Commit graph

9957 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 020d9ba4ed Introduce abstraction mbedtls_pk_handle_t
This is the first in a series of commit aimed at removing the pk_info
structures when we're building with MBEDTLS_PK_SINGLE_TYPE enabled.

Introducing this abstraction allows us to later make it a two-valued type
(valid, invalid) instead, which is much lighter.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 08620cbb62 Implement static dispatch with SINGLE_PK_TYPE
For optional functions, we introduce an extra macro to tell if the function is
omitted. As the C preprocessor doesn't directly support comparing strings,
testing if the _FUNC macro is defined to NULL isn't obvious. One could
probably play tricks to avoid the need for _OMIT macros, but the small amount
of (entirely local) duplication here is probably a lesser evil than extra
preprocessor complexity.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 8cd288932b Clean up merged pk_wrap in pk.c
- remove redundant includes
- add "title" comment on each section
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 4ed179f693 Merge pk_wrap into pk.c
We want public functions to resolve to the internal wrappers at compile-time.
For this we need the wrappers to be visible from where the public functions
are defined. A simple declaration is not enough if we want the compiler to be
able to inline the wrapper and eliminate function overhead.

This commit just copies verbatim the contents of pk_wrap.c into pk.c. The next
commit will clean up the result (redundant includes etc.).
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 342cecf1f7 Introduce macro-based access to info members
For now, this is only used in order to defined the uecc instance of pk_info,
but in subsequent commits this can be used to implement static dispatch.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 1c1cc0d373 Add config.h option MBEDTLS_PK_SINGLE_HASH
No effect for now, just declaring it here, implemented in subsequent commits.

The option requires MBEDTLS_USE_TINYCRYPT and is incompatible with
MBEDTLS_PK_RSA_ALT_SUPPORT and MBEDTLS_RSA_C.

Currently users (including the X.509 and SSL libraries) assume that if both PK
and RSA are enabled, then RSA is available through PK. If we allowed RSA to be
enabled together with PK_SINGLE_TYPE, we'd break that assumption. Going
through the code to find all place that rely on that assumption and fix them
would be cumbersome, and people who want PK_SINGLE_TYPE are unlikely to care
about RSA anyway, so let's just make them incompatible.

This is also consistent with what's done in the MD module: MD_SINGLE_HASH
requires that exactly one hash be enabled.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 26b807dae8 Fix bug in pkwrite with TinyCrypt but no RSA
This is pre-existing, fixing is required to make a newly added test pass.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard f4afbf926e Fix missing include in some pkey programs
The programs assume that including "pk.h" brings up "bignum.h". When
MBEDTLS_USE_TINYCRYPT is enabled and MBEDTLS_RSA_C is disabled, that
assumption no longer holds. Fix that by explicitly including bignum.h from the
programs that need it.

This is a bug pre-existing to this PR, fixed here to enable the inclusion of a
test with a config that happens to reveal it.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 097628f871 Fix undeclared dependency on RSA_ALT in tests 2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 57d96cddf5 Move NULL check inside accessor function
This achieves two related goals:

1. Those members are now only accessed via the accessor function (except in
code paths that we don't care about: those guarded by
MBEDTLS_PK_RSA_ALT_SUPPORT or MBEDTLS_ECP_RESTARTABLE)
2. When we turn on compile-time dispatch, we don't obviously don't want to
keep a runtime NULL check.

For debug this requires changing the signature or the accessor function to
return int; this is done without changing the signature of the accessed
function.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 2d9466f1db Minor preparatory changes in mbedtls_pk_check_pair()
1. Mark an RSA-alt-specific code path as such.
2. Move NULL check for wrapper function closer to the use of that function.

