Commit graph

2978 commits

Author SHA1 Message Date
Hanno Becker 52e36bc1a1 MD: Embed digest context structure into MD wrapper context 2019-09-09 09:45:57 +01:00
Hanno Becker 4a99765f94 MD: Introduce macro for initialization function 2019-09-09 09:45:57 +01:00
Hanno Becker 6deddf761a MD: Introduce macro for underlying context type 2019-09-09 09:45:57 +01:00
Hanno Becker c290847719 Fixup md.h: Fix use of inline keyword in MSVC 2019-09-09 09:45:57 +01:00
Hanno Becker 7a78fe409b Fixup: Avoid unused function warning for MD wrappers 2019-09-09 09:45:57 +01:00
Hanno Becker 53ade9fa62 MD: Implement config dep'n inlining of mbedtls_md_process() 2019-09-09 09:45:57 +01:00
Hanno Becker 993691d9ba MD: Implement config dep'n inlining of mbedtls_md_finish() 2019-09-09 09:45:57 +01:00
Hanno Becker fdef5ac13b MD: Implement config dep'n inlining of mbedtls_md_update() 2019-09-09 09:45:57 +01:00
Hanno Becker 527f7c9307 MD: Demonstrate config-dep'n API inlining for mbedtls_md_starts() 2019-09-09 09:45:57 +01:00
Hanno Becker 7a7b7227cb Add dummy def of MBEDTLS_MD_INFO_SHA256 to make check-names.sh happy 2019-09-09 09:45:57 +01:00
Hanno Becker c4e4210aab Introduce md_internal.h
Recall that in the default configuration, Mbed TLS provides access
digest implementations through two layers of indirection:

1) Call of MD API (e.g. mbedtls_md_update())
2) Call of function pointer from MD info structure
3) Actual digest implementation (e.g. mbedtls_sha256_update()).

Ideally, if only a single digest is enabled - say SHA-256 - then calling
mbedtls_md_update() should _directly_ jump to mbedtls_sha256_update(),
with both layers of indirection removed. So far, however, setting
MBEDTLS_MD_SINGLE_HASH will only remove the second - function pointer -
layer of indirection, while keeping the non-inlined stub implementations
of e.g. mbedtls_md_update() around.

This commit is a step towards allowing to define implementations of
the MD API as `static inline` in case we know that they are so small
that they should be defined in md.h and not in md.c.

In a nutshell, the approach is as follows: For an MD API function
mbedtls_md_xxx() that should be inlin-able, introduce its implementation
as a `static inline` wrapper `mbedtls_md_xxx_internal()` in md.h,
and then define mbedtls_md_xxx() either in md.h or in md.c, by just
calling mbedtls_md_xxx_internal().

Moving the implementations of those MD API functions that should be
inlinable to md.h requires the presence of both the MD info struct
and all specific digest wrapper functions in md.h, and this is what
this commit ensures, by moving them from md.c into a new internal
header file md_internal.h. Implementing the aforementioned wrappers for
those MD API that should be inlinable is left for subsequent commits.
2019-09-09 09:45:57 +01:00
Hanno Becker 8fbacf941f check_config.h: Check MBEDTLS_MD_SINGLE_HASH is used with single MD
This commit modifies check_config.h to check that precisely one
hash is enabled if MBEDTLS_MD_SINGLE_HASH is set.

This is not only a reasonable expectation, it is also necessary,
because test suites assume that if a digest is enabled, it is also
accessible through the MD abstraction layer.
2019-09-09 09:45:57 +01:00
Hanno Becker c94fc6c0c2 Add MBEDTLS_ALWAYS_INLINE macro to platform_util.h 2019-09-09 09:45:57 +01:00
Hanno Becker ccb2b62f0a Remove handle from MD context in single hash config 2019-09-09 09:45:57 +01:00
Hanno Becker 1292c35c03 Add config.h option to hardcode choice of single MD algorithm
This commit introduces the configuration option

  MBEDTLS_MD_SINGLE_HASH

which can be used to hardcode support for a single digest algorithm
at compile-time, at the benefit of reduced code-size.

To use, it needs to be defined to evaluate to a macro of the form
MBEDTLS_MD_INFO_{DIGEST}, and macros MBEDTLS_MD_INFO_{DIGEST}_FIELD
must be defined, giving rise to the various aspects (name, type,
size, ...) of the chosen digest algorithm. MBEDTLS_MD_INFO_SHA256
provides an example, but other algorithms can be added if needed.

At the moment, the effect of using MBEDTLS_MD_SINGLE_HASH is that
the implementation of the MD API (e.g. mbedtls_md_update()) need no
longer to through the abstraction of the mbedtls_md_info structures
by calling their corresponding function pointers fields (akin to
virtual functions in C++), but the directly call the corresponding
core digest function (such as mbedtls_sha256_update()).

