From f6d3c44abad6594a9bca6b0bb1e019c4deb334b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Mon, 29 Nov 2021 12:55:21 +0100 Subject: [PATCH 01/25] [nrf noup] Undef PSA crypto client in crypto_types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -To remove unnecessary build warnings for define being redefined we need to undefine the MBEDTLS_PSA_CRYPTO_CLIENT in the crypto_types header file Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit 63b9b1154441634d85ee08e9fbb172a1addeed49) (cherry picked from commit e28066d9796920f9dd5b03b34a2e8dff46d141b2) --- include/psa/crypto_types.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index af61aea9df..567e25ab43 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -40,6 +40,7 @@ * is defined as well to include all PSA code. */ #if defined(MBEDTLS_PSA_CRYPTO_C) +#undef MBEDTLS_PSA_CRYPTO_CLIENT #define MBEDTLS_PSA_CRYPTO_CLIENT #endif /* MBEDTLS_PSA_CRYPTO_C */ From 92a84d62d26db610586e5f4f1a2381e8d19b92ea Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Mon, 13 Dec 2021 12:48:31 +0100 Subject: [PATCH 02/25] [nrf noup] Remove redefinition ECC_MAX_CURVE_BITS -This removes the redefinition of the define PSA_VENDOR_ECC_MAX_CURVE_BITS which we will set in our configuration file. Ref: NCSDK-12898 Signed-off-by: Georgios Vasilakis Signed-off-by: Joakim Andersson (cherry picked from commit 1292885891625f15fe5862490bf3826605890024) (cherry picked from commit 79f38c8360fcde8bf3c93eb9ba45451b8748cc0b) --- include/psa/crypto_sizes.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index b42b2df0d0..a3125bead4 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -192,6 +192,8 @@ /* The maximum size of an ECC key on this implementation, in bits. * This is a vendor-specific macro. */ +#ifndef PSA_VENDOR_ECC_MAX_CURVE_BITS + #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) @@ -222,6 +224,8 @@ #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0 #endif +#endif + /** This macro returns the maximum supported length of the PSK for the * TLS-1.2 PSK-to-MS key derivation * (#PSA_ALG_TLS12_PSK_TO_MS(\c hash_alg)). From d3eb2085016129ec5c16d6706b5c2fab86251717 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Thu, 20 Jan 2022 14:00:05 +0100 Subject: [PATCH 03/25] [nrf noup] Check if ECP_MAX_BITS is set in ecp.h -The ECP_ALT file sets this variable so we will have a multiple definition if we enable it in ecp.h. Signed-off-by: Georgios Vasilakis Signed-off-by: Joakim Andersson (cherry picked from commit 11023cdf84f23a09192f3cb6713e78f755333508) (cherry picked from commit 6c708499982f33b0aad6316f6f8851004b47f84e) --- include/mbedtls/ecp.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 0c1790d521..c60175a3a5 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -305,6 +305,8 @@ mbedtls_ecp_group; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +#ifndef MBEDTLS_ECP_MAX_BITS + /** * The maximum size of the groups, that is, of \c N and \c P. */ @@ -343,6 +345,8 @@ mbedtls_ecp_group; #error "Missing definition of MBEDTLS_ECP_MAX_BITS" #endif +#endif + #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) From 8ffbcc11f708ba1b7536b90901e7a93e894b26e1 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Thu, 20 Jan 2022 14:04:11 +0100 Subject: [PATCH 04/25] [nrf noup] Check if GCM_C is defined in gcm.h -This checks if GCM_C is enabled in gcm.h before including the functions. This was causing build issues when the GCM is disabled but GCM_ALT is enabled. Signed-off-by: Georgios Vasilakis Signed-off-by: Joakim Andersson (cherry picked from commit 08e91487b1f490c4f66f941dae05e3a433f1b908) (cherry picked from commit 125633d665a8335c684ffe3a284512276bf6e86c) --- include/mbedtls/gcm.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 7dc9dfb8ec..ce4d6ea81e 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -52,6 +52,8 @@ extern "C" { #endif +#if defined(MBEDTLS_GCM_C) + #if !defined(MBEDTLS_GCM_ALT) /** @@ -374,10 +376,10 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); int mbedtls_gcm_self_test( int verbose ); #endif /* MBEDTLS_SELF_TEST */ +#endif /* MBEDTLS_GCM_C */ #ifdef __cplusplus } #endif - #endif /* gcm.h */ From f1f21d25289bf89a2619786468ae5b5fa96cb380 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Sun, 30 Jan 2022 14:06:58 +0100 Subject: [PATCH 05/25] [nrf noup] Add driver_wrapper call for derivation -This adds a psa_driver_wrapper call for the PSA psa_key_derivation_key_agreement API. Without this patch the psa_key_derivation APIs will never reach the PSA drivers (Oberon, CC3XX) and they will only support the software implementation. This patch is a noupp because we expect the Mbed TLS project to add this change in a later release. Ref: NCSDK-13564 Signed-off-by: Georgios Vasilakis Signed-off-by: Joakim Andersson (cherry picked from commit 7e0b0ec78c8c9ce146951a19cdd2194f67ebd742) (cherry picked from commit afeb7c32f9d1e261ebc8ec37ec1d0fb98d501475) --- library/psa_crypto.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a700a3ce03..222e37feaa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5812,12 +5812,30 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t * /* Step 1: run the secret agreement algorithm to generate the shared * secret. */ - status = psa_key_agreement_raw_internal( ka_alg, - private_key, - peer_key, peer_key_length, - shared_secret, - sizeof( shared_secret ), - &shared_secret_length ); + psa_key_attributes_t attributes = { + .core = private_key->attr + }; + + status = psa_driver_wrapper_key_agreement( &attributes, + private_key->key.data, + private_key->key.bytes, + ka_alg, + peer_key, + peer_key_length, + shared_secret, + sizeof( shared_secret ), + &shared_secret_length); + + if( status == PSA_ERROR_NOT_SUPPORTED ) + { + status = psa_key_agreement_raw_internal( ka_alg, + private_key, + peer_key, peer_key_length, + shared_secret, + sizeof( shared_secret ), + &shared_secret_length ); + } + if( status != PSA_SUCCESS ) goto exit; From ca1e6b2e707de4dbb0e4afbfd2b2087460c9b97a Mon Sep 17 00:00:00 2001 From: Pete Skeggs Date: Fri, 4 Feb 2022 18:36:26 -0800 Subject: [PATCH 06/25] [nrf noup] Enable use of SNI without x509. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Enable use of SNI without x509 by testing for MBEDTLS_SSL_SERVER_NAME_INDICATION ref: NCSDK-15193 Signed-off-by: Pete Skeggs Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit a80889ee0593defc507f6a97a3afc82fd53e90f1) (cherry picked from commit 4bf39866bfb039c1694486f601dbf6846fb35fae) --- include/mbedtls/check_config.h | 3 ++- include/mbedtls/ssl.h | 10 ++++++---- library/ssl_tls.c | 12 ++++++------ 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 87f1e767c7..d2caaafde3 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -951,7 +951,8 @@ #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \ - !defined(MBEDTLS_X509_CRT_PARSE_C) + !defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_SSL_PROTO_DTLS) #error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites" #endif diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3f48377b6d..99545fde33 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1762,7 +1762,7 @@ struct mbedtls_ssl_context /* * User settings */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification (and SNI if available) */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -3743,7 +3743,7 @@ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, const uint16_t* sig_algs ); #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) /** * \brief Set or reset the hostname to check against the received * server certificate. It sets the ServerName TLS