Those are in preparation of the next commit.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard c10f092a87 Add accessor functions for members of pk_info
This is the first commit in a series aiming at implementing optional
compile-time dispatch when a single PK type is hardcoded. At the end of this
series, the functions introduced here will directly resolve to the correct
function at compile-time when this (to be created) option is enabled.
2019-09-19 10:45:14 +02:00
Simon Butcher e8144aa8ea Merge remote-tracking branch 'origin/pr/657' into baremetal 2019-09-10 14:59:14 +01:00
Simon Butcher 88b535a47e Merge remote-tracking branch 'origin/pr/654' into baremetal 2019-09-10 14:54:28 +01:00
Simon Butcher 303d399f42 Merge remote-tracking branch 'origin/pr/609' into baremetal 2019-09-10 14:50:04 +01:00
Simon Butcher 9bdd13b2e7 Merge remote-tracking branch 'origin/pr/621' into baremetal 2019-09-10 14:49:35 +01:00
Simon Butcher e901566f55 Merge remote-tracking branch 'origin/pr/658' into baremetal 2019-09-10 12:55:03 +01:00
Arto Kinnunen 3d7439e90f Review corrections 6
-Explicitly discard unnecessary return values of
 mbedtls_platform_put_uintXX_be by adding void casting.
2019-09-10 11:30:40 +03:00
Arto Kinnunen 84eeb4fd96 Review corrections 5
-Remove unintentional type chaneg (size_t to uint32_t)
 -Follow mbedtls coding style in trace message
2019-09-10 10:32:30 +03:00
Simon Butcher 389b16d9f9 Minor changes to tinycrypt README
Qualification of title and addition of copyright statement in tinycrypt
README
2019-09-09 18:40:17 +01:00
Simon Butcher 05ab73224a Typos in the tinycrypt README 2019-09-09 17:40:20 +01:00
Simon Butcher 92c3d1f4f4 Addition of copyright statements to tinycrypt files
Each of the tinycrypt files have had some very minor changes, so need a
copyright statement.
2019-09-09 17:37:08 +01:00
Simon Butcher 4f58d696e2 Add LICENSE and README for tinycrypt
This commit adds a LICENSE file and README file to tinycrypt, to help auditing
of the source code for licenses and also to indicate the origin of the work.
2019-09-09 17:36:58 +01:00
Simon Butcher cffedb548f Add SPDX lines to each imported TinyCrypt file
Out of the 6 tinycrypt files included in Mbed TLS, this commit adds SPDX lines
to each for the BSD 3 Clause licence.
2019-09-09 17:34:51 +01:00
Arto Kinnunen 9b3b19407a Review corrections 4
- Try to follow english grammar in function documentation
- Fix too long line
- Remove additional brackets
- Follow mbedtls coding style in for-statement
2019-09-09 17:21:18 +03:00
Arto Kinnunen a3fa06e62a Review corrections 3
-Remove additional trace cause by rebase
-Update remaining 16/24/32-bit values to use functions, this uses
 additional 36 bytes.
2019-09-09 17:21:18 +03:00
Arto Kinnunen 4f4849a379 Review corrections 2
-Fix MSVC compiler warnings about size_t to uint32_t conversions by
 updating GET/PUT functions signature to use size_t.
-Add type casts to functions calling GET/PUT conversions
-Remove additional space after return statement
2019-09-09 17:21:18 +03:00
Arto Kinnunen 6e3f09b431 Review corrections
-Fix compiler warnings by typecast
 -Add missing brackets to few places
 -Remove additional line change
2019-09-09 17:21:18 +03:00
Arto Kinnunen ee9bfca823 Update signature of BE conversion functions 2019-09-09 17:21:18 +03:00
Arto Kinnunen 0b62ce8ed4 Use function for 16/24/32-bit BE conversion
Use functions for 16/24/32-bit big endian conversion to save ROM.
2019-09-09 17:21:18 +03:00
Simon Butcher 7fce190774 Merge remote-tracking branch 'origin/pr/635' into HEAD 2019-09-09 14:20:03 +01:00
Simon Butcher b8ec79f8a0 Merge remote-tracking branch 'origin/pr/645' into HEAD 2019-09-09 13:59:54 +01:00
Hanno Becker 392a8d0e64 x509.c: Minor readability improvement 2019-09-09 09:55:31 +01:00
Hanno Becker 14b0a68083 x509_crt.c: Indicate guarding condition in #else branch 2019-09-09 09:55:31 +01:00
Hanno Becker cd239f8839 X.509: Don't remove verify callback by default 2019-09-09 09:55:31 +01:00
Hanno Becker cd839c9aa7 Fix Doxygen warnings regarding removed verify cb+ctx parameters 2019-09-09 09:55:31 +01:00
Hanno Becker 03d7746927 ECC restart: Use optional verification mode in bad signature test
This way, the verification failure string will still be printed
even if verification callbacks are disabled, allowing to increase
test coverage.
2019-09-09 09:55:31 +01:00
Hanno Becker 8d6d320603 Re-implement verify chain if vrfy cbs are disabled
This commit re-implements the previously introduced internal
verification chain API in the case where verification callbacks
are disabled. In this situation, it is not necessary to maintain
the list of individual certificates and flags comprising the
verification chain - instead, it suffices to just keep track
of the length and the total (=merged) flags.
2019-09-09 09:55:31 +01:00
Hanno Becker adc282a5e8 Add zero-cost abstraction layer for CRT verification chain
When verifying an X.509 certificate, the current verification logic
maintains an instance of the internal mbedtls_x509_crt_verify_chain
structure representing the state of the verification process. This
instance references the list of certificates that comprise the chain
built so far together with their verification flags. This information
must be stored during verification because it's being passed to the
verification callback at the end of verification - if the user has
specified those.

