Commit graph

1691 commits

Author SHA1 Message Date
Gilles Peskine
9afbfdc833 Merge remote-tracking branch 'myfork-public/development' into merge-crypto-development-20191115
First deal with deleted files.

* Files deleted by us: keep them deleted.
* Files deleted by them, whether modified by us or not: keep our version.

```
git rm $(git status -s | sed -n 's/^DU //p')
git reset -- $(git status -s | sed -n 's/^D  //p')
git checkout -- $(git status -s | sed -n 's/^ D //p')
git add -- $(git status -s | sed -n 's/^UD //p')
```

Individual files with conflicts:

* `3rdparty/everest/library/Hacl_Curve25519_joined.c`: spurious conflict because git mistakenly identified this file as a rename. Keep our version.
* `README.md`: conflict due to their change in a paragraph that doesn't exist in our version. Keep our version of this paragraph.
* `docs/architecture/Makefile`: near-identical additions. Adapt the definition of `all_markdown` and include the clean target.
* `doxygen/input/docs_mainpage.h`: conflict in the version number. Keep our version number.
* `include/mbedtls/config.h`: two delete/modify conflicts. Keep the removed chunks out.
* `library/CMakeLists.txt`: discard all their changes as they are not relevant.
* `library/Makefile`:
    * Discard the added chunk about the crypto submodule starting with `INCLUDING_FROM_MBEDTLS:=1`.
    * delete/modify: keep the removed chunk out.
    * library build: This is almost delete/modify. Their changes are mostly not applicable. Do keep the `libmbedcrypto.$(DLEXT): | libmbedcrypto.a` order dependency.
    * `.c.o`: `-o` was added on both sides but in a different place. Change to their place.
* `library/error.c`: to be regenerated.
* `library/version_features.c`: to be regenerated.
* `programs/Makefile`: Most of the changes are not relevant. The one relevant change is in the `clean` target for Windows; adapt it by removing `/S` from our version.
* `programs/test/query_config.c`: to be regenerated.
* `scripts/config.py`: added in parallel on both sides. Keep our version.
* `scripts/footprint.sh`: parallel changes. Keep our version.
* `scripts/generate_visualc_files.pl`: one delete/modify conflict. Keep the removed chunks out.
* `tests/Makefile`: discard all of their changes.
* `tests/scripts/all.sh`:
    * `pre_initialize_variables` add `append_outcome`: add it.
    * `pre_initialize_variables` add `ASAN_CFLAGS`: already there, keep our version.
    * `pre_parse_command_line` add `--no-append-outcome`: add it.
    * `pre_parse_command_line` add `--outcome-file`: add it.
    * `pre_print_configuration`: add `MBEDTLS_TEST_OUTCOME_FILE`.
    * Several changes in SSL-specific components: keep our version without them.
    * Several changes where `config.pl` was changed to `config.py` and there was an adjacent difference: keep our version.
    * Changes regarding the inclusion of `MBEDTLS_MEMORY_xxx`: ignore them here, they will be normalized in a subsequent commit.
    * `component_test_full_cmake_gcc_asan`: add it without the TLS tests.
    * `component_test_no_use_psa_crypto_full_cmake_asan`: keep the fixed `msg`, discard other changes.
    * `component_test_memory_buffer_allocator_backtrace`, `component_test_memory_buffer_allocator`: add them without the TLS tests.
    * `component_test_m32_everest`: added in parallel on both sides. Keep our version.
* `tests/scripts/check-names.sh`, `tests/scripts/list-enum-consts.pl`, `tests/scripts/list-identifiers.sh`, ``tests/scripts/list-macros.sh`: discard all of their changes.
* `tests/scripts/test-ref-configs.pl`: the change in the conflict is not relevant, so keep our version there.
* `visualc/VS2010/*.vcxproj`: to be regenerated.

Regenerate files:

```
scripts/generate_visualc_files.pl
git add visualc/VS2010/*.vcxproj
scripts/generate_errors.pl
git add library/error.c
scripts/generate_features.pl
git add library/version_features.c
scripts/generate_query_config.pl
git add programs/test/query_config.c
```

Rejected changes in non-conflicting files:

* `CMakeLists.txt`: discard their addition which has already been side-ported.
* `doxygen/mbedtls.doxyfile`: keep the version number change. Discard the changes related to `../crypto` paths.

Keep the following changes after examination:

* `.travis.yml`: all of their changes are relevant.
* `include/mbedtls/error.h`: do keep their changes. Even though Crypto doesn't use TLS errors, it must not encroach on TLS's allocated numbers.
* `tests/scripts/check-test-cases.py`: keep the code dealing with `ssl-opt.sh`. It works correctly when the file is not present.
2019-11-15 11:47:14 +01:00
Gilles Peskine
96a7cd1759 Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs
Use the constant that is now provided by the crypto submodule instead
of rolling our own definition which is not correct in all cases.
2019-11-13 15:32:11 +01:00
Gilles Peskine
da252bed3c Define a constant for the maximum signature size from pk_sign()
Based on the buffer size used in the pk_sign sample program, this is
MBEDTLS_MPI_MAX_SIZE.
2019-11-05 16:27:27 +01:00
Gilles Peskine
f0ebbfb3fc Fix CTR_DRBG benchmark
You can't reuse a CTR_DRBG context without free()ing it and
re-init()ing. This generally happened to work, but was never
guaranteed. It could have failed with alternative implementations of
the AES module because mbedtls_ctr_drbg_seed() calls
mbedtls_aes_init() on a context which is already initialized if
mbedtls_ctr_drbg_seed() hasn't been called before, plausibly causing a
memory leak. Calling free() and seed() with no intervening init fails
when MBEDTLS_THREADING_C is enabled and all-bits-zero is not a valid
mutex representation. So add the missing free() and init().
2019-10-28 21:03:52 +01:00
Andrzej Kurek
df2cd9e14f Makefiles: move the dependencies block to be after DLEXT definition
Having it before them resulted in incomplete dependency names, always ending
with a period.
2019-10-07 09:24:22 -04:00
Gilles Peskine
1540e5bd04 Move MBEDTLS_CTR_DRBG_USE_128_BIT_KEY to the correct section
It's an on/off feature, so it should be listed in version_features.
2019-10-04 11:16:24 +02:00
k-stachowiak
bbc1c699fc Fix potential resource leak in sslserver2 example 2019-09-26 13:43:31 +02:00
k-stachowiak
20935ebd34 Fix buffer size in an AES example 2019-09-26 11:22:02 +02:00
Jaeden Amero
c21a9f04f9 Merge remote-tracking branch 'origin/pr/2765' into development
* origin/pr/2765: (28 commits)
  Add set+get tests
  Consolidate tests for set with/without values
  config.py testing: also test the get command
  Compatibility redirect: add copyright notice
  Compatibility redirect: if python3 is not available, try python
  Fix config.py output when a symbol has acquired or lost a value
  Remove redundant test case
  cmake: update interpreter requirement for the test suite generator
  cmake: fix Python requirement
  Test script for config.py
  Documentation improvements
  Fix "#define ... not found" error when using the default file name
  Fix "--force set" without a value sneaking a None in
  Fix --force requiring an argument
  Fix Config.unset() making the name known
  Also search config.h near the script
  Report an error if switching to Python fails
  Fix 'config.py set' without --force
  Fix encoding errors
  Print help when invoked with no arguments
  ...
2019-09-23 17:27:44 +01:00
Gilles Peskine
583afe47cc Add a calloc self-test
Add a very basic test of calloc to the selftest program. The selftest
program acts in its capacity as a platform compatibility checker rather
than in its capacity as a test of the library.