extension, @@ -3763,9 +3763,9 @@ void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, * On too long input failure, old hostname is unchanged. */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +#if defined(MBEDTLS_X509_CRT_PARSE_C) /** * \brief Retrieve SNI extension value for the current handshake. * Available in \p f_cert_cb of \c mbedtls_ssl_conf_cert_cb(), @@ -3820,6 +3820,7 @@ int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain, mbedtls_x509_crl *ca_crl ); +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) /** @@ -3836,6 +3837,7 @@ void mbedtls_ssl_set_hs_dn_hints( mbedtls_ssl_context *ssl, const mbedtls_x509_crt *crt ); #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) /** * \brief Set authmode for the current handshake. * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9bb9dc23cd..ff77f0eb48 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1813,7 +1813,7 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_X509_CRT_PARSE_C) const unsigned char *mbedtls_ssl_get_hs_sni( mbedtls_ssl_context *ssl, size_t *name_len ) { @@ -1850,7 +1850,7 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, { ssl->handshake->sni_authmode = authmode; } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, @@ -2806,7 +2806,7 @@ void mbedtls_ssl_conf_groups( mbedtls_ssl_config *conf, conf->group_list = group_list; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { /* Initialize to suppress unnecessary compiler warning */ @@ -2850,7 +2850,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_SSL_SERVER_NAME_INDICATION*/ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, @@ -4770,7 +4770,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) mbedtls_free( ssl->session ); } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ssl->hostname != NULL ) { mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); @@ -5515,7 +5515,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, return( ret ); } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C || MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl, From dbbe35f4ed74dc777df5890d9ed5f694da785c07 Mon Sep 17 00:00:00 2001 From: Pete Skeggs Date: Mon, 14 Feb 2022 11:14:57 -0800 Subject: [PATCH 07/25] [nrf noup] Enable auto-generation of additional TLS/DTLS docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Enable more TLS/DTLS types being auto-generated in documentation in Mbed TLS. Note that these are not in use in nRF Connect SDK documentation generation at the moment, this commit currently has no effect ref: NCSDK-15193 This one conflicted because PREDEFINED was removed in the doxyfile. Check if this commit can be dropped. Conflict resolution is to bring back the old defines. Signed-off-by: Pete Skeggs Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit b4e0e5cc63221d2a9f9008847825bdbbdbd012c6) (cherry picked from commit 6ef9f199ac93626a5a441b26bcabe9c89e5fefea) --- doxygen/mbedtls.doxyfile | 48 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 0c744daaa2..b7a5a6c353 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -21,6 +21,54 @@ GENERATE_LATEX = NO MACRO_EXPANSION = YES EXPAND_ONLY_PREDEF = YES INCLUDE_PATH = ../include + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = WIN32 \ + NTLM \ + USE_LZO \ + ENABLE_FRAGMENT \ + P2MP \ + P2MP_SERVER \ + USE_CRYPTO \ + USE_SSL \ + ENABLE_PLUGIN \ + ENABLE_MANAGEMENT \ + ENABLE_OCC \ + HAVE_GETTIMEOFDAY \ + MBEDTLS_SSL_DTLS_CONNECTION_ID \ + MBEDTLS_SSL_PROTO_DTLS \ + MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_CLI_C \ + MBEDTLS_SSL_MAX_FRAGMENT_LENGTH \ + MBEDTLS_SSL_ENCRYPT_THEN_MAC \ + MBEDTLS_SSL_EXPORT_KEYS \ + MBEDTLS_SSL_SERVER_NAME_INDICATION \ + MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED \ + MBEDTLS_SSL_DTLS_HELLO_VERIFY \ + MBEDTLS_SSL_EXTENDED_MASTER_SECRET \ + MBEDTLS_DEBUG_C + + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition that +# overrules the definition found in the source code. + EXPAND_AS_DEFINED = MBEDTLS_PRIVATE CLASS_DIAGRAMS = NO HAVE_DOT = YES From a9d5a5a45dddfe13bd7e6da5a2032cd2d0febb5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 10 Mar 2022 10:15:32 +0100 Subject: [PATCH 08/25] [nrf toup] pk_wrap: Add missing MD description for ECDSA verify MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Change from PSA_ALG_ECDSA_ANY to a version that provides the correct conversion of md_alg => psa_md_alg ref: NCSDK-14199 Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit c3884bde72e926bb9da4a4fea20b48c5d5718d28) (cherry picked from commit 3ff651acab17c646923192b327fa19f25735ef2f) --- library/pk_wrap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 5de8fa65f7..e6c1ca25f7 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -932,12 +932,11 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, unsigned char buf[MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES]; unsigned char *p; mbedtls_pk_info_t pk_info = mbedtls_eckey_info; - psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; + psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8; - ((void) md_alg); if( curve == 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); From 3da802b5568223fb2249a4cda4bc2afc0d0ddfad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 5 Apr 2022 15:52:43 +0200 Subject: [PATCH 09/25] [nrf noup] Disable reporting ecjpake kkpp extension for PSK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Disabling this prevents in-field devices from returning errors when non ECJPAKE PSK is used for OpenThread devices. ref: NCSDK-14629 Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit 231620dbe84eec7f5bcf2cb63f2719a3946a0249) (cherry picked from commit 14c0a292624c647ef61537907d1ec62690a1af27) --- library/ssl_tls12_client.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7a1745205c..8d8aa6285e 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -556,16 +556,16 @@ int mbedtls_ssl_tls12_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); } p += ext_len; - } -#endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p, end, &ext_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret ); - return( ret ); + if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p, end, &ext_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret ); + return( ret ); + } + p += ext_len; +#endif } - p += ext_len; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) From 24c4ec154b401c32291c6844486f9e6f125949a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 5 Apr 2022 16:00:36 +0200 Subject: [PATCH 10/25] [nrf noup] Fix PSA MAC for CMAC key types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -The current version is HMAC-oriented and assumes the key type has PSA_KEY_USAGE_SIGN_HASH and PSA_KEY_USAGE_VERIFY_HASH, while PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE is more apt for CMAC. ref: NCSDK-14656 Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit 8c1dff400cee7353236232036d4d44206d934590) (cherry picked from commit 7a26f05bf93f67979e08ce73d0544bdcd22dd4c3) --- library/psa_crypto.