diff options
author | Gilles Peskine <gilles.peskine@arm.com> | 2022-12-15 19:47:44 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-15 19:47:44 +0100 |
commit | d1dd41f3fc7123fe734766951da800c606200a48 (patch) | |
tree | 8d64be4510d4bd2b1a662b5e0ab2a822c916cfd1 | |
parent | 6b21820bd3983c5972b75d690664cb539befd0ea (diff) | |
parent | 67bad73e870477a2c44f843eac50f91c148db6fc (diff) | |
download | mbedtls-d1dd41f3fc7123fe734766951da800c606200a48.zip mbedtls-d1dd41f3fc7123fe734766951da800c606200a48.tar.gz mbedtls-d1dd41f3fc7123fe734766951da800c606200a48.tar.bz2 |
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
-rw-r--r-- | ChangeLog.d/pk-sign-restartable.txt | 5 | ||||
-rw-r--r-- | docs/architecture/psa-migration/psa-limitations.md | 7 | ||||
-rw-r--r-- | docs/use-psa-crypto.md | 21 | ||||
-rw-r--r-- | include/mbedtls/check_config.h | 10 | ||||
-rw-r--r-- | include/mbedtls/mbedtls_config.h | 34 | ||||
-rw-r--r-- | library/pk_wrap.c | 8 | ||||
-rwxr-xr-x | scripts/config.py | 1 | ||||
-rwxr-xr-x | tests/scripts/all.sh | 17 | ||||
-rwxr-xr-x | tests/scripts/depends.py | 1 | ||||
-rwxr-xr-x | tests/ssl-opt.sh | 130 | ||||
-rw-r--r-- | tests/suites/test_suite_ecp.function | 2 | ||||
-rw-r--r-- | tests/suites/test_suite_x509parse.function | 3 |
12 files changed, 202 insertions, 37 deletions
diff --git a/ChangeLog.d/pk-sign-restartable.txt b/ChangeLog.d/pk-sign-restartable.txt new file mode 100644 index 0000000..35da2be --- /dev/null +++ b/ChangeLog.d/pk-sign-restartable.txt @@ -0,0 +1,5 @@ +Changes + * When MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_ECDSA_DETERMINISTIC are both + defined, mbedtls_pk_sign() now use deterministic ECDSA for ECDSA + signatures. This aligns the behaviour with MBEDTLS_USE_PSA_CRYPTO to + the behaviour without it, where deterministic ECDSA was already used. diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md index e565b28..c368023 100644 --- a/docs/architecture/psa-migration/psa-limitations.md +++ b/docs/architecture/psa-migration/psa-limitations.md @@ -17,8 +17,11 @@ Restartable ECC operations There is currently no support for that in PSA at all, but it will be added at some point, see <https://github.com/orgs/Mbed-TLS/projects/1#column-18816849>. -Currently, `MBEDTLS_USE_PSA_CRYPTO` is simply incompatible with -`MBEDTLS_ECP_RESTARTABLE`. +Currently, when `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_ECP_RESTARTABLE` are +both enabled, some operations that should be restartable are not (ECDH in TLS +1.2 clients using ECDHE-ECDSA), as they are using PSA instead, and some +operations that should use PSA do not (signature generation & verification) as +they use the legacy API instead, in order to get restartable behaviour. Things that are in the API but not implemented yet -------------------------------------------------- diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index 11442ed..194d96f 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -7,9 +7,6 @@ operations, and enables new APIs for using keys handled by PSA Crypto. General considerations ---------------------- -**Compile-time:** enabling `MBEDTLS_USE_PSA_CRYPTO` requires -`MBEDTLS_ECP_RESTARTABLE` to be disabled. - **Application code:** when this option is enabled, you need to call `psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK module. @@ -86,28 +83,34 @@ is enabled, no change required on the application side. Current exceptions: -- finite-field (non-EC) Diffie-Hellman (used in key exchanges: DHE-RSA, - DHE-PSK) +- Finite-field (non-EC) Diffie-Hellman (used in key exchanges: DHE-RSA, + DHE-PSK). +- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see + the documentation of that option). Other than the above exceptions, all crypto operations are based on PSA when `MBEDTLS_USE_PSA_CRYPTO` is enabled. ### X.509: most crypto operations based on PSA -Current exception: +Current exceptions: -- verification of RSA-PSS signatures with a salt length that is different from +- Verification of RSA-PSS signatures with a salt length that is different from the hash length. +- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see + the documentation of that option). Other than the above exception, all crypto operations are based on PSA when `MBEDTLS_USE_PSA_CRYPTO` is enabled. ### PK layer: most crypto operations based on PSA -Current exception: +Current exceptions: -- verification of RSA-PSS signatures with a salt length that is different from +- Verification of RSA-PSS signatures with a salt length that is different from the hash length, or with an MGF hash that's different from the message hash. +- Restartable operations when `MBEDTLS_ECP_RESTARTABLE` is also enabled (see + the documentation of that option). Other than the above exception, all crypto operations are based on PSA when `MBEDTLS_USE_PSA_CRYPTO` is enabled. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b791344..99584c4 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -117,15 +117,19 @@ #endif #if defined(MBEDTLS_ECP_RESTARTABLE) && \ - ( defined(MBEDTLS_USE_PSA_CRYPTO) || \ - defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ + ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) || \ defined(MBEDTLS_ECP_INTERNAL_ALT) || \ defined(MBEDTLS_ECP_ALT) ) -#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation" +#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" +#endif + +#if defined(MBEDTLS_ECP_RESTARTABLE) && \ + !defined(MBEDTLS_ECP_C) +#error "MBEDTLS_ECP_RESTARTABLE defined, but not all prerequisites" #endif #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 78c3635..b9c896f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -690,11 +690,42 @@ * This is useful in non-threaded environments if you want to avoid blocking * for too long on ECC (and, hence, X.509 or SSL/TLS) operations. * - * Uncomment this macro to enable restartable ECC computations. + * This option: + * - Adds xxx_restartable() variants of existing operations in the + * following modules, with corresponding restart context types: + * - ECP (for Short Weierstrass curves only): scalar multiplication (mul), + * linear combination (muladd); + * - ECDSA: signature generation & verification; + * - PK: signature generation & verification; + * - X509: certificate chain verification. + * - Adds mbedtls_ecdh_enable_restart() in the ECDH module. + * - Changes the behaviour of TLS 1.2 clients (not servers) when using the + * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC + * computations restartable: + * - ECDH operations from the key exchange, only for Short Weierstass + * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled. + * - verification of the server's key exchange signature; + * - verification of the server's certificate chain; + * - generation of the client's signature if client authentication is used, + * with an ECC key/certificate. + * + * \note In the cases above, the usual SSL/TLS functions, such as + * mbedtls_ssl_handshake(), can now return + * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS. + * + * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled, + * restartable operations in PK, X.509 and TLS (see above) are not + * using PSA. On the other hand, ECDH computations in TLS are using + * PSA, and are not restartable. These are temporary limitations that + * should be lifted in the future. * * \note This option only works with the default software implementation of * elliptic curve functionality. It is incompatible with * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. + * + * Requires: MBEDTLS_ECP_C + * + * Uncomment this macro to enable restartable ECC computations. */ //#define MBEDTLS_ECP_RESTARTABLE @@ -1923,7 +1954,6 @@ * before calling any function from the SSL/TLS, X.509 or PK modules. * * Requires: MBEDTLS_PSA_CRYPTO_C. - * Conflicts with: MBEDTLS_ECP_RESTARTABLE * * Uncomment this to enable internal use of PSA Crypto and new associated APIs. */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 5de8fa6..ea7d726 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1162,8 +1162,12 @@ static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, size_t key_len; unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES]; unsigned char *p; - psa_algorithm_t psa_sig_md = - PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); + psa_algorithm_t psa_hash = mbedtls_hash_info_psa_from_md( md_alg ); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA( psa_hash ); +#else + psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA( psa_hash ); +#endif size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); diff --git a/scripts/config.py b/scripts/config.py index 7e58acd..a53c470 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -194,7 +194,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation - 'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency 'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index cc630ce..584906a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -872,12 +872,6 @@ component_check_test_cases () { fi tests/scripts/check_test_cases.py $opt unset opt - - # Check that no tests are explicitely disabled when USE_PSA_CRYPTO is set - # as a matter of policy to ensure there is no missed testing - msg "Check: explicitely disabled test with USE_PSA_CRYPTO" # < 1s - not grep -n 'depends_on:.*!MBEDTLS_USE_PSA_CRYPTO' tests/suites/*.function tests/suites/*.data - not grep -n '^ *requires_config_disabled.*MBEDTLS_USE_PSA_CRYPTO' tests/ssl-opt.sh tests/opt-testcases/*.sh } component_check_doxygen_warnings () { @@ -1893,10 +1887,13 @@ component_test_depends_py_pkalgs_psa () { component_build_module_alt () { msg "build: MBEDTLS_XXX_ALT" # ~30s scripts/config.py full - # Disable options that are incompatible with some ALT implementations. + + # Disable options that are incompatible with some ALT implementations: # aesni.c and padlock.c reference mbedtls_aes_context fields directly. scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C + # MBEDTLS_ECP_RESTARTABLE is documented as incompatible. + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # You can only have one threading implementation: alt or pthread, not both. scripts/config.py unset MBEDTLS_THREADING_PTHREAD # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields @@ -1908,10 +1905,12 @@ component_build_module_alt () { # MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_* scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY + # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable # MBEDTLS_XXX_YYY_ALT which are for single functions. scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C + # We can only compile, not link, since we don't have any implementations # suitable for testing with the dummy alt headers. make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib @@ -1932,7 +1931,6 @@ component_test_no_use_psa_crypto_full_cmake_asan() { # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" scripts/config.py full - scripts/config.py set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC scripts/config.py unset MBEDTLS_PSA_CRYPTO_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 @@ -1947,6 +1945,9 @@ component_test_no_use_psa_crypto_full_cmake_asan() { msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" make test + # Note: ssl-opt.sh has some test cases that depend on + # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO + # This is the only component where those tests are not skipped. msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" tests/ssl-opt.sh diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 0d6ec94..d09b732 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -234,6 +234,7 @@ REVERSE_DEPENDENCIES = { 'MBEDTLS_ECP_C': ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C', 'MBEDTLS_ECJPAKE_C', + 'MBEDTLS_ECP_RESTARTABLE', 'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED', 'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED', diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ea57b25..0d4ce6e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8478,10 +8478,12 @@ run_test "EC restart: TLS, max_ops=65535" \ -C "mbedtls_ecdh_make_public.