Only for CI - Don't review #27
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-To remove unnecessary build warnings for define being redefined we need to undefine the MBEDTLS_PSA_CRYPTO_CLIENT in the crypto_types header file Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 63b9b11) (cherry picked from commit e28066d)
-This removes the redefinition of the define PSA_VENDOR_ECC_MAX_CURVE_BITS which we will set in our configuration file. Ref: NCSDK-12898 Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 1292885) (cherry picked from commit 79f38c8)
-The ECP_ALT file sets this variable so we will have a multiple definition if we enable it in ecp.h. Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 11023cd) (cherry picked from commit 6c70849)
-This checks if GCM_C is enabled in gcm.h before including the functions. This was causing build issues when the GCM is disabled but GCM_ALT is enabled. Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 08e9148) (cherry picked from commit 125633d)
-This adds a psa_driver_wrapper call for the PSA psa_key_derivation_key_agreement API. Without this patch the psa_key_derivation APIs will never reach the PSA drivers (Oberon, CC3XX) and they will only support the software implementation. This patch is a noupp because we expect the Mbed TLS project to add this change in a later release. Ref: NCSDK-13564 Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 7e0b0ec) (cherry picked from commit afeb7c3)
-Enable use of SNI without x509 by testing for MBEDTLS_SSL_SERVER_NAME_INDICATION ref: NCSDK-15193 Signed-off-by: Pete Skeggs <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit a80889e) (cherry picked from commit 4bf3986)
-Enable more TLS/DTLS types being auto-generated in documentation in Mbed TLS. Note that these are not in use in nRF Connect SDK documentation generation at the moment, this commit currently has no effect ref: NCSDK-15193 This one conflicted because PREDEFINED was removed in the doxyfile. Check if this commit can be dropped. Conflict resolution is to bring back the old defines. Signed-off-by: Pete Skeggs <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit b4e0e5c) (cherry picked from commit 6ef9f19)
-Change from PSA_ALG_ECDSA_ANY to a version that provides the correct conversion of md_alg => psa_md_alg ref: NCSDK-14199 Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit c3884bd) (cherry picked from commit 3ff651a)
-Disabling this prevents in-field devices from returning errors when non ECJPAKE PSK is used for OpenThread devices. ref: NCSDK-14629 Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 231620d) (cherry picked from commit 14c0a29)
-The current version is HMAC-oriented and assumes the key type has PSA_KEY_USAGE_SIGN_HASH and PSA_KEY_USAGE_VERIFY_HASH, while PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE is more apt for CMAC. ref: NCSDK-14656 Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 8c1dff4) (cherry picked from commit 7a26f05)
-Since the CC3XX driver can call Oberon to do the hashing it needs to be aware of the context size of the Oberon operation. This adds this size in the build. -Setting the alignment for the oberon type as it is using uint64_t as the first tipe and hence will be 8 byte aligned. ref: NCSDK-13860 ref: NCSDK-13857 Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit bec3de0) (cherry picked from commit e422c8d)
-The runtime library expects key-bits to be set when it is not for cipher and ECDSA, this is fixed here. This may be an issue either in Mbed TLS or in nrf_cc3xx v0.9.14. Hence setting as a noup ref: NCSDK-13857 Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 67cb08f) (cherry picked from commit 1707e93)
This makes sure that the content of the mutex inside the mbedtls_entropy_context is zeroed. This is a workaround because the CryptoCell runtime library will generate a fault if the mutex is not zeroed. This workaround will be reverted later when NCSDK-17004 is fixed. There is no reason to upstream this since it is a limitation in our CryptoCell runtime library and not an upstream limitation. Ref: NCSDK-8075 Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 73337db) (cherry picked from commit 10d43b5)