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 222e37feaa..b6739e420c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2365,12 +2365,21 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, status = PSA_ERROR_BAD_STATE; goto exit; } - status = psa_get_and_lock_key_slot_with_policy( key, &slot, is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE, alg ); + if( status == PSA_ERROR_NOT_PERMITTED ) + { + /* Try with the other option (using sign/verify message) */ + status = psa_get_and_lock_key_slot_with_policy( + key, + &slot, + is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE, + alg ); + } + if( status != PSA_SUCCESS ) goto exit; @@ -2556,8 +2565,18 @@ static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key, status = psa_get_and_lock_key_slot_with_policy( key, &slot, - is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE, + is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH, alg ); + if( status == PSA_ERROR_NOT_PERMITTED ) + { + /* Try with the other option (using sign/verify message) */ + status = psa_get_and_lock_key_slot_with_policy( + key, + &slot, + is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE, + alg ); + } + if( status != PSA_SUCCESS ) goto exit; From f6ff46f89ba8b9bb14f6b525aac4bbb166cdf154 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Sun, 10 Apr 2022 12:03:46 +0200 Subject: [PATCH 11/25] [nrf_noup] Add opaque oberon context for hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Since the CC3XX driver can call Oberon to do the hashing it needs to be aware of the context size of the Oberon operation. This adds this size in the build. -Setting the alignment for the oberon type as it is using uint64_t as the first tipe and hence will be 8 byte aligned. ref: NCSDK-13860 ref: NCSDK-13857 Signed-off-by: Georgios Vasilakis Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit bec3de05ba93455980af2e0d9d3127defe321899) (cherry picked from commit e422c8d573c6fd9b64070870725b1fcac945a370) --- include/psa/crypto_driver_contexts_primitives.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index 2bc0bda70e..3cee208f50 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -108,6 +108,7 @@ typedef union { #if defined(PSA_CRYPTO_DRIVER_CC3XX) cc3xx_hash_operation_t cc3xx_driver_ctx; #endif + uint8_t oberon_hash_operation[52 * sizeof(uint64_t) + sizeof(psa_algorithm_t)] __attribute__((aligned(8))); } psa_driver_hash_context_t; typedef union { From 28631799df112faaaac02800b1bbefba0dfc225d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Thu, 12 May 2022 08:35:28 +0200 Subject: [PATCH 12/25] [nrf noup] Fix unset key bits for nrf_cc3xx v0.9.14 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -The runtime library expects key-bits to be set when it is not for cipher and ECDSA, this is fixed here. This may be an issue either in Mbed TLS or in nrf_cc3xx v0.9.14. Hence setting as a noup ref: NCSDK-13857 Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit 67cb08fac7bdd11196e95952aaa160bc8bab7319) (cherry picked from commit 1707e93e79223c1a8e3753c1decae62664e93651) --- library/cipher.c | 1 + library/pk_wrap.c | 1 + 2 files changed, 2 insertions(+) diff --git a/library/cipher.c b/library/cipher.c index dffe3adca4..995d70b2f8 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -284,6 +284,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, /* mbedtls_psa_translate_cipher_operation( operation ); */ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); psa_set_key_algorithm( &attributes, cipher_psa->alg ); + psa_set_key_bits( &attributes, (size_t) key_bitlen ); status = psa_import_key( &attributes, key, key_bytelen, &cipher_psa->slot ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e6c1ca25f7..616f14b9ae 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -953,6 +953,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); psa_set_key_algorithm( &attributes, psa_sig_md ); + psa_set_key_bits( &attributes, curve_bits ); status = psa_import_key( &attributes, buf + sizeof( buf ) - key_len, key_len, From c56a2aea84fa66b22e589d5ea91fdd5dcd1e9e3f Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Tue, 13 Sep 2022 15:25:42 +0200 Subject: [PATCH 13/25] [nrf noup] Zeroize the Mbedtls entropy mutex This makes sure that the content of the mutex inside the mbedtls_entropy_context is zeroed. This is a workaround because the CryptoCell runtime library will generate a fault if the mutex is not zeroed. This workaround will be reverted later when NCSDK-17004 is fixed. There is no reason to upstream this since it is a limitation in our CryptoCell runtime library and not an upstream limitation. Ref: NCSDK-8075 Signed-off-by: Georgios Vasilakis Signed-off-by: Joakim Andersson (cherry picked from commit 73337db4dada15c23ded33252513c0d67ebf4ed7) (cherry picked from commit 10d43b5f6f6d23ea6768903483a0cc0579f5ec3a) --- library/entropy.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/entropy.c b/library/entropy.c index 1e0d9d3281..e73ed12e63 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -45,6 +45,10 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) memset( ctx->source, 0, sizeof( ctx->source ) ); #if defined(MBEDTLS_THREADING_C) + /* This is a workaround, the CryptoCell runtime library which implements the mutex + initialization function expects the mutex context to be zeroized. Otherwise it will + generate a fault. See NCSDK-17004 for more information. */ + memset(&ctx->mutex, 0, sizeof(ctx->mutex)); mbedtls_mutex_init( &ctx->mutex ); #endif From 7322ffa4b5bbac74711d7423251c1015babe7d78 Mon Sep 17 00:00:00 2001 From: Markus Swarowsky Date: Fri, 30 Sep 2022 15:44:14 +0200 Subject: [PATCH 14/25] [nrf noup] Constant size for psa_core_key_attributes_t struct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -There is an inconsistency between PSA Crypto API specification in Mbed TLS and in the interface exposed by TF-M for key representation where an additional type has been added to hold information about owner. This functionality is controlled by setting the configuration MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER which configures the type Mbed TLS internal type mbedtls_svc_key_id_t to a structure type of two words and not as a single word compatible with the PSA Crypto API type psk_key_id_t. This commit adds a reserved word in psa_core_key_attributes_t after the instance of mbedtls_svc_key_id_t to ensure that this structure is binary compatible with PSA Crypto drivers that are built with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER. This is a [noup] commit as this problem for our pre-built PSA crypto drivers which is required to be compiled with the configuration MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER enabled to ensure support with and without TF-M using the same library. ref: NCSDK-17464 Signed-off-by: Markus Swarowsky Signed-off-by: Frank Audun Kvamtrø Signed-off-by: Joakim Andersson (cherry picked from commit 3f5ebf68931f5275ff2e639cc6c3fc45d0d98e67) (cherry picked from commit 1b0e9ea5a6c7d0c96f36b435f98efc387bbd9fa3) --- include/psa/crypto_struct.