Therefore, MBEDTLS_MD_SINGLE_HASH so far removes the second layer
of indirection in the chain

  User calls MD API -> MD API calls underlying digest impl'n
                    -> Core digest impl'n does the actual work,

but the first indirection remains, as the MD API remains untouched
and cannot yet be inlined. Studying to what extend inlining the
shortened MD API implementations would lead to further code-savings
is left for a later commit.
2019-09-09 09:45:57 +01:00
Hanno Becker d03949e2a4 Remove md_wrap.c and md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker d3827c74d5 Introduce getter for MD handle from MD context 2019-09-09 09:45:57 +01:00
Hanno Becker 62a44d43b0 Allow defining MD information structs through macros
In builds enabling only a single MD digest, we want to be able to
implement the MD info getter functions by returning compile-time
constants matching the fields of the MD info structures used so far.

To avoid information duplication hardening maintainability, this
commit introduces the possibility of providing the various aspects
of a particular digest implementation by defining macros
MBEDTLS_MD_INFO_DIGEST_FIELD (e.g. MBEDTLS_MD_INFO_SHA256_SIZE)
and to generate the corresponding mbedtls_md_info instance from
this set of macros, via the new macro MBEDTLS_MD_INFO().

This way, we'll be able to switch between MD info based builds
and single-digest builds without information duplication.
2019-09-09 09:45:57 +01:00
Hanno Becker 530387eaa3 Introduce getter functions for MD info fields
This commit continues the introduction of the MD digest implementation
abstraction layer given by `mbedtls_md_handle_t` by adding getter
functions returning the various properties of an implementation
(e.g. name, digest type, digest size). For the existing implementation,
these are just structure field accesses; however, in configurations
hardcoding the choice of a fixed digest algorithm, we'll be able to
implement them as inline functions returning compile-time constants.
2019-09-09 09:45:57 +01:00
Hanno Becker a5cedbcd3f Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard efd344894d Completely ignore is224 if SHA-224 is disabled 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 394c5fb24b Implement NO_SHA224 in MD layer as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 8463d29156 Implement MBEDTLS_SHA256_NO_SHA224 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 9b781b2880 Add MBEDTLS_SHA256_NO_SHA244 option (unimplemented) 2019-09-09 09:06:56 +02:00
Simon Butcher d82db9d48c Merge remote-tracking branch 'origin/pr/649' into baremetal 2019-09-07 12:46:12 +01:00
Simon Butcher d91adcf7f5 Merge remote-tracking branch 'origin/pr/624' into baremetal 2019-09-07 12:44:42 +01:00
Teppo Järvelin c3e5716aaf Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
Manuel Pégourié-Gonnard 8bf8f2ebde Improve documentation in config.h 2019-09-05 13:08:21 +02:00
Teppo Järvelin 30185bb82b struct optimization for mbedtls_record 2019-09-05 08:54:13 +03:00
Teppo Järvelin 22854511bb struct optimization for mbedtls_ssl_transform 2019-09-05 08:54:13 +03:00
Teppo Järvelin d689a67af2 struct optimization for mbedtls_x509_crl 2019-09-05 08:54:13 +03:00
Teppo Järvelin 648fbbad8f struct optimization for mbedtls_ssl_context 2019-09-05 08:54:13 +03:00
Teppo Järvelin 1cd48143c3 struct optimization for mbedtls_ssl_handshake_params 2019-09-05 08:54:13 +03:00
Hanno Becker 1b82685dc9 Fixup debug.h and ssl_internal.h: Add missing include of ecdh.h
Previously, this wasn't necessary because ecdh.h was included
through ssl.h, but now that this is no longer the case (because
ssl.h doesn't use ECDH), we have to include it explicitly.
2019-09-04 16:19:49 +01:00
Hanno Becker 82a7a21982 Fixup: Correct inclusion of legacy ECP headers in ssl.h
Previously, ecp.h was included only if MBEDTLS_ECDH_C was set,
which broke the build in configurations using ECDSA, but not ECDH.
An example of such a config is configs/config-thread.h, which
uses ECJPAKE exclusively.