The main objective is to report whether calloc returns NULL for a size
of 0. Also observe whether a free/alloc sequence returns the address
that was just freed and whether a size overflow is properly detected.
2019-09-20 20:22:15 +02:00
Gilles Peskine
5d46f6a89b Invoke config.py instead of config.pl
git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g'

Also:
* Change one comment in include/mbedtls/check_config.h.
* Change PERL to PYTHON in CMakeLists.txt.
2019-09-13 11:04:23 +02:00
Jaeden Amero
63d813d258 ssl: Disallow modification of hello.random by export
Make client_random and server_random const in
mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged
from modifying the client/server hello.

Update examples and tests use const for hello.random as well, to ensure
that the export callbacks are of the proper type.

Fixes #2759
2019-09-12 15:18:25 +01:00
Hanno Becker
bc5308cb9a ssl_cli/srv2: Indicate nss_keylog and eap_tls are mut. exclusive 2019-09-09 11:38:51 +01:00
Hanno Becker
48f3a3d101 Add NSS keylog support to ssl_server2 and ssl_client2
This commit adds command line options

- nss_keylog=0/1
- nss_keylog_file=FILENAME

to the example programs ssl/ssl_client2 and ssl/ssl_server2 which
allow to print and export the session keys in the NSS keylog
for debugging purposes.
2019-09-09 10:30:16 +01:00
Jaeden Amero
f66e7ea7f3
Merge pull request #178 from mpg/sha512-smaller
New config.h option to make SHA-512 smaller
2019-09-04 10:19:28 +01:00
Jaeden Amero
481659a9c0 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix uninitialized variable in x509_crt
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
  Add ChangeLog entry
  fix memory leak in mpi_miller_rabin()
2019-09-03 19:42:19 +01:00
Jaeden Amero
8dd6bc7ac4 Merge remote-tracking branch 'origin/pr/2803' into development
* origin/pr/2803:
  Add a ChangeLog entry for mbedtls_net_close()
  Added mbedtls_net_close and use it in ssl_fork_server to correctly disassociate the client socket from the parent process and the server socket from the child process.
2019-09-03 16:41:51 +01:00
Jaeden Amero
4cf0e7e4d2 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 16:24:18 +01:00
Darryl Green
9b9a790be6 Handle deleting non-existant files on Windows
If we try to delete a non-existant file using del on Windows, as
can happen when running make clean, del will throw an error. Make
the Makefiles more robust by only deleting files if they exist.
2019-08-30 15:45:46 +01:00
Janos Follath
4f055f4ca2 Use 3rdparty headers from the submodule 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
9e8076ffdc Fix macros in benchmark.c
#2124 may suffer from the same problem.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
3669c80a90 Update generated files 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
12f359f7da Fix trailing whitespace 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
cc91fe2667 ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
5d536cd814 ECDH: Fix use of ECDH API in full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
1a2d9f7f41 ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
ed5f3f063f ECDH: Fix Everest x25519 make_public 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e1dfc9884a Fix file permissions 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
8cd4fba777 ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do 2019-08-29 16:12:38 +01:00
Gilles Peskine
c6c7c49fd6 Add mbedtls_ecdh_can_do
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-29 16:12:38 +01:00
Gilles Peskine
b14c4a533d Fix build with gcc -Wshadow 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
21411d2b79 ECDH: Make benchmarks check MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
655ddababa 3rdparty: Add additional build facilities for 3rd-party code 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b33e811f2d ECDH: Fix file permission problem 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
6a1a9e468d ECDSA: Add mbedtls_ecdsa_can_do 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
3dca1a405a ECDH: Fix error checks in benchmark.c 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e50b9704d0 ECDH: Fix whitespace and doxygen comment 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b4e63a14d9 ECDH: Improve ECDH full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0b93102415 ECDH: Rename full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0bc9c693ce ECDH: Add new (non-legacy) ECDH benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
977d89ab29 ECDH: Include Everest Curve25519 in build scripts 2019-08-29 16:12:38 +01:00
Jaeden Amero
f0716542c4
Merge pull request #140 from yanesca/everest_integration
Everest integration
2019-08-29 16:02:49 +01:00
Jaeden Amero
f1cdceae0d Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (114 commits)
  Don't redefine calloc and free
  Add changelog entry to record checking
  Fix compiler warning
  Add debug messages
  Remove duplicate entries from ChangeLog
  Fix parameter name in doxygen
  Add missing guards for mac usage
  Improve reability and debugability of large if
  Fix a typo in a comment
  Fix MSVC warning
  Fix compile error in reduced configurations
  Avoid duplication of session format header
  Implement config-checking header to context s11n
  Provide serialisation API only if it's enabled
  Fix compiler warning: comparing signed to unsigned
  Actually reset the context on save as advertised
  Re-use buffer allocated by handshake_init()
  Enable serialisation tests in ssl-opt.sh
  Change requirements for setting timer callback
  Add setting of forced fields when deserializing
  ...
2019-08-27 10:09:10 +01:00
Jarno Lamsa
472a2a2fcd Don't redefine calloc and free 2019-08-23 13:13:52 +03:00
Manuel Pégourié-Gonnard
9df5a82079 Actually reset the context on save as advertised
Also fix some wording in the documentation while at it.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
13c8e68477 Change requirements for setting timer callback
The code wants timer callbacks to be set (checked in fetch_input()), and can't
easily check whether we're using nbio, so it seems easier to require the
callbacks to be always set rather than only with nbio as was previously done.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
3309a67996 Fix memory leak in client/server2
context_buf was never free()d. Moreover, since we want to free it on error
paths as well, and even properly zeroize it in order to demonstrate good
memory hygiene, we need to make it and its length main()-scoped.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
a88399c091 Improve demo/testing code in client/server2
Previously it was missing reset in case 1, and in case 2 the code was never
executed as the option value was reset to 0.

Tighten checking of return values of save(NULL, 0) now that it works.

Also, improve the printed output as well as the comments.

