Commit graph

1136 commits

Author SHA1 Message Date
Gilles Peskine 38808fa094 psa_constant_names: fix some copypasta 2018-10-08 14:45:35 +02:00
Gilles Peskine 0deaf3d8d7 psa_constant_names: new function append_integer
Factor repeated code into a new function append_integer.
2018-10-08 14:45:35 +02:00
Gilles Peskine daea26f70f Correct and simplify block-based cipher modes
OFB and CFB are streaming modes. XTS is a not a cipher mode but it
doesn't use a separate padding step. This leaves only CBC as a block
cipher mode that needs a padding step.

Since CBC is the only mode that uses a separate padding step, and is
likely to remain the only mode in the future, encode the padding mode
directly in the algorithm constant, rather than building up an
algorithm value from a chaining mode and a padding mode. This greatly
simplifies the interface as well as some parts of the implementation.
2018-09-20 11:58:22 +02:00
itayzafrir 18ac331e15 psa: programs: Add cipher example fallback main
When dependencies are missing, print an error message from the example
about missing dependencies at run-time.
2018-09-12 16:50:07 +03:00
itayzafrir 44b09d2a67 psa: programs: Add cipher AES CTR multipart 2018-09-12 16:50:07 +03:00
itayzafrir a2d0804b33 psa: programs: Add cipher AES CBC PKCS7 multipart 2018-09-12 16:50:07 +03:00
itayzafrir 10366708d6 psa: programs: Add cipher AES CBC no padding 2018-09-12 16:50:07 +03:00
itayzafrir a3ff8a6ed5 psa: programs: Add cipher example
Add `programs/psa/crypto_examples.c`. Update relevant Makefiles,
CMakeLists.txt, and .gitignore files.
2018-09-12 16:50:07 +03:00
Gilles Peskine f0fa436b65 New sample program key_ladder_demo
Demo of a key derivation ladder.

Sample run in key_ladder_demo.sh.
2018-09-12 16:50:07 +03:00
Gilles Peskine 029b5d648d New utility program psa/psa_constant_names
Print the symbolic name corresponding to a numerical value.

Supported types: status values, algorithms, elliptic curves,
key types, key usage masks.

The program is partly generated from parsing psa/crypto.h with a few
hard-coded assumptions. This isn't ideal but it works and requires
little machinery.
2018-09-12 16:41:12 +03:00
Simon Butcher 552754a6ee Merge remote-tracking branch 'public/pr/1988' into development 2018-08-30 00:57:28 +01:00
Simon Butcher 68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Hanno Becker f34a4c176c UDP proxy: Correct debug output for delay_srv option 2018-08-28 17:52:53 +01:00
Simon Butcher 676d3fd116 Merge remote-tracking branch 'public/pr/1129' into development 2018-08-28 12:31:23 +01:00
Simon Butcher 14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher 1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Hanno Becker 41038108e9 Style: Correct indentation in UDP proxy code 2018-08-28 11:15:32 +01:00
Hanno Becker cf469458ca Style: Add empty line before comment in UDP proxy code 2018-08-28 10:09:47 +01:00
Hanno Becker 0e96585bdd Merge branch 'datagram_packing' into message_reordering 2018-08-24 12:16:41 +01:00
Hanno Becker 1841b0a11c Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00
Hanno Becker a63c1c3a25 pk_encrypt: Uniformize debugging output 2018-08-23 15:56:03 +01:00
Hanno Becker 25d882b916 Fix typos in programs/x509/cert_write.c
Fixes #1922.
2018-08-23 15:26:06 +01:00
Hanno Becker ae513a5396 Minor formatting improvements in pk_encrypt and pk_decrypt examples 2018-08-23 14:39:04 +01:00
Hanno Becker bd336c1fac Correct memory leak in pk_decrypt example program 2018-08-23 14:36:50 +01:00
Hanno Becker 55c11ba283 Correct memory-leak in pk_encrypt example program 2018-08-23 14:36:33 +01:00
Hanno Becker 12b72c182e UDP proxy: Fix bug in freeing delayed messages 2018-08-23 13:15:36 +01:00
Hanno Becker 903ee3d363 Merge branch 'datagram_packing' into message_reordering 2018-08-21 17:24:17 +01:00
Hanno Becker 101bcba26f UDP proxy: Allow more than one message to be delayed
Previously, the UDP proxy could only remember one delayed message
for future transmission; if two messages were delayed in succession,
without another one being normally forwarded in between,
the message that got delayed first would be dropped.

This commit enhances the UDP proxy to allow to delay an arbitrary
(compile-time fixed) number of messages in succession.
2018-08-21 16:50:30 +01:00
Hanno Becker f61ff4e1d6 ssl_server2: Remove redundant new line 2018-08-21 13:17:47 +01:00
Hanno Becker 6aeaa05a95 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-20 12:53:37 +01:00
Hanno Becker caf8741891 Fix typo in documentation of UDP proxy argument 'delay_cli' 2018-08-20 09:45:51 +01:00
Manuel Pégourié-Gonnard 6e7aaca146 Move MTU setting to SSL context, not config
This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)

There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
  during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
  based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 10:37:23 +02:00
Hanno Becker 01ea778363 UDP proxy: Add option to delay specific handshake messages 2018-08-17 16:52:08 +01:00
Hanno Becker 4d61591c0c Add cmd line option to ssl_client2 for datagram packing
This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_client2
allowing to allow/forbid the use of datagram packing.
2018-08-17 15:45:40 +01:00
Hanno Becker e7675d0d3d Add cmd line option to ssl_server2 for datagram packing
This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_server2
allowing to allow/forbid the use of datagram packing.
2018-08-17 15:45:33 +01:00
Manuel Pégourié-Gonnard b747c6cf9b Add basic first tests for MTU setting
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Mohammad Azim Khan 9ebdcffef4 Fix Wformat-overflow warning in ssl_mail_client.c
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-14 11:02:23 +01:00
Simon Butcher 2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher c88c627fba Merge remote-tracking branch 'public/pr/1658' into development 2018-07-24 17:19:10 +01:00
Jaeden Amero 4ed32d065b cpp_dummy_build: Add NIST key wrapping header 2018-07-24 16:51:09 +01:00
Ron Eldor 9ab746c7c9 Add selftests
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Simon Butcher fb3b0320d0 Merge remote-tracking branch 'public/pr/919' into development 2018-07-24 13:28:51 +01:00
Simon Butcher 116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher cce68bec1d Add a macro to define the memory size in ssl_server2.c
When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
2018-07-23 14:26:09 +01:00
Simon Butcher ccbd46435f Increase the memory buffer size for ssl_server2.c
Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
2018-07-22 14:43:39 +01:00
Andres Amaya Garcia ce6fbac247 Fix ssl_client2 to send 0-length app data 2018-07-20 23:09:29 +01:00
Simon Butcher 7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Andrzej Kurek 991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Nicholas Wilson 61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00