Commit graph

8884 commits

Author SHA1 Message Date
Hanno Becker 3307b53413 Provide standalone version of ssl_encrypt_buf
The previous version of the record encryption function
`ssl_encrypt_buf` takes the entire SSL context as an argument,
while intuitively, it should only depend on the current security
parameters and the record buffer.

Analyzing the exact dependencies, it turned out that in addition
to the currently active `ssl_transform` instance and the record
information, the encryption function needs access to
- the negotiated protocol version, and
- the status of the encrypt-then-MAC extension.

This commit moves these two fields into `ssl_transform` and
changes the signature of `ssl_encrypt_buf` to only use an instance
of `ssl_transform` and an instance of the new `ssl_record` type.
The `ssl_context` instance is *solely* kept for the debugging macros
which need an SSL context instance.

The benefit of the change is twofold:
1) It avoids the need of the MPS to deal with instances of
   `ssl_context`. The MPS should only work with records and
   opaque security parameters, which is what the change in
   this commit makes progress towards.
2) It significantly eases testing of the encryption function:
   independent of any SSL context, the encryption function can
   be passed some record buffer to encrypt alongside some arbitrary
   choice of parameters, and e.g. be checked to not overflow the
   provided memory.
2019-04-29 10:58:15 +02:00
Hanno Becker 4a5eeaee2e Improve documentation of mbedtls_ssl_transform 2019-04-29 10:37:01 +02:00
Hanno Becker 9d2e4b4742 Add structure representing TLS records
This commit adds a structure `mbedtls_record` whose instances
represent (D)TLS records. This structure will be used in the
subsequent adaptions of the record encryption and decryption
routines `ssl_decrypt_buf` and `ssl_encrypt_buf`, which currently
take the entire SSL context as input, but should only use the
record to be acted on as well as the record transformation to use.
2019-04-29 10:36:44 +02:00
Hanno Becker b628a80b76 Fix definition of SSL_SOME_MODES_USE_MAC
The previous definition was lacking the case of the ARIA and DES ciphers.
2019-04-29 10:36:26 +02:00
Hanno Becker 5cc04d5ae7 Correct space needed for MAC in case of NULL cipher
The macro constant `MBEDTLS_SSL_MAC_ADD` defined in `ssl_internal.h`
defines an upper bound for the amount of space needed for the record
authentication tag. Its definition distinguishes between the
presence of an ARC4 or CBC ciphersuite suite, in which case the maximum
size of an enabled SHA digest is used; otherwise, `MBEDTLS_SSL_MAC_ADD`
is set to 16 to accomodate AEAD authentication tags.

This assignment has a flaw in the situation where confidentiality is
not needed and the NULL cipher is in use. In this case, the
authentication tag also uses a SHA digest, but the definition of
`MBEDTLS_SSL_MAC_ADD` doesn't guarantee enough space.

The present commit fixes this by distinguishing between the presence
of *some* ciphersuite using a MAC, including those using a NULL cipher.
For that, the previously internal macro `SSL_SOME_MODES_USE_MAC` from
`ssl_tls.c` is renamed and moved to the public macro
`MBEDTLS_SOME_MODES_USE_MAC` defined in `ssl_internal.h`.
2019-04-29 10:36:09 +02:00
Hanno Becker 8759e16242 Remove ciphersuite_info from ssl_transform
Prior to this commit, the security parameter struct `ssl_transform`
contained a `ciphersuite_info` field pointing to the information
structure for the negotiated ciphersuite. However, the only
information extracted from that structure that was used in the core
encryption and decryption functions `ssl_encrypt_buf`/`ssl_decrypt_buf`
was the authentication tag length in case of an AEAD cipher.

The present commit removes the `ciphersuite_info` field from the
`ssl_transform` structure and adds an explicit `taglen` field
for AEAD authentication tag length.

This is in accordance with the principle that the `ssl_transform`
structure should contain the raw parameters needed for the record
encryption and decryption functions to work, but not the higher-level
information that gave rise to them. For example, the `ssl_transform`
structure implicitly contains the encryption/decryption keys within
their cipher contexts, but it doesn't contain the SSL master or
premaster secrets. Likewise, it contains an explicit `maclen`, while
the status of the 'Truncated HMAC' extension -- which  determines the
value of `maclen` when the `ssl_transform` structure is created in
`ssl_derive_keys` -- is not contained in `ssl_transform`.