I checked manually that everything now works and fail in the expected way:
save, reset-or-reinit and load all succeed, but the subsequent read or write
fails.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
ddf72a1cf6 Fix style issues 2019-08-23 13:07:05 +03:00
Jarno Lamsa
8e2532196d Set timer callbacks with serialization 2019-08-23 13:05:43 +03:00
Jarno Lamsa
1a7f7936f3 Fix spacing 2019-08-23 13:05:43 +03:00
Jarno Lamsa
15b3a7ae4d Fix compiler warnings 2019-08-23 13:05:42 +03:00
Jarno Lamsa
304d61cede Add option for ssl-context re-initialization flow 2019-08-23 13:05:34 +03:00
Jarno Lamsa
12021ee115 Fix spacing 2019-08-23 12:53:40 +03:00
Jarno Lamsa
1d1657f11c Allow stub implementation of the context_save for now 2019-08-23 12:53:40 +03:00
Jarno Lamsa
93c6ff2392 Address review comments for code-style issues 2019-08-23 12:53:40 +03:00
Jarno Lamsa
378d64daad Remove mbedtls_ssl_free() and mbedtls_ssl_init() from serialization flow in test 2019-08-23 12:53:40 +03:00
Jarno Lamsa
bbc7b41903 Use MBEDTLS_SSL_CONTEXT_SERIALIZATION flag 2019-08-23 12:53:40 +03:00
Jarno Lamsa
5a3a16cb1b Serialize/deserialize for ssl_server2 2019-08-23 12:53:40 +03:00
Jarno Lamsa
af30629686 Rely on opt.exchanges for sending after serialization 2019-08-23 12:53:40 +03:00
Jarno Lamsa
77e6665ffb Serialization/deserialization in ssl_client2 2019-08-23 12:53:40 +03:00
Jarno Lamsa
9831c8a14c Add option for serialization in ssl_client/server2 2019-08-23 12:53:40 +03:00
Manuel Pégourié-Gonnard
afa8f71700 Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION
This is enabled by default as we generally enable things by default unless
there's a reason not to (experimental, deprecated, security risk).

We need a compile-time option because, even though the functions themselves
can be easily garbage-collected by the linker, implementing them will require
saving 64 bytes of Client/ServerHello.random values after the handshake, that
would otherwise not be needed, and people who don't need this feature
shouldn't have to pay the price of increased RAM usage.
2019-08-23 12:52:29 +03:00
Manuel Pégourié-Gonnard
686adb4d54 Normalize spelling to serialiZation
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)

sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
4d591d6d3f Demonstrate safe usage (zeroize) in ssl_client2 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
26f982f50e Improve save API by always updating olen
This allows callers to discover what an appropriate size is. Otherwise they'd
have to either try repeatedly, or allocate an overly large buffer (or some
combination of those).

Adapt documentation an example usage in ssl_client2.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
a7c3765760 Add tests for session copy without serialisation 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
b5e4e0a395 Add mbedtls_ssl_get_session_pointer()
Avoid useless copy with mbedtls_ssl_get_session() before serialising.

Used in ssl_client2 for testing and demonstrating usage, but unfortunately
that means mbedtls_ssl_get_session() is no longer tested, which will be fixed
in the next commit.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
21548638b7 Save session in serialised form in ssl_client2.
This provides basic testing for the session (de)serialisation functions, as
well as an example of how to use them.

Tested locally with tests/ssl-opt.sh -f '^Session resume'.
2019-08-23 12:48:41 +03:00
Robert Larsen
df8e511381 Added mbedtls_net_close and use it in ssl_fork_server to correctly
disassociate the client socket from the parent process and the server
socket from the child process.
2019-08-23 10:57:03 +02:00
Jaeden Amero
833899ee37 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (51 commits)
  Fix possibly-lossy conversion warning from MSVC
  Reintroduce length 0 check for records
  Don't use memcpy() for 2-byte copy operation
  Remove integer parsing macro
  Fix alignment in record header parsing routine
  Don't disallow 'record from another epoch' log msg in proxy ref test
  Make sure 'record from another epoch' is displayed for next epoch
  Implement record checking API
  Mark ssl_parse_record_header() as `const` in SSL context
  Make mbedtls_ssl_in_hdr_len() CID-unaware
  Remove duplicate setting of ssl->in_msgtype and ssl->in_msglen
  Move update of in_xxx fields in ssl_get_next_record()
  Move update of in_xxx fields outside of ssl_prepare_record_content()
  Reduce dependency of ssl_prepare_record_content() on in_xxx fields
  Move ssl_update_in_pointers() to after record hdr parsing
  Mark DTLS replay check as `const` on the SSL context
  Move updating the internal rec ptrs to outside of rec hdr parsing
  Mark ssl_decrypt_buf() as `const in the input SSL context
  Adapt ssl_prepare_record_content() to use SSL record structure
  Use record length from record structure when fetching content in TLS
  ...
2019-08-22 17:10:45 +01:00
Jaeden Amero
9a09f511b5 Merge remote-tracking branch 'origin/pr/2781' into development
* origin/pr/2781:
  Documentation fixes according to review
  Remove unused label in ssl_client2/ssl_server2
  Add missing word in documentation of mbedtls_ssl_check_record()
  cli/srv ex: Add dbg msg if record checking gives inconsistent result
  Fix minor issues in documentation of mbedtls_ssl_check_record()
  State that record checking is DTLS only and doesn't check content type
  Update version_features.c
  Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2
  Add IO wrappers to ssl_server2 as interm's between NET and SSL layer
  Add IO wrappers to ssl_client2 as interm's between NET and SSL layer
  Introduce configuration option and API for SSL record checking
2019-08-22 11:08:52 +01:00
Jaeden Amero
4245d4a2c8 Merge branch 'development' into development-restricted
* development:
  Rename local variables
  Update submodule
  Update Visual studio project file
  Move the examples to PSA 1.0
  Use psa_raw_key_agreement
  Remove calls to psa_allocate_key
  Make variable naming consistent
  Update psa_create_key to PSA 1.0
  Update psa_import_key to PSA 1.0
  Update psa_generator_abort to PSA 1.0
  Update psa_generator_read to PSA 1.0
  Update psa_crypto_generator_t to PSA 1.0
  Update psa_key_agreement to PSA 1.0
  Update GENERATOR_INIT macro to PSA 1.0
  Update KEYPAIR macros to PSA 1.0
2019-08-20 10:28:14 +01:00
Christoph M. Wintersteiger
6212617097 Fix macros in benchmark.c
#2124 may suffer from the same problem.
2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
f8d4c883a7 Update generated files 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
26b98e12c5 3rdparty: Fix newlines and trailing whitespace 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
cf5603f712 ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
3b58700d38 ECDH: Fix use of ECDH API in full handshake benchmark 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
ac0e64df68 ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
efdf4d7baa ECDH: Fix Everest x25519 make_public 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
737df0c755 Fix file permissions 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
41fb2c05e8 ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do 2019-08-19 13:37:46 +01:00
Gilles Peskine
20b3ef3cad Add mbedtls_ecdh_can_do
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-19 13:37:46 +01:00
Gilles Peskine
1fdf2c2d1c Fix build with gcc -Wshadow 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
9597238058 ECDH: Make benchmarks check MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
6ea2dea1c5 3rdparty: Add additional build facilities for 3rd-party code 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
ea24394c03 ECDH: Fix whitespace and permission problems 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
0082f9df6f ECDSA: Add mbedtls_ecdsa_can_do 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
3c449621ce ECDH: Fix error checks in benchmark.c 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
c3cbddecb5 ECDH: Fix whitespace, permissions 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
79acf95199 ECDH: Improve ECDH full handshake benchmark 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
65bab9772e ECDH: Rename full handshake benchmark 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
696dedaed6 ECDH: Add new (non-legacy) ECDH benchmark 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
d5fd766c49 ECDH: Include Everest Curve25519 in build scripts 2019-08-19 13:36:44 +01:00
Janos Follath
be4efc2b38 Move the examples to PSA 1.0 2019-08-16 13:37:32 +01:00
k-stachowiak
776521aee8 Return from the test and utility examples via exit()
All the core examples have been modified not to return from main
by the means of the return statement, but rather via exit() function,
which was done to make the examples more bare metal friendly.