*4b00" \ -C "mbedtls_pk_sign.*4b00" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "EC restart: TLS, max_ops=1000" \ +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV curves=secp256r1 auth_mode=required" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ @@ -8492,6 +8494,25 @@ run_test "EC restart: TLS, max_ops=1000" \ -c "mbedtls_ecdh_make_public.*4b00" \ -c "mbedtls_pk_sign.*4b00" +# With USE_PSA enabled we expect only partial restartable behaviour: +# everything except ECDH (where TLS calls PSA directly). +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ + "$P_SRV curves=secp256r1 auth_mode=required" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000" \ + 0 \ + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" + +# This works the same with & without USE_PSA as we never get to ECDH: +# we abort as soon as we determined the cert is bad. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -8511,10 +8532,12 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ -c "! mbedtls_ssl_handshake returned" \ -c "X509 - Certificate verification failed" +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ "$P_SRV curves=secp256r1 auth_mode=required \ crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -8530,10 +8553,34 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +# With USE_PSA enabled we expect only partial restartable behaviour: +# everything except ECDH (where TLS calls PSA directly). +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ + "$P_SRV curves=secp256r1 auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=optional" \ + 0 \ + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" \ + -c "! The certificate is not correctly signed by the trusted CA" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +# With USE_PSA disabled we expect full restartable behaviour. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ "$P_SRV curves=secp256r1 auth_mode=required \ crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -8549,10 +8596,34 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +# With USE_PSA enabled we expect only partial restartable behaviour: +# everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "EC restart: DTLS, max_ops=1000" \ +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ + "$P_SRV curves=secp256r1 auth_mode=required \ + crt_file=data_files/server5-badsign.crt \ + key_file=data_files/server5.key" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=none" \ + 0 \ + -C "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" \ + -C "! The certificate is not correctly signed by the trusted CA" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + +# With USE_PSA disabled we expect full restartable behaviour. +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ "$P_SRV curves=secp256r1 auth_mode=required dtls=1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ key_file=data_files/server5.key crt_file=data_files/server5.crt \ @@ -8563,10 +8634,29 @@ run_test "EC restart: DTLS, max_ops=1000" \ -c "mbedtls_ecdh_make_public.*4b00" \ -c "mbedtls_pk_sign.*4b00" +# With USE_PSA enabled we expect only partial restartable behaviour: +# everything except ECDH (where TLS calls PSA directly). requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "EC restart: TLS, max_ops=1000 no client auth" \ +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ + "$P_SRV curves=secp256r1 auth_mode=required dtls=1" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + dtls=1 debug_level=1 ec_max_ops=1000" \ + 0 \ + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" + +# With USE_PSA disabled we expect full restartable behaviour. +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ "$P_SRV curves=secp256r1" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ debug_level=1 ec_max_ops=1000" \ @@ -8576,13 +8666,35 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \ -c "mbedtls_ecdh_make_public.*4b00" \ -C "mbedtls_pk_sign.*4b00" + +# With USE_PSA enabled we expect only partial restartable behaviour: +# everything except ECDH (where TLS calls PSA directly). +requires_config_enabled MBEDTLS_ECP_RESTARTABLE +requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ + "$P_SRV curves=secp256r1" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + debug_level=1 ec_max_ops=1000" \ + 0 \ + -c "x509_verify_cert.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -C "mbedtls_ecdh_make_public.*4b00" \ + -C "mbedtls_pk_sign.*4b00" + +# Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no +# restartable behaviour at all (not even client auth). +# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA, +# and all 4 assertions negated. requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ - "$P_SRV curves=secp256r1 psk=abc123" \ - "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk=abc123 debug_level=1 ec_max_ops=1000" \ +run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ + "$P_SRV curves=secp256r1 auth_mode=required" \ + "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt \ + debug_level=1 ec_max_ops=1000" \ 0 \ -C "x509_verify_cert.*4b00" \ -C "mbedtls_pk_verify.*4b00" \ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 7d29e52..2971c57 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -237,7 +237,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ void ecp_muladd_restart( int id, char *xR_str, char *yR_str, char *u1_str, char *u2_str, char *xQ_str, char *yQ_str, diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 2585720..dc36b81 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -579,6 +579,8 @@ void x509_verify_restart( char *crt_file, char *ca_file, mbedtls_x509_crt_init( &crt ); mbedtls_x509_crt_init( &ca ); + USE_PSA_INIT( ); + TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); @@ -607,6 +609,7 @@ exit: mbedtls_x509_crt_restart_free( &rs_ctx ); mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_free( &ca ); + USE_PSA_DONE( ); } /* END_CASE */ |