New functions are used to cover corner cases:
* authentication data is fed to gcm with 0, 1 or 2 calls to gcm_update
* ciphertext is fed to gcm with 0, 1 or 2 calls to gcm_update_ad
AES-GCM NIST test vectors downloaded at 16.06.2021 from:
csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
mbedtls_dhm_get_value can be seen as either a copy function or a getter
function. Given the name and the semantics, it's more of a getter, even if
it "gets" by doing a copy. Therefore, put the context first, and the
selector next, leaving the output for last.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It would be possible to make SSL debugging compatible with MBEDTLS_DHM_ALT,
but too much low-priority work right now, so don't require it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
... unless the alt implementation defines a group structure that's mostly
compatible with the built-in one and supports partially filled group
structures in the same way.
It would be possible to rewrite the SpecifiedECDomain parsing code to avoid
requiring support for partially filled group structures, but that's too
complicated to do now.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Mbed TLS code relies heavily on reading certain fields of
mbedtls_ecp_group directly. Make these fields public. Require
that MBEDTLS_ECP_ALT alternative implementations have them.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.
Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When MBEDTLS_RSA_ALT is defined, mbedtls_rsa_context does not necessarily
have fields called N and E of type mbedtls_mpi. Don't emit pk_debug
information with MBEDTLS_RSA_ALT. This is not ideal but at least the
library compiles.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use headers defining dummy context types.
The test does not pass yet. I plan to fix this in subsequent commits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The new method `Config.change_matching` and the new command-line
commands `set-all` and `unset-all` change a batch of existing boolean
settings to the desired state (active or inactive).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Follow-up to "Create xxx_alt.h headers for testing". The inclusion of
threading_alt.h in include/mbedtls/threading.h does not follow the
same pattern as the others so it was missed by the script.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
These headers define the context types that alternative implementations must
provide. The context types are dummy types, suitable for building but not
meant to be usable by an implementation.
This is the output of the following script:
```
perl -0777 -ne '
m@^#if !defined\((MBEDTLS_\w+_ALT)\).*\n((?:.*\n)*?)#else.*\n#include "(.*_alt\.h)"\n#endif@m or next;
$symbol = $1; $content = $2; $header = $3;
$header_symbol = $header; $header_symbol =~ y/a-z./A-Z_/;
m@/\*[ *\n]*Copyright .*?\*/@s or die; $copyright = $&;
open OUT, ">tests/include/alt-dummy/$header" or die;
$content =~ s@//.*@@mg;
$content =~ s@/\*.*?\*/@@sg;
$content =~ s@\{.*?\}@{\n int dummy;\n}@sg;
$content =~ s@ +$@@mg;
$content =~ s@\n{3,}@\n\n@g; $content =~ s@\A\n+@@; $content =~ s@\n*\Z@\n@;
print OUT "/* $header with dummy types for $symbol */\n$copyright\n\n#ifndef $header_symbol\n#define $header_symbol\n\n$content\n\n#endif /* $header */\n" or die;
close OUT or die;
' include/mbedtls/*.h
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_ECP_MAX_BITS doesn't make sense as a configuration option: it
must not be smaller than the largest supported curve, and it's useless
to set it to a larger value. So unconditionally set it to the size of
the largest supported curve. Remove it from the build configuration.
Alternative implementations must no longer need define this macro.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
library/ecp_alt.h (declaring individual functions of the ECP module that can
be substituted, included when building the library with
MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided,
declaring types of the ECP module when the whole implementation is
substituted, included when building the library with MBEDTLS_ECP_ALT enabled).
Depending on the search path during build, this can make MBEDTLS_ECP_ALT
unusable.
Rename library/ecp_alt.h to follow the naming convention of other alt headers:
MBEDTLS_XXX_ALT corresponds to xxx_alt.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Conflicts:
include/mbedtls/ssl.h
include/psa/crypto_struct.h
Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.