad8e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 11 Oct 2022 21:15:24 +0200 Subject: [PATCH 06/11] Automatically enable PK_PARSE for RSA in PSA PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost anything with them (import, get attributes, export public from private, any cryptographic operations). Force it on, for symmetry with what we're doing for MBEDTLS_PK_WRITE_C. Fixes #6409. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_rsa_needs_pk.txt | 2 ++ include/mbedtls/build_info.h | 3 ++- tests/scripts/all.sh | 8 ++++---- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/psa_rsa_needs_pk.txt b/ChangeLog.d/psa_rsa_needs_pk.txt index 3421affc7a..995963d7e4 100644 --- a/ChangeLog.d/psa_rsa_needs_pk.txt +++ b/ChangeLog.d/psa_rsa_needs_pk.txt @@ -1,3 +1,5 @@ Bugfix * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not MBEDTLS_USE_PSA_CRYPTO or MBEDTLS_PK_WRITE_C. Fixes #6408. + * Fix build failure with MBEDTLS_RSA_C and MBEDTLS_PSA_CRYPTO_C but not + MBEDTLS_PK_PARSE_C. Fixes #6409. diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 21e63f125f..b043789298 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -79,11 +79,12 @@ * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). * PSA crypto also needs pk_write to export RSA keys (otherwise the build * goes through but psa_export_key() and psa_export_public_key() fail on - * RSA keys). + * RSA keys), and pk_parse to work with RSA keys in almost any way. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) #define MBEDTLS_PK_C #define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_PARSE_C #endif /* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fa41604158..30ab9ba632 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1572,11 +1572,11 @@ component_build_crypto_light () { scripts/config.py unset MBEDTLS_PEM_WRITE_C scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C - # MBEDTLS_PK_WRITE_C is actually currently needed for RSA key export, - # but build_info.h will reenable it. + # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed + # in PSA code to work with RSA keys. We don't require users to set those: + # they will be reenabled in build_info.h. + scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - # At this time, we can't unset MBEDTLS_PK_PARSE_C, because it's needed - # for RSA in PSA (see https://github.com/Mbed-TLS/mbedtls/issues/6408). make CFLAGS='-O1 -Werror' all test are_empty_libraries library/libmbedx509.* library/libmbedtls.* } From fc4f11b5d00b30fbd6bca1c5fe395b556adaa10c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 21 Oct 2022 19:34:54 +0200 Subject: [PATCH 07/11] Improve test component name Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 30ab9ba632..74c56d5794 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1554,7 +1554,7 @@ component_build_crypto_full () { are_empty_libraries library/libmbedx509.* library/libmbedtls.* } -component_build_crypto_light () { +component_test_crypto_for_psa_service () { msg "build: make, config for PSA crypto service" scripts/config.py crypto scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER From 78bffd1ff59fa7cdca7198e03c7eb324d6a85b92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Oct 2022 21:02:33 +0200 Subject: [PATCH 08/11] Fix spelling of a disabled option Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 74c56d5794..a99ebbc36f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1564,7 +1564,7 @@ component_test_crypto_for_psa_service () { # System stuff scripts/config.py unset MBEDTLS_ERROR_C scripts/config.py unset MBEDTLS_TIMING_C - scripts/config.py unset MBEDTLS_VERSION_FEATURES_C + scripts/config.py unset MBEDTLS_VERSION_FEATURES # Crypto stuff with no PSA interface scripts/config.py unset MBEDTLS_BASE64_C scripts/config.py unset MBEDTLS_NIST_KW_C From 1f10807837b0f47c4b606bd2fbfa8be5337f4cfb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Oct 2022 21:02:56 +0200 Subject: [PATCH 09/11] Disable pk in the PSA service config build It's not needed as a feature. It gets reenabled automatically in build_info.h like pk_write and pk_parse, but that's an implementation detail. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a99ebbc36f..9bd2c2d061 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1575,6 +1575,7 @@ component_test_crypto_for_psa_service () { # MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C are actually currently needed # in PSA code to work with RSA keys. We don't require users to set those: # they will be reenabled in build_info.h. + scripts/config.py unset MBEDTLS_PK_C scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C make CFLAGS='-O1 -Werror' all test From 649e04e3d1a1b56b858cc58e20514b9c564b6fb5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Oct 2022 21:05:57 +0200 Subject: [PATCH 10/11] PSA service config build: note why we aren't disabling cipher and md Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9bd2c2d061..6e5d9236e7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1567,6 +1567,8 @@ component_test_crypto_for_psa_service () { scripts/config.py unset MBEDTLS_VERSION_FEATURES # Crypto stuff with no PSA interface scripts/config.py unset MBEDTLS_BASE64_C + # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it. + # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG. scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_PEM_PARSE_C scripts/config.py unset MBEDTLS_PEM_WRITE_C From b06f0717b3504fec669d93e17171a040e08cc269 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Oct 2022 21:06:11 +0200 Subject: [PATCH 11/11] PSA service config build: disable more modules not used by PSA Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6e5d9236e7..30d10cb108 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1568,6 +1568,7 @@ component_test_crypto_for_psa_service () { # Crypto stuff with no PSA interface scripts/config.py unset MBEDTLS_BASE64_C # Keep MBEDTLS_CIPHER_C because psa_crypto_cipher, CCM and GCM need it. + scripts/config.py unset MBEDTLS_HKDF_C # PSA's HKDF is independent # Keep MBEDTLS_MD_C because deterministic ECDSA needs it for HMAC_DRBG. scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_PEM_PARSE_C