With the removal of the MD handle from the MD context, it's a precondition
for any MD API outside of mbedtls_md_init() and mbedtls_md_setup() that
the MD context has been successfully setup by precisely those functions
beforehand, and hence must be bound to the single enabled valid MD handle.
This commit continues the introduction of the MD digest implementation
abstraction layer given by `mbedtls_md_handle_t` by adding getter
functions returning the various properties of an implementation
(e.g. name, digest type, digest size). For the existing implementation,
these are just structure field accesses; however, in configurations
hardcoding the choice of a fixed digest algorithm, we'll be able to
implement them as inline functions returning compile-time constants.
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type
mbedtls_md_info const *
whose valid values represent implementations of message digest algorithms.
Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.
This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.
The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
Add a basic unit test for the ECDSA part of the tinycrypt.
It generates keys, signs and verifies. Modified from tinycrypt
tests found in tinycrypt-repository.
Previously, the TinyCrypt component in all.sh restricted the ssl-opt.sh
to the 'Default, DTLS' test, due to implicit dependencies on Secp384r1.
These dependencies are now explicit and ssl-opt.sh skips corresponding
tests accordingly, so we can introduce a full run of ssl-opt.sh into
the TinyCrypt test in all.sh.
This commit modifies ssl-opt.sh to autodetect the use of test certificates
server5.* server6.* test-ca2.* using Secp384r1, and skips the corresponding
tests if MBEDTLS_ECP_DP_SECP384R1_ENABLED isn't set.
Previously, the TinyCrypt all.sh test restricted the run of compat.sh
to DTLS 1.2 and listed a few explicit ciphersuites.
This commit widens the scope of the test by testing any ciphersuite
based on ECDHE-ECDSA, regardless of TLS/DTLS or the particular version.
Further, it doesn't exclude SHA-384 as done previously.
This commit uses the flexibility of being able to chose CRTs and keys
to be used by compat.sh through predefined environment variables to
force the use of Secp256r1 certificates and keys in the all.sh test
for TinyCrypt.
This commit introduces environment variables
- SRV_ECDSA_CRT
- SRV_ECDSA_KEY
- CLI_ECDSA_CRT
- CLI_ECDSA_KEY
- SRV_RSA_CRT
- SRV_RSA_KEY
- CLI_RSA_CRT
- CLI_RSA_KEY
- CA_FILE
to tests/compat.sh which hold the path of the CA, client and server
certificate and key files to use by the script.
This is a preparatory step towards switching to a different set of
certificates and keys in case the configuration doesn't match the
certificates in use so far (e.g.: the ECDSA certificates use Secp384r1,
so if that's disabled, ECDSA tests will fail).
Even though exhaustive testing of TinyCrypt is left for later,
without this test we don't have any evidence that PK writing
works for TinyCrypt-based PK context.
TinyCrypt only supports Secp256r1, so skip all tests in test_suite_x509parse
which use different curves, while splitting those which rely on Secp256r1
alone into two tests: one for legacy ECC, and one for TinyCrypt.
Studying and improving the TinyCrypt test coverage is left for a later commit.
The current pkwrite tests involving ECC all use curves different
from Secp256r1, so they don't apply to TinyCrypt.
Adding tests for TinyCrypt is left to a later commit.
- The underlying test vectors are for Secp192r1, while TinyCrypt uses Secp256r1.
- The test implementation is specific to the structure of legacy-ECC PK ctxs.
Addition of analogous tests for TinyCrypt-based ECC PK contexts are left
for a later commit.
TinyCrypt should be used as a replacement of legacy ECC. In particular,
there shouldn't be any use of identifiers from the legacy ECC module.
So far, there's the configuration option
MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
that's relevant if MBEDTLS_SSL_CONF_SINGLE_CURVE is set, and which in
this case must resolve to an identifier of type mbedtls_ecp_group_id
indicating which single curve to enable.
With the introduction of TinyCrypt, we must either change the type
of this option to mbedtls_uecc_group_id, or introduce a separate
compilation option.
In order to avoid type confusion, this commit follows tha latter
approach, introducing the configuration option
MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID
that indicatesthe TinyCrypt group identifier of the single curve
to use (must be Secp256r1) if MBEDTLS_SSL_CONF_SINGLE_CURVE
and MBEDTLS_USE_TINYCRYPT are set.