The `ciphersuite_info` pointer was used in other places outside
the encryption/decryption functions during the handshake, and for
these functions to work, this commit adds a `ciphersuite_info` pointer
field to the handshake-local `ssl_handshake_params` structure.
2019-04-29 10:36:01 +02:00
Hanno Becker e7f2df03a3 Remove key length field from ssl_transform
The `ssl_transform` security parameter structure contains opaque
cipher contexts for use by the record encryption/decryption functions
`ssl_decrypt_buf`/`ssl_encrypt_buf`, while the underlying key material
is configured once in `ssl_derive_keys` and is not explicitly dealt with
anymore afterwards. In particular, the key length is not needed
explicitly by the encryption/decryption functions but is nonetheless
stored in an explicit yet superfluous `keylen` field in `ssl_transform`.
This commit removes this field.
2019-04-29 09:32:08 +02:00
Jarno Lamsa 5b871285f5 MBEDTLS_USE_UECC and MBEDTLS_NO_64BIT_MULTIPLICATION conflicting 2019-04-29 10:29:06 +03:00
Jarno Lamsa 55427964b1 Guard tinycrypt files with MBEDTLS_USE_UECC 2019-04-29 10:25:23 +03:00
Jarno Lamsa 8557fc9220 Add whitelist for uECC files for check-names.sh
Whitelist currently includes the unmatching symbols from uECC files.
This is now specific for the baremetal branch.
2019-04-26 16:22:10 +03:00
Jarno Lamsa 95de220ade Ignore tinycrypt headers from doxygen input 2019-04-25 15:11:29 +03:00
Jarno Lamsa 02493afe6c Ignore tinycrypt files from check-files.py 2019-04-25 14:56:17 +03:00
Jarno Lamsa 6fe99be972 Fix check-generated-files after creating a flag 2019-04-25 13:54:32 +03:00
Jarno Lamsa 6f519a3b22 Fix typo in CMakeLists.txt 2019-04-25 13:51:54 +03:00
Jarno Lamsa 337dad98f6 Tinycrypt support for makefile builds 2019-04-25 11:00:41 +03:00
Jarno Lamsa 187fbb1334 Use mbedtls_platform_zeroize in uecc code
ecc_dh.c used memset and gcc-specific asm-commands, changed those
to use mbedtls_platform_zeroize to allow compilation with different
compilers.
2019-04-25 09:03:19 +03:00
Simon Butcher 2e7c7cd756 Merge remote-tracking branch 'public/mbedtls-2.16' into baremetal
* public/mbedtls-2.16: (40 commits)
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Fix typo in data_file generator code
  Give credit to OSS-Fuzz for #2404
  Remove ssl_cert_test sample app
  Fix the proxy seed in Travis runs
  Update library version to 2.16.1
  Fix errors in AEAD test function
  x509.c: Fix potential memory leak in X.509 self test
  Remove Circle CI script
  Fix ChangeLog entry ordering
  Fix typo
  Add non-regression test for buffer overflow
  Improve documentation of mbedtls_mpi_write_string()
  Adapt ChangeLog
  Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
  Change Perl to Python in test builds
  Fix default port number information
  Silence pylint
  ...
2019-04-24 14:51:33 +01:00
Jarno Lamsa 9454dfaed4 Add a new flag for the micro-ecc 2019-04-24 16:28:59 +03:00
Jarno Lamsa d50fd6b373 Remove unused headers from uecc sources 2019-04-24 16:19:50 +03:00
Jarno Lamsa 79e3b946db Add CMake support for uecc 2019-04-24 16:17:10 +03:00
Jarno Lamsa 18987a420b Add micro-ecc based ecc-files to mbedtls
The files are from https://github.com/intel/tinycrypt
Using commit 6e0eb53fc8403988f97345e94081b0453f47231d as a base.
2019-04-24 15:40:43 +03:00
Jaeden Amero b4128bd0c0 Merge remote-tracking branch 'origin/pr/2589' into mbedtls-2.16
* origin/pr/2589:
  Document the scripts behaviour further
  Add --internal option to list-identifiers.sh
2019-04-24 11:23:33 +01:00
Jaeden Amero 9cfc9ceaf9 Merge remote-tracking branch 'origin/pr/2542' into mbedtls-2.16
* origin/pr/2542:
  Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
2019-04-24 11:21:35 +01:00
Jaeden Amero f57a9349ad Merge remote-tracking branch 'origin/pr/2545' into mbedtls-2.16
* origin/pr/2545: (24 commits)
  Use check_output instead of Popen
  Start unused variable with underscore
  Correct documentation
  Check that the report directory is a directory
  Use namespaces instead of full classes
  Fix pylint issues
  Don't put abi dumps in subfolders
  Add verbose switch to silence all output except the final report
