eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PKCS5: always use MD

Browse source 
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-03-16 11:39:20 +01:00
parent c1f10441e0
commit 49e67f814f
7 changed files with 37 additions and 146 deletions
Download patch file Download diff file Expand all files Collapse all files

10
include/mbedtls/build_info.h
View file

@ -80,6 +80,13 @@
#include MBEDTLS_USER_CONFIG_FILE #include MBEDTLS_USER_CONFIG_FILE
#endif #endif
/* Auto-enable MBEDTLS_MD_C if needed by a module that didn't require it
* in a previous release, to ensure backwards compatibility.
*/
#if defined(MBEDTLS_PKCS5_C)
#define MBEDTLS_MD_C
#endif
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
*/ */
@ -87,7 +94,8 @@
#define MBEDTLS_MD_LIGHT #define MBEDTLS_MD_LIGHT
#endif #endif
/* Auto-enable MBEDTLS_MD_LIGHT if some module needs it. /* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it
* in a previous release, to ensure backwards compatibility.
*/ */
#if defined(MBEDTLS_ECJPAKE_C) || \ #if defined(MBEDTLS_ECJPAKE_C) || \
defined(MBEDTLS_PEM_PARSE_C) || \ defined(MBEDTLS_PEM_PARSE_C) || \

3
include/mbedtls/check_config.h
View file

@ -169,8 +169,7 @@
#endif #endif
#if defined(MBEDTLS_PKCS5_C) && \ #if defined(MBEDTLS_PKCS5_C) && \
( !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) || \ !defined(MBEDTLS_CIPHER_C)
!defined(MBEDTLS_CIPHER_C) )
#error "MBEDTLS_PKCS5_C defined, but not all prerequisites" #error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
#endif #endif

12
include/mbedtls/mbedtls_config.h
View file

@ -2849,15 +2849,11 @@
* *
* Module: library/pkcs5.c * Module: library/pkcs5.c
* *
* Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C. * Requires: MBEDTLS_CIPHER_C
* (auto-enables MBEDTLS_MD_C)
* *
* \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() * \warning If using a hash that is only provided by PSA drivers, you must
* before doing any PKCS5 operation. * call psa_crypto_init() before doing any PKCS5 operations.
*
* \warning When building with MBEDTLS_MD_C, all hashes used with this
* need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
* etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
* this module in builds where MBEDTLS_MD_C is disabled.
* *
* This module adds support for the PKCS#5 functions. * This module adds support for the PKCS#5 functions.
*/ */