This commit, for the sake of consistency, introduces the modifications
to the test and utility examples. These, while less likely to be used
in the low level environments, won't suffer from such a change.
2019-08-16 06:38:10 +02:00
Krzysztof Stachowiak
5e1b195d1f Unify the example programs' termination
This is done to account for platforms, for which we want custom behavior
upon the program termination, hence we call `mbedtls_exit()` instead of
returning from `main()`.
2019-08-16 06:37:42 +02:00
Gilles Peskine
4017d882dd Merge remote-tracking branch 'upstream-restricted/development-proposed' into development-restricted-proposed 2019-08-14 18:38:42 +02:00
k-stachowiak
012dcc4b87 Remove PSA_PRE_1_0_KEY_DERIVATION and the corresponding code 2019-08-13 18:42:40 +02:00
Gilles Peskine
26f3e2800d Honor MBEDTLS_CONFIG_FILE in fuzz tests 2019-08-13 18:00:02 +02:00
Hanno Becker
1f3fe87da3 Remove unused label in ssl_client2/ssl_server2 2019-08-06 11:27:34 +03:00
Hanno Becker
91f8327e40 cli/srv ex: Add dbg msg if record checking gives inconsistent result 2019-08-06 11:26:55 +03:00
Hanno Becker
4b6649e67c Pass dgrams to mbedtls_ssl_check_record in ssl_client2/server2 2019-08-06 10:53:28 +03:00
Hanno Becker
dcc94e61da Add IO wrappers to ssl_server2 as interm's between NET and SSL layer 2019-08-06 10:29:31 +03:00
Hanno Becker
8b1af2f89c Add IO wrappers to ssl_client2 as interm's between NET and SSL layer 2019-08-06 10:26:33 +03:00
Hanno Becker
cfe457921a Introduce configuration option and API for SSL record checking 2019-08-06 10:09:08 +03:00
Gilles Peskine
41f2de9da2
Merge pull request #638 from ARMmbed/development-proposed
Merge development into development-restricted
2019-08-05 11:06:20 +02:00
Gilles Peskine
01655daeee
Merge pull request #2417 from RonEld/2734
Update soon to be expired crl
2019-08-03 13:38:14 +02:00
Gilles Peskine
72c8c5b352 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801
Conflict resolution:
* `scripts/config.pl`:
  Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch.
  Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from
  the development branch.
* `tests/scripts/all.sh`:
  Multiple instances of factoring a sequence of `config.pl` calls into
  a mere `config.pl baremetal` in the development branch, and a change in
  the composition of `baremetal` in the API branch. In each case, take the
  version from development.
* `tests/suites/test_suite_psa_crypto_slot_management.function`:
  A function became non-static in development and disappeared in the API
  branch. Keep the version from the API branch. Functions need to be
  non-static if they're defined but unused in some configurations,
  which is not the case for any function in this file at the moment.
* `tests/suites/test_suite_psa_crypto.function`:
  Consecutive changes in the two branches, reconciled.
2019-07-31 17:47:49 +02:00
Jaeden Amero
8dd1690993 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following operations:
- Reject changes related to building a crypto submodule, since Mbed
  Crypto is the crypto submodule.
- Reject X.509, NET, and SSL changes.
- Reject changes to README, as Mbed Crypto is a different project from
  Mbed TLS, with a different README.
- Avoid adding mention of ssl-opt.sh in a comment near some modified
  code in include/CMakeLists.txt (around where ENABLE_TESTING as added).
- Align config.pl in Mbed TLS with config.pl in Mbed Crypto where PSA
  options are concerned, to make future merging easier. There is no
  reason for the two to be different in this regard, now that Mbed TLS
  always depends on Mbed Crypto. Remaining differences are only the
  PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option and the absence of X.509,
  NET, and SSL related options in Mbed Crypto's config.pl.
- Align config.h in Mbed Crypto with Mbed TLS's copy, with a few notable
  exceptions:
  - Leave CMAC on by default.
  - Leave storage on by default (including ITS emulation).
  - Avoid documenting the PSA Crypto API as is in beta stage in
    documentation for MBEDTLS_PSA_CRYPTO_C.
  The only remaining differences are a lack of X.509, NET, and SSL
  options in Mbed Crypto's config.h, as well as an additional
  Mbed-Crypto-specific PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option.
  Documentation for the check params feature and related macros is also
  updated to match Mbed TLS's description.
- Reject tests/data_files/Makefile changes to generate DER versions of
  CRTs and keys, as none of those are used by Mbed Crypto tests.
- Add the "no PEM and no filesystem" test to all.sh, without ssl-opt.sh
  run, as Mbed Crypto doesn't have ssl-opt.sh. Also remove use of PSA
  Crypto storage and ITS emulation, since those depend on filesystem
  support.
- Reject addition of test when no ciphersuites have MAC to all.sh, as
  the option being tested, MBEDTLS_SSL_SOME_MODES_USE_MAC, is not
  present in Mbed Crypto.
- Use baremetal config in all.sh, as Mbed Crypto's baremetal
  configuration does exclude the net module (as it doesn't exist in Mbed
  Crypto)
- Reject cmake_subproject_build changes, continuing to link only
  libmbedcrypto.
- Reject changes to visualc and associated templates. Mbed Crypto
  doesn't need additional logic to handle submodule-sourced headers.
- Avoid adding fuzzers from Mbed TLS. The only relevant fuzzers are the
  privkey and pubkey fuzzers, but non-trivial work would be required to
  integrate those into Mbed Crypto (more than is comfortable in a merge
  commit).
- Reject addition of Docker wrappers for compat.sh and ssl-opt.sh, as
  those are not present in Mbed Crypto.
- Remove calls to SSL-related scripts from basic-in-docker.sh

Fix test errors by performing the following:
- Avoid using a link that Doxygen can't seem to resolve in Mbed Crypto,
  but can resolve in Mbed TLS. In documentation for
  MBEDTLS_CHECK_PARAMS, don't attempt to link to MBEDTLS_PARAM_FAILED.

