Commit graph

7998 commits

Author SHA1 Message Date
Janos Follath 3fbdadad7b SSL: Make use of the new ECDH interface
The SSL module accesses ECDH context members directly. This can't work
with the new context, where we can't make any assumption about the
implementation of the context.

This commit makes use of the new functions to avoid accessing ECDH
members directly. The only members that are still accessed directly are
the group ID and the point format and they are independent from the
implementation.
2018-12-06 12:22:46 +00:00
Janos Follath 948f4bedcc Debug: Add functions for ECDH contexts
The SSL module accesses ECDH context members directly to print debug
information. This can't work with the new context, where we can't make
assumptions about the implementation of the context. This commit adds
new debug functions to complete the encapsulation of the ECDH context
and work around the problem.
2018-12-06 12:22:46 +00:00
Janos Follath 5a3e1bfda0 ECDH: Make the implementation use the new context
The functionality from public API functions are moved to
`xxx_internal()` functions. The public API functions are modified to do
basic parameter validation and dispatch the call to the right
implementation.

There is no intended change in behaviour when
`MBEDTLS_ECDH_LEGACY_CONTEXT` is enabled.
2018-12-06 12:22:18 +00:00
Janos Follath 52735ef2fe ECDH: Prevent direct access in non-legacy mode
Some sample programs access structure fields directly. Making these work is
desirable in the long term, but these are not essential for the core
functionality in non-legacy mode.
2018-11-30 14:21:35 +00:00
Janos Follath c9c32f3f63 ECDH: Add flexible context and legacy flag
We want to support alternative software implementations and we extend
the ECDH context to enable this. The actual functional change that makes
use of the new context is out of scope for this commit.

Changing the context breaks the API and therefore it has to be
excluded from the default configuration by a compile time flag.
We add the compile time flag to the module header instead of
`config.h`, because this is not a standalone feature, it only
enables adding new implementations in the future.

The new context features a union of the individual implementations
and a selector that chooses the implementation in use. An alternative
is to use an opaque context and function pointers, like for example the
PK module does it, but it is more dangerous, error prone and tedious to
implement.

We leave the group ID and the point format at the top level of the
structure, because they are very simple and adding an abstraction
layer around them away does not come with any obvious benefit.

Other alternatives considered:

- Using the module level replacement mechanism in the ECP module. This
would have made the use of the replacement feature more difficult and
the benefit limited.
- Replacing our Montgomery implementations with a new one directly. This
would have prevented using Montgomery curves across implementations.
(For example use implementation A for Curve448 and implementation B for
Curve22519.) Also it would have been inflexible and limited to
Montgomery curves.
- Encoding the implementation selector and the alternative context in
`mbedtls_ecp_point` somehow and rewriting `mbedtls_ecp_mul()` to
dispatch between implementations. This would have been a dangerous and
ugly hack, and very likely to break legacy applications.
- Same as above just with hardcoding the selector and using a compile
time option to make the selection. Rejected for the same reasons as
above.
- Using the PK module to provide to provide an entry point for
alternative implementations. Like most of the above options this
wouldn't have come with a new compile time option, but conceptually
would have been very out of place and would have meant much more work to
complete the abstraction around the context.

In retrospect:

- We could have used the group ID as the selector, but this would have
made the code less flexible and only marginally simpler. On the other
hand it would have allowed to get rid of the compile time option if a
tight integration of the alternative is possible. (It does not seem
possible at this point.)
- We could have used the same approach we do in this commit to the
`mbedtls_ecp_point` structure. Completing the abstraction around this
structure would have been a much bigger and much riskier code change
with increase in memory footprint, potential decrease in performance
and no immediate benefit.
2018-11-30 14:21:35 +00:00
Janos Follath fc03e8dfa9 ECDH: Adapt tests for mbedtls_ecdh_setup()
The recently added `mbedtls_ecdh_setup()` function is not used in the
tests yet. This commit adapts the tests to the new workflow.

Having done that, the old lifecycle is not tested anymore, so we add a
new test to ensure backward compatibility.
2018-11-30 14:09:57 +00:00
Janos Follath f61e486179 ECDH: Add mbedtls_ecdh_setup()
In the future we want to support alternative ECDH implementations. We
can't make assumptions about the structure of the context they might
use, and therefore shouldn't access the members of
`mbedtls_ecdh_context`.

Currently the lifecycle of the context can't be done without direct
manipulation. This commit adds `mbedtls_ecdh_setup()` to complete
covering the context lifecycle with functions.
2018-11-30 14:09:57 +00:00
Janos Follath 89ac8c9266 ECP: Add mbedtls_ecp_tls_read_group_id()
`mbedtls_ecp_tls_read_group()` both parses the group ID and loads the
group into the structure provided. We want to support alternative
implementations of ECDH in the future and for that we need to parse the
group ID without populating an `mbedtls_ecp_group` structure (because
alternative implementations might not use that).

