Commit graph

3048 commits

Author SHA1 Message Date
Simon Butcher a26fb4c64f Merge remote-tracking branch 'public/pr/2870' into baremetal 2019-10-23 14:51:37 +01:00
Manuel Pégourié-Gonnard 0a9b44ddaa Merge branch 'mbedtls-2.16' into baremetal-2.16-20191004
* mbedtls-2.16: (25 commits)
  Fix compilation error
  Add const to variable
  Fix endianity issue when reading uint32
  Increase test suite timeout
  Reduce stack usage of test_suite_pkcs1_v15
  Reduce stack usage of test_suite_pkcs1_v21
  Reduce stack usage of test_suite_rsa
  Reduce stack usage of test_suite_pk
  Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh
  Remove unnecessary memory buffer alloc and memory backtrace unsets
  Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test
  all.sh: restructure memory allocator tests
  Add missing dependency in memory buffer alloc set in all.sh
  Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full`
  Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C
  Add all.sh run with full config and ASan enabled
  Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
  Update documentation of exceptions for `config.pl full`
  Adapt all.sh to removal of buffer allocator from full config
  Disable memory buffer allocator in full config
  ...
2019-10-07 12:44:09 +02:00
Jarno Lamsa c4315e6d5e Address review comments for documentation 2019-10-04 15:42:39 +03:00
Jarno Lamsa 39a9d40f84 Update documentation for the RNG-function 2019-10-03 13:49:35 +03:00
Jarno Lamsa e29e8a49b8 Use MBEDTLS_ENTROPY_HARDWARE_ALT
Use MBEDTLS_ENTROPY_HARDWARE_ALT instead of a new global RNG
flag. When this flag is enabled, the platform provides the RNG.
When running unit tests, rnd_std_rand should be used by overriding
the mbedtls_hardware_poll.
2019-10-03 13:49:34 +03:00
Manuel Pégourié-Gonnard 51f65e4b86 Standardize prototypes of platform_memcpy/memset
As replacements of standard library functions, they should have the same
prototype, including return type.

While it doesn't usually matter when used directly, it does when the address
of the function is taken, as done with memset_func, used for implementing
mbedtls_platform_zeroize().
2019-10-03 07:59:58 +03:00
Jarno Lamsa a1e5054d91 Fix issues in CI 2019-10-02 12:52:39 +03:00
Jarno Lamsa 77a0e07f80 Add return value doxygen 2019-10-02 08:39:32 +03:00
Jarno Lamsa f5ebe2a7ce Make RNG exclude the given maximum value
The RNG will give numbers in range of [0, num), so that
the given maximum is excluded.
2019-10-02 08:23:11 +03:00
Jarno Lamsa 0ff7109b7c Fix style issues 2019-10-02 08:18:29 +03:00
Jarno Lamsa f65e9de57b Change rng-function return-type 2019-10-01 16:09:35 +03:00
Jarno Lamsa 7d28155b30 Add doxygen for the platform-functions 2019-10-01 15:56:17 +03:00
Jarno Lamsa a19673222b Change the rng-function name
Change the name to mbedtls_platform_random_in_range
2019-10-01 15:31:08 +03:00
Jarno Lamsa d82e559a48 Add a config flag for the global RNG
The global RNG should be provided by the application depending on
the RNG used there. (I.e. TRNG)
2019-10-01 14:54:41 +03:00
Jarno Lamsa 0736325d80 Add FI/SCA compliant versions of mem-functions
Add FI/SCA compliant memset, memcmp and memcpy-functions
to platform_util. Also add a stub implementation of a global
RNG-function.
2019-09-30 09:40:03 +03:00
Simon Butcher 85b495b30a Merge remote-tracking branch 'origin/pr/652' into baremetal 2019-09-25 16:37:07 +01:00
Simon Butcher 8d0684dd06 Merge remote-tracking branch 'public/pr/2835' into baremetal 2019-09-24 15:28:35 +01:00
Manuel Pégourié-Gonnard 8b5e6bd6ae Improve some internal documentation 2019-09-20 08:57:18 +02:00
Manuel Pégourié-Gonnard a77e9b5b35 Make sub-context statically allocated
This makes a mbedtls_pk_context memory-wise equivalent to a
mbedtls_uecc_keypair and removes a dynamic allocation, making the PK layer
zero-cost in terms of memory when PK_SINGLE_TYPE is enabled.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 073c1e1391 Remove pk_info from pk_context_t with SINGLE_TYPE
In very reduced configurations, we don't want the overhead of maintaining a
bool just to remember if the context is valid and checking that bit at every
point of entry.

Note: so far this validity bit also served as a proxy to ensure that pk_ctx
was valid (currently this is a pointer to a dynamically-allocated buffer). In
the next series of commits, this will be changed to a statically-allocated
buffer, so there will be no question about its validity.