* origin/development: (339 commits)
  Do not build fuzz on windows
  No booleans and import config
  Removing space before opening parenthesis
  Style corrections
  Syntax fix
  Fixes warnings from MSVC
  Add a linker flag to enable gcov in basic-build-test.sh
  Update crypto submodule to a revision with the HAVEGE header changes
  Test with MBEDTLS_ECP_RESTARTABLE
  Allow TODO in code
  Use the docstring in the command line help
  Split _abi_compliance_command into smaller functions
  Record the commits that were compared
  Document how to build the typical argument for -s
  Allow running /somewhere/else/path/to/abi_check.py
  tests: Limit each log to 10 GiB
  Warn if VLAs are used
  Remove redundant compiler flag
  Consistently spell -Wextra
  Fix parsing issue when int parameter is in base 16
  ...
2019-07-31 10:37:53 +01:00
Manuel Pégourié-Gonnard
2306d15344 Declare new config.h option MBEDTLS_SHA512_SMALLER 2019-07-17 13:05:41 +02:00
Jaeden Amero
3a0f08d911 Revert "cpp_dummy_build: Remove dependency on compat-1.3.h"
There is now a test that ensures all headers are included in the
cpp_dummy_build test, so we can't remove compat-1.3.h from the
cpp_dummy_build test until we remove compat-1.3.h.

This reverts commit 2b725ef727.
2019-07-15 15:52:25 +01:00
Jaeden Amero
b8e4ae18cf Remove certs.h
certs.h is not needed in Mbed Crypto. No programs or other library code
use it.
2019-07-15 15:52:25 +01:00
Ron Eldor
991a05b411 Add support for all SHA modes in cert_write
Add support for `MBEDTLS_SHA_224` and `MBEDTLS_SHA_384` in
`cert_write`, to support generating such certificates in
`tests/data_files/Makefile`.
2019-07-14 09:17:57 +03:00
Jaeden Amero
e637061dec Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (36 commits)
  Do not build fuzz on windows
  No booleans and import config
  Removing space before opening parenthesis
  Style corrections
  Syntax fix
  Fixes warnings from MSVC
  Add a linker flag to enable gcov in basic-build-test.sh
  tests: Limit each log to 10 GiB
  Fix parsing issue when int parameter is in base 16
  checks MBEDTLS_PEM_PARSE_C
  Restore programs/fuzz/Makefile after in-tree cmake
  Move fuzz directory to programs
  Documentation for corpus generation
  Restore tests/fuzz/Makefile after in-tree cmake
  Adding ifdefs to avoid warnings for unused globals
  Adds LDFLAGS fsanitize=address
  Refactor receive_uint32()
  Refactor get_byte function
  Make the script portable to both pythons
  Update the test encoding to support python3
  ...
2019-07-12 10:15:49 +01:00
Jaeden Amero
072959f5c2 Merge remote-tracking branch 'origin/pr/1622' into development
* origin/pr/1622: (29 commits)
  Do not build fuzz on windows
  No booleans and import config
  Removing space before opening parenthesis
  Style corrections
  Syntax fix
  Fixes warnings from MSVC
  Add a linker flag to enable gcov in basic-build-test.sh
  checks MBEDTLS_PEM_PARSE_C
  Restore programs/fuzz/Makefile after in-tree cmake
  Move fuzz directory to programs
  Documentation for corpus generation
  Restore tests/fuzz/Makefile after in-tree cmake
  Adding ifdefs to avoid warnings for unused globals
  Adds LDFLAGS fsanitize=address
  Ignore compiled object files and executables
  Also clean the fuzz subdirectory
  copyediting README.md
  Protecting client/server fuzz targts with ifdefs
  Makefile support 1
  Fuzz README and direct compilation
  ...
2019-07-11 16:17:18 +01:00
Philippe Antoine
a864db0dd6 Do not build fuzz on windows 2019-07-10 20:37:57 +02:00
Philippe Antoine
42a2ce8255 No booleans and import config 2019-07-10 14:26:31 +02:00
Philippe Antoine
a82fdd4763 Removing space before opening parenthesis 2019-07-10 13:53:40 +02:00
Philippe Antoine
b3d3127d01 Style corrections 2019-07-10 13:34:51 +02:00
Jaeden Amero
c510b1ab29 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (33 commits)
  Test with MBEDTLS_ECP_RESTARTABLE
  Allow TODO in code
  Use the docstring in the command line help
  Split _abi_compliance_command into smaller functions
  Record the commits that were compared
  Document how to build the typical argument for -s
  Allow running /somewhere/else/path/to/abi_check.py
  Warn if VLAs are used
  Remove redundant compiler flag
  Consistently spell -Wextra
  Update Mbed Crypto to contain mbed-crypto#152
  Improve compatibility with firewalled networks
  Dockerfile: apt -> apt-get
  Change Docker container to bionic
  Clean up file prologue comments
  Add docker-based test scripts
  ChangeLog: Add ChangeLog entry for #2681
  Allow declarations after statements
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ...
2019-07-10 08:46:54 +01:00
Jaeden Amero
01604a334a Merge remote-tracking branch 'origin/pr/2726' into development
* origin/pr/2726:
  Warn if VLAs are used
  Remove redundant compiler flag
  Consistently spell -Wextra
  Allow declarations after statements
2019-07-10 07:55:25 +01:00
Philippe Antoine
2321945e44 Syntax fix 2019-07-10 08:26:04 +02:00
Philippe Antoine
3e408d59c4 Fixes warnings from MSVC 2019-07-10 01:09:50 +02:00
Jaeden Amero
93fe3a1a8f
Merge pull request #160 from yanesca/iotcrypt-790-update-tests-to-multipart-key-derivation
Iotcrypt 790 update tests to multipart key derivation
2019-07-04 17:19:36 +01:00
Gilles Peskine
2a38e2477a Slightly simplify derive_wrapping_key
No error can arise after the wrapping key is created, so remove the
corresponding cleanup code.
2019-07-04 14:41:07 +01:00
Gilles Peskine
4e2cc5353c Update key_ladder_demo to the current key derivation API 2019-07-04 14:41:00 +01:00
Jaeden Amero
c19dcebbdd
Merge pull request #154 from yanesca/iotcrypt-789-update-tls-prf-to-multipart
Update TLS 1.2 PRF to multipart API
2019-07-04 11:53:04 +01:00
Gilles Peskine
85aba47715 Consistently spell -Wextra
-W is a deprecated alias of -Wextra. Consistently use the new name.
2019-07-02 20:05:16 +02:00
Philippe Antoine
daab28a4af checks MBEDTLS_PEM_PARSE_C 2019-06-28 12:31:23 +02:00
Philippe Antoine
48f35f50bf Move fuzz directory to programs 2019-06-27 08:46:45 +02:00
Gilles Peskine
a8ade16ffd Gate secure element support by a separate config option
Secure element support has its own source file, and in addition
requires many hooks in other files. This is a nontrivial amount of
code, so make it optional (but default on).
2019-06-26 20:01:35 +02:00
Jaeden Amero
e8451f2274 CMake: Add a subdirectory build regression test
If we have a regression with the "build Mbed Crypto as a subdirectory
with CMake" feature and fail to build, fail the test.
2019-06-26 12:46:53 +01:00
Janos Follath
71a4c9125b Add flag for removing deprecated API
Add the compile time option PSA_PRE_1_0_KEY_DERIVATION. If this is not
turned on, then the function `psa_key_derivation()` is removed.