119
library/pkcs5.c
View file

@ -47,12 +47,6 @@
#include "hash_info.h" #include "hash_info.h"
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#if !defined(MBEDTLS_MD_C)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_md_errors, \
psa_generic_status_to_mbedtls)
#endif
#if defined(MBEDTLS_ASN1_PARSE_C) #if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations, mbedtls_asn1_buf *salt, int *iterations,
@ -221,7 +215,6 @@ exit:
} }
#endif /* MBEDTLS_ASN1_PARSE_C */ #endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_MD_C)
static int pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, static int pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
const unsigned char *password, const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen, size_t plen, const unsigned char *salt, size_t slen,
@ -322,7 +315,6 @@ int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
key_length, output); key_length, output);
} }
#endif #endif
#endif /* MBEDTLS_MD_C */
int mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_type_t md_alg, int mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_type_t md_alg,
const unsigned char *password, const unsigned char *password,
@ -330,7 +322,6 @@ int mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_type_t md_alg,
unsigned int iteration_count, unsigned int iteration_count,
uint32_t key_length, unsigned char *output) uint32_t key_length, unsigned char *output)
{ {
#if defined(MBEDTLS_MD_C)
mbedtls_md_context_t md_ctx; mbedtls_md_context_t md_ctx;
const mbedtls_md_info_t *md_info = NULL; const mbedtls_md_info_t *md_info = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -350,116 +341,6 @@ int mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_type_t md_alg,
exit: exit:
mbedtls_md_free(&md_ctx); mbedtls_md_free(&md_ctx);
return ret; return ret;
#else
unsigned int i;
unsigned char md1[PSA_HASH_MAX_SIZE];
unsigned char work[PSA_HASH_MAX_SIZE];
const unsigned char md_size = mbedtls_hash_info_get_size(md_alg);
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t status_destruction = PSA_ERROR_CORRUPTION_DETECTED;
size_t use_len, out_len;
unsigned char *out_p = output;
unsigned char counter[4];
mbedtls_svc_key_id_t psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
const psa_algorithm_t alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(md_alg));
const size_t out_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 0, alg);
memset(counter, 0, sizeof(counter));
counter[3] = 1;
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
if (key_length == 0) {
return 0;
}
if ((status = psa_import_key(&attributes,
password, plen,
&psa_hmac_key)) != PSA_SUCCESS) {
return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
}
#if UINT_MAX > 0xFFFFFFFF
if (iteration_count > 0xFFFFFFFF) {
return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
}
#endif
while (key_length) {
status = psa_mac_sign_setup(&operation, psa_hmac_key,
PSA_ALG_HMAC(alg));
if (status != PSA_SUCCESS) {
goto cleanup;
}
// U1 ends up in work
if ((status = psa_mac_update(&operation, salt, slen)) != PSA_SUCCESS) {
goto cleanup;
}
if ((status = psa_mac_update(&operation, counter, sizeof(counter))) != PSA_SUCCESS) {
goto cleanup;
}
if ((status = psa_mac_sign_finish(&operation, work, out_size, &out_len))
!= PSA_SUCCESS) {
goto cleanup;
}
memcpy(md1, work, out_len);
for (i = 1; i < iteration_count; i++) {
// U2 ends up in md1
//
status = psa_mac_sign_setup(&operation, psa_hmac_key,
PSA_ALG_HMAC(alg));
if (status != PSA_SUCCESS) {
goto cleanup;
}
if ((status = psa_mac_update(&operation, md1, md_size)) != PSA_SUCCESS) {
goto cleanup;
}
if ((status =
psa_mac_sign_finish(&operation, md1, out_size, &out_len)) != PSA_SUCCESS) {
goto cleanup;
}
// U1 xor U2
//
mbedtls_xor(work, work, md1, md_size);
}
use_len = (key_length < md_size) ? key_length : md_size;
memcpy(out_p, work, use_len);
key_length -= (uint32_t) use_len;
out_p += use_len;
for (i = 4; i > 0; i--) {
if (++counter[i - 1] != 0) {
break;
}
}
}
cleanup:
/* Zeroise buffers to clear sensitive data from memory. */
mbedtls_platform_zeroize(work, PSA_HASH_MAX_SIZE);
mbedtls_platform_zeroize(md1, PSA_HASH_MAX_SIZE);
status_destruction = psa_destroy_key(psa_hmac_key);
if (status == PSA_SUCCESS && status_destruction != PSA_SUCCESS) {
status = status_destruction;
}
status_destruction = psa_mac_abort(&operation);
if (status == PSA_SUCCESS && status_destruction != PSA_SUCCESS) {
status = status_destruction;
}
return PSA_TO_MBEDTLS_ERR(status);
#endif /* !MBEDTLS_MD_C */
} }
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)

14
library/x509.c
View file

@ -135,31 +135,31 @@ int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
{ {
switch (md_alg) { switch (md_alg) {
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA) #if defined(MBEDTLS_MD_CAN_MD5)
case MBEDTLS_MD_MD5: case MBEDTLS_MD_MD5:
return "MD5"; return "MD5";
#endif #endif
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA) #if defined(MBEDTLS_MD_CAN_SHA1)
case MBEDTLS_MD_SHA1: case MBEDTLS_MD_SHA1:
return "SHA1"; return "SHA1";
#endif #endif
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA) #if defined(MBEDTLS_MD_CAN_SHA224)
case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA224:
return "SHA224"; return "SHA224";
#endif #endif
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA) #if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_MD_SHA256: case MBEDTLS_MD_SHA256:
return "SHA256"; return "SHA256";
#endif #endif
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA) #if defined(MBEDTLS_MD_CAN_SHA384)
case MBEDTLS_MD_SHA384: case MBEDTLS_MD_SHA384:
return "SHA384"; return "SHA384";
#endif #endif
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA) #if defined(MBEDTLS_MD_CAN_SHA512)
case MBEDTLS_MD_SHA512: case MBEDTLS_MD_SHA512:
return "SHA512"; return "SHA512";
#endif #endif
#if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA) #if defined(MBEDTLS_MD_CAN_RIPEMD160)
case MBEDTLS_MD_RIPEMD160: case MBEDTLS_MD_RIPEMD160:
return "RIPEMD160"; return "RIPEMD160";
#endif #endif