This commit moves the part that parses the group ID to a new function.
There is no need to test the new function directly, because the tests
for `mbedtls_ecp_tls_read_group()` are already implicitly testing it.

There is no intended change in behaviour in this commit.
2018-11-30 14:09:57 +00:00
Simon Butcher 556d7d9e3b
Merge pull request #532 from sbutcher-arm/version-2.14.0
Bump Mbed TLS Version to 2.14.0
2018-11-19 18:45:45 +00:00
Simon Butcher c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Simon Butcher b35e59d36d Refine the language in the ChangeLog
Fix the language and descriptions in the ChangeLog following review of the
Release Notes for the next release.
2018-11-19 15:49:26 +00:00
Simon Butcher 681edee803 Fix language and formatting in ChangeLog
Changed the formatting and language in the ChangeLog to the house-style.
2018-11-15 13:01:23 +00:00
Simon Butcher 06d80cf172 Fix merge of Changelog 128bit CTR_DRBG entry
The entry describing support for 128-bit keys in CTR_DRBG was merged into the
wrong version.
2018-11-12 14:30:19 +00:00
Simon Butcher de13963d66 Merge remote-tracking branch 'restricted/pr/520' into development-restricted-proposed 2018-11-12 14:30:16 +00:00
Simon Butcher cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Simon Butcher 2ab14bb2ca Clarified new platform errors in the ChangeLog
Clarified new platform errors and error code deprecations in the ChangeLog.
2018-11-09 20:09:33 +00:00
Simon Butcher e51d4b336b Merge remote-tracking branch 'public/pr/2054' into development-proposed 2018-11-09 19:57:53 +00:00
Ron Eldor 6aa9fb4916 Add ChangeLog entry
Add the ChangeLog entry describing the change.
2018-11-09 15:01:09 +00:00
Ron Eldor 9924bdc792 Deprecate hardware acceleration errors
Deprecate the module-specific XXX_HW_ACCEL_FAILED and
XXX_FEATURE_UNAVAILABLE errors, as alternative implementations should now
return `MBEDTLS_ERR_PLATFORM_HW_FAILED` and
`MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED`.
2018-11-09 15:01:07 +00:00
Ron Eldor bcca58c6cd Add common feature unavailable error
Add a common error for the feature unavailable, in the
platform module.
2018-11-09 13:57:37 +00:00
Simon Butcher d83448b736 Merge remote-tracking branch 'public/pr/2052' into development-restricted-proposed 2018-11-07 12:59:14 +00:00
Simon Butcher 53b45ec881 Merge remote-tracking branch 'public/pr/2079' into development-restricted-proposed 2018-11-07 12:58:44 +00:00
Simon Butcher bbc31b4827 Merge remote-tracking branch 'public/pr/2085' into development-restricted-proposed 2018-11-07 12:57:38 +00:00
Simon Butcher 93a9b497e0 Merge remote-tracking branch 'public/pr/2077' into development-restricted-proposed 2018-11-07 12:57:24 +00:00
Simon Butcher 361ce6c302 Merge remote-tracking branch 'public/pr/2127' into development-restricted-proposed 2018-11-07 12:57:01 +00:00
Simon Butcher c81813153c Merge remote-tracking branch 'public/pr/2140' into development-restricted-proposed 2018-11-07 12:56:05 +00:00
Simon Butcher 241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher 42ab4ae033 Merge remote-tracking branch 'public/pr/2167' into development-restricted-proposed 2018-11-07 12:54:45 +00:00
Simon Butcher 51b6abbbf2 Merge remote-tracking branch 'public/pr/2165' into development-proposed 2018-11-06 22:55:14 +00:00
Hanno Becker f143a78011 Adapt ChangeLog 2018-11-06 17:59:28 +00:00
Ron Eldor 7213744b07 Fix typo in comment
Change from from lower case to upper case in XXX_ALT
comment in `MBEDTLS_ECP_RESTARTABLE` description.
2018-11-05 22:31:32 +02:00
Ron Eldor 2981d8f161 Change to positive flow for all cases
Use the `rs_ctx` only when `MBEDTLS_ECP_RESTARTABLE` is defined.
2018-11-05 18:08:46 +02:00
Ron Eldor 93ace0199b Revert positive flow check
Revert changes for checking whether `MBEDTLS_ECP_RESTARTABLE`
is defined, since it broke the CI. The context is used whether the
restartable feature is defined or not.
2018-11-05 17:50:07 +02:00
Ron Eldor b430d9f262 Change to positive checks
1. Checge to check for `MBEDTLS_ECP_RESTARTABLE` for all definitions
of `rs_ctx`.
2. Remove checks for `_ALT` when using `rs_ctx` as they cannot coexist
with the Restartable configuration.
2018-11-05 17:18:29 +02:00
Ron Eldor 19779c4739 Some style and documentation fixes
1. Change description of of hte `MBEDTLS_ECP_RESTARTABLE`
in the configuration file.
2. Change check for compilation of `rs_ctx` to positive flow.
2018-11-05 16:58:13 +02:00
Ron Eldor 5ed8c1eded Avoid using restartable and alternative ECP imp.
1. Add a check that MBEDTLS_ECP_RESTARTABLE is not defined
   along any EC* alternative implementation.
2. Add a closing comment foran `#endif`.
2018-11-05 14:04:26 +02:00
Hanno Becker d3445da3ef Adapt ChangeLog 2018-11-05 11:54:06 +00:00
Hanno Becker b75ffb5061 Don't perform binary comparison of CRL issuer and CA subject
Previously, when checking whether a CRT was revoked through
one of the configured CRLs, the library would only consider
those CRLs whose `issuer` field binary-matches the `subject`
field of the CA that has issued the CRT in question. If those
fields were not binary equivalent, the corresponding CRL was
discarded.