  Fetch the remote crypto branch, rather than cloning it
  Prefix internal functions with underscore
  Add RepoVersion class to make handling of many arguments easier
  Reduce indentation levels
  Improve documentation
  Use optional arguments for setting repositories
  Only build the library
  Add ability to compare submodules from different repositories
  Add handling for cases when not all .so files are present
  Extend functionality to allow setting crypto submodule version
  Simplify logic for checking if report folder can be removed
  Add option for a brief report of problems only
  ...
2019-04-24 11:19:38 +01:00
Jaeden Amero 4400cd1294 Merge remote-tracking branch 'origin/pr/2594' into mbedtls-2.16
* origin/pr/2594:
  Add more missing parentheses around macro parameters
  Add further missing brackets around macro parameters
  Adapt ChangeLog
  Improve macro hygiene
2019-04-24 11:18:25 +01:00
Hanno Becker 9306f1c65d Add more missing parentheses around macro parameters 2019-04-24 10:52:53 +02:00
Hanno Becker 3ac21aca9b Add further missing brackets around macro parameters 2019-04-24 10:52:45 +02:00
Hanno Becker ee60034a60 Adapt ChangeLog 2019-04-24 10:52:37 +02:00
Hanno Becker d6028a1894 Improve macro hygiene
This commit improves hygiene and formatting of macro definitions
throughout the library. Specifically:
- It adds brackets around parameters to avoid unintended
  interpretation of arguments, e.g. due to operator precedence.
- It adds uses of the `do { ... } while( 0 )` idiom for macros that
  can be used as commands.
2019-04-24 10:51:54 +02:00
Hanno Becker ba8cd67467 Guard CID implementations by MBEDTLS_SSL_CID 2019-04-23 12:31:42 +01:00
Hanno Becker b60c85c67c Indicate ssl-opt.sh CID tests only test the stub CID code 2019-04-23 12:02:34 +01:00
Hanno Becker 8d0893d0b0 Add warnings about status of implementation of CID API 2019-04-23 12:01:20 +01:00
Hanno Becker 963cb35a24 Fix use of requires_config_enabled in ssl-opt.sh
requires_config_enabled doesn't support multiple config options.
Tests having multiple configuration dependencies must be prefixed
with multiple invocations of requires_config_enabled instead.
2019-04-23 11:52:44 +01:00
Hanno Becker 4f98b6ad17 Fix typo in CID test in ssl-opt.sh 2019-04-23 11:52:14 +01:00
Hanno Becker 6dde3dd8ec Print peer CID from ssl_client2 2019-04-23 11:51:47 +01:00
Hanno Becker 8be8a95dea Print peer CID from ssl_server2 2019-04-23 11:51:40 +01:00
Hanno Becker 14751aa966 Improve wording of CID debug msg in ssl_server2 example application 2019-04-23 11:39:53 +01:00
Hanno Becker b9b7e29536 Clarify that mbedtls_ssl_set_cid() applies to all subsequent HSs 2019-04-23 11:38:47 +01:00
Hanno Becker d928c06d01 Document that the use of CID is disabled by default.
(Even if MBEDTLS_SSL_CID is set in config.h)
2019-04-23 11:37:38 +01:00
Hanno Becker efde5b2e96 Reference CID Draft in Connection ID documentation in config.h 2019-04-23 11:36:56 +01:00
Darryl Green 3997a6cd25 Document the scripts behaviour further 2019-04-18 13:18:22 +01:00
Darryl Green 3ef06d5bf7 Add --internal option to list-identifiers.sh
When doing ABI/API checking, its useful to have a list of all the
identifiers that are defined in the internal header files, as we
do not promise compatibility for them. This option allows for a
simple method of getting them for use with the ABI checking script.
2019-04-18 12:02:49 +01:00
Darryl Green a0415bc779 Use check_output instead of Popen 2019-04-18 11:47:28 +01:00
Darryl Green 03c5e856e8 Start unused variable with underscore 2019-04-18 11:47:28 +01:00
Darryl Green 3c9e7d23b1 Correct documentation 2019-04-18 11:47:28 +01:00
Darryl Green 6b3cbfa370 Check that the report directory is a directory 2019-04-18 11:47:28 +01:00
Darryl Green 30dc6d5bb9 Use namespaces instead of full classes 2019-04-18 11:47:28 +01:00
Darryl Green 26dff8e68d Fix pylint issues 2019-04-18 11:47:28 +01:00
Darryl Green 5783847c63 Don't put abi dumps in subfolders 2019-04-18 11:47:28 +01:00
Darryl Green 6602538544 Add verbose switch to silence all output except the final report 2019-04-18 11:47:28 +01:00