From 5cd4b6403b1a52bd7c85542194c9e3e4f3bbe02a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 2 Feb 2023 13:14:59 +0100 Subject: [PATCH 01/13] Use MD-light in entropy.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 1 + include/mbedtls/check_config.h | 16 ++- include/mbedtls/entropy.h | 24 ++-- library/entropy.c | 106 +++++------------- tests/suites/test_suite_entropy.function | 26 +++++ .../test_suite_psa_crypto_init.function | 6 +- 6 files changed, 79 insertions(+), 100 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e66032d68..949b1152a 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -99,6 +99,7 @@ */ #if defined(MBEDTLS_ECJPAKE_C) || \ defined(MBEDTLS_PEM_PARSE_C) || \ + defined(MBEDTLS_ENTROPY_C) || \ defined(MBEDTLS_PKCS12_C) || \ defined(MBEDTLS_RSA_C) #define MBEDTLS_MD_LIGHT diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ff4eef75b..56437a3cf 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -173,21 +173,27 @@ #error "MBEDTLS_PKCS5_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) && \ - !defined(MBEDTLS_SHA256_C)) +#if defined(MBEDTLS_ENTROPY_C) && \ + !( defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA256_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && \ + (defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_256)))) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \ +#if defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64) #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \ + ( defined(MBEDTLS_ENTROPY_FORCE_SHA256) || \ + !( defined(MBEDTLS_SHA512_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512)) ) ) \ && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32) #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C) + defined(MBEDTLS_ENTROPY_FORCE_SHA256) && \ + !( defined(MBEDTLS_SHA256_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)) ) #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 2c8b75031..e17245efd 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -27,13 +27,17 @@ #include -#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) -#include "mbedtls/sha512.h" +#include "md.h" + +#if defined(MBEDTLS_MD_CAN_SHA512) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) #define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR +#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512 +#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ #else -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR -#include "mbedtls/sha256.h" +#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA256 +#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */ #endif #endif @@ -71,12 +75,6 @@ /** \} name SECTION: Module settings */ -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) -#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ -#else -#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */ -#endif - #define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */ #define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES @@ -120,11 +118,7 @@ typedef struct mbedtls_entropy_context { int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init. * 1 after the first update. * -1 after free. */ -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator); -#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR) - mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator); -#endif + mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator); int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */ mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES]; #if defined(MBEDTLS_THREADING_C) diff --git a/library/entropy.c b/library/entropy.c index e55410c76..00079176a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -34,9 +34,6 @@ #include "mbedtls/platform.h" -#include "mbedtls/platform.h" - - #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ void mbedtls_entropy_init(mbedtls_entropy_context *ctx) @@ -49,11 +46,7 @@ void mbedtls_entropy_init(mbedtls_entropy_context *ctx) #endif ctx->accumulator_started = 0; -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_init(&ctx->accumulator); -#else - mbedtls_sha256_init(&ctx->accumulator); -#endif + mbedtls_md_init(&ctx->accumulator); /* Reminder: Update ENTROPY_HAVE_STRONG in the test files * when adding more strong entropy sources here. */ @@ -89,11 +82,7 @@ void mbedtls_entropy_free(mbedtls_entropy_context *ctx) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free(&ctx->mutex); #endif -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_free(&ctx->accumulator); -#else - mbedtls_sha256_free(&ctx->accumulator); -#endif + mbedtls_md_free(&ctx->accumulator); #if defined(MBEDTLS_ENTROPY_NV_SEED) ctx->initial_entropy_run = 0; #endif @@ -150,15 +139,10 @@ static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id, int ret = 0; if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) { -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if ((ret = mbedtls_sha512(data, len, tmp, 0)) != 0) { + if ((ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), + data, len, tmp)) != 0) { goto cleanup; } -#else - if ((ret = mbedtls_sha256(data, len, tmp, 0)) != 0) { - goto cleanup; - } -#endif p = tmp; use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; } @@ -171,29 +155,22 @@ static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id, * it is sufficient to start the accumulator here only because all calls to * gather entropy eventually execute this code. */ -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if (ctx->accumulator_started == 0 && - (ret = mbedtls_sha512_starts(&ctx->accumulator, 0)) != 0) { - goto cleanup; - } else { + if (ctx->accumulator_started == 0) { + ret = mbedtls_md_setup(&ctx->accumulator, + mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), 0); + if (ret != 0) { + goto cleanup; + } + ret = mbedtls_md_starts(&ctx->accumulator); + if (ret != 0) { + goto cleanup; + } ctx->accumulator_started = 1; } - if ((ret = mbedtls_sha512_update(&ctx->accumulator, header, 2)) != 0) { + if ((ret = mbedtls_md_update(&ctx->accumulator, header, 2)) != 0) { goto cleanup; } - ret = mbedtls_sha512_update(&ctx->accumulator, p, use_len); -#else - if (ctx->accumulator_started == 0 && - (ret = mbedtls_sha256_starts(&ctx->accumulator, 0)) != 0) { - goto cleanup; - } else { - ctx->accumulator_started = 1; - } - if ((ret = mbedtls_sha256_update(&ctx->accumulator, header, 2)) != 0) { - goto cleanup; - } - ret = mbedtls_sha256_update(&ctx->accumulator, p, use_len); -#endif + ret = mbedtls_md_update(&ctx->accumulator, p, use_len); cleanup: mbedtls_platform_zeroize(tmp, sizeof(tmp)); @@ -354,62 +331,41 @@ int mbedtls_entropy_func(void *data, unsigned char *output, size_t len) memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) /* * Note that at this stage it is assumed that the accumulator was started * in a previous call to entropy_update(). If this is not guaranteed, the * code below will fail. */ - if ((ret = mbedtls_sha512_finish(&ctx->accumulator, buf)) != 0) { + if ((ret = mbedtls_md_finish(&ctx->accumulator, buf)) != 0) { goto exit; } /* * Reset accumulator and counters and recycle existing entropy */ - mbedtls_sha512_free(&ctx->accumulator); - mbedtls_sha512_init(&ctx->accumulator); - if ((ret = mbedtls_sha512_starts(&ctx->accumulator, 0)) != 0) { + mbedtls_md_free(&ctx->accumulator); + mbedtls_md_init(&ctx->accumulator); + ret = mbedtls_md_setup(&ctx->accumulator, + mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), 0); + if (ret != 0) { goto exit; } - if ((ret = mbedtls_sha512_update(&ctx->accumulator, buf, - MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { + ret = mbedtls_md_starts(&ctx->accumulator); + if (ret != 0) { + goto exit; + } + if ((ret = mbedtls_md_update(&ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { goto exit; } /* - * Perform second SHA-512 on entropy + * Perform second hashing on entropy */ - if ((ret = mbedtls_sha512(buf, MBEDTLS_ENTROPY_BLOCK_SIZE, - buf, 0)) != 0) { + if ((ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_ENTROPY_MD), + buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf)) != 0) { goto exit; } -#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - if ((ret = mbedtls_sha256_finish(&ctx->accumulator, buf)) != 0) { - goto exit; - } - - /* - * Reset accumulator and counters and recycle existing entropy - */ - mbedtls_sha256_free(&ctx->accumulator); - mbedtls_sha256_init(&ctx->accumulator); - if ((ret = mbedtls_sha256_starts(&ctx->accumulator, 0)) != 0) { - goto exit; - } - if ((ret = mbedtls_sha256_update(&ctx->accumulator, buf, - MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) { - goto exit; - } - - /* - * Perform second SHA-256 on entropy - */ - if ((ret = mbedtls_sha256(buf, MBEDTLS_ENTROPY_BLOCK_SIZE, - buf, 0)) != 0) { - goto exit; - } -#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ for (i = 0; i < ctx->source_count; i++) { ctx->source[i].size = 0; diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index c36d2c83e..724542c82 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -167,6 +167,8 @@ void entropy_seed_file(char *path, int ret) { mbedtls_entropy_context ctx; + MD_PSA_INIT(); + mbedtls_entropy_init(&ctx); TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, path) == ret); @@ -174,6 +176,7 @@ void entropy_seed_file(char *path, int ret) exit: mbedtls_entropy_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -182,6 +185,8 @@ void entropy_write_base_seed_file(int ret) { mbedtls_entropy_context ctx; + MD_PSA_INIT(); + mbedtls_entropy_init(&ctx); TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret); @@ -189,6 +194,7 @@ void entropy_write_base_seed_file(int ret) exit: mbedtls_entropy_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -243,6 +249,8 @@ void entropy_func_len(int len, int ret) unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE + 10] = { 0 }; size_t i, j; + MD_PSA_INIT(); + mbedtls_entropy_init(&ctx); /* @@ -267,6 +275,7 @@ void entropy_func_len(int len, int ret) exit: mbedtls_entropy_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -277,6 +286,8 @@ void entropy_source_fail(char *path) unsigned char buf[16]; entropy_dummy_context dummy = { DUMMY_FAIL, 0, 0 }; + MD_PSA_INIT(); + mbedtls_entropy_init(&ctx); TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source, @@ -299,6 +310,7 @@ void entropy_source_fail(char *path) exit: mbedtls_entropy_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -312,6 +324,8 @@ void entropy_threshold(int threshold, int chunk_size, int result) unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; int ret; + MD_PSA_INIT(); + mbedtls_entropy_init(&ctx); entropy_clear_sources(&ctx); @@ -340,6 +354,7 @@ void entropy_threshold(int threshold, int chunk_size, int result) exit: mbedtls_entropy_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -359,6 +374,8 @@ void entropy_calls(int strength1, int strength2, unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; int ret; + MD_PSA_INIT(); + mbedtls_entropy_init(&ctx); entropy_clear_sources(&ctx); @@ -385,6 +402,7 @@ void entropy_calls(int strength1, int strength2, exit: mbedtls_entropy_free(&ctx); + MD_PSA_DONE(); } /* END_CASE */ @@ -455,6 +473,8 @@ void entropy_nv_seed(data_t *read_seed) unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; + MD_PSA_INIT(); + memset(entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); memset(empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); @@ -523,12 +543,18 @@ exit: mbedtls_entropy_free(&ctx); mbedtls_nv_seed_read = original_mbedtls_nv_seed_read; mbedtls_nv_seed_write = original_mbedtls_nv_seed_write; + MD_PSA_DONE(); } /* END_CASE */ /* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */ void entropy_selftest(int result) { + MD_PSA_INIT(); + TEST_ASSERT(mbedtls_entropy_self_test(1) == result); + +exit: + MD_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index f0b98e7fd..6e1305e60 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -74,11 +74,7 @@ static void custom_entropy_init(mbedtls_entropy_context *ctx) #endif ctx->accumulator_started = 0; -#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_init(&ctx->accumulator); -#else - mbedtls_sha256_init(&ctx->accumulator); -#endif + mbedtls_md_init(&ctx->accumulator); #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) if (custom_entropy_sources_mask & ENTROPY_SOURCE_PLATFORM) { From 2334d3a9b11e6886c303259798c9f1a18e9cb6ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Feb 2023 13:05:59 +0100 Subject: [PATCH 02/13] Fix driver_wrappers test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These were assuming that psa_crypto_init() doesn't call hashes, which is not always correct. Signed-off-by: Manuel Pégourié-Gonnard --- ..._suite_psa_crypto_driver_wrappers.function | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 56f4d1d5b..5105ef567 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -2241,12 +2241,14 @@ void hash_compute(int alg_arg, unsigned char *output = NULL; size_t output_length; - mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); - mbedtls_test_driver_hash_hooks.forced_status = forced_status; PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + /* Do this after psa_crypto_init() which may call hash drivers */ + mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); + mbedtls_test_driver_hash_hooks.forced_status = forced_status; + TEST_EQUAL(psa_hash_compute(alg, input->x, input->len, output, PSA_HASH_LENGTH(alg), &output_length), expected_status); @@ -2277,12 +2279,14 @@ void hash_multipart_setup(int alg_arg, psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; size_t output_length; - mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); - ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); PSA_ASSERT(psa_crypto_init()); + ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + /* Do this after psa_crypto_init() which may call hash drivers */ + mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); mbedtls_test_driver_hash_hooks.forced_status = forced_status; + TEST_EQUAL(psa_hash_setup(&operation, alg), expected_status); TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 1); TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status); @@ -2322,10 +2326,12 @@ void hash_multipart_update(int alg_arg, psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; size_t output_length; - mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); - ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); PSA_ASSERT(psa_crypto_init()); + ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); + + /* Do this after psa_crypto_init() which may call hash drivers */ + mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); /* * Update inactive operation, the driver shouldn't be called. @@ -2377,10 +2383,11 @@ void hash_multipart_finish(int alg_arg, psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; size_t output_length; - mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); + PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); - PSA_ASSERT(psa_crypto_init()); + /* Do this after psa_crypto_init() which may call hash drivers */ + mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); /* * Finish inactive operation, the driver shouldn't be called. @@ -2431,10 +2438,11 @@ void hash_clone(int alg_arg, psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT; size_t output_length; - mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); + PSA_ASSERT(psa_crypto_init()); ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg)); - PSA_ASSERT(psa_crypto_init()); + /* Do this after psa_crypto_init() which may call hash drivers */ + mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init(); /* * Clone inactive operation, the driver shouldn't be called. From 5d0d64133251e535d48bac01371f64ef5a3e6d4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Feb 2023 13:07:07 +0100 Subject: [PATCH 03/13] Test entropy.c with driver-only hashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c97f6663d..5ec55bf4d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2619,13 +2619,6 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT fi - # Use an external RNG as currently internal RNGs depend on entropy.c - # which in turn hard-depends on SHA256_C (or SHA512_C). - # See component_test_psa_external_rng_no_drbg_use_psa. - scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - scripts/config.py unset MBEDTLS_ENTROPY_C - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former # Dynamic secure element support is a deprecated feature and needs to be disabled here. # This is done to have the same form of psa_key_attributes_s for libdriver and library. From 66300d6f40697d4edc652cf4c9a71ac3020202bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 13 Feb 2023 12:29:33 +0100 Subject: [PATCH 04/13] Force SHA-256 for entropy in libtestdriver1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We only enable SHA-256, so let's use that. Previously the entropy module was deciding which hash to use based on MBEDTLS_xxx_C feature macros, and since only SHA256_C was defined in config_test_driver.h, it used that and things worked. However since entropy was changed to use MD light, and MBEDTLS_MD_CAN_xxx feature macros, we had an issue: when building libtestdriver1 with its default config, MBEDTLS_PSA_ACCEL_ALG_SHA_512 is defined even though there's no actual accelerator in the build. (This is done so that PSA_WANT_ALG_SHA_512 can