Commit graph

9083 commits

Author SHA1 Message Date
Hanno Becker 4c6fe12db8 Remove TODO 2019-05-17 10:23:47 +01:00
Hanno Becker 2e7cd5aa4c Use MBEDTLS_ namespace for internal CID length constant 2019-05-17 10:23:47 +01:00
Hanno Becker d91dc3767f Skip copying CIDs to SSL transforms until CID feature is complete
This commit temporarily comments the copying of the negotiated CIDs
into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys()
until the CID feature has been fully implemented.

While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do
support CID-based record protection by now and can be unit tested,
the following two changes in the rest of the stack are still missing
before CID-based record protection can be integrated:
- Parsing of CIDs in incoming records.
- Allowing the new CID record content type for incoming records.
- Dealing with a change of record content type during record
  decryption.

Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by
the CID fields in the currently transforms, this change also requires
temporarily disabling some grepping for ssl_client2 / ssl_server2
debug output in ssl-opt.sh.
2019-05-17 10:23:47 +01:00
Hanno Becker 92c930f7c4 Implement inner plaintext parsing/writing for CID-based connections 2019-05-17 10:23:47 +01:00
Hanno Becker d8f753bd04 Add unit tests for record protection using CID 2019-05-17 10:23:47 +01:00
Hanno Becker 36fb379f68 Record enc/dec tests: Don't take turns in sending / receiving roles
Part of the record encryption/decryption tests is to gradually
increase the space available at the front and/or at the back of
a record and observe when encryption starts to succeed. If exactly
one of the two parameters is varied at a time, the expectation is
that encryption will continue to succeed once it has started
succeeding (that's not true if both pre- and post-space are varied
at the same time).

Moreover, previously the test would take turns when choosing which
transform should be used for encryption, and which for decryption.

With the introduction of the CID feaature, this switching of transforms
doesn't align with the expectation of eventual success of the encryption,
since the overhead of encryption might be different for the parties,
because both parties may use different CIDs for their outgoing records.

This commit modifies the tests to not take turns between transforms,
but to always use the same transforms for encryption and decryption
during a single round of the test.
2019-05-17 10:23:47 +01:00
Hanno Becker e83efe6d79 Incorporate CID into MAC computations during record protection
This commit modifies ssl_decrypt_buf() and ssl_encrypt_buf()
to include the CID into authentication data during record
protection.

It does not yet implement the new DTLSInnerPlaintext format
from https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
2019-05-17 10:23:47 +01:00
Hanno Becker 80fe63e082 Add CID field to internal structure representing TLS records
This commit adds a static array `cid` to the internal structure
`mbedtls_record` representing encrypted and decrypted TLS records.

The expected evolution of state of this field is as follows:
- When handling an incoming record, the caller of `mbedtls_decrypt_buf()`
  has to make sure the CID array field in `mbedtls_record` has been
  properly set. Concretely, it will be copied from the CID from the record
  header during record parsing.
- During decryption in `mbedtls_decrypt_buf()`, the transforms
  incoming CID is compared to the CID in the `mbedtls_record`
  structure representing the record to be decrypted.
- For an outgoing TLS record, the caller of `mbedtls_encrypt_buf()`
  clears the CID in the `mbedtls_record` structure.
- During encryption in `mbedtls_encrypt_buf()`, the CID field in
  `mbedtls_record` will be copied from the out-CID in the transform.
2019-05-17 10:23:47 +01:00
Hanno Becker 8013b27481 Replace 'ingoing' -> 'incoming' in CID debug messages 2019-05-17 10:20:41 +01:00
Hanno Becker cb063f5a5b Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs 2019-05-17 10:20:41 +01:00
Hanno Becker f885d3bba2 Improve structure of client-side CID extension parsing
Group configuring CID values together.
2019-05-17 10:20:41 +01:00
Hanno Becker 8f68f87382 Improve debugging output of client-side CID extension parsing 2019-05-17 10:20:41 +01:00
Hanno Becker 19976b5345 Improve structure of ssl_parse_cid_ext()
Group configuring CID values together.
2019-05-17 10:20:41 +01:00
Hanno Becker fc7ff9289f Use unused extension ID as tentative ID for CID extension 2019-05-17 10:20:41 +01:00
Hanno Becker 4ce06047e1 Enable use of CID in baremetal configuration and test script 2019-05-17 10:20:41 +01:00
Hanno Becker 2e0bedcc35 Correct compile-time guard around unhexify() in ssl_server2 2019-05-17 10:20:41 +01:00
Hanno Becker 31f1668d3c Correct compile-time guard around CID extension writing func on srv 2019-05-17 10:20:41 +01:00
Hanno Becker b4a5606e2d Make integer truncation explicit in mbedtls_ssl_set_cid() 2019-05-17 10:20:41 +01:00
Hanno Becker 6a3ff286a5 Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2 2019-05-17 10:20:41 +01:00
Hanno Becker 0c8281aae5 Change formating of CID debug output in ssl_client2/ssl_server2 2019-05-17 10:20:41 +01:00
Hanno Becker 2de89fae8f Implement mbedtls_ssl_get_peer_cid() 2019-05-17 10:20:41 +01:00
Hanno Becker 5e2cd1422e Grep for dbg msg witnessing copying of CIDs to SSL transform 2019-05-17 10:20:41 +01:00
Hanno Becker dd0afca3f6 Copy CIDs into SSL transform if use of CID has been negotiated 2019-05-17 10:20:41 +01:00
Hanno Becker 4f0b15faec Add fields holding in/out CIDs to SSL record transformation struct
These will be copied from the CID fields in mbedtls_ssl_handshake_params
(outgoing CID) and mbedtls_ssl_context (incoming CID) when the transformation
is set up at the end of the handshake.
2019-05-17 10:20:41 +01:00
Hanno Becker cf2a565e3e Grep for dbg msg witnessing parsing of CID extension in ServerHello 2019-05-17 10:20:41 +01:00
Hanno Becker 1ba81f62a6 Implement parsing of CID extension in ServerHello 2019-05-17 10:20:41 +01:00
Hanno Becker 4eb0587c0f Grep for dbg msg witnessing writing of CID extension in ServerHello 2019-05-17 10:20:41 +01:00
Hanno Becker 072d4eca2e Implement writing of CID extension in ServerHello 2019-05-17 10:20:41 +01:00
Hanno Becker c008cb5f8c Grep for dbg msg witnessing parsing of CID extension in ClientHello 2019-05-17 10:20:41 +01:00
Hanno Becker c403b264e8 Implement parsing of CID extension in ClientHello 2019-05-17 10:20:41 +01:00
Hanno Becker 7345599a7b Grep for dbg msg witnessing writing of CID extension in ClientHello 2019-05-17 10:20:41 +01:00
Hanno Becker 39ec525e4f Implement writing of CID extension in ClientHello 2019-05-17 10:20:41 +01:00
Hanno Becker 46629717c9 Check static bounds of CID lengths in check_config.h 2019-05-17 10:20:41 +01:00
Hanno Becker 4baec2c4bf Add identifier for CID extension
Note: The current draft