In the end (after this commit and the next series), a pk_context_t will be
(memory-wise) just the same as a mbedtls_uecc_keypair when SINGLE_TYPE is
enabled - meaning the PK layer will have zero memory overhead in that case.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 2829bbf59b Remove dependency from SSL on PK internals
So far, with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled, the SSL module relied
on a undocumented feature of the PK module: that you can distinguish between
contexts that have been setup and context that haven't. This feature is going
to go away in the case of PK_SINGLE_TYPE, as we'll soon (as in: the next
commit does that) no longer be storing the (now two-valued) pk_info member.

Note even with this change, we could still distinguish if the context has been
set up by look if pk_ctx is NULL or not, but this is also going away in the
near future (a few more commits down the road), so not a good option either.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 4223ce4fca Introduce macro-based read access to ctx->pk_info 2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard f8b7c7f0ac Implement two-valued handle type 2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 020d9ba4ed Introduce abstraction mbedtls_pk_handle_t
This is the first in a series of commit aimed at removing the pk_info
structures when we're building with MBEDTLS_PK_SINGLE_TYPE enabled.

Introducing this abstraction allows us to later make it a two-valued type
(valid, invalid) instead, which is much lighter.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 08620cbb62 Implement static dispatch with SINGLE_PK_TYPE
For optional functions, we introduce an extra macro to tell if the function is
omitted. As the C preprocessor doesn't directly support comparing strings,
testing if the _FUNC macro is defined to NULL isn't obvious. One could
probably play tricks to avoid the need for _OMIT macros, but the small amount
of (entirely local) duplication here is probably a lesser evil than extra
preprocessor complexity.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 342cecf1f7 Introduce macro-based access to info members
For now, this is only used in order to defined the uecc instance of pk_info,
but in subsequent commits this can be used to implement static dispatch.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 1c1cc0d373 Add config.h option MBEDTLS_PK_SINGLE_HASH
No effect for now, just declaring it here, implemented in subsequent commits.

The option requires MBEDTLS_USE_TINYCRYPT and is incompatible with
MBEDTLS_PK_RSA_ALT_SUPPORT and MBEDTLS_RSA_C.

Currently users (including the X.509 and SSL libraries) assume that if both PK
and RSA are enabled, then RSA is available through PK. If we allowed RSA to be
enabled together with PK_SINGLE_TYPE, we'd break that assumption. Going
through the code to find all place that rely on that assumption and fix them
would be cumbersome, and people who want PK_SINGLE_TYPE are unlikely to care
about RSA anyway, so let's just make them incompatible.

This is also consistent with what's done in the MD module: MD_SINGLE_HASH
requires that exactly one hash be enabled.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard 57d96cddf5 Move NULL check inside accessor function
This achieves two related goals:

1. Those members are now only accessed via the accessor function (except in
code paths that we don't care about: those guarded by
MBEDTLS_PK_RSA_ALT_SUPPORT or MBEDTLS_ECP_RESTARTABLE)
2. When we turn on compile-time dispatch, we don't obviously don't want to
keep a runtime NULL check.

