Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use PSA EC-JPAKE in TLS (1.2) - Part 2 #6533

Merged
merged 19 commits into from
Nov 23, 2022
Merged

Use PSA EC-JPAKE in TLS (1.2) - Part 2 #6533

merged 19 commits into from
Nov 23, 2022

Conversation

valeriosetti
Copy link
Contributor

@valeriosetti valeriosetti commented Nov 3, 2022
edited by mpg
Loading

Description

Following the fixes of PR #6390 by @mpg and the issues found in PR #5886, since @superna9999 could not address those issues, this PR aims at continuing the work of PR #5886.

As a consequence it resolves #5847

The workflow was as follows:

As a consequence this PR depends on PR #6390 to be merged.

Gatekeeper checklist

@valeriosetti
Copy link
Contributor Author

valeriosetti commented Nov 3, 2022
edited
Loading

It has been tested following the procedure suggested by @mpg in PR #5886

git checkout -- include/mbedtls/mbedtls_config.h
scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
make clean

make -C programs ssl/ssl_server2 ssl/ssl_client2
cp programs/ssl/ssl_server2 s2_no_use_psa
cp programs/ssl/ssl_client2 c2_no_use_psa


scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
make clean

make -C programs ssl/ssl_server2 ssl/ssl_client2
make -C programs test/udp_proxy test/query_compile_time_config

P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f ECJPAKE
P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f ECJPAKE

and now it seems to work properly:

ECJPAKE: client not configured ......................................... PASS
ECJPAKE: server not configured ......................................... PASS
ECJPAKE: working, TLS .................................................. PASS
ECJPAKE: password mismatch, TLS ........................................ PASS
ECJPAKE: working, DTLS ................................................. PASS
ECJPAKE: working, DTLS, no cookie ...................................... PASS
ECJPAKE: password mismatch, DTLS ....................................... PASS
ECJPAKE: working, DTLS, nolog .......................................... PASS
------------------------------------------------------------------------
PASSED (8 / 8 tests (0 skipped))
ECJPAKE: client not configured ......................................... PASS
ECJPAKE: server not configured ......................................... PASS
ECJPAKE: working, TLS .................................................. PASS
ECJPAKE: password mismatch, TLS ........................................ PASS
ECJPAKE: working, DTLS ................................................. PASS
ECJPAKE: working, DTLS, no cookie ...................................... PASS
ECJPAKE: password mismatch, DTLS ....................................... PASS
ECJPAKE: working, DTLS, nolog .......................................... PASS
------------------------------------------------------------------------
PASSED (8 / 8 tests (0 skipped))

@superna9999 superna9999 mentioned this pull request Nov 4, 2022
Closed
1 task
@valeriosetti valeriosetti force-pushed the issue5847 branch 2 times, most recently from 22c79ee to 4c2d0c1 Compare November 7, 2022 10:15
@AndrzejKurek AndrzejKurek self-requested a review November 7, 2022 10:18
@AndrzejKurek AndrzejKurek added needs-work needs-ci Needs to pass CI tests needs-reviewer This PR needs someone to pick it up for review bug size-m Estimated task size: medium (~1w) labels Nov 7, 2022
@AndrzejKurek
Copy link
Contributor

It seems that for now, unfortunately, some CI tests fail on EC-JPAKE. Let me know @valeriosetti once the CI passes and please also add a needs:review label then!

@valeriosetti
Copy link
Contributor Author

It seems that for now, unfortunately, some CI tests fail on EC-JPAKE. Let me know @valeriosetti once the CI passes and please also add a needs:review label then!

@AndrzejKurek yes, there's a dependency between this PR and #6390: I expect tests to work properly once #6390 is merged into development branch and this PR is rebased on top of it.

PS = as for the label can I add it? Or do I need some extra privilege?

@AndrzejKurek
Copy link
Contributor

PS = as for the label can I add it? Or do I need some extra privilege?

Can you check if you have an option to add it? There should be a small "cog" next to the labels.
image

@valeriosetti
Copy link
Contributor Author

Can you check if you have an option to add it? There should be a small "cog" next to the labels.

