Commit graph

10149 commits

Author SHA1 Message Date
Hanno Becker 08cf43a9ec Fix typo MBEDTLS_SSL_CONF_SINGLE_HASH -> MBEDTLS_MD_SINGLE_HASH 2019-09-09 09:45:57 +01:00
Hanno Becker 8fbacf941f check_config.h: Check MBEDTLS_MD_SINGLE_HASH is used with single MD
This commit modifies check_config.h to check that precisely one
hash is enabled if MBEDTLS_MD_SINGLE_HASH is set.

This is not only a reasonable expectation, it is also necessary,
because test suites assume that if a digest is enabled, it is also
accessible through the MD abstraction layer.
2019-09-09 09:45:57 +01:00
Hanno Becker c763e9dc70 Add test for MD hardcoding to all.sh 2019-09-09 09:45:57 +01:00
Hanno Becker bdaf0ea5d9 Make MD info getters always inline 2019-09-09 09:45:57 +01:00
Hanno Becker d9bf935725 Disable invalid argument MD test case
With the removal of the MD handle from the MD context, it's a precondition
for any MD API outside of mbedtls_md_init() and mbedtls_md_setup() that
the MD context has been successfully setup by precisely those functions
beforehand, and hence must be bound to the single enabled valid MD handle.
2019-09-09 09:45:57 +01:00
Hanno Becker c94fc6c0c2 Add MBEDTLS_ALWAYS_INLINE macro to platform_util.h 2019-09-09 09:45:57 +01:00
Hanno Becker d806d9da89 Use SHA-256 as single hardcoded hash in baremetal configuration 2019-09-09 09:45:57 +01:00
Hanno Becker ccb2b62f0a Remove handle from MD context in single hash config 2019-09-09 09:45:57 +01:00
Hanno Becker 1292c35c03 Add config.h option to hardcode choice of single MD algorithm
This commit introduces the configuration option

  MBEDTLS_MD_SINGLE_HASH

which can be used to hardcode support for a single digest algorithm
at compile-time, at the benefit of reduced code-size.

To use, it needs to be defined to evaluate to a macro of the form
MBEDTLS_MD_INFO_{DIGEST}, and macros MBEDTLS_MD_INFO_{DIGEST}_FIELD
must be defined, giving rise to the various aspects (name, type,
size, ...) of the chosen digest algorithm. MBEDTLS_MD_INFO_SHA256
provides an example, but other algorithms can be added if needed.

At the moment, the effect of using MBEDTLS_MD_SINGLE_HASH is that
the implementation of the MD API (e.g. mbedtls_md_update()) need no
longer to through the abstraction of the mbedtls_md_info structures
by calling their corresponding function pointers fields (akin to
virtual functions in C++), but the directly call the corresponding
core digest function (such as mbedtls_sha256_update()).

Therefore, MBEDTLS_MD_SINGLE_HASH so far removes the second layer
of indirection in the chain

  User calls MD API -> MD API calls underlying digest impl'n
                    -> Core digest impl'n does the actual work,

but the first indirection remains, as the MD API remains untouched
and cannot yet be inlined. Studying to what extend inlining the
shortened MD API implementations would lead to further code-savings
is left for a later commit.
2019-09-09 09:45:57 +01:00
Hanno Becker d03949e2a4 Remove md_wrap.c and md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker d3827c74d5 Introduce getter for MD handle from MD context 2019-09-09 09:45:57 +01:00
Hanno Becker 62a44d43b0 Allow defining MD information structs through macros
In builds enabling only a single MD digest, we want to be able to
implement the MD info getter functions by returning compile-time
constants matching the fields of the MD info structures used so far.

To avoid information duplication hardening maintainability, this
commit introduces the possibility of providing the various aspects
of a particular digest implementation by defining macros
MBEDTLS_MD_INFO_DIGEST_FIELD (e.g. MBEDTLS_MD_INFO_SHA256_SIZE)
and to generate the corresponding mbedtls_md_info instance from
this set of macros, via the new macro MBEDTLS_MD_INFO().

