tests: pqc-hybrid-kx: use key and certificate in distribution
The Ed25519 key and certificate in doc/credentials/x509/ are currently
not included in the distribution. Use the ECDSA ones in the test to
make the test work.
This adds a call to gnutls_hash_output with DIGEST argument as NULL to
exercise the context reset behavior added in commit eced4c0c2b3d3ee6a35dab99616a25910b623f79.
Daiki Ueno [Sat, 1 Jun 2024 22:19:14 +0000 (07:19 +0900)]
key_share: support X25519Kyber768Draft00
This implements X25519Kyber768Draft00 hybrid post-quantum key exchange
in TLS 1.3, based on the draft:
https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/
Daiki Ueno [Fri, 31 May 2024 00:18:27 +0000 (09:18 +0900)]
build: plumb liboqs as an optional dependency
This exposes OQS functions necessary to implement Kyber768 through
dlopen with stub implementation for lower-level cryptographic
primitives, such as SHA3 and DRBG.
Daiki Ueno [Sat, 29 Jun 2024 04:36:58 +0000 (13:36 +0900)]
build: switch to using dlwrap for loading compression libraries
This switches the logic to load compression libraries from the
hand-written code to the automatically generated code by the dlwrap
tool[1], which enables to select whether to use dlopen or link to the
library at build time.
Daiki Ueno [Sat, 29 Jun 2024 04:34:36 +0000 (13:34 +0900)]
build: detect SONAME for compression libraries at configure
Instead of hard-coding the SONAMEs for zlib, libzstd, libbrotlienc,
and libbrotlidec, this checks the actual SONAMEs at configure time, so
the first argument of dlopen is more acurate when a SONAME is bumped.
Daiki Ueno [Sat, 29 Jun 2024 00:52:55 +0000 (09:52 +0900)]
m4: factor out soname check into a separate macro
This moves the SONAME detection from configure.ac to m4/hooks.m4 as
the LIBGNUTLS_CHECK_SONAME macro. The new macro doesn't implicitly
set *_LIBRARY_SONAME to "none", so the callers need to adjust
themselves depending on whether the macro is defined.
Bill Roberts [Mon, 10 Jun 2024 17:16:53 +0000 (12:16 -0500)]
lib/accelerated: add CFLAGS to aarch64/elf
When building with certain cflags, like -mbranch-protection=standard,
the assembly generation needs to get the CFLAGS to enable assembler
level features. Without this, closing PAC/BTI feature support will not
be completed.
Example:
export CFLAGS='-mbranch-protection=standard'
export CPPFLAGS='-mbranch-protection=standard'
\# not needed, just for error reporting
export LDFLAGS='-Wl,-zforce-bti,--fatal-warnings'
./bootstrap
./configure --with-included-libtasn1 --with-included-unistring
make asm-sources
make -j4
readelf -n ./lib/.libs/libgnutls.so
Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
Properties: AArch64 feature: BTI, PAC
<snip>
readelf -n ./lib/.libs/libgnutlsxx.so
Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
Properties: AArch64 feature: BTI, PAC
<snip>
Related to: #1517
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
Since OpenSSL 3.2, CCM8 is only allowed in security level 0. This
tweaks test scripts to explicitly enable this level but only enable
TLS 1.3 to exclude any TLS 1.2 ciphersuites.
Bill Roberts [Fri, 2 Feb 2024 20:05:55 +0000 (14:05 -0600)]
lib/accellerated: update asm and enable PAC/BTI
Update the asm sources generated from devel/openssl which have the BTI
and PAC support. Add the -mbranch-protection=standard build flag to the
generated sources. On older machines that don't have support, the
options are in the NOP space and will be NOP'd, on architectures with
support the instructions are executed as expected.
Note that this updates the ELF GNU NOTES section to indicate that BTI
and PAC are enabled. For BTI this must be in all the ELF files loaded
and linked or the feature is disabled as all execution segments need it.
After updating the asm sources via make asm-sources, you can build and
get a PAC/BTI enabled binary and test via the testsuite to verify.
readelf -n ./lib/.libs/libgnutls.so
Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
Properties: AArch64 feature: BTI, PAC
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
Bill Roberts [Tue, 6 Feb 2024 14:11:33 +0000 (08:11 -0600)]
ci: ignore parse errors from gcovr
The documentation for gcovr suggests this as a work around to a bug in gcovr
that cause negative hit values, which is impossible, and is not accepted by
default and will cause the CI to fail:
- https://gcovr.com/en/stable/guide/gcov_parser.html
To correct this, add option:
-gcov-ignore-parse-errors=negative_hits.warn_once_per_file
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
Daiki Ueno [Sun, 2 Jun 2024 07:50:06 +0000 (16:50 +0900)]
nettle: add a way to reset hash context
This makes gnutls_hash_output just reset the hash context without
calling out Nettle's hash digest function if DIGEST argument is NULL.
That is particularly useful when used with SHAKE, as its _shake_output
function marks ctx->index in a special way indicating incremental
output is in progress.
Daiki Ueno [Wed, 15 May 2024 01:17:41 +0000 (10:17 +0900)]
nettle: utilize nettle_cbc_aes*_encrypt for performance
While CBC encryption is inherently slow for lack of parallelisim,
Nettle >= 3.8 provides specialized AES-CBC encryption functions to
improve performance by avoiding multiple calls to block cipher
initialization. This patch makes GnuTLS use those functions if
available.
Here are the results of benchmark:
* GNUTLS_CPUID_OVERRIDE=0x1, without nettle_cbc_aes*_encrypt:
This allows usage of PBMAC1 as the MAC to verify a PKCS#12 structure,
following draft-ietf-lamps-pkcs12-pbmac1[1]. While the MAC
verification is transparent, the generation requires a new API
gnutls_pkcs12_generate_mac3 to be used with the
GNUTLS_PKCS12_USE_PBMAC1 flag.
certtool has also been extended with the --pbmac1 option, which can be
used in combination with --to-p12.
Daiki Ueno [Tue, 14 May 2024 01:24:03 +0000 (10:24 +0900)]
_gnutls_x509_read_uint: accept values greater than 0x7FFFFFFF
_gnutls_x509_read_uint previously only accepted integer values encoded
in 4 bytes without checking if the first byte indicates a negative
integer in 2's complement format. This adds the check and also avoid
unnecessary memory allocation.
Daiki Ueno [Thu, 9 May 2024 14:29:30 +0000 (23:29 +0900)]
.gitlab-ci.yml: use correct tag for GitLab 1.70 deployment
The "shared", "linux", and "docker" tags we use to select shared CI
runners are consolidated into "saas-linux-small-amd64" in GitLab 1.70:
https://docs.gitlab.com/ee/update/deprecations.html#removal-of-tags-from-small-saas-runners-on-linux
Zoltan Fridrich [Tue, 26 Mar 2024 10:48:58 +0000 (11:48 +0100)]
Add option to disable RSAES-PKCS1-v1_5
A new option `allow-rsa-pkcs1-encrypt` has been added into the
system-wide library configuration which allows to enable/disable
the RSAES-PKCS1-v1_5. Currently, the RSAES-PKCS1-v1_5 is enabled
by default.
Since bfb326f6e ("nettle: plumb RSA-OAEP in the Nettle crypto backend"),
building gnutls statically fails due to a duplicate definition of
nettle_rsa_compute_root_tr (which comes from "rsa_compute_root_tr" being
replaced by a preprocessor macro).
This patch fixes this by renaming the GNUTLS version by redefining the
value of the rsa_compute_root_tr macro.
projects / thirdparty / gnutls.git / log
