1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-10 10:40:59 +03:00
Commit Graph

13540 Commits

Author SHA1 Message Date
5a19892528 pkparse: fix check for ASN1 errors in mbedtls_pk_parse_subpubkey()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 16:44:18 +01:00
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
35f68533d8 Conditionally guard exit label to deter unused label error
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
b1d2c67ee0 Protect buffer in psa_export_public_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
45ac526592 Protect the buffer in psa_export_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
f028fe195b Protect buffer in psa_import_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
5922cb9309 pkparse: keep legacy PK error codes when RSA key parsing fails
This helps in reverting the changes to test_suite_x509parse.data
when the RSA key parsing fails.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 09:21:25 +01:00
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
e820975244 Fix comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:00:33 +01:00
0aad5f8f34 Copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
ae2668be97 Don't use mbedtls_pk_ec in our own code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
3b9034544e Revert "tls13: Introduce early_data_state SSL context field"
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
164537c4a6 tls13: early data: Improve, add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 19:52:30 +01:00
5fe9f6699b rsa_internal: update documentation for parse/write functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:35:56 +01:00
201e643509 rsa: simplify mbedtls_rsa_parse_pubkey() input parameters
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:19:37 +01:00
135ebde273 rsa: rename parse/write functions in order to follow the standard format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:00:29 +01:00
44ff9506dd rsa: set parse/write functions out of !RSA_ALT guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:58:36 +01:00
ed7d4bfda5 tls13: srv: Simplify mbedtls_ssl_read_early_data() API
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
0883b8b625 tls13: Introduce early_data_state SSL context field
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
7b6ee9482e tls13: srv: Reject early data in case of HRR
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
d9ca354dbd tls13: srv: Add mbedtls_ssl_read_early_data() API
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
6a5904db45 tls13: srv: Move early data size check placeholder
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
739a1d4246 tls: Add internal function ssl_read_application_data()
The function will be used by
mbedtls_ssl_read_early_data() as well.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
5d0ae9021f tls13: srv: Refine early data status
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
52ed54b949 psa_crypto_rsa: remove unnecessary casting
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:29:01 +01:00
2d73baf171 psa_util: convert_der_to_raw_single_int: ensure the input DER integers have valid length
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:25:17 +01:00
11cc41265b Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00
cb88c4945a Merge pull request #8754 from Redfoxymoon/development
fix build for midipix
2024-02-01 10:01:49 +00:00
a103ec9ad4 Make one shot operations thread safe
These all follow a pattern of locking some key slot,
reading its contents, and then unregistering from reading the slot.
psa_copy_key also writes to another slot,
but calls the functions needed to be threadsafe.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-31 14:17:15 +00:00
fb792cad31 Make psa_get_and_lock_X_with_policy threadsafe
Between the call to psa_get_and_lock_key_slot and psa_unregister_read
we only read the contents of a slot which we are registered to read,
so no extra mutex taking is needed.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-31 13:41:13 +00:00
eb1722a2b9 Add a wrapper function for psa_unregister_read
There are at least 20 occurences in the current code where
we will need this pattern of code, so I thought it best to
put this in a function

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-31 13:36:39 +00:00
2f1f17201d Make psa_get_and_lock_key_slot threadsafe
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-31 13:31:00 +00:00
6ad1fd133f Update psa_get_and_lock_key_slot_in_memory
Document that callers must hold the key slot mutex.
Change the volatile key checking behaviour so that it
doesn't read the contents of non-FULL slots.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-31 13:21:33 +00:00
3122f4da50 psa_util: invert check order for leading zeros in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-31 11:16:46 +01:00
5c5210f7e1 Remove state transitions in psa_load_X_key_into_slot
These calls otherwise don't abide by our assertions about changing the slot.
psa_get_and_lock_key_slot, the only caller to these, handles the state
transitions already. It also changes the contents of the slot after these calls.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-30 18:27:16 +00:00
3af9bc18f3 Wrap get_and_lock_key_slot_in_memory calls in mutex
It is useful to do this for the call in get_and_lock_key_slot.
Documenting that get_and_lock_key_slot_in_memory requires the mutex
is not part of this PR

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-30 17:21:57 +00:00
dae21d3808 Support SHA-512 hwcap detection on old libc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-30 15:31:42 +00:00
779a1a5b20 aria: remove leftover in comments
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 16:28:09 +01:00
78da7468ca psa_util: minor improvements to convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:08:40 +01:00
2a6cb5c881 fix build for midipix
Signed-off-by: Ørjan Malde <red@foxi.me>
2024-01-30 14:50:23 +01:00
3e65f52130 Conditionally guard exit label
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-01-30 12:37:25 +00:00
4f8847bb5d Implement safe buffer copying in asymmetric signature API
Use local copy buffer macros to implement safe
copy mechanism in asymmetric signature API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-01-30 12:17:54 +00:00
f35d24479e Merge pull request #1166 from daverodgman/ct-cmac
Use ct module from cmac
2024-01-30 09:54:02 +01:00
763971f32e Comment on locking strategy in psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 17:17:12 +00:00
c053d968f2 Make psa_destroy_key threadsafe
We do not require linearizability in the case of destroying a key in use.
Using a key and destroying it simultaneously will not cause any issues
as the user will only use the copy of the key in the slot.
Two simulatenous deletion calls to one key cannot interfere, the first caller
sets the slot's state to PENDING_DELETION, the second caller will back off.
Remove outdated comment about one key being in multiple slots, psa_open_key
does not put the key into a new slot.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 17:06:34 +00:00
122c94fd26 psa_util: remove raw_len param from convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 18:02:03 +01:00
9b9b5a52d9 psa_util: some code improvement to convert_der_to_raw_single_int()
This commit also fixes test_suite_psa_crypto_util.data due to the
change in one of the return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:25:19 +01:00
16abd59a62 Update psa_wipe_all_key_slots and document non-thread safety
This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:14:50 +00:00
b0821959ae Make psa_purge_key thread safe
Relies on get_and_lock_X being thread safe.
There are two mutex locks here, one in psa_get_and_lock...
Linearization point is the final unlock (or first lock on failure).

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:14:50 +00:00