11
tests/scripts/all.sh
View file

@ -1224,12 +1224,15 @@ component_test_crypto_full_md_light_only () {
scripts/config.py crypto_full scripts/config.py crypto_full
# Disable MD # Disable MD
scripts/config.py unset MBEDTLS_MD_C scripts/config.py unset MBEDTLS_MD_C
# Disable direct dependencies of MD # Disable direct dependencies of MD_C
scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_HKDF_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py unset MBEDTLS_PKCS7_C
# Disable indirect dependencies of MD # Disable indirect dependencies of MD_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
# Disable things that would auto-enable MD_C
scripts/config.py unset MBEDTLS_PKCS5_C
# Note: MD-light is auto-enabled in build_info.h by modules that need it, # Note: MD-light is auto-enabled in build_info.h by modules that need it,
# which we haven't disabled, so no need to explicitly enable it. # which we haven't disabled, so no need to explicitly enable it.
make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
@ -2671,9 +2674,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" all
# There's a risk of something getting re-enabled via config_psa.h; # There's a risk of something getting re-enabled via config_psa.h;
# make sure it did not happen. Note: it's OK for MD_LIGHT to be enabled, # make sure it did not happen. Note: it's OK for MD_C to be enabled.
# but not the full MD_C (for now), so check mbedtls_md_hmac for that.
not grep mbedtls_md_hmac library/md.o
not grep mbedtls_md5 library/md5.o not grep mbedtls_md5 library/md5.o
not grep mbedtls_sha1 library/sha1.o not grep mbedtls_sha1 library/sha1.o
not grep mbedtls_sha256 library/sha256.o not grep mbedtls_sha256 library/sha256.o

14
tests/suites/test_suite_pkcs5.function
View file

@ -14,14 +14,16 @@ void pbkdf2_hmac(int hash, data_t *pw_str, data_t *salt_str,
{ {
unsigned char key[100]; unsigned char key[100];
PSA_INIT_IF_NO_MD(); MD_PSA_INIT();
TEST_ASSERT(mbedtls_pkcs5_pbkdf2_hmac_ext(hash, pw_str->x, pw_str->len, TEST_ASSERT(mbedtls_pkcs5_pbkdf2_hmac_ext(hash, pw_str->x, pw_str->len,
salt_str->x, salt_str->len, salt_str->x, salt_str->len,
it_cnt, key_len, key) == 0); it_cnt, key_len, key) == 0);
TEST_ASSERT(mbedtls_test_hexcmp(key, result_key_string->x, TEST_ASSERT(mbedtls_test_hexcmp(key, result_key_string->x,
key_len, result_key_string->len) == 0); key_len, result_key_string->len) == 0);
PSA_DONE_IF_NO_MD();
exit:
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */
@ -33,7 +35,7 @@ void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
mbedtls_asn1_buf params; mbedtls_asn1_buf params;
unsigned char *my_out = NULL; unsigned char *my_out = NULL;
PSA_INIT_IF_NO_MD(); MD_PSA_INIT();
params.tag = params_tag; params.tag = params_tag;
params.p = params_hex->x; params.p = params_hex->x;
@ -51,13 +53,17 @@ void mbedtls_pkcs5_pbes2(int params_tag, data_t *params_hex, data_t *pw,
exit: exit:
mbedtls_free(my_out); mbedtls_free(my_out);
PSA_DONE_IF_NO_MD(); MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void pkcs5_selftest() void pkcs5_selftest()
{ {
MD_PSA_INIT();
TEST_ASSERT(mbedtls_pkcs5_self_test(1) == 0); TEST_ASSERT(mbedtls_pkcs5_self_test(1) == 0);
exit:
MD_PSA_DONE();
} }
/* END_CASE */ /* END_CASE */