remain defined in order to match the application's config, while not defining MBEDTLS_PSA_BUILTIN_ALG_SHA_512 in order to only include what we need in the build of libtestdriver1.) This will cause MD to dispatch to PSA in order to take advantage of the accelerator, which will then fail because there is no accelerator not builtin for this hash. In the long-term, perhaps it would be best to address the root of the issue: defining MBEDTLS_PSA_ACCEL_ALG_SHA_512 in a build that doesn't actually have a SHA-512 accelerator is a lie. But that would require significant changes in libtestdriver1. So for now, just fix the most obvious symptom (picking a non-supported hash in entropy.h) by forcing the choice of hash to match what's in the libtestdriver1 config. Note: if the copy of entropy module in libtestdriver1 doesn't work, we'll get a failure when calling libtestdriver1_psa_crypto_init(), which we do, from mbedtls_test_transparent_init(), indirectly called by our psa_crypto_init() which will then fail. Signed-off-by: Manuel Pégourié-Gonnard --- tests/include/test/drivers/config_test_driver.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 22518bfc4..2585fd9f0 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -39,6 +39,7 @@ #define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C +#define MBEDTLS_ENTROPY_FORCE_SHA256 /* * Configuration options that may need to be additionally enabled for the From 4011eb49dcc9e20fe3b8c68a4d2ce8031f338f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Mar 2023 17:10:45 +0100 Subject: [PATCH 05/13] Fix entropy-related feature macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Was causing testing disparities picked by analyze_outcomes.py Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ctr_drbg.h | 14 ++++++-------- library/psa_crypto_random_impl.h | 6 +++--- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 8d28150d7..0348281e4 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -45,6 +45,7 @@ #include "mbedtls/build_info.h" #include "mbedtls/aes.h" +#include "entropy.h" #if defined(MBEDTLS_THREADING_C) #include "mbedtls/threading.h" @@ -94,17 +95,14 @@ * \brief The amount of entropy used per seed by default, in bytes. */ #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) -#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) -/** This is 48 bytes because the entropy module uses SHA-512 - * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled). +#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) +/** This is 48 bytes because the entropy module uses SHA-512. */ #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 -#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */ +#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ -/** This is 32 bytes because the entropy module uses SHA-256 - * (the SHA512 module is disabled or - * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled). +/** This is 32 bytes because the entropy module uses SHA-256. */ #if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) /** \warning To achieve a 256-bit security strength, you must pass a nonce @@ -112,7 +110,7 @@ */ #endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */ #define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32 -#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */ +#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ #endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */ #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL) diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h index f1a2af11d..4197b4be4 100644 --- a/library/psa_crypto_random_impl.h +++ b/library/psa_crypto_random_impl.h @@ -62,7 +62,7 @@ int mbedtls_psa_get_random(void *p_rng, #elif defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_MD_CAN_SHA512) && defined(MBEDTLS_MD_CAN_SHA256) #include #if SIZE_MAX > 0xffffffff /* Looks like a 64-bit system, so prefer SHA-512. */ @@ -71,9 +71,9 @@ int mbedtls_psa_get_random(void *p_rng, /* Looks like a 32-bit system, so prefer SHA-256. */ #define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 #endif -#elif defined(MBEDTLS_SHA512_C) +#elif defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA512 -#elif defined(MBEDTLS_SHA256_C) +#elif defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 #else #error "No hash algorithm available for HMAC_DBRG." From 93302422fd146a7520ba3cdac51523dc62cdbe71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Mar 2023 17:23:08 +0100 Subject: [PATCH 06/13] Fix instances of old feature macros being used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data Then manually revert programs/pkey/ecdsa.c as it's using a low-level hash API. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 6 +++--- library/hmac_drbg.c | 4 ++-- programs/pkey/dh_client.c | 12 ++++++------ programs/pkey/dh_server.c | 12 ++++++------ programs/pkey/pk_sign.c | 6 +++--- programs/pkey/pk_verify.c | 6 +++--- programs/pkey/rsa_sign.c | 6 +++--- programs/pkey/rsa_sign_pss.c | 6 +++--- programs/pkey/rsa_verify.c | 6 +++--- programs/pkey/rsa_verify_pss.c | 6 +++--- programs/x509/cert_req.c | 4 ++-- programs/x509/cert_write.c | 8 ++++---- tests/scripts/generate_pkcs7_tests.py | 2 +- tests/suites/test_suite_random.data | 6 +++--- 14 files changed, 45 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index efe08305f..e54134076 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1091,13 +1091,13 @@ typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48 -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32 -#elif defined(MBEDTLS_SHA384_C) +#elif defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48 -#elif defined(MBEDTLS_SHA1_C) +#elif defined(MBEDTLS_MD_CAN_SHA1) #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 20 #else diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index