Nope, I don't have it :/
Indeed I would also like to set myself as the assignee for #5847, but I don't think I have the permission to do that

@superna9999 @valeriosetti
Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected
ca7d506 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
@superna9999 @valeriosetti
Remove TLS 1.2 exception about EC J-PAKE and PSA Crypto
e2977b6 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
@mpg
Copy link
Contributor

mpg commented Nov 8, 2022

It has been tested following the procedure suggested by @mpg in PR #5886
and now it seems to work properly:

That's great news! Can you also add an all.sh component that does this testing?

Regarding labels / assigning, I'll try to sort out the permissions, in the meantime can you just post a comment when you think this is ready for review?

@mpg mpg self-requested a review November 8, 2022 11:22
@mpg mpg removed the needs-reviewer This PR needs someone to pick it up for review label Nov 8, 2022
@valeriosetti valeriosetti added needs-review Every commit must be reviewed by at least two team members, and removed needs-work labels Nov 8, 2022
@valeriosetti valeriosetti removed the needs-ci Needs to pass CI tests label Nov 9, 2022
@AndrzejKurek AndrzejKurek added the approved Design and code approved - may be waiting for CI or backports label Nov 22, 2022
@gilles-peskine-arm
Copy link
Contributor

On the internal CI, test_depends_py_curves_psa timed out but Windows has a genuine failure from MSVC:

   213>C:\builds\workspace\mbed-tls-pr-merge_PR-6533-merge\worktrees\tmpqmhr7jmt\library\ssl_tls.c(8519): error C2220: warning treated as error - no 'object' file generated [C:\builds\workspace\mbed-tls-pr-merge_PR-6533-merge\worktrees\tmpqmhr7jmt\cmake_solution\library\mbedtls.vcxproj]
   213>C:\builds\workspace\mbed-tls-pr-merge_PR-6533-merge\worktrees\tmpqmhr7jmt\library\ssl_tls.c(8519): warning C4267: '=' : conversion from 'size_t' to 'unsigned char', possible loss of data

That's line 8519 in the merge with 339406d.

@gilles-peskine-arm gilles-peskine-arm added needs-work and removed approved Design and code approved - may be waiting for CI or backports labels Nov 22, 2022
@valeriosetti
Copy link
Contributor Author

That's line 8519 in the merge with 339406d

@gilles-peskine-arm is this the right commit? Because to me it seems that this one is related to mpi :/

@gilles-peskine-arm
Copy link
Contributor

@valeriosetti The CI runs on a merge of the branch of the pull request with the current state of the target branch. So the line number is for a merge of your branch at d4a9b1a with development at 339406d.

@valeriosetti
tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round
99d88c1 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
@valeriosetti valeriosetti dismissed stale reviews from AndrzejKurek and mpg via 99d88c1 November 22, 2022 15:03
@valeriosetti valeriosetti added needs-review Every commit must be reviewed by at least two team members, and removed needs-work labels Nov 22, 2022
@AndrzejKurek AndrzejKurek mentioned this pull request Nov 22, 2022
Closed
@mpg mpg removed the needs-ci Needs to pass CI tests label Nov 23, 2022
mpg
mpg approved these changes Nov 23, 2022
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mpg mpg requested a review from AndrzejKurek November 23, 2022 09:24
@mpg mpg removed the bug label Nov 23, 2022
AndrzejKurek
AndrzejKurek approved these changes Nov 23, 2022
View reviewed changes
Copy link
Contributor

@AndrzejKurek AndrzejKurek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing all the comments!

@mpg mpg added approved Design and code approved - may be waiting for CI or backports needs-ci Needs to pass CI tests and removed needs-review Every commit must be reviewed by at least two team members, needs-ci Needs to pass CI tests labels Nov 23, 2022
@mpg mpg merged commit ef25a99 into Mbed-TLS:development Nov 23, 2022
@AndrzejKurek AndrzejKurek mentioned this pull request Nov 28, 2022
Merged
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Sep 20, 2023
Open
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Oct 30, 2024
Open
@valeriosetti valeriosetti deleted the issue5847 branch December 6, 2024 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndrzejKurek AndrzejKurek AndrzejKurek approved these changes

@mpg mpg mpg approved these changes

Assignees

@valeriosetti valeriosetti

Labels
approved Design and code approved - may be waiting for CI or backports size-m Estimated task size: medium (~1w)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

EC-JPAKE 2: use in TLS (1.2)
5 participants
@valeriosetti @AndrzejKurek @mpg @gilles-peskine-arm @superna9999