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index afba325022..00a6e218be 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -339,20 +339,43 @@ typedef uint16_t psa_key_attributes_flag_t; #define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \ 0 ) +/* Only used when the key id doesn't encode the owners id, to fill the reserved + * field in psa_core_key_attributes_t +*/ +#define MBEDTLS_KEY_ATTRIBUTE_RESERVED_INIT (int32_t) 0 + typedef struct { psa_key_type_t MBEDTLS_PRIVATE(type); psa_key_bits_t MBEDTLS_PRIVATE(bits); psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime); mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id); +/* This ensures that size of struct doesn't change size depending on setting + * MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + */ +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + int32_t MBEDTLS_PRIVATE(reserved); +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ psa_key_policy_t MBEDTLS_PRIVATE(policy); psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags); } psa_core_key_attributes_t; +/* Changing MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER changes the size + * of psa_core_key_attributes_t, which can lead to incompatibilties. + * This provides a compatible version of initialisation. + */ +#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) #define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \ PSA_KEY_LIFETIME_VOLATILE, \ MBEDTLS_SVC_KEY_ID_INIT, \ PSA_KEY_POLICY_INIT, 0 } +#else +#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \ + PSA_KEY_LIFETIME_VOLATILE, \ + MBEDTLS_SVC_KEY_ID_INIT, \ + MBEDTLS_KEY_ATTRIBUTE_RESERVED_INIT, \ + PSA_KEY_POLICY_INIT, 0 } +#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ struct psa_key_attributes_s { From 45374c0380fe1df018bbad8c8eaf9a40418a66e1 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Fri, 17 Feb 2023 15:46:53 +0100 Subject: [PATCH 15/25] [nrf toup] Fix RSA dependency on PK write when enabling PSA crypto Fix RSA (MBEDTLS_RSA_C) dependency on PK write (MBEDTLS_PK_WRITE_C) when enabling PSA Crypto (MBEDTLS_PSA_CRYPTO_C). This should instead depend on MBedTLS using PSA crypto (MBEDTLS_USE_PSA_CRYPTO). Raised as issue to MbedTLS project: https://github.com/Mbed-TLS/mbedtls/issues/7126 Signed-off-by: Joakim Andersson (cherry picked from commit 65311cf9ddbcdcb89254589c99fe4a921f3350b9) (cherry picked from commit 702f824e4608b7afb00e5883dc2c7ff9c70abe4d) --- library/pk_wrap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 616f14b9ae..8b6132f9b6 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -256,7 +256,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, mbedtls_rsa_context *rsa_ctx, const unsigned char *hash, size_t hash_len, From a58396e34a2d33ce7baabed94b9925e282a2a806 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Fri, 17 Feb 2023 15:51:24 +0100 Subject: [PATCH 16/25] [nrf fromlist] library: psa_crypto: Fix compilation error in psa_key_derivation_abort Fix compilation error in psa_key_derivation_abort when MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF is defined, but MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS is not defined. In function 'psa_key_derivation_abort': error: 'psa_tls12_prf_key_derivation_t' {aka 'struct psa_tls12_prf_key_derivation_s'} has no member named 'other_secret' Upstream PR: https://github.com/Mbed-TLS/mbedtls/pull/7125 Signed-off-by: Joakim Andersson (cherry picked from commit 87acf5b48f0db430a626c39c8525bcdd2c520afb) (cherry picked from commit adea3818a8a3a8c86dd9f7bc3066394e1b53a1e9) --- library/psa_crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b6739e420c..30eb84204e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4345,12 +4345,14 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation mbedtls_free( operation->ctx.tls12_prf.label ); } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( operation->ctx.tls12_prf.other_secret != NULL ) { mbedtls_platform_zeroize( operation->ctx.tls12_prf.other_secret, operation->ctx.tls12_prf.other_secret_length ); mbedtls_free( operation->ctx.tls12_prf.other_secret ); } +#endif status = PSA_SUCCESS; From 829e3edc7a635944bee1fffec1f77f1d27e17471 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Wed, 1 Mar 2023 11:23:02 +0100 Subject: [PATCH 17/25] [nrf fromlist] psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys Fix psa_key_derivation_output_key not being able to derive ECC keys without MBEDTLS_BUILTIN ECC key types enabled. The PSA crypto drivers can generate these keys without requiring the builtin key types. Upstream PR: https://github.com/Mbed-TLS/mbedtls/pull/7192 Signed-off-by: Joakim Andersson (cherry picked from commit de1b3f57a54364e1e415f1e650585e7396e9527b) (cherry picked from commit 5881d821dfe760fcec274f1537db2cd119e692c6) --- library/psa_crypto.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 30eb84204e..8148b5bebf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -332,8 +332,8 @@ psa_status_t mbedtls_to_psa_error( int ret ) /* Key management */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) @@ -431,8 +431,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, (void) bits_is_sloppy; return( MBEDTLS_ECP_DP_NONE ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || +#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ @@ -4800,8 +4800,8 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size ) * Note: Function allocates memory for *data buffer, so given *data should be * always NULL. */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) @@ -4963,8 +4963,8 @@ static psa_status_t psa_generate_derived_ecc_key_montgomery_helper( return status; } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || +#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ @@ -4982,8 +4982,8 @@ static psa_status_t psa_generate_derived_key_internal( if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) @@ -5005,8 +5005,8 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || +#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ From b57377329f73f17ebb7d6e95e1da7f2e5a40f57a Mon Sep 17 00:00:00 2001 From: Maciej Baczmanski Date: Fri, 15 Sep 2023 08:42:19 +0200 Subject: [PATCH 18/25] [nrf_noup] mbedtls: Circumvent ECJPAKE API inconsistency for OpenThread MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `mbedtls_ssl_set_hs_ecjpake_password()` sets psa roles as client / server. PSA crypto API doesn’t allow setting roles `pake_set_role()` for ECJPAKE. Although it allows setting user and peer ID with `psa_pake_set_user()` and `psa_pake_set_peer()`. The issue is already documented in: https://github.com/ARM-software/psa-api/issues/45 and https://github.com/Mbed-TLS/mbedtls/issues/6961, but in mbedtls 3.3.0 it blocks OpenThread’s TLS/DTLS using PSA crypto API. This commit adds necessary workaround for mbedtls 3.3.0 It additionally fixes status checking after `psa_pake_set_password_key()`. This is a noup commit because the upstream fix has too many conflicts, This change should be reverted when updating to version 3.4.0 or newer. ref: NCSDK-23631 Signed-off-by: Maciej Baczmanski --- library/ssl_tls.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ff77f0eb48..bc53d28379 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1873,16 +1873,23 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_pake_role_t psa_role; + const uint8_t *user = NULL; + const uint8_t *peer = NULL; psa_status_t status; if( ssl->handshake == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - psa_role = PSA_PAKE_ROLE_SERVER; + { + user = (const uint8_t *)"server"; + peer = (const uint8_t *)"client"; + } else - psa_role = PSA_PAKE_ROLE_CLIENT; + { + user = (const uint8_t *)"client"; + peer = (const uint8_t *)"server"; + } /* Empty password is not valid */ if( ( pw == NULL) || ( pw_len == 0 ) ) @@ -1911,7 +1918,15 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role ); + status = psa_pake_set_user(&ssl->handshake->psa_pake_ctx, user, strlen(user)); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_pake_set_peer(&ssl->handshake->psa_pake_ctx, peer, strlen(peer)); if( status != PSA_SUCCESS ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -1919,8 +1934,8 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, - ssl->handshake->psa_pake_password ); + status = psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, + ssl->handshake->psa_pake_password ); if( status != PSA_SUCCESS ) { psa_destroy_key( ssl->handshake->psa_pake_password ); From 2d8109274a9d95a5630e6566a5c47e439ac5a0e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Mon, 16 Oct 2023 16:17:28 +0200 Subject: [PATCH 19/25] [nrf noup] Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recreated from: commit c8df898204584e92b9e5001847788d899b34353d With the following information: "Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH or ECDHE key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap." This commit is "noup" since Mbed TLS TLS/DTLS has gone through refactoring meaning its content had to be recreated. Signed-off-by: Frank Audun Kvamtrø --- library/ssl_tls12_server.