b15730235..af205aacb 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -510,7 +510,7 @@ exit: #if defined(MBEDTLS_SELF_TEST) -#if !defined(MBEDTLS_SHA1_C) +#if !defined(MBEDTLS_MD_CAN_SHA1) /* Dummy checkup routine */ int mbedtls_hmac_drbg_self_test(int verbose) { @@ -639,7 +639,7 @@ int mbedtls_hmac_drbg_self_test(int verbose) return 0; } -#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_HMAC_DRBG_C */ diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index bc58a153c..1fbf04546 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -23,9 +23,9 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_SHA1_C) + defined(MBEDTLS_MD_CAN_SHA1) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" @@ -43,14 +43,14 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_SHA1_C) + !defined(MBEDTLS_MD_CAN_SHA1) int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit(0); } @@ -280,5 +280,5 @@ exit: mbedtls_exit(exit_code); } #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 2514fc05c..66f7d6f35 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -23,9 +23,9 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_SHA1_C) + defined(MBEDTLS_MD_CAN_SHA1) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" @@ -43,14 +43,14 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_SHA1_C) + !defined(MBEDTLS_MD_CAN_SHA1) int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit(0); } @@ -302,5 +302,5 @@ exit: mbedtls_exit(exit_code); } #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 21a75e927..f3bcdb24a 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -22,13 +22,13 @@ #include "mbedtls/platform.h" #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_CTR_DRBG_C) int main(void) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " + "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_MD_C and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit(0); @@ -150,5 +150,5 @@ exit: mbedtls_exit(exit_code); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && - MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && + MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index b1fd1b646..e24f27f0c 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -22,12 +22,12 @@ #include "mbedtls/platform.h" #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_PK_PARSE_C) || \ !defined(MBEDTLS_FS_IO) int main(void) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " - "MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or " + "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_PK_PARSE_C and/or " "MBEDTLS_FS_IO not defined.\n"); mbedtls_exit(0); } @@ -123,5 +123,5 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index a8418d145..051db07c0 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -22,13 +22,13 @@ #include "mbedtls/platform.h" #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \ !defined(MBEDTLS_FS_IO) int main(void) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_C and/or " - "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); + "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO not defined.\n"); mbedtls_exit(0); } #else @@ -162,5 +162,5 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 19ab962e4..4fa3582a7 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -22,13 +22,13 @@ #include "mbedtls/platform.h" #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_CTR_DRBG_C) int main(void) { mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " + "MBEDTLS_RSA_C and/or MBEDTLS_MD_CAN_SHA256 and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit(0); @@ -156,5 +156,5 @@ exit: mbedtls_exit(exit_code); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && + MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 9c08435cd..e17d776f8 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -22,13 +22,13 @@ #include "mbedtls/platform.h" #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \ !defined(MBEDTLS_FS_IO) int main(void) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_MD_C and/or " - "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); + "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO not defined.\n"); mbedtls_exit(0); } #else @@ -138,5 +138,5 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index df61e4712..bbd8c17b2 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -22,13 +22,13 @@ #include "mbedtls/platform.h" #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_CTR_DRBG_C) int main(void) { mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " + "MBEDTLS_RSA_C and/or MBEDTLS_MD_CAN_SHA256 and/or " "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " "MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit(0); @@ -131,5 +131,5 @@ exit: mbedtls_exit(exit_code); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 524143844..01d09bc01 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -22,13 +22,13 @@ #include "mbedtls/platform.h" #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_PEM_WRITE_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or " + "MBEDTLS_PK_PARSE_C and/or MBEDTLS_MD_CAN_SHA256 and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " "not defined.\n"); mbedtls_exit(0); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 0daee5627..99ede78fa 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -24,12 +24,12 @@ #if !defined(MBEDTLS_X509_CRT_WRITE_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_PEM_WRITE_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_SHA256_C and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_MD_CAN_SHA256 and/or " "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " "MBEDTLS_ERROR_C not defined.