Moreover, the inclusion of ecdh.h isn't needed, because the header
only uses constants defined in the ECP module.
2019-09-04 16:19:49 +01:00
Hanno Becker 6f212d0a16 TinyCrypt ECDH/ECDHE-PSK: Allow TinyCrypt-based ECDH and ECDHE-PSK 2019-09-04 16:19:49 +01:00
Hanno Becker 6f7680491b TinyCrypt ECDHE-PSK: Adapt dummy structure approximating PMS length 2019-09-04 16:19:49 +01:00
Hanno Becker 054deecb8a check_config.h: Add dep'n of ECC per-curve options on MBEDTLS_ECP_C 2019-09-04 16:19:49 +01:00
Hanno Becker 61b05e572b Remove dependency of MBEDTLS_X509_USE_C on MBEDTLS_BIGNUM_C
There is no apparent direct dependency, and the indirect dependency
through the RSA and legacy ECP modules is already encoded in the
chain

   MBEDTLS_X509_USE_C
-> MBEDTLS_PK_PARSE_C
-> MBEDTLS_PK_C
-> MBEDTLS_RSA_C || MBEDTLS_ECP_C
-> MBEDTLS_BIGNUM_C

which will be modified to

   MBEDTLS_X509_USE_C
-> MBEDTLS_PK_PARSE_C
-> MBEDTLS_PK_C
-> MBEDTLS_RSA_C || MBEDTLS_ECP_C || MBEDTLS_USE_TINYCRYPT

in which case MBEDTLS_BIGNUM_C is not needed for MBEDTLS_X509_USE_C
if only MBEDTLS_USE_TINYCRYPT is set, but not MBEDTLS_RSA_C or
MBEDTLS_ECP_C.
2019-09-04 16:19:49 +01:00
Hanno Becker d82f60da36 Directly include stdint.h from asn1.h
asn1.h uses uint8_t which is defined in stdint.h.

This wasn't caught earlier by the luck that whenever asn1.h
was included, another header was included earlier that did in
turn include stdint.h.
2019-09-04 16:19:49 +01:00
Hanno Becker e8c52ff191 Guard CRT writing structure by MBEDTLS_X509_CRT_WRITE_C 2019-09-04 16:19:49 +01:00
Hanno Becker 6cf97b7fc6 Don't unconditionally include ecp.h in ssl.h
Remark: Including ecp.h is actually redundant because it's
also included from ecdh.h. However, it's good practice to
explicitly include header files that are being used directly,
and ssl.h does use MBEDTLS_ECP_MAX_BYTES which is defined in ecp.h.
2019-09-04 16:19:49 +01:00
Hanno Becker 728a38b40d TinyCrypt SSL: Adapt calculation of maximum PMS size in ssl.h
ssl.h contains a dummy union of fields each large enough to
hold the PMS for a particular ciphersuite. In particular, for
pure-ECDH ciphersuites, it contains a field large enough to
hold the ECDH shared secret in any of the enabled curves.

So far, this upper bound was unconditionally chosen to be
MBEDTLS_ECP_MAX_BYTES from the ECP module.

With the introduction of TinyCrypt as an alternative implementation
for ECDH, we need to
- guard the use of MBEDTLS_ECP_MAX_BYTES because MBEDTLS_ECP_C
  is no longer implied by the surrounding MBEDTLS_KEY_EXCHANGE_XXX
  guards
- add another field which contains the maximum length of shared
  ECDH secrets for curves supported by TinyCrypt.
2019-09-04 16:19:49 +01:00
Hanno Becker 27b7e50dcd TinyCrypt SSL: Declare EC-related TLS RFC constants in SSL namespace
mbedtls/ecp.h defines constants

   MBEDTLS_ECP_PF_UNCOMPRESSED
   MBEDTLS_ECP_PF_COMPRESSED
   MBEDTLS_ECP_TLS_NAMED_CURVE

which regard the encoding of elliptic curves and curve point formats in TLS.
As such, they should be defined in the SSL namespace. Asides, this will help
replacing the legacy ECC crypto by alternative ECC implementations.
2019-09-04 16:19:49 +01:00
Hanno Becker ee902df678 TinyCrypt SSL: Implement mbedtls_ssl_check_curve() for TinyCrypt 2019-09-04 16:19:49 +01:00
Hanno Becker 88889c618e Fixup: Add missing TinyCrypt guards 2019-09-04 16:17:45 +01:00
Hanno Becker 490277c8a2 TinyCrypt Config: Allow TC replacing legacy ECDSA in check_config.h 2019-09-04 16:17:45 +01:00
Hanno Becker da77971ec8 Fixup: Rename mbedtls_uecc_pk -> mbedtls_pk_uecc
This is in line with the naming of the analogous function mbedtls_pk_ec
used for legacy ECC PK contexts.
2019-09-04 16:17:25 +01:00
Hanno Becker 52c52f3c2f check_config: Forbid simultaenous use of TinyCrypt and legacy ECC 2019-09-04 16:17:25 +01:00
Hanno Becker a417459ab1 Fixup: Remove trailing whitespace in oid.h 2019-09-04 16:17:25 +01:00