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index eeb579a5c5..8c91d83808 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3823,6 +3823,11 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) } /* Store peer's ECDH public key. */ + MBEDTLS_SSL_DEBUG_MSG(3, ("data_len=%zu sizeof(handshake->ecdh_psa_peerkey)=%zu", data_len, sizeof(handshake->ecdh_psa_peerkey))); + if (data_len > sizeof(handshake->ecdh_psa_peerkey)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid data length")); + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } memcpy( handshake->ecdh_psa_peerkey, p, data_len ); handshake->ecdh_psa_peerkey_len = data_len; From 4a204f2125fef59b9b26e1428773c65f6c0f159b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Mon, 16 Oct 2023 16:22:38 +0200 Subject: [PATCH 20/25] [nrf noup] Fix buffer overflow in TLS 1.3 ECDH public key parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recreated from commit 12c5aaae574114cf4883d0e21aa0045b0a606110 which provides the following information: "Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The length of the public key in an ECDH- or FFDH-based key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap." This commit is "noup" since it TLS/DTLS is undergoing refactoring and the content of the commit had to be recreated. Signed-off-by: Frank Audun Kvamtrø --- library/ssl_tls13_generic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 761c00ec52..13f10fc5f4 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1500,6 +1500,9 @@ int mbedtls_ssl_tls13_read_public_ecdhe_share( mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, peerkey_len ); /* Store peer's ECDH public key. */ + if (peerkey_len > sizeof(handshake->ecdh_psa_peerkey)) { + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } memcpy( handshake->ecdh_psa_peerkey, p, peerkey_len ); handshake->ecdh_psa_peerkey_len = peerkey_len; From acea48fc8a5eb227033b55e6ec012731218e257f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 17 Oct 2023 09:13:17 +0200 Subject: [PATCH 21/25] [nrf noup] Fix buffer overread with stream cipher MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recreated from commit faf0b8604ac49456b0cff7a34ad27485ca145cce which provides the following information "With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread." This commit is a "noup" since TLS/DTLS is undergoing refactoring and the content of the commit had to be recreated. Signed-off-by: Frank Audun Kvamtrø --- library/ssl_msg.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e4d50dbfda..9395880241 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1330,8 +1330,16 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) if( ssl_mode == MBEDTLS_SSL_MODE_STREAM ) { + if (rec->data_len < transform->maclen) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Record too short for MAC:" + " %" MBEDTLS_PRINTF_SIZET " < %" MBEDTLS_PRINTF_SIZET, + rec->data_len, transform->maclen)); + return MBEDTLS_ERR_SSL_INVALID_MAC; + } + /* The only supported stream cipher is "NULL", - * so there's nothing to do here.*/ + * so there's no encryption to do here.*/ } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ From 8277390fe033f5b63c84fd8ca9fe20fafd056587 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Wed, 6 Sep 2023 10:31:03 +0200 Subject: [PATCH 22/25] [nrf noup] mbedtls: Remove enforcing config_psa.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -This removes enforcing the usage of config_psa.h translation between PSA_WANT_ALG_XXXX etc. -Removed automatic include in psa/crypto_platform.h -Done since we only have one config file in this prototype Signed-off-by: Frank Audun Kvamtrø --- include/mbedtls/build_info.h | 6 ------ include/psa/crypto_platform.h | 4 ---- 2 files changed, 10 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 049a120ef1..e6c55e2b8d 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -131,12 +131,6 @@ #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED #endif -/* Make sure all configuration symbols are set before including check_config.h, - * even the ones that are calculated programmatically. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \ - defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ -#include "mbedtls/config_psa.h" -#endif #include "mbedtls/check_config.h" diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 573b33c856..e272c5d7ca 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -38,10 +38,6 @@ * in each of its header files. */ #include "mbedtls/build_info.h" -/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx - * feature symbols. */ -#include "mbedtls/config_psa.h" - /* PSA requires several types which C99 provides in stdint.h. */ #include From 7239fbdfe7a59f0743eda7ad5cf4e5ea545a7886 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 5 Dec 2023 11:22:21 +0100 Subject: [PATCH 23/25] [nrf noup] mbedtls: MBEDTLS_PSA_CRYPTO_CLIENT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Change to use MBEDTLS_PSA_CRYPTO_CLIENT instead of MBEDTLS_PSA_CRYPTO_C for these APIs and configurations: - build_info.h (enabled PK/PK_WRITE/PK_PARSE) - check_config.h - legacy_or_psa.h - pk.h/pk.c - pk_wrap.h/pk_wrap.c - hash_info.h - psa_crypto_invasive.h - test/helpers.h Signed-off-by: Frank Audun Kvamtrø --- include/mbedtls/build_info.h | 3 +-- include/mbedtls/check_config.h | 36 ++++++++++++++++++--------------- include/mbedtls/legacy_or_psa.h | 32 ++++++++++++++--------------- include/mbedtls/pk.h | 2 +- include/mbedtls/psa_util.h | 2 +- library/hash_info.h | 4 ++-- library/pk.c | 27 ++++++++++++++++++++----- library/pk_wrap.c | 31 +++++++++++++++++++--------- library/pk_wrap.h | 12 ++++++----- library/psa_crypto_invasive.h | 2 +- programs/psa/aead_demo.c | 2 +- programs/psa/crypto_examples.c | 2 +- programs/psa/hmac_demo.c | 2 +- tests/include/test/helpers.h | 2 +- 14 files changed, 96 insertions(+), 63 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e6c55e2b8d..b42422cad4 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -87,7 +87,7 @@ * goes through but psa_export_key() and psa_export_public_key() fail on * RSA keys), and pk_parse to work with RSA keys in almost any way. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(MBEDTLS_RSA_C) #define MBEDTLS_PK_C #define MBEDTLS_PK_WRITE_C #define MBEDTLS_PK_PARSE_C @@ -131,7 +131,6 @@ #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED #endif - #include "mbedtls/check_config.h" #endif /* MBEDTLS_BUILD_INFO_H */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d2caaafde3..7f7fb4bae8 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -111,12 +111,13 @@ #if defined(MBEDTLS_ECJPAKE_C) && \ ( !defined(MBEDTLS_ECP_C) || \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) ) + !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) ) #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_ECP_RESTARTABLE) && \ ( defined(MBEDTLS_USE_PSA_CRYPTO) || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) || \ defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ @@ -157,18 +158,18 @@ #endif #if defined(MBEDTLS_PKCS5_C) && \ - ( !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) || \ + ( !