-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable MBEDTLS_USE_PSA_CRYPTO by default #9614
Open
gilles-peskine-arm
wants to merge
60
commits into
Mbed-TLS:development
Choose a base branch
from
gilles-peskine-arm:use_psa_crypto-always_on
base: development
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Enable MBEDTLS_USE_PSA_CRYPTO by default #9614
gilles-peskine-arm
wants to merge
60
commits into
Mbed-TLS:development
from
gilles-peskine-arm:use_psa_crypto-always_on
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix `mypy scripts/xxx.py`, `mypy tests/scripts/xxx.py`, `pylint scripts/xxx.py`, `pylint tests/scripts/xxx.py` failing to find `mbedtls_framework`. Signed-off-by: Gilles Peskine <[email protected]>
Start replacing the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit introduces some transition code. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Work on replacing the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit migrates test coverage analysis. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Work on the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit migrates the code for driver-vs-reference analysis. To facilitate review, this commit preserves the layout of the data that parametrizes each task. The next commit will migrate the data. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Work on the stringly typed KNOWN_TASKS by classes for each category of tasks, with a structure that matches the behavior. This commit migrates the data for driver-vs-reference analysis and gets rid of the transitional code that was using the old form of the data. No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
No intended behavior change. Signed-off-by: Gilles Peskine <[email protected]>
This clears more than half of the test cases that are not executed. This also captures a few negative test cases that are executed. Subsequent commits will refine the filtering. Signed-off-by: Gilles Peskine <[email protected]>
… tests Some negative tests involving unsupported mechanisms are executed, because they're testing what happens if the mechanism is unsupported. Refine the ignore list for `test_suite_psa_crypto_generate_key.generated` and `test_suite_psa_crypto_op_fail.generated` accordingly. Signed-off-by: Gilles Peskine <[email protected]>
…aised Ignore certain test cases which either should not be generated or should be executed. For each ignore list entry, link to a GitHub issue whose definition of done includes removing the entry. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Our PSA crypto implementation does not and will not support SECP224K1. Signed-off-by: Gilles Peskine <[email protected]>
For each ignore list entry, link to a GitHub issue for its resolution, except for ssl-opt Valgrind tests which we never intend to run on the CI. Signed-off-by: Gilles Peskine <[email protected]>
For each ignore list entry, link to a GitHub issue for its resolution. Signed-off-by: Gilles Peskine <[email protected]>
For each ignore list entry, link to a GitHub issue for its resolution, except for a few configurations which there is a good reason to leave uncovered. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Attempt to partially solve the performance regression in 3.6.0 without adding too much code size. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
The complexity of having functions whose security properties depend on a runtime argument can be dangerous. Limit misuse by making any such functions local. Signed-off-by: Janos Follath <[email protected]>
The complexity of having functions whose security properties depend on a runtime argument can be dangerous. Limit risk by isolating such code in small functions with limited scope. Signed-off-by: Janos Follath <[email protected]>
These macros are not part of any public or internal API, ideally they would be defined in the source files. The reason to put them in bignum_core.h to avoid duplication as macros for this purpose are needed in both bignum.c and bignum_core.c. Signed-off-by: Janos Follath <[email protected]>
In Thumb instructions, constant can be: - any constant that can be produced by shifting an 8-bit value left by any number of bits within a 32-bit word - any constant of the form 0x00XY00XY - any constant of the form 0xXY00XY00 - any constant of the form 0xXYXYXYXY. Signed-off-by: Janos Follath <[email protected]>
It is easier to read if the parameter controlling constant timeness with respect to a parameter is next to that parameter. Signed-off-by: Janos Follath <[email protected]>
The allocated size can be significantly larger than the actual size. In the unsafe case we can use the actual size and gain some performance. Signed-off-by: Janos Follath <[email protected]>
The new test hooks allow to check whether there was an unsafe call of an optionally safe function in the codepath. For the sake of simplicity the MBEDTLS_MPI_IS_* macros are reused for signalling safe/unsafe codepaths here too. Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Co-authored-by: Gilles Peskine <[email protected]> Signed-off-by: Janos Follath <[email protected]>
To silence no previous prototype warnings. And this is the proper way to do it anyway. Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Not adding _unsafe version to the tests targeting behaviour related to RR as it is independent from the secret involved in the safe/unsafe distinction. Signed-off-by: Janos Follath <[email protected]>
Only add the test hooks where it is meaningful. That is, not adding where the operation is essentially the same or the target is not the function that is being tested. Signed-off-by: Janos Follath <[email protected]>
A + B + 1 is not a good way to get a number that's neither A nor B. This can be a problem for example if values later are changed to A = 0 and B = -1. Signed-off-by: Janos Follath <[email protected]>
Unfortunately compilers aren't good at analyzing whether variables are analyzed on all code paths, and it is better to initialize to the safe-path values. Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Without this, it's not at all obvious that turning on MBEDTLS_TEST_HOOKS doesn't change the functional behavior of the code. Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Janos Follath <[email protected]>
Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
The rest of the file uses mbedtls_mpi_uint_t unconditionally, so its definition should also be #include'd unconditionally. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
For some reason I didn't think about other files in the previous commit. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Constant-time testing with Memsan or Valgrind is much more robust, as it doesn't require cooperation from the code under test. Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
Remove all.sh components that explicitly disable MBEDTLS_USE_PSA_CRYPTO, and for which there is another component with MBEDTLS_USE_PSA_CRYPTO enabled that does the same or more testing. This commit does not consider configurations set up by another script, and skips one component for which there is no exact equivalent component with MBEDTLS_USE_PSA_CRYPTO enabled. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE disabled, test TLS 1.3 and USE_PSA TLS 1.2. With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE disabled, just test crypto, because the TLS code needs that to generate ephemeral ECDH keys but this is not tracked properly (the ephemeral ECDH code is only gated on having ECDH). Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
needs-work
needs-ci
Needs to pass CI tests
needs-preceding-pr
Requires another PR to be merged first
size-s
Estimated task size: small (~2d)
priority-high
High priority - will be reviewed soon
labels
Sep 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
needs-ci
Needs to pass CI tests
needs-preceding-pr
Requires another PR to be merged first
needs-work
priority-high
High priority - will be reviewed soon
size-s
Estimated task size: small (~2d)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow-up to #9610. We now no longer test PK/X.509/TLS with
MBEDTLS_USE_PSA_CRYPTO
disabled.This is work in progress, pushed for CI feedback. The next step is to remove all the dead code.
Continues from #9610.
PR checklist