-There is an inconsistency between PSA Crypto API specification in Mbed TLS and in the interface exposed by TF-M for key representation where an additional type has been added to hold information about owner. This functionality is controlled by setting the configuration MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER which configures the type Mbed TLS internal type mbedtls_svc_key_id_t to a structure type of two words and not as a single word compatible with the PSA Crypto API type psk_key_id_t. This commit adds a reserved word in psa_core_key_attributes_t after the instance of mbedtls_svc_key_id_t to ensure that this structure is binary compatible with PSA Crypto drivers that are built with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER. This is a [noup] commit as this problem for our pre-built PSA crypto drivers which is required to be compiled with the configuration MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER enabled to ensure support with and without TF-M using the same library. ref: NCSDK-17464 Signed-off-by: Markus Swarowsky <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 3f5ebf6) (cherry picked from commit 1b0e9ea)
Fix RSA (MBEDTLS_RSA_C) dependency on PK write (MBEDTLS_PK_WRITE_C) when enabling PSA Crypto (MBEDTLS_PSA_CRYPTO_C). This should instead depend on MBedTLS using PSA crypto (MBEDTLS_USE_PSA_CRYPTO). Raised as issue to MbedTLS project: Mbed-TLS/mbedtls#7126 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 65311cf) (cherry picked from commit 702f824)
…derivation_abort
Fix compilation error in psa_key_derivation_abort when
MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF is defined, but
MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS is not defined.
In function 'psa_key_derivation_abort':
error: 'psa_tls12_prf_key_derivation_t'
{aka 'struct psa_tls12_prf_key_derivation_s'} has no member named
'other_secret'
Upstream PR:
Mbed-TLS/mbedtls#7125
Signed-off-by: Joakim Andersson <[email protected]>
(cherry picked from commit 87acf5b)
(cherry picked from commit adea381)
…out builtin keys Fix psa_key_derivation_output_key not being able to derive ECC keys without MBEDTLS_BUILTIN ECC key types enabled. The PSA crypto drivers can generate these keys without requiring the builtin key types. Upstream PR: Mbed-TLS/mbedtls#7192 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit de1b3f5) (cherry picked from commit 5881d82)
`mbedtls_ssl_set_hs_ecjpake_password()` sets psa roles as client / server. PSA crypto API doesn’t allow setting roles `pake_set_role()` for ECJPAKE. Although it allows setting user and peer ID with `psa_pake_set_user()` and `psa_pake_set_peer()`. The issue is already documented in: ARM-software/psa-api#45 and Mbed-TLS/mbedtls#6961, but in mbedtls 3.3.0 it blocks OpenThread’s TLS/DTLS using PSA crypto API. This commit adds necessary workaround for mbedtls 3.3.0 It additionally fixes status checking after `psa_pake_set_password_key()`. This is a noup commit because the upstream fix has too many conflicts, This change should be reverted when updating to version 3.4.0 or newer. ref: NCSDK-23631 Signed-off-by: Maciej Baczmanski <[email protected]>
Recreated from: commit c8df898 With the following information: "Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH or ECDHE key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap." This commit is "noup" since Mbed TLS TLS/DTLS has gone through refactoring meaning its content had to be recreated. Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Recreated from commit 12c5aaa which provides the following information: "Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The length of the public key in an ECDH- or FFDH-based key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap." This commit is "noup" since it TLS/DTLS is undergoing refactoring and the content of the commit had to be recreated. Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Recreated from commit faf0b86 which provides the following information "With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread." This commit is a "noup" since TLS/DTLS is undergoing refactoring and the content of the commit had to be recreated. Signed-off-by: Frank Audun Kvamtrø <[email protected]>
This reverts commit acea48f. Signed-off-by: Markus Swarowsky <[email protected]>
…sing" This reverts commit 4a204f2. Signed-off-by: Markus Swarowsky <[email protected]>
…arsing" This reverts commit 2d81092. Signed-off-by: Markus Swarowsky <[email protected]>
…OpenThread" This reverts commit b573773. Signed-off-by: Markus Swarowsky <[email protected]>
…ECC without builtin keys" This reverts commit 829e3ed. Signed-off-by: Markus Swarowsky <[email protected]>