This way, we'll be able to switch between MD info based builds
and single-digest builds without information duplication.
2019-09-09 09:45:57 +01:00
Hanno Becker 0e7fc3166d Inline md_wrap.c in md.c
md_wrap.c doesn't expose any public functionality and doesn't
need to be present as a separate compilation unit.
2019-09-09 09:45:57 +01:00
Hanno Becker 530387eaa3 Introduce getter functions for MD info fields
This commit continues the introduction of the MD digest implementation
abstraction layer given by `mbedtls_md_handle_t` by adding getter
functions returning the various properties of an implementation
(e.g. name, digest type, digest size). For the existing implementation,
these are just structure field accesses; however, in configurations
hardcoding the choice of a fixed digest algorithm, we'll be able to
implement them as inline functions returning compile-time constants.
2019-09-09 09:45:57 +01:00
Hanno Becker a5cedbcd3f Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard 505be8be4d Remove unnecessary depends in a test case 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard d6ac3308cd Adjust depends-hashes.pl to test NO_SHA224 as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 7f2c3e4034 Remove dependency of ssl_cookie on SHA-224
Cookies are fully opaque so we can change the hash used at any time, it's not
part of the API.

The cookie module handles truncation, so it's simpler to always use SHA-256
rather than check if SHA-224 is available.
2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 81ed9fb277 Exclude SHA-224 from some reduced config examples
Besides the value as an example, this is usefull for testing the option, via
test-ref-configs.pl (which is included in all.sh).
2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard efd344894d Completely ignore is224 if SHA-224 is disabled 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 0956e3ebed Exclude NO_SHA224 option from scripts/config.pl
As a negative option that removes a feature it should be excluded.
2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard e06cc3109c Add MBEDTLS_SHA256_NO_SHA224 to baremetal.h 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 394c5fb24b Implement NO_SHA224 in MD layer as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 5a26ff3cf9 Declare dependencies on !NO_SHA224 in test suites 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard abebdd16ef Adapt SHA-256 selftest to NO_SHA224 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 8463d29156 Implement MBEDTLS_SHA256_NO_SHA224 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 9b781b2880 Add MBEDTLS_SHA256_NO_SHA244 option (unimplemented) 2019-09-09 09:06:56 +02:00
Jarno Lamsa 28012e2ea2 Remove redundant rng wrapper 2019-09-09 08:42:11 +03:00
Jarno Lamsa f35f35bcbe Use rnd_std_rand for generating hash 2019-09-09 08:19:56 +03:00
Jarno Lamsa a7e0f632fc Add unit tests for primitive test vectors
Add a unit test for both ECDSA and ECDH, testing
reference test vectors for secp256r1.
2019-09-09 08:19:56 +03:00
Jarno Lamsa 34fcbfe287 Add rng for the tinycrypt tests
Use rnd_std_rand for the rng.
2019-09-09 08:19:56 +03:00
Jarno Lamsa 6c2f76e9cd Add a unit test for ECDSA
Add a basic unit test for the ECDSA part of the tinycrypt.
It generates keys, signs and verifies. Modified from tinycrypt
tests found in tinycrypt-repository.
2019-09-09 08:19:56 +03:00
Jarno Lamsa 7c5dc6b20a Add test suite for tinycrypt
Initially add a test for ECDH-part.
2019-09-09 08:19:56 +03:00
Simon Butcher 0e895727be Merge remote-tracking branch 'origin/pr/656' into baremetal 2019-09-07 12:48:28 +01:00
Simon Butcher d82db9d48c Merge remote-tracking branch 'origin/pr/649' into baremetal 2019-09-07 12:46:12 +01:00
Simon Butcher d91adcf7f5 Merge remote-tracking branch 'origin/pr/624' into baremetal 2019-09-07 12:44:42 +01:00
Simon Butcher 2da461e657 Merge remote-tracking branch 'origin/pr/655' into baremetal 2019-09-07 12:35:54 +01:00
Simon Butcher e501c8d308 Merge remote-tracking branch 'origin/pr/644' into baremetal 2019-09-07 12:34:46 +01:00
Jaeden Amero 04a049bda1 Merge remote-tracking branch 'origin/pr/2823' into mbedtls-2.16
* origin/pr/2823:
  Bump version to Mbed TLS 2.16.3
2019-09-06 13:35:30 +01:00
Jaeden Amero fcb8711f6f Bump version to Mbed TLS 2.16.3 2019-09-06 13:27:00 +01:00
Hanno Becker d5cfe6fbd0 Use native DTLS version encoding if only DTLS is enabled
This commit changes the internal identifiers