For debug this requires changing the signature or the accessor function to
return int; this is done without changing the signature of the accessed
function.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard e5a0b366f8 Merge branch 'baremetal' into baremetal-2.16-20190909
* baremetal: (78 commits)
  Review corrections 6
  Review corrections 5
  Minor changes to tinycrypt README
  Typos in the tinycrypt README
  Addition of copyright statements to tinycrypt files
  Add LICENSE and README for tinycrypt
  Add SPDX lines to each imported TinyCrypt file
  Review corrections 4
  Review corrections 3
  Review corrections 2
  Review corrections
  Update signature of BE conversion functions
  Use function for 16/24/32-bit BE conversion
  x509.c: Minor readability improvement
  x509_crt.c: Indicate guarding condition in #else branch
  X.509: Don't remove verify callback by default
  Fix Doxygen warnings regarding removed verify cb+ctx parameters
  ECC restart: Use optional verification mode in bad signature test
  Re-implement verify chain if vrfy cbs are disabled
  Add zero-cost abstraction layer for CRT verification chain
  ...
2019-09-12 09:58:14 +02:00
Simon Butcher e8144aa8ea Merge remote-tracking branch 'origin/pr/657' into baremetal 2019-09-10 14:59:14 +01:00
Simon Butcher 88b535a47e Merge remote-tracking branch 'origin/pr/654' into baremetal 2019-09-10 14:54:28 +01:00
Simon Butcher 303d399f42 Merge remote-tracking branch 'origin/pr/609' into baremetal 2019-09-10 14:50:04 +01:00
Simon Butcher 9bdd13b2e7 Merge remote-tracking branch 'origin/pr/621' into baremetal 2019-09-10 14:49:35 +01:00
Simon Butcher e901566f55 Merge remote-tracking branch 'origin/pr/658' into baremetal 2019-09-10 12:55:03 +01:00
Manuel Pégourié-Gonnard 8abd0a0c84 Merge branch 'mbedtls-2.16' into baremetal-2.16-20190909
* mbedtls-2.16: (28 commits)
  Bump version to Mbed TLS 2.16.3
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Fix uninitialized variable in x509_crt
  HMAC DRBG: Split entropy-gathering requests to reduce request sizes
  Fix the license header of hkdf
  Add a change log entry
  Add a test for mlaformed ECJPAKE context
  Fix handling of md failure
  Add a test for signing content with a long ECDSA key
  Add documentation notes about the required size of the signature buffers
  Add missing MBEDTLS_ECP_C dependencies in check_config.h
  Change size of preallocated buffer for pk_sign() calls
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
  Add ChangeLog entry for new function
  Add ChangeLog entry
  Correct deterministic ECDSA behavior
  Add warning for alternative ECDSA implementations
  ...
2019-09-10 11:27:14 +02:00
Simon Butcher 92c3d1f4f4 Addition of copyright statements to tinycrypt files
Each of the tinycrypt files have had some very minor changes, so need a
copyright statement.
2019-09-09 17:37:08 +01:00
Simon Butcher cffedb548f Add SPDX lines to each imported TinyCrypt file
Out of the 6 tinycrypt files included in Mbed TLS, this commit adds SPDX lines
to each for the BSD 3 Clause licence.
2019-09-09 17:34:51 +01:00
Arto Kinnunen 9b3b19407a Review corrections 4
- Try to follow english grammar in function documentation
- Fix too long line
- Remove additional brackets
- Follow mbedtls coding style in for-statement
2019-09-09 17:21:18 +03:00
Arto Kinnunen 4f4849a379 Review corrections 2
-Fix MSVC compiler warnings about size_t to uint32_t conversions by
 updating GET/PUT functions signature to use size_t.
-Add type casts to functions calling GET/PUT conversions
-Remove additional space after return statement
2019-09-09 17:21:18 +03:00
Arto Kinnunen ee9bfca823 Update signature of BE conversion functions 2019-09-09 17:21:18 +03:00
Arto Kinnunen 0b62ce8ed4 Use function for 16/24/32-bit BE conversion
Use functions for 16/24/32-bit big endian conversion to save ROM.
2019-09-09 17:21:18 +03:00
Simon Butcher 7fce190774 Merge remote-tracking branch 'origin/pr/635' into HEAD 2019-09-09 14:20:03 +01:00
Hanno Becker 9ae9da93d8 Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C 2019-09-09 05:28:13 -04:00
Hanno Becker e29e7eb36c Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h 2019-09-09 05:17:13 -04:00
Hanno Becker cd239f8839 X.509: Don't remove verify callback by default 2019-09-09 09:55:31 +01:00
Hanno Becker cd839c9aa7 Fix Doxygen warnings regarding removed verify cb+ctx parameters 2019-09-09 09:55:31 +01:00
Hanno Becker 8d6d320603 Re-implement verify chain if vrfy cbs are disabled
This commit re-implements the previously introduced internal
verification chain API in the case where verification callbacks
are disabled. In this situation, it is not necessary to maintain
the list of individual certificates and flags comprising the
verification chain - instead, it suffices to just keep track
of the length and the total (=merged) flags.
2019-09-09 09:55:31 +01:00
Hanno Becker adc282a5e8 Add zero-cost abstraction layer for CRT verification chain
When verifying an X.509 certificate, the current verification logic
maintains an instance of the internal mbedtls_x509_crt_verify_chain
structure representing the state of the verification process. This
instance references the list of certificates that comprise the chain
built so far together with their verification flags. This information
must be stored during verification because it's being passed to the
verification callback at the end of verification - if the user has
specified those.

If the user hasn't specified a verification callback, it is not
necessary to maintain the list of CRTs, and it is also not necessary
to maintain verification flags for each CRT individually, as they're
merged at the end of the verification process.

To allow a readable simplification of the code in case no verification
callbacks are used, this commit introduces a zero-cost abstraction layer
for the functionality that's required from the verification chain structure:
- init/reset
- add a new CRT to the chain
- get pointer to current CRT flags
- add flags to EE certificate
- get current chain length
- trigger callbacks and get final (merged) flags
This gives flexibility for re-implementing the verification chain
structure, e.g. in the case where no verification callbacks are
provided, and there's hence no need to store CRTs and flags
individually. This will be done in a later commit.
2019-09-09 09:55:31 +01:00
Hanno Becker 9ec3fe0d43 Introduce configuration option to remove CRT verification callbacks 2019-09-09 09:55:31 +01:00
Hanno Becker 56d1b2389c Fixup: Don't assume that alt SHA256 impln's have trivial init/free 2019-09-09 09:45:57 +01:00