If the user hasn't specified a verification callback, it is not
necessary to maintain the list of CRTs, and it is also not necessary
to maintain verification flags for each CRT individually, as they're
merged at the end of the verification process.

To allow a readable simplification of the code in case no verification
callbacks are used, this commit introduces a zero-cost abstraction layer
for the functionality that's required from the verification chain structure:
- init/reset
- add a new CRT to the chain
- get pointer to current CRT flags
- add flags to EE certificate
- get current chain length
- trigger callbacks and get final (merged) flags
This gives flexibility for re-implementing the verification chain
structure, e.g. in the case where no verification callbacks are
provided, and there's hence no need to store CRTs and flags
individually. This will be done in a later commit.
2019-09-09 09:55:31 +01:00
Hanno Becker 9ec3fe0d43 Introduce configuration option to remove CRT verification callbacks 2019-09-09 09:55:31 +01:00
Hanno Becker 56d1b2389c Fixup: Don't assume that alt SHA256 impln's have trivial init/free 2019-09-09 09:45:57 +01:00
Hanno Becker 18c8936a73 Fixup: Correct Doxygen file name primitive in md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker f6cc3cd2a5 Fixup: Typo in check_config.h entry for single hash encoding 2019-09-09 09:45:57 +01:00
Hanno Becker f207562cdc Fixup: Typo in all.sh component description for single-MD hardcoding 2019-09-09 09:45:57 +01:00
Hanno Becker 55fdae04f7 Fixup: Improve comment on helper macros in md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker 3252c4d913 Fixup MD: Avoid always-false pointer comparison
When MBEDTLS_MD_SINGLE_HASH is set, both the underlying digest context
and the HMAC data are embedded into the mbedtls_md_context; otherwise,
they're dynamically allocated and referenced from mbedtls_md_context.

When the HMAC data is embedded in mbedtls_md_context, it's unnecessary
to check whether mbedtls_md_context::hmac_ctx is NULL, because that's
never the case in defined behaviour, but the check has kept for
uniformity so far. However, contrary to the expectation that compilers
would silently remove this check as always false, ARMC6 complains about
it, breaking some tests in all.sh.

This commit fixes this by guarding checks for

   mbedtls_md_context::hmac_ctx == NULL

by !MBEDTLS_MD_SINGLE_HASH.
2019-09-09 09:45:57 +01:00
Hanno Becker 94f48e0052 MD: Use no-op for context SHA-256 init() and free()
When MBEDTLS_MD_SINGLE_HASH is set, the underlying digest's
context is embedded into mbedtls_md_context_t, which is
zeroized before the underlying digest's init() function
is called. For those digests where initialization is
zeroization, the init() call can therefore be omitted.

Similarly, when free()-ing an mbedtls_md_context_t, the
entire context is zeroized in the end, hence if the
underlying digest's free() function is zeroization,
it can be omitted.
2019-09-09 09:45:57 +01:00
Hanno Becker 64b0623cbb MD: Implement config dep'n inlining of mbedtls_md_setup() 2019-09-09 09:45:57 +01:00
Hanno Becker 52e36bc1a1 MD: Embed digest context structure into MD wrapper context 2019-09-09 09:45:57 +01:00
Hanno Becker 4a99765f94 MD: Introduce macro for initialization function 2019-09-09 09:45:57 +01:00