Commit graph

4737 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 9b781b2880 Add MBEDTLS_SHA256_NO_SHA244 option (unimplemented) 2019-09-09 09:06:56 +02:00
Simon Butcher d82db9d48c Merge remote-tracking branch 'origin/pr/649' into baremetal 2019-09-07 12:46:12 +01:00
Simon Butcher d91adcf7f5 Merge remote-tracking branch 'origin/pr/624' into baremetal 2019-09-07 12:44:42 +01:00
Teppo Järvelin c3e5716aaf Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
Manuel Pégourié-Gonnard 0cfb6efad4 Add work-around for non-C99 compilers 2019-09-05 14:07:01 +02:00
Manuel Pégourié-Gonnard c7abba3796 Use static inline function unconditionally
No need to play tricks with macros and functions depending on whether
SHA256_SMALLER is enabled or not, with a static inline function all common
compilers (tested with arm-gcc, armcc5, arm-clang) will Do The Right Thing
depending on whether we told them to optimize for size or speed.
2019-09-05 12:09:59 +02:00
Hanno Becker 683d84a5d7 Fixup TinyCrypt PK parse: Correct function name in comment 2019-09-04 16:19:49 +01:00
Hanno Becker f45d9da878 Fixup certs.c: Remove redundant TinyCrypt guard 2019-09-04 16:19:49 +01:00
Hanno Becker d2929b5626 Fixup TinyCrypt PK wrap: Check TinyCrypt signature return code 2019-09-04 16:19:49 +01:00
Hanno Becker 96d34d57ec TinyCrypt PK Wrap: Remove dependency on ASN.1 writing
The TinyCrypt PK signature wrapper uses ASN.1 writing functions
for length and tag, accounting for the only dependency of the
baremetal build on ASN.1 writing.

Since all lengths to be encoded are below 128 Bytes and are hence
ASN.1 encoded as single Bytes, the dependency on ASN.1 writing can
be removed at low complexity by writing the length and tags directly.
2019-09-04 16:19:49 +01:00
Hanno Becker 358b3006ee TinyCrypt ECDHE-PSK: Implement CliKeyExchange parsing 2019-09-04 16:19:49 +01:00
Hanno Becker 982da7ee0a TinyCrypt ECDHE-PSK: Implement mbedtls_ssl_psk_derive_premaster() 2019-09-04 16:19:49 +01:00
Hanno Becker d91ede14c4 TinyCrypt ECDHE-PSK: Implement ClientKeyExchange writing 2019-09-04 16:19:49 +01:00
Hanno Becker c7effc04c1 TinyCrypt SSL: Extend scope use of TC in CliKeyExchange writing
Extend scope of TC in ECDH-param extraction from CRT

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the writing of the ClientKeyExchange message.
2019-09-04 16:19:49 +01:00
Hanno Becker 7352bd141e TinyCrypt SSL: Extend scope of SrvKeyExchange parsing
Extend scope of TC in ECDH-param extraction from CRT

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the parsing of the ServerKeyExchange message.
2019-09-04 16:19:49 +01:00
Hanno Becker 40ee0d450d Fixup: Correct #else and #endif comments in SrvKeyExch writing 2019-09-04 16:19:49 +01:00
Hanno Becker b42e2388ff TinyCrypt SSL: Extend scope of CliKeyExchange parsing
Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the parsing of the ClientKeyExchange message.
2019-09-04 16:19:49 +01:00
Hanno Becker 8ea7da2250 TinyCrypt SSL: Extend scope of TC-based SrvKeyExch writing
Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the writing of the ServerKeyExchange message.
2019-09-04 16:19:49 +01:00
Hanno Becker b3a244847d TinyCrypt SSL: Impl. ECDH-param extraction from CRT for TinyCrypt 2019-09-04 16:19:49 +01:00
Hanno Becker ecf5d3fdb1 TinyCrypt SSL: Extend scope of use of TC in PMS derivation
Extend scope of TC in ECDH-param extraction from CRT

Previously, TinyCrypt was only used for ECDHE-ECDSA/RSA ciphersuites.
This commit is a step towards using it for _all_ ciphersuites involving
ECDHE (specifically: ECDHE, ECDHE-PSK, static ECDH), extending the scope
of the use of TinyCrypt in the assembly of the PMS.
2019-09-04 16:19:49 +01:00
Hanno Becker 2e80173dfc Fixup: Correct wrong comment ssl_prepare_server_key_exchange() 2019-09-04 16:19:49 +01:00
Hanno Becker 27b7e50dcd TinyCrypt SSL: Declare EC-related TLS RFC constants in SSL namespace
mbedtls/ecp.h defines constants