Most of the tests regarding key derivation haven't been adapted to the
new API yet and some of them have only been adapted partially. When this
new option is turned off, the tests using the old API and test cases
using the old API of partially adapted tests are skipped.

The sole purpose of this option is to make the transition to the new API
smoother. Once the transition is complete it can and should be removed
along with the old API and its implementation.
2019-06-26 09:15:08 +01:00
Gilles Peskine
c2d56a4446 Allow declarations after statements
We officially allow C99, so don't forbid this C99 feature.
2019-06-25 18:52:06 +02:00
Jaeden Amero
ab83fdf944 CMake: Add a subdirectory build regression test
If we have a regression with the "build Mbed TLS as a subdirectory with
CMake" feature and fail to build, fail the test.
2019-06-25 15:21:24 +01:00
Jaeden Amero
bd3a7464b7 Merge remote-tracking branch 'restricted/pr/573' into development-restricted
* restricted/pr/573:
  Remove redundant config.pl call
  Add a test for signing content with a long ECDSA key
  Add documentation notes about the required size of the signature buffers
  Add missing MBEDTLS_ECP_C dependencies in check_config.h
  Change size of preallocated buffer for pk_sign() calls
2019-06-24 11:40:33 +01:00
Jaeden Amero
66b7edb108 Merge remote-tracking branch 'origin/pr/2711' into development
* origin/pr/2711:
  programs: Make `make clean` clean all programs always
  ssl_tls: Enable Suite B with subset of ECP curves
  windows: Fix Release x64 configuration
  platform: Include stdarg.h where needed
  timing: Remove redundant include file
  net_sockets: Fix typo in net_would_block()
2019-06-21 14:09:10 +01:00
Jaeden Amero
fd0f65459c Merge remote-tracking branch 'origin/pr/2697' into development
* origin/pr/2697:
  Update crypto submodule
  Add all.sh component that exercises invalid_param checks
  Remove mbedtls_param_failed from programs
  Make it easier to define MBEDTLS_PARAM_FAILED as assert
  Make test suites compatible with #include <assert.h>
  Pass -m32 to the linker as well
  Don't systematically rebuild programs
2019-06-21 13:21:05 +01:00
Jaeden Amero
8d936e87fb Merge remote-tracking branch 'origin/pr/2681' into development
* origin/pr/2681:
  unconditional mbedtls_ssl_conf_rng
  Adding usage and removing dummy random
  comment alignment
  Commit to C90 style
  Adds missing ret definition
  More clarity for ifdef orders
  Only warns if MBEDTLS_HAVE_TIME
  Option used added in string
  Code review
  Style fixes
  SSL reproducible test mode
2019-06-21 13:20:02 +01:00
Jaeden Amero
befe1e1536 programs: Make make clean clean all programs always
If `make TEST_CPP:=1` is run, and then `make clean` (as opposed to `make
TEST_CPP:=1 clean`), the cpp_dummy_build will be left behind after the
clean. Make `make clean more convenient to use by removing programs that
could be generated from any configuration, not just the active one.

Fixes #1862
2019-06-20 10:59:06 +01:00
Philippe Antoine
b94cf822f3 unconditional mbedtls_ssl_conf_rng 2019-06-19 15:19:38 +02:00
Philippe Antoine
738153a048 Adding usage and removing dummy random 2019-06-18 20:16:43 +02:00
Jaeden Amero
3acb5eb306 Merge remote-tracking branch 'origin/pr/2694' into development
* origin/pr/2694:
  UDP proxy: Don't attempt to dissect dgram into records when dropping
2019-06-14 08:55:11 +01:00
Jaeden Amero
6b5dc689f7 Merge remote-tracking branch 'origin/pr/2430' into development
* origin/pr/2430:
  Document support for MD2 and MD4 in programs/x509/cert_write
  Correct name of X.509 parsing test for well-formed, ill-signed CRT
  Add test cases exercising successful verification of MD2/MD4/MD5 CRT
  Add test case exercising verification of valid MD2 CRT
  Add MD[245] test CRTs to tree
  Add instructions for MD[245] test CRTs to tests/data_files/Makefile
  Add suppport for MD2 to CSR and CRT writing example programs
  Remove use of MD2 in further x509parse tests
  Convert further x509parse tests to use lower-case hex data
  Correct placement of ChangeLog entry
  Adapt ChangeLog
  Use SHA-256 instead of MD2 in X.509 CRT parsing tests
  Consistently use lower case hex data in X.509 parsing tests
2019-06-14 08:49:31 +01:00
Jaeden Amero
e1b02df515 Merge remote-tracking branch 'origin/pr/2260' into development
* origin/pr/2260:
  Update crypto submodule
  Remove heading spaces in tests/data_files/Makefile
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:46:48 +01:00
Gilles Peskine
3abbcedc68 Remove mbedtls_param_failed from programs
All sample and test programs had a definition of mbedtls_param_failed.
This was necessary because we wanted to be able to build them in a
configuration with MBEDTLS_CHECK_PARAMS set but without a definition
of MBEDTLS_PARAM_FAILED. Now that we activate the sample definition of
MBEDTLS_PARAM_FAILED in config.h when testing with
MBEDTLS_CHECK_PARAMS set, this boilerplate code is no longer needed.
2019-06-13 16:51:59 +02:00
Gilles Peskine
c7ad122f51 Make it easier to define MBEDTLS_PARAM_FAILED as assert
Introduce a new configuration option MBEDTLS_CHECK_PARAMS_ASSERT,
which is disabled by default. When this option is enabled,
MBEDTLS_PARAM_FAILED defaults to assert rather than to a call to
mbedtls_param_failed, and <assert.h> is included.

This fixes #2671 (no easy way to make MBEDTLS_PARAM_FAILED assert)
without breaking backward compatibility. With this change,
`config.pl full` runs tests with MBEDTLS_PARAM_FAILED set to assert,
so the tests will fail if a validation check fails, and programs don't
need to provide their own definition of mbedtls_param_failed().
2019-06-13 16:51:59 +02:00
Hanno Becker
961e677fe3 UDP proxy: Don't attempt to dissect dgram into records when dropping
To prevent dropping the same message over and over again, the UDP proxy
test application programs/test/udp_proxy _logically_ maintains a mapping
from records to the number of times the record has already been dropped,
and stops dropping once a configurable threshold (currently 2) is passed.