…psa_key_derivation_abort" This reverts commit a58396e. Signed-off-by: Markus Swarowsky <[email protected]>
…rypto" This reverts commit 45374c0. Signed-off-by: Markus Swarowsky <[email protected]>
This reverts commit 7322ffa. Signed-off-by: Markus Swarowsky <[email protected]>
This reverts commit c56a2ae. Signed-off-by: Markus Swarowsky <[email protected]>
Co-authored-by: David Horstmann <[email protected]> Signed-off-by: Jonathan Winzig <[email protected]> (cherry picked from commit 144bfde) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Jonathan Winzig <[email protected]> (cherry picked from commit acd35a5) Signed-off-by: Markus Swarowsky <[email protected]>
Co-authored-by: Paul Elliott <[email protected]> Signed-off-by: Jonathan Winzig <[email protected]> (cherry picked from commit af553bf) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Paul Elliott <[email protected]> (cherry picked from commit 968a928) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit d6b0965) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit 6bcbc92) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit a865fc9) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit 100dcdd) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit a62a554) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit e6750b2) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit 47ee770) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit b4b8f3d) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit 16ab76b) Signed-off-by: Markus Swarowsky <[email protected]>
Any timing variance dependant on the output of this function enables a Bleichenbacher attack. It is extremely difficult to use safely. In the Marvin attack paper (https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the author suggests that implementations of PKCS 1.5 decryption that don't include a countermeasure should be considered inherently dangerous. They suggest that all libraries implement the same countermeasure, as implementing different countermeasures across libraries enables the Bleichenbacher attack as well. This is extremely fragile and therefore we don't implement it. The use of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable. Add a warning to PKCS 1.5 decryption to warn users about this. Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit 393df9c) Signed-off-by: Markus Swarowsky <[email protected]>
Upon further consideration we think that a remote attacker close to the victim might be able to have precise enough timing information to exploit the side channel as well. Update the Changelog to reflect this. Signed-off-by: Janos Follath <[email protected]> (cherry picked from commit 0d57f10) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Dave Rodgman <[email protected]> (cherry picked from commit 6ba4169) Signed-off-by: Markus Swarowsky <[email protected]>
./scripts/bump_version.sh --version 3.5.1 Signed-off-by: Dave Rodgman <[email protected]> (cherry picked from commit e23d647) Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Dave Rodgman <[email protected]> (cherry picked from commit daca7a3) Signed-off-by: Markus Swarowsky <[email protected]>
…CDSA_SIGN_ALT When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail Signed-off-by: JonathanWitthoeft <[email protected]>
noup because Using the oberon PSA cypto core file instead of the mbed TLS one. To reduce the dependcies causing build issues. Signed-off-by: Georgios Vasilakis <[email protected]>
We don't use this file in our SDK, we use directly the Oberon one. We add it here because we need it only for the internal building of the CryptoCell libraries and for this we need to have the same version as the Oberon one. Signed-off-by: Georgios Vasilakis <[email protected]>
Replace MBEDTLS_ACCEL symbols with the equivalent PSA_WANT symbols since we don't use the MBEDTLS_ACCEL symbols in sdk-nrf. Signed-off-by: Georgios Vasilakis <[email protected]>
The CryptoCell runtime libraries are using the mbedtls_md APIs for hashing. Since the CryptoCell libraries are binaries and the mbedtls_md APIs are compiled from source at build time, they need to have the same view of the mbedtls_md context. This change makes the mbedtls_md contexts to have fixed sizes. Signed-off-by: Georgios Vasilakis <[email protected]>
This reverts commit b1eb50a.
Signed-off-by: Georgios Vasilakis <[email protected]>
Vge0rge
force-pushed
the
tfm_20_ncs_upmerge_george
branch
from
6eeeaa8
to
c8d07f2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.