   MBEDTLS_ECP_PF_UNCOMPRESSED
   MBEDTLS_ECP_PF_COMPRESSED
   MBEDTLS_ECP_TLS_NAMED_CURVE

which regard the encoding of elliptic curves and curve point formats in TLS.
As such, they should be defined in the SSL namespace. Asides, this will help
replacing the legacy ECC crypto by alternative ECC implementations.
2019-09-04 16:19:49 +01:00
Hanno Becker ee902df678 TinyCrypt SSL: Implement mbedtls_ssl_check_curve() for TinyCrypt 2019-09-04 16:19:49 +01:00
Hanno Becker 7e9c2e0d81 TinyCrypt SSL: Adapt ssl_parse_certificate_verify() to TinyCrypt 2019-09-04 16:17:45 +01:00
Hanno Becker 461fa723a1 TinyCrypt SSL: Adapt ssl_check_key_curve() to TinyCrypt 2019-09-04 16:17:45 +01:00
Hanno Becker 59e7b08b8a TinyCrypt X.509: Adapt profiles to use TinyCrypt curve identifier 2019-09-04 16:17:45 +01:00
Hanno Becker 88889c618e Fixup: Add missing TinyCrypt guards 2019-09-04 16:17:45 +01:00
Hanno Becker d931ad2aca Implement x509_profile_check_key() for TinyCrypt-based PK context 2019-09-04 16:17:45 +01:00
Hanno Becker 1521ec501c Remove TinyCrypt PRNG configuration from ssl_cli.c
The TinyCrypt PRNG is configured in mbedtls_ssl_setup().
2019-09-04 16:17:25 +01:00
Hanno Becker dfb949bb4e Fixup: Use TC ECC type instead of uint32_t during pubkey parsing
Using explicit enumerated types avoids type confusion.
2019-09-04 16:17:25 +01:00
Hanno Becker 28332a5642 TinyCrypt PK write: Impl. PK writing helpers for TC-based PK context 2019-09-04 16:17:25 +01:00
Hanno Becker 64a81b03aa TinyCrypt PK write: Make PK writing helpers accept PK context
This prepares the ground for TinyCrypt-based implementations of
these helpers.
2019-09-04 16:17:25 +01:00
Hanno Becker c64d5af9ab Fixup: Don't use legacy ECC error code from TinyCrypt
We want to be able to remove legacy ECC entirely when using TinyCrypt,
including their identifiers.
2019-09-04 16:17:25 +01:00
Hanno Becker da77971ec8 Fixup: Rename mbedtls_uecc_pk -> mbedtls_pk_uecc
This is in line with the naming of the analogous function mbedtls_pk_ec
used for legacy ECC PK contexts.
2019-09-04 16:17:25 +01:00
Hanno Becker 8cf2f5e466 TinyCrypt PK parse: Move TC-based EC public key parsing code-block
Keep code-paths handling legacy-ECC vs. TinyCrypt together
for better readability.
2019-09-04 16:17:25 +01:00
Hanno Becker 3bef643987 Fixup: Guard numerous legacy-ECC PK parse functions by !TinyCrypt 2019-09-04 16:17:25 +01:00
Hanno Becker d336f721c0 Fixup: Add missing TinyCrypt guard in ECC private key parsing
PEM-encoded keys with PEM header

  -----BEGIN EC PRIVATE KEY-----
  ...
  -----END EC PRIVATE KEY-----

were previously not parsed in configurations using TinyCrypt
instead of legacy ECC crypto.
2019-09-04 16:17:25 +01:00
Hanno Becker 75f8d3276f TinyCrypt PK parse: Remove MBEDTLS_PK_ECDSA during pubkey parsing
The PK type MBEDTLS_PK_ECDSA is never returned from
`mbedtls_pk_info_from_type()`. Instead, EC keys either
are identified as MBEDTLS_PK_ECKEY_DH (in case they
must only be used for ECDHE) or MBEDTLS_PK_ECKEY (in
case they can be used for any algorithm).
2019-09-04 16:17:25 +01:00
Hanno Becker e65697c351 TinyCrypt PK parse: Handle each PK type precisely once 2019-09-04 16:17:25 +01:00
Hanno Becker d45f383b01 TinyCrypt PK parse: Impl. EC public key derivation in TC-based ECDSA 2019-09-04 16:17:25 +01:00
Hanno Becker 7e38c37302 TinyCrypt PK parse: Pass TC keypair structure to ECDSA pubkey parse 2019-09-04 16:17:25 +01:00
Hanno Becker 68d5478d8d TinyCrypt PK parse: Simplify TinyCrypt public key parsing 2019-09-04 16:17:25 +01:00
Hanno Becker aebffdd363 TinyCrypt PK parse: Add comments to #endif's indicating condition 2019-09-04 16:17:25 +01:00
Hanno Becker d7e0cd001c TinyCrypt PK wrap: Add short documentation for extract_ecdsa_sig_int 2019-09-04 16:17:25 +01:00
Hanno Becker 9653d80518 TinyCrypt PK wrap: Implement check_pair PK wrapper 2019-09-04 16:17:25 +01:00
Hanno Becker 4102972d31 TinyCrypt PK wrap: Implement alloc/free PK wrappers 2019-09-04 16:17:25 +01:00
Hanno Becker 11cb2637e7 TinyCrypt PK wrap: Simplify guards in pk_wrap.c
With TinyCrypt and legacy ECC mutually exclusive, we don't have
to use #if TINYCRYPT #else #if LEGACY #endif #endif anymore, but
can add the TC and legacy based ECC implementations independently.
2019-09-04 16:17:25 +01:00
Hanno Becker 8ea35458e4 Fixup: TinyCrypt PK verify wrapper uecc_ecdsa_verify_wrap()
- TinyCrypt uses `0` for errors.
- The first argument to uECC_verify() should be the public key,
  but the previous code passed the beginning of the entire
  private-public key structure.
2019-09-04 16:17:25 +01:00
Hanno Becker 9c7a359cc4 Fixup: uecc_ecdsa_sign_wrap() in pk_wrap.c
The previous code passed `2 * NUM_ECC_BYTES` as the size limit for
the ECDSA signature, which fails to account for space required by
ASN.1 headers.
2019-09-04 16:17:25 +01:00
Hanno Becker 9a62f2dbfb Fixup: get_bitlen() PK API in TinyCrypt-based ECDSA
- Return number of bits and not number of bytes
- Return length of private key and not length of public key.
2019-09-04 16:17:25 +01:00