   https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04

does not yet specify the extension value, so we
use a temporary value of 42.
2019-05-17 10:20:41 +01:00
Hanno Becker 9dae9fd57b Modify CID tests in ssl-opt.sh to grep for CID config debug msgs 2019-05-17 10:20:41 +01:00
Hanno Becker 0748986178 Allow configuring own CID fields through mbedtls_ssl_get_peer_cid() 2019-05-17 10:20:41 +01:00
Hanno Becker e5e7f621cc Add fields to SSL structures describing state and config of CID ext
* mbedtls_ssl_context gets fields indicating whether the CID extension
  should be negotiated in the next handshake, and, if yes, which CID
  the user wishes the peer to use.

  This information does not belong to mbedtls_ssl_handshake_params
  because (a) it is configured prior to the handshake, and (b) it
  applies to all subsequent handshakes.

* mbedtls_ssl_handshake_params gets fields indicating the state of CID
  negotiation during the handshake. Specifically, it indicates if the
  use of the CID extension has been negotiated, and if so, which CID
  the peer wishes us to use for outgoing messages.
2019-05-17 10:20:41 +01:00
Hanno Becker fce6f836ba Merge branch 'mbedtls-2.16' into baremetal 2019-05-17 10:06:02 +01:00
Gilles Peskine 473f2d4ec2 all.sh: invoke check-names.sh in print-trace-on-exit mode 2019-05-15 17:55:06 +02:00
Gilles Peskine 5e525fb6e5 Print a command trace if the check-names.sh exits unexpectedly
We've observed that sometimes check-names.sh exits unexpectedly with
status 2 and no error message. The failure is not reproducible. This
commits makes the script print a trace if it exits unexpectedly.
2019-05-15 17:40:58 +02:00
Jaeden Amero c7aa05eb34 Merge remote-tracking branch 'origin/pr/2637' into mbedtls-2.16
* origin/pr/2637:
  Only use submodule if present
2019-05-14 16:20:53 +01:00
Jaeden Amero 122cf66a54 Merge remote-tracking branch 'origin/pr/2493' into mbedtls-2.16
* origin/pr/2493:
  Ignore more generated files: seedfile, apidoc
  Improve .gitignore grouping and documentation
  Generate tags for Vi, for Emacs and with Global
2019-05-14 16:20:07 +01:00
Manuel Pégourié-Gonnard 84ef8bde68 Remove 'session' input from populate_tranform()
When using this function to deserialize, it's not a problem to have a session
structure as input as we'll have one around anyway (most probably freshly
deserialised).

However for tests it's convenient to be able to build a transform without
having a session structure around.

Also, removing this structure from parameters makes the function signature
more uniform, the only exception left being the ssl param at the end that's
hard to avoid for now.
2019-05-10 10:50:04 +02:00
Manuel Pégourié-Gonnard cf31216ace Fix typo in comment 2019-05-10 10:25:00 +02:00
Simon Butcher 724a695534 Merge remote-tracking branch 'origin/pr/562' into baremetal 2019-05-09 17:11:38 +01:00
Simon Butcher e372d5fb8f Merge remote-tracking branch 'origin/pr/558' into baremetal 2019-05-09 17:03:18 +01:00
Simon Butcher 999ac174cc Merge remote-tracking branch 'origin/pr/566' into baremetal 2019-05-09 16:59:02 +01:00
Simon Butcher ec998c6426 Merge remote-tracking branch 'origin/pr/564' into baremetal 2019-05-09 16:56:42 +01:00
Darryl Green fbf3c8ac23 Only use submodule if present
Enabling the USE_CRYPTO_SUBMODULE option causes problems if the
crypto submodule isn't present. For example, when building
mbed-crypto as a submodule, it should use error.c from the parent
project if USE_CRYPTO_SUBMODULE is set. However if the parent
project isn't present, then the build will fail. Only enable it
if the submodule actually exists.
2019-05-09 13:25:26 +01:00
Manuel Pégourié-Gonnard 00c99d776a Clarify origin and licensing of TinyCrypt files 2019-05-09 11:38:19 +02:00