Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Complete implementation of MbedTLS as backend #528

Open
wants to merge 29 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
0058a94
copy-updated-mbedtls_files
huitema May 16, 2024
059249a
Small cmake fixes
huitema May 17, 2024
ed0f872
Another errant ref to ed25519
huitema May 17, 2024
e53f880
Fix more compile warnings
huitema May 17, 2024
d32c1ad
More compile warnings
huitema May 17, 2024
9733496
More typos fixed.
huitema May 17, 2024
27c6b0a
Merge branch 'master' into complete-mbedtls-backend
huitema May 18, 2024
b08896e
Do not set the output length to excessive value
huitema May 18, 2024
03befd1
Fix typo
huitema May 18, 2024
5c3943c
Add verification of signature.
huitema May 19, 2024
0bbab1c
Fixing test compile issues.
huitema May 19, 2024
73d4925
remove spurious include ref.
huitema May 19, 2024
e0ed5f9
Fix code porting issues.
huitema May 19, 2024
4a4940e
Not be so verbose.
huitema May 19, 2024
460c487
Fix reference totrust CA
huitema May 19, 2024
1f38b04
Add intermediate checks for sign-verify
huitema May 19, 2024
387a354
Disable rsa-p
huitema May 19, 2024
f3bb5e5
Also disabling unused code.
huitema May 19, 2024
0a5a506
Update mbedtls sign to latest tested.
huitema May 20, 2024
44741e9
Simplify flow of tests
huitema May 20, 2024
117011f
Fix test on line 217
huitema May 20, 2024
7d3f7ad
Use server name in verify cert
huitema May 20, 2024
428e6d8
Debugging the end to end test.
huitema May 20, 2024
0408666
Fix typo
huitema May 20, 2024
cbd630c
Add debugging traces
huitema May 20, 2024
675dced
Fix location of trusted CA
huitema May 20, 2024
95ab894
Don't use problematic API
huitema May 21, 2024
f37b7bc
Add include, simplify test
huitema May 21, 2024
bad0e50
Remove unused variable.
huitema May 21, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmake/FindMbedTLS.cmake
Original file line number Diff line number Diff line change
@@ -43,6 +43,6 @@ FIND_PACKAGE_HANDLE_STANDARD_ARGS(MbedTLS REQUIRED_VARS
MBEDTLS_X509
MBEDTLS_INCLUDE_DIRS)
IF (MbedTLS_FOUND)
SET(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDTLS_CRYPTO} ${MBEDTLS_X509})
SET(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDTLS_X509} ${MBEDTLS_CRYPTO} )
MARK_AS_ADVANCED(MBEDTLS_LIBRARIES MBEDTLS_INCLUDE_DIRS)
ENDIF ()
12 changes: 12 additions & 0 deletions include/picotls/mbedtls.h
Original file line number Diff line number Diff line change
@@ -60,9 +60,21 @@ extern ptls_key_exchange_algorithm_t *ptls_mbedtls_key_exchanges[];

void ptls_mbedtls_random_bytes(void *buf, size_t len);

int ptls_mbedtls_load_file(char const* file_name, unsigned char** buf, size_t* n);

int ptls_mbedtls_load_private_key(ptls_context_t *ctx, char const *pem_fname);
void ptls_mbedtls_dispose_sign_certificate(ptls_sign_certificate_t *_self);

int ptls_mbedtls_sign_certificate(ptls_sign_certificate_t* _self, ptls_t* tls, ptls_async_job_t** async,
uint16_t* selected_algorithm, ptls_buffer_t* outbuf, ptls_iovec_t input,
const uint16_t* algorithms, size_t num_algorithms);

int picoquic_mbedtls_get_certs_from_file(char const* pem_fname, ptls_iovec_t** vec, size_t* count);
int ptls_mbedtls_init_verify_certificate(ptls_context_t* ptls_ctx, char const* pem_fname);
void ptls_mbedtls_dispose_verify_certificate(ptls_context_t* ptls_ctx);



#ifdef __cplusplus
}
#endif
13 changes: 10 additions & 3 deletions lib/mbedtls.c
Original file line number Diff line number Diff line change
@@ -305,20 +305,27 @@ static void aead_encrypt_v(struct st_ptls_aead_context_t *_ctx, void *output, pt
struct ptls_mbedtls_aead_context_t *ctx = (struct ptls_mbedtls_aead_context_t *)_ctx;
psa_aead_operation_t op = psa_aead_operation_init();
uint8_t *dst = output, iv[PTLS_MAX_IV_SIZE], tag[PSA_AEAD_TAG_MAX_SIZE];
size_t outlen, taglen;
size_t outlen, taglen, inlen = 0, outlen_max;

/* Compute the complete input length, so we can call */
for (size_t i = 0; i < incnt; i++) {
inlen += input[i].len;
}
outlen_max = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(inlen);
/* setup op */
CALL_WITH_CHECK(psa_aead_encrypt_setup, &op, ctx->key, ctx->alg);
ptls_aead__build_iv(ctx->super.algo, iv, ctx->static_iv, seq);
CALL_WITH_CHECK(psa_aead_set_nonce, &op, iv, ctx->super.algo->iv_size);
CALL_WITH_CHECK(psa_aead_set_lengths, &op, aadlen, inlen);
CALL_WITH_CHECK(psa_aead_update_ad, &op, aad, aadlen);

/* encrypt */
for (size_t i = 0; i < incnt; i++) {
CALL_WITH_CHECK(psa_aead_update, &op, input[i].base, input[i].len, dst, SIZE_MAX, &outlen);
CALL_WITH_CHECK(psa_aead_update, &op, input[i].base, input[i].len, dst, outlen_max, &outlen);
dst += outlen;
outlen_max -= outlen;
}
CALL_WITH_CHECK(psa_aead_finish, &op, dst, SIZE_MAX, &outlen, tag, sizeof(tag), &taglen);
CALL_WITH_CHECK(psa_aead_finish, &op, dst, outlen_max, &outlen, tag, sizeof(tag), &taglen);
dst += outlen;
memcpy(dst, tag, taglen);

Loading
Loading