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) || \ !defined(MBEDTLS_CIPHER_C) ) #error "MBEDTLS_PKCS5_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_PKCS12_C) && \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) + !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) #error "MBEDTLS_PKCS12_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_PKCS1_V21) && \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) + !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) #error "MBEDTLS_PKCS1_V21 defined, but not all prerequisites" #endif @@ -356,8 +357,8 @@ #endif #if defined(MBEDTLS_LMS_C) && \ - ! ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) -#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" + ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) ) +#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_CLIENT and PSA_WANT_ALG_SHA_256" #endif #if defined(MBEDTLS_LMS_PRIVATE) && \ @@ -627,8 +628,8 @@ #error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)" #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) && !defined(MBEDTLS_CIPHER_C ) -#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites" +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_CIPHER_C ) +#error "MBEDTLS_PSA_CRYPTO_CLIENT defined, but not all prerequisites" #endif #if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C) @@ -787,7 +788,7 @@ /* TLS 1.3 requires separate HKDF parts from PSA */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - !( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_HKDF_EXTRACT) && defined(PSA_WANT_ALG_HKDF_EXPAND) ) + !( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_HKDF_EXTRACT) && defined(PSA_WANT_ALG_HKDF_EXPAND) ) #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" #endif @@ -797,7 +798,7 @@ #if !( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384) ) #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" #endif /* !(PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384) */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) +#if !(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)) /* When USE_PSA_CRYPTO is not defined, we also need SHA-256 or SHA-384 via the * legacy interface, including via the MD layer, for the parts of the code * that are shared with TLS 1.2 (running handshake hash). */ @@ -868,7 +869,8 @@ #endif #if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \ - ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) + ( !defined(MBEDTLS_MD_C) && !(defined(MBEDTLS_USE_PSA_CRYPTO) || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) ) ) #error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif @@ -936,7 +938,8 @@ #endif #if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \ - !defined(MBEDTLS_USE_PSA_CRYPTO) ) + !( defined(MBEDTLS_USE_PSA_CRYPTO) || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) ) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif @@ -975,9 +978,9 @@ #endif #undef MBEDTLS_THREADING_IMPL -// #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C) -// #error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" -// #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" +#endif #if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C) #error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites" @@ -986,7 +989,8 @@ #if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || \ - ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) + ( !defined(MBEDTLS_MD_C) && !( defined(MBEDTLS_USE_PSA_CRYPTO) || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) ) ) #error "MBEDTLS_X509_USE_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/legacy_or_psa.h b/include/mbedtls/legacy_or_psa.h index f872ddaf1f..6caf635434 100644 --- a/include/mbedtls/legacy_or_psa.h +++ b/include/mbedtls/legacy_or_psa.h @@ -100,9 +100,9 @@ #define MBEDTLS_OR_PSA_HELPERS_H #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* * Hashes @@ -110,68 +110,68 @@ /* Hashes using low-level or PSA based on availability */ #if defined(MBEDTLS_MD5_C) || \ - ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) ) + ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_MD5) ) #define MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_RIPEMD160_C) || \ - ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) ) + ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_RIPEMD160) ) #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA1_C) || \ - ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) + ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_1) ) #define MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA224_C) || \ - ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) ) + ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_224) ) #define MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA256_C) || \ - ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) + ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) ) #define MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA384_C) || \ - ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) ) + ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_384) ) #define MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA #endif #if defined(MBEDTLS_SHA512_C) || \ - ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) ) + ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_512) ) #define MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA #endif /* Hashes using MD or PSA based on availability */ #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_MD5_C) ) || \ ( !defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) ) + defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_MD5) ) #define MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_RIPEMD160_C) ) || \ ( !defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) ) + defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_RIPEMD160) ) #define MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \ ( !defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) + defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_1) ) #define MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \ ( !defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) ) + defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_224) ) #define MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \ ( !defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) + defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) ) #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \ ( !defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) ) + defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_384) ) #define MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA #endif #if ( defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \ ( !defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) ) + defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_512) ) #define MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA #endif diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index db0bfacab3..9dbd93231a 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -536,7 +536,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** * \brief Make signature given a signature type. * diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f030bea94e..296e8b2838 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -29,7 +29,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" diff --git a/library/hash_info.h b/library/hash_info.h index 1b7b46cda4..11fd2ab591 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -40,10 +40,10 @@ * Maximum size of a hash based on