However, the actual implementation deviates from this logical view
in two crucial respects:
- To keep the implementation simple and independent of
  implementations of suitable map interfaces, it only counts how
  many times a record of a given _size_ has been dropped, and
  stops dropping further records of that size once the configurable
  threshold is passed. Of course, this is not fail-proof, but a
  good enough approximation for the proxy, and it allows to use
  an inefficient but simple array for the required map.
- The implementation mixes datagram lengths and record lengths:
  When deciding whether it is allowed to drop a datagram, it
  uses the total datagram size as a lookup index into the map
  counting the number of times a package has been dropped. However,
  when updating this map, the UDP proxy traverses the datagram
  record by record, and updates the mapping at the level of record
  lengths.

Apart from this inconsistency, the introduction of the Connection ID
feature leads to yet another problem: The CID length is not part of
the record header but dynamically negotiated during (potentially
encrypted!) handshakes, and it is hence impossible for a passive traffic
analyzer (in this case our UDP proxy) to reliably parse record headers;
especially, it isn't possible to reliably infer the length of a record,
nor to dissect a datagram into records.

The previous implementation of the UDP proxy was not CID-aware and
assumed that the record length would always reside at offsets 11, 12
in the DTLS record header, which would allow it to iterate through
the datagram record by record. As mentioned, this is no longer possible
for CID-based records, and the current implementation can run into
a buffer overflow in this case (because it doesn't validate that
the record length is not larger than what remains in the datagram).

This commit removes the inconsistency in datagram vs. record length
and resolves the buffer overflow issue by not attempting any dissection
of datagrams into records, and instead only counting how often _datagrams_
of a particular size have been dropped.

There is only one practical situation where this makes a difference:
If datagram packing is used by default but disabled on retransmission
(which OpenSSL has been seen to do), it can happen that we drop a
datagram in its initial transmission, then also drop some of its records
when they retransmitted one-by-one afterwards, yet still keeping the
drop-counter at 1 instead of 2. However, even in this situation, we'll
correctly count the number of droppings from that point on and eventually
stop dropping, because the peer will not fall back to using packing
and hence use stable record lengths.
2019-06-13 11:09:35 +01:00
Philippe Antoine
154feb21e8 comment alignment 2019-06-11 17:50:23 +02:00
Philippe Antoine
d2235f2a41 Commit to C90 style 2019-06-11 16:29:28 +02:00
Philippe Antoine
12e85de964 Adds missing ret definition 2019-06-11 16:07:53 +02:00
Philippe Antoine
f91b3722cf More clarity for ifdef orders 2019-06-11 16:02:43 +02:00
Philippe Antoine
0ff84fb6fe Only warns if MBEDTLS_HAVE_TIME 2019-06-11 12:15:17 +02:00
Philippe Antoine
7c9d72497d Option used added in string 2019-06-11 12:11:36 +02:00
Philippe Antoine
3ca5085f10 Code review
Typo rproduce -> reproducible
Call mbedtls_entropy_func
2019-06-07 22:31:59 +02:00
Gilles Peskine
95f5cbc85a Don't systematically rebuild programs
Fix the dependency on libmbedcrypto.a, which is now located under
crypto.

Fix #2682
2019-06-07 18:15:37 +02:00
Philippe Antoine
986b6f20a9 Style fixes 2019-06-07 15:04:32 +02:00
Philippe Antoine
aa4d15264a SSL reproducible test mode 2019-06-06 21:30:01 +02:00
k-stachowiak
c4638cc640 Change size of preallocated buffer for pk_sign() calls 2019-06-06 13:20:48 +02:00
Gilles Peskine
5163a92965 Remove spurious obsolete function call 2019-06-05 11:34:54 +02:00
Hanno Becker
422d1993d2 Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2 2019-06-03 17:46:56 +01:00
Hanno Becker
8174bdfb94 ssl_server2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_server2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.
2019-06-03 17:46:56 +01:00
Hanno Becker
623e7b4422 ssl_client2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_client2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.

A similar change is applied to the `crt_file` and `key_file` arguments.
2019-06-03 17:46:56 +01:00
Hanno Becker
a0c5ceb2af Correct white spaces in ssl_server2 and ssl_client2 2019-06-03 17:46:56 +01:00
Hanno Becker
2900b14b11 Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled 2019-06-03 17:46:56 +01:00
Hanno Becker
09b8cae006 Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled 2019-06-03 17:46:56 +01:00
Hanno Becker
98aaf25686 Add bad_cid option UDP proxy to insert unexpected CID records
This commit adds the command line option 'bad_cid' to the UDP proxy
`./programs/test/udp_proxy`. It takes a non-negative integral value N,
which if not 0 has the effect of duplicating every 1:N CID records
and modifying the CID in the first copy sent.

This is to exercise the stacks documented behaviour on receipt
of unexpected CIDs.

It is important to send the record with the unexpected CID first,
because otherwise the packet would be dropped already during
replay protection (the same holds for the implementation of the
existing 'bad_ad' option).
2019-06-03 16:07:50 +01:00
Hanno Becker
3978d10e9e Remove superfluous new line in ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker
3279822e24 Improve readability of ssl_client2/ssl_server2 usage instructions 2019-06-03 16:07:50 +01:00
Hanno Becker
1d433a3294 Remove superfluous newline in ssl_client2 2019-06-03 16:07:50 +01:00
Hanno Becker
d5eed4258a Use negative-hex format for error codes in ssl_client2/ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker
6ae14c086d Exemplify ways of calling mbedtls_ssl_get_peer_cid() in ssl_client2 2019-06-03 16:07:50 +01:00
Hanno Becker
a0e20d04b2 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-06-03 16:07:50 +01:00
Hanno Becker
8367ccc03b Allow to configure the stack's behaviour on unexpected CIDs
This commit modifies the CID configuration API mbedtls_ssl_conf_cid_len()
to allow the configuration of the stack's behaviour when receiving an
encrypted DTLS record with unexpected CID.
2019-06-03 16:07:50 +01:00
Hanno Becker
3a96828ead Add missing compile-time guard around CID API in ssl_server2 2019-06-03 16:07:50 +01:00
Hanno Becker
b1aa1b3616 Allow the configuration of padding when using CID extension 2019-06-03 16:07:50 +01:00
Hanno Becker
31f6e372e6 UDP Proxy: Don't drop CID records
ApplicationData records are not protected against loss by DTLS
and our test applications ssl_client2 and ssl_server2 don't
implement any retransmission scheme to deal with loss of the
data they exchange. Therefore, the UDP proxy programs/test/udp_proxy
does not drop ApplicationData records.

With the introduction of the Connection ID, encrypted ApplicationData
records cannot be recognized as such by inspecting the record content
type, as the latter is always set to the CID specific content type for
protected records using CIDs, while the actual content type is hidden
in the plaintext.