\n"); mbedtls_exit(0); @@ -771,7 +771,7 @@ usage: mbedtls_printf(" ok\n"); } -#if defined(MBEDTLS_SHA1_C) +#if defined(MBEDTLS_MD_CAN_SHA1) if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && opt.subject_identifier != 0) { mbedtls_printf(" . Adding the Subject Key Identifier ..."); @@ -805,7 +805,7 @@ usage: mbedtls_printf(" ok\n"); } -#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_MD_CAN_SHA1 */ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 && opt.key_usage != 0) { diff --git a/tests/scripts/generate_pkcs7_tests.py b/tests/scripts/generate_pkcs7_tests.py index 187debc92..0e7385043 100755 --- a/tests/scripts/generate_pkcs7_tests.py +++ b/tests/scripts/generate_pkcs7_tests.py @@ -49,7 +49,7 @@ class TestData: Take in test_suite_pkcs7.data file. Allow for new tests to be added. """ - mandatory_dep = "MBEDTLS_SHA256_C" + mandatory_dep = "MBEDTLS_MD_CAN_SHA256" test_name = "PKCS7 Parse Failure Invalid ASN1" test_function = "pkcs7_asn1_fail:" def __init__(self, file_name): diff --git a/tests/suites/test_suite_random.data b/tests/suites/test_suite_random.data index c23d9223f..9211591a5 100644 --- a/tests/suites/test_suite_random.data +++ b/tests/suites/test_suite_random.data @@ -2,15 +2,15 @@ Generate random twice with CTR_DRBG random_twice_with_ctr_drbg: Generate random twice with HMAC_DRBG(SHA-1) -depends_on:MBEDTLS_SHA1_C +depends_on:MBEDTLS_MD_CAN_SHA1 random_twice_with_hmac_drbg:MBEDTLS_MD_SHA1 Generate random twice with HMAC_DRBG(SHA-256) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_CAN_SHA256 random_twice_with_hmac_drbg:MBEDTLS_MD_SHA256 Generate random twice with HMAC_DRBG(SHA-512) -depends_on:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_CAN_SHA512 random_twice_with_hmac_drbg:MBEDTLS_MD_SHA512 Generate random twice with PSA classic wrapper From 33783b46469a9d4e51c710b3506ba46449314b20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Mar 2023 17:24:20 +0100 Subject: [PATCH 07/13] Manually fix two remaining instances of old macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unless I missed something, all remaining instance of all macros are in files where it makes sense to use these. I went over the output of: git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C' and I think all the files listed fall into one of the following acceptable categories: - documentation and historical documents: Changelog, docs/**/*.md - config files and related: mbedtls_config.h, configs/*.h, check_config.h, config_psa.h, etc. - scripts that build/modify configs: all.sh, depends.py, set_psa_test_dependencies.py, etc. - implementation of MD or PSA or related: md.h, psa_util.h, etc. and corresponding test suites - implementation of hashes: md5.c, sha256.h, etc. and corresponding test suites - two example programs using a low-level hash API: hash/hello.c, pkey/ecdsa.c - test/benchmark.c, test/selftest.c: actually want our built-in implementations - a function in test_suite_psa_crypto_storage_format that is specifically for checking if the hash is built in. Signed-off-by: Manuel Pégourié-Gonnard --- programs/psa/key_ladder_demo.c | 6 +++--- tests/include/test/psa_exercise_key.h | 2 +- tests/suites/test_suite_psa_crypto_se_driver_hal.function | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index f5c31de5d..a79fac640 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -62,13 +62,13 @@ #include /* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ +#if !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) int main(void) { - printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " + printf("PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or " "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER " @@ -698,6 +698,6 @@ usage_failure: usage(); return EXIT_FAILURE; } -#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && +#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */ diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index eb69fc661..b5e3d3542 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -34,7 +34,7 @@ */ #if defined(PSA_WANT_ALG_MD5) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of +/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be * implausible anyway. */ diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 5c9437159..bb6b0e417 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -720,7 +720,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) buffer, sizeof(buffer), NULL, 0, buffer, sizeof(buffer), &length)); -#if defined(MBEDTLS_SHA256_C) +#if defined(PSA_WANT_ALG_SHA_256) /* Try the key in a plain key derivation. */ PSA_ASSERT(psa_key_derivation_setup(&derivation_operation, PSA_ALG_HKDF(PSA_ALG_SHA_256))); @@ -753,7 +753,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) alg, key, buffer, length, buffer, sizeof(buffer), &length)); } -#endif /* MBEDTLS_SHA256_C */ +#endif /* PSA_WANT_ALG_SHA_256 */ ok = 1; From e9319772b33aece625c1d3fa6ffee309c24dea57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Mar 2023 18:09:40 +0100 Subject: [PATCH 08/13] Fix failures in test_suite_random MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Appeared after the dependencies were changed to use MD_CAN. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_random.function | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 3026bae0e..0df92b044 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -26,6 +26,8 @@ void random_twice_with_ctr_drbg() unsigned char output1[OUTPUT_SIZE]; unsigned char output2[OUTPUT_SIZE]; + MD_PSA_INIT(); + /* First round */ mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&drbg); @@ -54,6 +56,7 @@ void random_twice_with_ctr_drbg() exit: mbedtls_ctr_drbg_free(&drbg); mbedtls_entropy_free(&entropy); + MD_PSA_DONE(); } /* END_CASE */ @@ -66,6 +69,8 @@ void random_twice_with_hmac_drbg(int md_type) unsigned char output2[OUTPUT_SIZE]; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); + MD_PSA_INIT(); + /* First round */ mbedtls_entropy_init(&entropy); mbedtls_hmac_drbg_init(&drbg); @@ -94,6 +99,7 @@ void random_twice_with_hmac_drbg(int md_type) exit: mbedtls_hmac_drbg_free(&drbg); mbedtls_entropy_free(&entropy); + MD_PSA_DONE(); } /* END_CASE */ From bb21c5afa78797533e3a1056973b5ddbc1c2bc58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Mar 2023 23:53:57 +0100 Subject: [PATCH 09/13] Use helper macros for hashes in check_config.