This is not in line with RFC 5280, which demands that the
comparison should be format- and case-insensitive. For example:

- If the same string is once encoded as a `PrintableString` and
  another time as a `UTF8String`, they should compare equal.
- If two strings differ only in their choice of upper and lower case
  letters, they should compare equal.

This commit fixes this by using the dedicated x509_name_cmp()
function to compare the CRL issuer with the CA subject.

Fixes #1784.
2018-11-05 11:54:06 +00:00
Hanno Becker 1f8527f1cf Move static x509_name_cmp() in library/x509_crt.c
A subsequent change will need this function earlier
within the file.
2018-11-05 11:54:06 +00:00
Hanno Becker a8b13d79bf Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.

The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
  tests/data_files/Makefile which allows easy
  change of the subject DN.
- changes the default string format from `PrintableString`
  to `UTF8String`.

Specifically:
- `test-ca_utf8.crt` was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641, after modifying the subject DN line in the build
   instruction for `test-ca.crt` in `tests/data_files/Makefile`.
-  `test-ca_printable.crt` is a copy of `test-ca.crt`
   because at the time of this commit, `PrintableString` is
   still the default string format.
2018-11-05 11:47:49 +00:00
Simon Butcher 06f88e9c42 Merge remote-tracking branch 'public/pr/2007' into development-proposed 2018-11-04 19:12:57 +00:00
Simon Butcher 76646a4bac Merge remote-tracking branch 'public/pr/1777' into development-proposed 2018-11-04 18:51:36 +00:00
Simon Butcher 2705beaeef Merge remote-tracking branch 'public/pr/2095' into development-proposed 2018-11-04 18:48:04 +00:00
Hanno Becker 710f203541 Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
Hanno Becker 5517755353 Improve wording and formatting of ASN.1 write module documentation 2018-11-02 10:52:38 +00:00
Hanno Becker cec1c2685f Break overly long line in library/x509_create.c 2018-11-02 10:52:38 +00:00
Hanno Becker ee334a3a5c Remove Doxygen tags from documentation of private structure 2018-11-02 10:52:38 +00:00
Hanno Becker beffcd8d4a Update hardcoded certificates in library/certs.c
library/certs.c provides some hardcoded certificates that
are used e.g. by the test applications ssl_server2, ssl_client2
in case no certificates are provided on the command line.

The certificates used are from the tests/data_files folder
and have been updated in the latest commits. This commit
updates their copies in certs.c. It also adds comments
indicating the files from which the data is taken, in
order to ease update in the future.
2018-11-02 10:52:38 +00:00
Hanno Becker 6e1adee42b Regenerate test files
Previous commits have added or modified build instructions for
server1*, server2*, server5*, test-ca*, cli-rsa* in the Makefile
tests/data_files/Makefile, or the apps they invoke have been changed.

This commit regenerates those files to make sure they are in match with
the build instructions.
2018-11-02 10:52:38 +00:00
Hanno Becker 381c77c0c4 Change serial in test-ca.crt from 0 to 3 to circumvent ASN.1 bug
As of 2.13.1, mbedtls_asn1_write_mpi() doesn't write 0 correctly. #2166.
2018-11-02 10:52:35 +00:00