To keep tests working, this commit adds CID records to the list of
content types which are protected against dropping by the UDP proxy.
2019-06-03 16:07:50 +01:00
Hanno Becker
b42ec0df02 Add support for change of CID to ssl_client2 / ssl_server2
And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.
2019-06-03 16:07:50 +01:00
Hanno Becker
ad4a137965 Add CID configuration API
Context:
The CID draft does not require that the length of CIDs used for incoming
records must not change in the course of a connection. Since the record
header does not contain a length field for the CID, this means that if
CIDs of varying lengths are used, the CID length must be inferred from
other aspects of the record header (such as the epoch) and/or by means
outside of the protocol, e.g. by coding its length in the CID itself.

Inferring the CID length from the record's epoch is theoretically possible
in DTLS 1.2, but it requires the information about the epoch to be present
even if the epoch is no longer used: That's because one should silently drop
records from old epochs, but not the entire datagrams to which they belong
(there might be entire flights in a single datagram, including a change of
epoch); however, in order to do so, one needs to parse the record's content
length, the position of which is only known once the CID length for the epoch
is known. In conclusion, it puts a significant burden on the implementation
to infer the CID length from the record epoch, which moreover mangles record
processing with the high-level logic of the protocol (determining which epochs
are in use in which flights, when they are changed, etc. -- this would normally
determine when we drop epochs).

Moreover, with DTLS 1.3, CIDs are no longer uniquely associated to epochs,
but every epoch may use a set of CIDs of varying lengths -- in that case,
it's even theoretically impossible to do record header parsing based on
the epoch configuration only.

We must therefore seek a way for standalone record header parsing, which
means that we must either (a) fix the CID lengths for incoming records,
or (b) allow the application-code to configure a callback to implement
an application-specific CID parsing which would somehow infer the length
of the CID from the CID itself.

Supporting multiple lengths for incoming CIDs significantly increases
complexity while, on the other hand, the restriction to a fixed CID length
for incoming CIDs (which the application controls - in contrast to the
lengths of the CIDs used when writing messages to the peer) doesn't
appear to severely limit the usefulness of the CID extension.

Therefore, the initial implementation of the CID feature will require
a fixed length for incoming CIDs, which is what this commit enforces,
in the following way:

In order to avoid a change of API in case support for variable lengths
CIDs shall be added at some point, we keep mbedtls_ssl_set_cid(), which
includes a CID length parameter, but add a new API mbedtls_ssl_conf_cid_len()
which applies to an SSL configuration, and which fixes the CID length that
any call to mbetls_ssl_set_cid() which applies to an SSL context that is bound
to the given SSL configuration must use.

While this creates a slight redundancy of parameters, it allows to
potentially add an API like mbedtls_ssl_conf_cid_len_cb() later which
could allow users to register a callback which dynamically infers the
length of a CID at record header parsing time, without changing the
rest of the API.
2019-06-03 16:07:50 +01:00
Hanno Becker
024b53a856 Document support for MD2 and MD4 in programs/x509/cert_write 2019-06-03 14:45:21 +01:00
Hanno Becker
554b6ea30a Correct compile-time guard around unhexify() in ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker
dec2552a92 Change formating of CID debug output in ssl_client2/ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker
957dd921f1 Print peer CID from ssl_client2 2019-06-03 14:42:08 +01:00
Hanno Becker
735c716e2a Print peer CID from ssl_server2 2019-06-03 14:42:08 +01:00
Hanno Becker
982182f342 Improve wording of CID debug msg in ssl_server2 example application 2019-06-03 14:42:08 +01:00
Hanno Becker
a7d2542248 ssl_server2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker
90cb359cf0 ssl_client2: Add cmd line options to configure use of CID extension 2019-06-03 14:42:08 +01:00
Hanno Becker
1f583eecd8 ssl_client2: Add helper to unhexify binary command line data 2019-06-03 14:42:08 +01:00
Hanno Becker
ebafe8b7cc Update query_config.c 2019-06-03 14:42:08 +01:00
Hanno Becker
9dbc56152f Add suppport for MD2 to CSR and CRT writing example programs
The example programs programs/x509/cert_req and programs/x509/cert_write
(demonstrating the use of X.509 CSR and CRT writing functionality)
previously didn't support MD2 signatures.

For testing purposes, this commit adds support for MD2 to cert_req,
and support for MD2 and MD4 to cert_write.
2019-06-03 14:10:44 +01:00
Gilles Peskine
2938268fb4 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190524
Conflicts:
* library/ssl_cli.c, library/ssl_tls.c:
  Removed on the development branch. Keep them removed.
* include/psa/crypto_extra.h, library/psa_crypto_storage.c,
  tests/suites/test_suite_psa_crypto.data,
  tests/suites/test_suite_psa_crypto.function,
  tests/suites/test_suite_psa_crypto_persistent_key.data,
  tests/suites/test_suite_psa_crypto_slot_management.data,
  tests/suites/test_suite_psa_crypto_slot_management.function:
  Modified on the development branch only to implement the enrollment
  algorithm, which has been reimplemented on the API branch.
  Keep the API branch.
2019-05-29 09:57:29 +02:00
Andrzej Kurek
346747cd24 Force the usage of crypto submodule
Remove all.sh tests exercising the optional usage of submodule
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
d8167e85d6 Build from submodule by default (make, cmake)
Adapt tests in all.sh:
- tests with submodule enabled (default) no longer need to enable it
  explicitly, and no longer need runtime tests, as those are now handled by
all other test cases in this script
- tests with submodule disabled (old default) now need to disable it
  explicitly, and execute some runtime tests, as those are no longer tested
anywhere else in this script

Adapt documentation in Readme: remove the section "building with submodule"
and replace it with a new section before the other building sections.
Purposefully don't document how to build not from the submodule, as that
option is going away soon.
2019-05-23 03:01:35 -04:00
Gilles Peskine
35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine
dcaefae849 Parametrize Diffie-Hellman keys by a group identifier
Parametrize finite-field Diffie-Hellman key types with a DH group
identifier, in the same way elliptic curve keys are parametrized with
an EC curve identifier.

Define the DH groups from the TLS registry (these are the groups from
RFC 7919).

Replicate the macro definitions and the metadata tests from elliptic
curve identifiers to DH group identifiers.

Define PSA_DH_GROUP_CUSTOM as an implementation-specific extension for
which domain parameters are used to specify the group.
2019-05-16 19:51:10 +02:00
Gilles Peskine
a99d3fbd05 Rename generator functions to psa_key_derivation_xxx
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
2019-05-16 18:55:21 +02:00
Gilles Peskine
73676cbc50 Put handle parameter last: psa_import_key
In psa_import_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 23:16:07 +02:00
Gilles Peskine
98dd779eb5 Put handle parameter last: psa_generate_derived_key
In psa_generate_derived_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 20:15:31 +02:00
Ron Eldor
51c4507b9c Remove unneeded whitespaces
Delete extra whitespace in Changelog and in paramter alignment.
2019-05-15 17:49:54 +03:00