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 56437a3cf..cf05c9b2d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -173,10 +173,23 @@ #error "MBEDTLS_PKCS5_C defined, but not all prerequisites" #endif +/* Helpers for hash dependencies, will be undefined at the end of the file */ +/* Do SHA-256, 384, 512 to cover Entropy and TLS. */ +#if defined(MBEDTLS_SHA256_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)) +#define MBEDTLS_MD_HAVE_SHA256 +#endif +#if defined(MBEDTLS_SHA384_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384)) +#define MBEDTLS_MD_HAVE_SHA384 +#endif +#if defined(MBEDTLS_SHA512_C) || \ + (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512)) +#define MBEDTLS_MD_HAVE_SHA512 +#endif + #if defined(MBEDTLS_ENTROPY_C) && \ - !( defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && \ - (defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_256)))) + !(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_ENTROPY_C) && \ @@ -184,16 +197,12 @@ #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - ( defined(MBEDTLS_ENTROPY_FORCE_SHA256) || \ - !( defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512)) ) ) \ + (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \ && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32) #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_FORCE_SHA256) && \ - !( defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)) ) + defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256) #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif @@ -371,8 +380,7 @@ /* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !(defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))) + !defined(MBEDTLS_MD_HAVE_SHA256) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif @@ -1113,6 +1121,9 @@ #undef MBEDTLS_PK_HAVE_ECDSA #undef MBEDTLS_PK_HAVE_JPAKE #undef MBEDTLS_PK_HAVE_ECDH +#undef MBEDTLS_MD_HAVE_SHA256 +#undef MBEDTLS_MD_HAVE_SHA384 +#undef MBEDTLS_MD_HAVE_SHA512 /* * Avoid warning from -pedantic. This is a convenient place for this From a31ddb98dc05a1704687291a78b4eaf9ac1fa338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Mar 2023 00:13:50 +0100 Subject: [PATCH 10/13] Fix and simplify TLS hash dependency declarations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #6441 Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 51 +++++++++++++++++----------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index cf05c9b2d..c75640d0a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -787,34 +787,20 @@ #error "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system" #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_USE_PSA_CRYPTO) && \ - !( defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C) ) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" -#endif - -/* TLS 1.3 requires separate HKDF parts from PSA */ +/* TLS 1.3 requires separate HKDF parts from PSA, + * and at least one ciphersuite, so at least SHA-256 or SHA-384 + * from PSA to use with HKDF. + * + * Note: for dependencies common with TLS 1.2 (running handshake hash), + * see MBEDTLS_SSL_TLS_C. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - !( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_HKDF_EXTRACT) && defined(PSA_WANT_ALG_HKDF_EXPAND) ) + !(defined(MBEDTLS_PSA_CRYPTO_C) && \ + defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ + defined(PSA_WANT_ALG_HKDF_EXPAND) && \ + (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))) #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" #endif -/* TLS 1.3 requires at least one ciphersuite, so at least SHA-256 or SHA-384 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* We always need at least one of the hashes via PSA (for use with HKDF) */ -#if !( defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384) ) -#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" -#endif /* !(PSA_WANT_ALG_SHA_256 || PSA_WANT_ALG_SHA_384) */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -/* When USE_PSA_CRYPTO is not defined, we also need SHA-256 or SHA-384 via the - * legacy interface, including via the MD layer, for the parts of the code - * that are shared with TLS 1.2 (running handshake hash). */ -#if !defined(MBEDTLS_MD_C) || \ - !( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA384_C) ) -#error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" -#endif /* !MBEDTLS_MD_C || !(MBEDTLS_SHA256_C || MBEDTLS_SHA384_C) */ -#endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #if !( defined(MBEDTLS_PK_HAVE_ECDH) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ ( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) ) @@ -878,11 +864,24 @@ #error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) || \ - ( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) +#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_CIPHER_C) #error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif +/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */ +#if defined(MBEDTLS_SSL_TLS_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)) +#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" +#endif +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if !defined(MBEDTLS_MD_C) || \ + !