  MBEDTLS_SSL_MINOR_VERSION_XXX

in DTLS-only builds to match the version encoding used by the
DTLS standard, encoding DTLS 1.0 as 255 and DTLS 1.2 as DTLS 1.0.
Accordingly, the version comparison functions introduced in the
previous commit must be re-implemented, as older version have
_larger_ identifiers now.

Further, since we identify DTLS 1.0 as MBEDTLS_SSL_MINOR_VERSION_2
and DTLS 1.2 as MBEDTLS_SSL_MINOR_VERSION_3, what remains is to
define MBEDTLS_SSL_MINOR_VERSION_{0|1}. While these don't have any
meaning meaning in DTLS, they still need to be set and obey the
ordering in the sense that the version comparison functions '<='
should attest that

  MBEDTLS_SSL_MINOR_VERSION_i '<=' MBEDTLS_SSL_MINOR_VERSION_j

for i <= j. Since '<=' is actually >= and the wire format value
for DTLS 1.0 == MBEDTLS_SSL_MINOR_VERSION_2 is the 255, this
forces us to use values beyond 255, and hence to extend the
storage type for minor versions from uint8_t to uint16_t.
2019-09-06 10:35:41 +01:00
Teppo Järvelin f69e641e03 Changed x509_internal.h methods as static.
Moved some functions under defined to get rid of compiler warnings.
Functions moved under defines:
 - mbedtls_x509_get_alg
 - mbedtls_x509_get_alg_null
 - mbedtls_x509_get_time
 - mbedtls_x509_get_ext
 - mbedtls_x509_sig_alg_gets
 - mbedtls_x509_key_size_helper

Left one function (mbedtls_x509_write_names) as non static as it increased code size.
2019-09-06 10:03:36 +03:00
Teppo Järvelin c3e5716aaf Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
Jaeden Amero 89408672eb Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted
* origin/mbedtls-2.16:
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 18:14:55 +01:00
Hanno Becker 7bcf2b5875 Introduce version comparing functions
This zero-cost abstraction allows to change the internal encoding
of TLS/DTLS versions in the future.
2019-09-05 17:37:55 +01:00
Jaeden Amero c3bfb20a41 Merge remote-tracking branch 'origin/pr/2645' into mbedtls-2.16
* origin/pr/2645:
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 17:37:13 +01:00
Jaeden Amero 71db1de226 Merge remote-tracking branch 'origin/pr/2793' into mbedtls-2.16
* origin/pr/2793:
  Changelog entry
  Check for zero length and NULL buffer pointer
2019-09-05 15:57:34 +01:00
Hanno Becker 963d49f79a ssl-opt.sh: Remove now-redundant explicit DTLS dependencies
Dependencies on DTLS are now auto-detected from the command line.
2019-09-05 14:55:56 +01:00
Hanno Becker a43f85c9b2 ssl-opt.sh: Auto-skip tests depending on DTLS 2019-09-05 14:51:20 +01:00
Hanno Becker fcda6ddae1 Fixup: Correct typo in DTLS only component of all.sh 2019-09-05 14:50:00 +01:00