configuration. */ #if defined(MBEDTLS_MD_C) && ( \ - !defined(MBEDTLS_PSA_CRYPTO_C) || \ + !defined(MBEDTLS_PSA_CRYPTO_CLIENT) || \ MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE ) #define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE -#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \ +#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) && ( \ !defined(MBEDTLS_MD_C) || \ PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE ) #define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE diff --git a/library/pk.c b/library/pk.c index 8dc19ef99b..22abbb5f4e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -39,7 +39,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "mbedtls/psa_util.h" #endif @@ -296,7 +296,10 @@ int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg, const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t key_alg, key_alg2; + psa_algorithm_t key_alg; +#if !defined(MBEDTLS_REMOVE_KEY_ENROLLMENT_WRAP) + psa_algorithm_t key_alg2; +#endif /* Fill in */ psa_status_t status; status = psa_get_key_attributes( *key, &attributes ); @@ -304,7 +307,9 @@ int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg, return( 0 ); key_alg = psa_get_key_algorithm( &attributes ); +#if !defined(MBEDTLS_REMOVE_KEY_ENROLLMENT_WRAP) key_alg2 = psa_get_key_enrollment_algorithm( &attributes ); +#endif /* fill in */ key_usage = psa_get_key_usage_flags( &attributes ); psa_reset_key_attributes( &attributes ); @@ -318,7 +323,11 @@ int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg, * This would also match ECDSA/RSA_PKCS1V15_SIGN/RSA_PSS with * a fixed hash on key_alg/key_alg2. */ +#if defined(MBEDTLS_REMOVE_KEY_ENROLLMENT_WRAP) + if (alg == key_alg) +#else if( alg == key_alg || alg == key_alg2 ) +#endif /* Fill in */ return( 1 ); /* @@ -334,10 +343,12 @@ int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg, ( alg & ~PSA_ALG_HASH_MASK ) == ( key_alg & ~PSA_ALG_HASH_MASK ) ) return( 1 ); +#if !defined(MBEDTLS_REMOVE_KEY_ENROLLMENT_WRAP) if( PSA_ALG_IS_SIGN_HASH( key_alg2 ) && PSA_ALG_SIGN_GET_HASH( key_alg2 ) == PSA_ALG_ANY_HASH && ( alg & ~PSA_ALG_HASH_MASK ) == ( key_alg2 & ~PSA_ALG_HASH_MASK ) ) return( 1 ); +#endif /* Fill in */ } return( 0 ); @@ -481,7 +492,8 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) if( pss_opts->mgf1_hash_id == md_alg && ( (size_t) pss_opts->expected_salt_len == hash_len || pss_opts->expected_salt_len == MBEDTLS_RSA_SALT_LEN_ANY ) ) @@ -626,7 +638,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, f_rng, p_rng, NULL ) ); } -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* * Make a signature given a signature type. */ @@ -801,7 +813,7 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) return( ctx->pk_info->type ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_REMOVE_KEY_ENROLLMENT_WRAP) /* * Load the key to a PSA key slot, * then turn the PK context into a wrapper for that key slot. @@ -848,8 +860,11 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_set_key_bits( &attributes, bits ); psa_set_key_usage_flags( &attributes, usage ); psa_set_key_algorithm( &attributes, alg ); + +#if !defined(MBEDTLS_REMOVE_KEY_ENROLLMENT_WRAP) if( alg2 != PSA_ALG_NONE ) psa_set_key_enrollment_algorithm( &attributes, alg2 ); +#endif /* import private key into PSA */ status = psa_import_key( &attributes, d, d_len, key ); @@ -882,8 +897,10 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, psa_set_key_bits( &attributes, mbedtls_pk_get_bitlen( pk ) ); psa_set_key_usage_flags( &attributes, usage ); psa_set_key_algorithm( &attributes, alg ); +#if !defined(MBEDTLS_REMOVE_KEY_ENROLLMENT_WRAP) if( alg2 != PSA_ALG_NONE ) psa_set_key_enrollment_algorithm( &attributes, alg2 ); +#endif /* import private key into PSA */ status = psa_import_key( &attributes, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 8b6132f9b6..b36afee19e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -60,7 +60,8 @@ #include #include -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) + int mbedtls_pk_error_from_psa( psa_status_t status ) { switch( status ) @@ -96,7 +97,8 @@ int mbedtls_pk_error_from_psa( psa_status_t status ) } #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_RSA_C) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) { switch( status ) @@ -117,7 +119,8 @@ int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) return( mbedtls_pk_error_from_psa( status ) ); } } -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR || + MBEDTLS_RSA_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */ @@ -160,7 +163,8 @@ static size_t rsa_get_bitlen( const void *ctx ) return( 8 * mbedtls_rsa_get_len( rsa ) ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) @@ -256,7 +260,8 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, mbedtls_rsa_context *rsa_ctx, const unsigned char *hash, size_t hash_len, @@ -313,7 +318,8 @@ int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, } #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, @@ -355,7 +361,8 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, } #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) static int rsa_decrypt_wrap( void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, @@ -438,7 +445,8 @@ static int rsa_decrypt_wrap( void *ctx, } #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) static int rsa_encrypt_wrap( void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, @@ -1557,11 +1565,12 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, return( mbedtls_pk_error_from_psa_ecdsa( status ) ); else #endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) if( PSA_KEY_TYPE_IS_RSA( type ) ) return( mbedtls_pk_error_from_psa_rsa( status ) ); else -#endif /* MBEDTLS_RSA_C */ +#endif return( mbedtls_pk_error_from_psa( status ) ); } @@ -1624,6 +1633,7 @@ static int pk_opaque_rsa_decrypt( void *ctx, } #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ +#if (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = { MBEDTLS_PK_OPAQUE, "Opaque", @@ -1650,6 +1660,7 @@ const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = { #endif NULL, /* debug - could be done later, or even left NULL */ }; +#endif /* (defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)) */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/pk_wrap.h b/library/pk_wrap.h index fc756db650..215a908374 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -27,9 +27,9 @@ #include "mbedtls/pk.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ struct mbedtls_pk_info_t { @@ -145,13 +145,15 @@ int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) int mbedtls_pk_error_from_psa( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ - defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_RSA_C) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR || + MBEDTLS_RSA_C */ #if defined(MBEDTLS_RSA_C) int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h index 1dd957933b..3857d16548 100644 --- a/library/psa_crypto_invasive.h +++ b/library/psa_crypto_invasive.h @@ -73,7 +73,7 @@ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( void (* entropy_free )( mbedtls_entropy_context *ctx ) ); #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_CLIENT) psa_status_t psa_mac_key_can_do( psa_algorithm_t algorithm, psa_key_type_t key_type ); diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c index 1efd132656..9134326bbc 100644 --- a/programs/psa/aead_demo.c +++ b/programs/psa/aead_demo.c @@ -53,7 +53,7 @@ #include /* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_PSA_CRYPTO_C) || \ +#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) || \ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ !defined(MBEDTLS_CHACHAPOLY_C) || \ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 935d657af5..771b807f0f 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -43,7 +43,7 @@ } \ } while ( 0 ) -#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \ +#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) || !defined(MBEDTLS_AES_C) || \ !defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \ !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index f949a89835..e21b30eeec 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -48,7 +48,7 @@ #include /* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_PSA_CRYPTO_C) || \ +#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) || \ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main( void ) { diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 5f9bde697b..c877857546 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -239,7 +239,7 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include "test/fake_external_rng_for_test.h" #endif From 81e3610df8d511a5affa98ec03e3a4f62619ac15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Tue, 5 Dec 2023 11:23:19 +0100 Subject: [PATCH 24/25] [nrf noup] mbedtls: ifdef guard around PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added to get it to build, may be reverted Signed-off-by: Frank Audun Kvamtrø --- include/psa/crypto_sizes.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index a3125bead4..ef0792c630 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -599,8 +599,10 @@ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \ ((void)alg, 0)) +#ifndef PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \ PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif /** \def PSA_SIGNATURE_MAX_SIZE * From 53e4153dfadd81501bdac084ec25bdec762d69cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frank=20Audun=20Kvamtr=C3=B8?= Date: Fri, 1 Dec 2023 16:16:25 +0100 Subject: [PATCH 25/25] [nrf noup] mbedtls: HACK: Make ECJPAKE use legacy for non TF-M MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Resolved by implementing NCSDK-22416. When this is done, this commit can be reverted in its entirety Signed-off-by: Frank Audun Kvamtrø --- library/ssl_misc.h | 12 ++++++++++-- library/ssl_tls.c | 18 ++++++++++++------ library/ssl_tls12_client.c | 18 ++++++++++++------ library/ssl_tls12_server.c | 18 ++++++++++++------ 4 files changed, 46 insertions(+), 20 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0e0479a917..90c106fb4a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -55,6 +55,14 @@ #include "mbedtls/ecjpake.h" #endif +/* TODO: Remove after solving NCSDK-22416 (Currently not supported in TF-M) */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) && \ + !defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/ecjpake.h" +#endif +/* TODO: End Remove after solving NCSDK-22416 (Currently not supported in TF-M) */ + #include "common.h" /* Shorthand for restartable ECC */ @@ -772,7 +780,7 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) psa_pake_operation_t psa_pake_ctx; /*!< EC J-PAKE key exchange */ mbedtls_svc_key_id_t psa_pake_password; uint8_t psa_pake_ctx_is_ok; @@ -2496,7 +2504,7 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) + defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) typedef enum { MBEDTLS_ECJPAKE_ROUND_ONE, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bc53d28379..4b17ccfe66 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -907,7 +907,8 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) mbedtls_ecdh_init( &handshake->ecdh_ctx ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) handshake->psa_pake_ctx = psa_pake_operation_init(); handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; #else @@ -1866,7 +1867,8 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, /* * Set EC J-PAKE password for current handshake */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, const unsigned char *pw, size_t pw_len ) @@ -4009,7 +4011,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) psa_pake_abort( &handshake->psa_pake_ctx ); psa_destroy_key( handshake->psa_pake_password ); handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; @@ -6240,7 +6243,8 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, else #endif { -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) && \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { @@ -8472,8 +8476,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, return( ret ); } +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) + defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_psa_ecjpake_read_round( psa_pake_operation_t *pake_ctx, const unsigned char *buf, @@ -9123,7 +9128,8 @@ int mbedtls_ssl_validate_ciphersuite( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && ssl->handshake->psa_pake_ctx_is_ok != 1 ) #else diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 8d8aa6285e..fdac72f9d4 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -137,7 +137,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) if( ssl->handshake->psa_pake_ctx_is_ok != 1 ) return( 0 ); #else @@ -163,7 +164,8 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, p + 2, end - p - 2, &kkpp_len, MBEDTLS_ECJPAKE_ROUND_ONE ); @@ -864,7 +866,8 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif /* !MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) && \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, p[0] ); @@ -905,7 +908,8 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache = NULL; ssl->handshake->ecjpake_cache_len = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) if( ( ret = mbedtls_psa_ecjpake_read_round( &ssl->handshake->psa_pake_ctx, buf, len, MBEDTLS_ECJPAKE_ROUND_ONE ) ) != 0 ) @@ -2331,7 +2335,8 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) /* * The first 3 bytes are: * [0] MBEDTLS_ECP_TLS_NAMED_CURVE @@ -3304,7 +3309,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) { header_len = 4; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) unsigned char *out_p = ssl->out_msg + header_len; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 8c91d83808..7372e988e4 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -268,7 +268,8 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif /* !MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) && \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, p[0] ); @@ -294,7 +295,8 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) if( ssl->handshake->psa_pake_ctx_is_ok != 1 ) #else if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) @@ -304,7 +306,8 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, return( 0 ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) if( ( ret = mbedtls_psa_ecjpake_read_round( &ssl->handshake->psa_pake_ctx, buf, len, MBEDTLS_ECJPAKE_ROUND_ONE ) ) != 0 ) @@ -2013,7 +2016,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 ); p += 2; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx, p + 2, end - p - 2, &kkpp_len, MBEDTLS_ECJPAKE_ROUND_ONE ); @@ -2843,7 +2847,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) unsigned char *out_p = ssl->out_msg + ssl->out_msglen; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen; @@ -4120,7 +4125,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* TODO: Remove defined(MBEDTLS_PSA_CRYPTO_C) after resolving NCSDK-22416 */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_C) if( ( ret = mbedtls_psa_ecjpake_read_round( &ssl->handshake->psa_pake_ctx, p, end - p, MBEDTLS_ECJPAKE_ROUND_TWO ) ) != 0 )