(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384)) +#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" +#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_SSL_TLS_C */ + #if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C) #error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites" #endif From c584c27426c746735577347056547e3fd0150916 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Mar 2023 00:32:04 +0100 Subject: [PATCH 11/13] Disable built-in SHA-256 in accel_hash too MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that Entropy doesn't need it any more, we can have driver-only SHA-256 (and 224 with it) in the non-USE_PSA component too. This reveals a missing PSA_INIT in a PK test using SHA-256. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 12 +++++++++--- tests/suites/test_suite_pk.function | 4 ++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5ec55bf4d..bafca0a83 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2563,14 +2563,20 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_MD5_C scripts/config.py unset MBEDTLS_RIPEMD160_C scripts/config.py unset MBEDTLS_SHA1_C - # Don't unset MBEDTLS_SHA256_C as it is needed by PSA crypto core. + scripts/config.py unset MBEDTLS_SHA224_C + scripts/config.py unset MBEDTLS_SHA256_C scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - not grep mbedtls_sha512_init library/sha512.o - not grep mbedtls_sha1_init library/sha1.o + # There's a risk of something getting re-enabled via config_psa.h; + # make sure it did not happen. Note: it's OK for MD_C to be enabled. + not grep mbedtls_md5 library/md5.o + not grep mbedtls_sha1 library/sha1.o + not grep mbedtls_sha256 library/sha256.o + not grep mbedtls_sha512 library/sha512.o + not grep mbedtls_ripemd160 library/ripemd160.o msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" make test diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2caa65f6e..20f61fc3b 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -760,7 +760,7 @@ void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret) #endif mbedtls_pk_init(&pk); - USE_PSA_INIT(); + MD_OR_USE_PSA_INIT(); memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); @@ -824,7 +824,7 @@ exit: mbedtls_pk_restart_free(rs_ctx); #endif mbedtls_pk_free(&pk); - USE_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From 5a51d0d789ee2d5b2e702e07bc09c389b94ae434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Mar 2023 13:04:08 +0100 Subject: [PATCH 12/13] Fix depends.py failure with correct TLS 1.2 deps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TLS 1.2 has never been able to work with only SHA-512, it just happened to pass previously because the declared dependencies were too lax. (Probably related to the fact that in the past we didn't distinguish between SHA-512 and SHA-384 in dependencies.) So, just disable all of TLS in SHA-512-only builds. While at it, tune build_info.h to make this easier - it already had partial support for disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at the same time. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 24 ++++++++++++++++++++++++ tests/scripts/depends.py | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 949b1152a..fd61bca6f 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -121,7 +121,31 @@ #define MBEDTLS_PK_PARSE_C #endif +/* The following blocks make it easier to disable all of TLS, + * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all + * key and extensions related to them. */ + +#if !defined(MBEDTLS_SSL_TLS_C) +#undef MBEDTLS_SSL_CLI_C +#undef MBEDTLS_SSL_SRV_C +#undef MBEDTLS_SSL_PROTO_TLS1_3 +#undef MBEDTLS_SSL_PROTO_TLS1_2 +#undef MBEDTLS_SSL_PROTO_DTLS +#endif + +#if !defined(MBEDTLS_SSL_PROTO_DTLS) +#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY +#undef MBEDTLS_SSL_DTLS_CONNECTION_ID +#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT +#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY +#undef MBEDTLS_SSL_DTLS_SRTP +#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#endif + #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC +#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#undef MBEDTLS_SSL_RENEGOTIATION #undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED #undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 581baad9a..b29ea0aa6 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -277,7 +277,7 @@ REVERSE_DEPENDENCIES = { # if a given define is the only one enabled from an exclusive group. EXCLUSIVE_GROUPS = { 'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C', - '-MBEDTLS_SSL_PROTO_TLS1_3'], + '-MBEDTLS_SSL_TLS_C'], 'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C', '-MBEDTLS_ECDSA_DETERMINISTIC', '-MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED', From 70a1b6d82874e4cfa0331f033e9c6e7c7feb1434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Mar 2023 10:30:40 +0100 Subject: [PATCH 13/13] Fix typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 2 +- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index fd61bca6f..0048cee16 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -123,7 +123,7 @@ /* The following blocks make it easier to disable all of TLS, * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all - * key and extensions related to them. */ + * key exchanges, options and extensions related to them. */ #if !defined(MBEDTLS_SSL_TLS_C) #undef MBEDTLS_SSL_CLI_C diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c75640d0a..8ed51c21d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -872,12 +872,12 @@ #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) #if !(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" +#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_MD_C) || \ !(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384)) -#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" +#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_SSL_TLS_C */