Hanno Becker
4ce06047e1
Enable use of CID in baremetal configuration and test script
2019-05-17 10:20:41 +01:00
Hanno Becker
2e0bedcc35
Correct compile-time guard around unhexify() in ssl_server2
2019-05-17 10:20:41 +01:00
Hanno Becker
31f1668d3c
Correct compile-time guard around CID extension writing func on srv
2019-05-17 10:20:41 +01:00
Hanno Becker
b4a5606e2d
Make integer truncation explicit in mbedtls_ssl_set_cid()
2019-05-17 10:20:41 +01:00
Hanno Becker
6a3ff286a5
Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2
2019-05-17 10:20:41 +01:00
Hanno Becker
0c8281aae5
Change formating of CID debug output in ssl_client2/ssl_server2
2019-05-17 10:20:41 +01:00
Hanno Becker
2de89fae8f
Implement mbedtls_ssl_get_peer_cid()
2019-05-17 10:20:41 +01:00
Hanno Becker
5e2cd1422e
Grep for dbg msg witnessing copying of CIDs to SSL transform
2019-05-17 10:20:41 +01:00
Hanno Becker
dd0afca3f6
Copy CIDs into SSL transform if use of CID has been negotiated
2019-05-17 10:20:41 +01:00
Hanno Becker
4f0b15faec
Add fields holding in/out CIDs to SSL record transformation struct
...
These will be copied from the CID fields in mbedtls_ssl_handshake_params
(outgoing CID) and mbedtls_ssl_context (incoming CID) when the transformation
is set up at the end of the handshake.
2019-05-17 10:20:41 +01:00
Hanno Becker
cf2a565e3e
Grep for dbg msg witnessing parsing of CID extension in ServerHello
2019-05-17 10:20:41 +01:00
Hanno Becker
1ba81f62a6
Implement parsing of CID extension in ServerHello
2019-05-17 10:20:41 +01:00
Hanno Becker
4eb0587c0f
Grep for dbg msg witnessing writing of CID extension in ServerHello
2019-05-17 10:20:41 +01:00
Hanno Becker
072d4eca2e
Implement writing of CID extension in ServerHello
2019-05-17 10:20:41 +01:00
Hanno Becker
c008cb5f8c
Grep for dbg msg witnessing parsing of CID extension in ClientHello
2019-05-17 10:20:41 +01:00
Hanno Becker
c403b264e8
Implement parsing of CID extension in ClientHello
2019-05-17 10:20:41 +01:00
Hanno Becker
7345599a7b
Grep for dbg msg witnessing writing of CID extension in ClientHello
2019-05-17 10:20:41 +01:00
Hanno Becker
39ec525e4f
Implement writing of CID extension in ClientHello
2019-05-17 10:20:41 +01:00
Hanno Becker
46629717c9
Check static bounds of CID lengths in check_config.h
2019-05-17 10:20:41 +01:00
Hanno Becker
4baec2c4bf
Add identifier for CID extension
...
Note: The current draft
https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
does not yet specify the extension value, so we
use a temporary value of 42.
2019-05-17 10:20:41 +01:00
Hanno Becker
9dae9fd57b
Modify CID tests in ssl-opt.sh to grep for CID config debug msgs
2019-05-17 10:20:41 +01:00
Hanno Becker
0748986178
Allow configuring own CID fields through mbedtls_ssl_get_peer_cid()
2019-05-17 10:20:41 +01:00
Hanno Becker
e5e7f621cc
Add fields to SSL structures describing state and config of CID ext
...
* mbedtls_ssl_context gets fields indicating whether the CID extension
should be negotiated in the next handshake, and, if yes, which CID
the user wishes the peer to use.
This information does not belong to mbedtls_ssl_handshake_params
because (a) it is configured prior to the handshake, and (b) it
applies to all subsequent handshakes.
* mbedtls_ssl_handshake_params gets fields indicating the state of CID
negotiation during the handshake. Specifically, it indicates if the
use of the CID extension has been negotiated, and if so, which CID
the peer wishes us to use for outgoing messages.
2019-05-17 10:20:41 +01:00
Simon Butcher
724a695534
Merge remote-tracking branch 'origin/pr/562' into baremetal
2019-05-09 17:11:38 +01:00
Simon Butcher
e372d5fb8f
Merge remote-tracking branch 'origin/pr/558' into baremetal
2019-05-09 17:03:18 +01:00
Simon Butcher
999ac174cc
Merge remote-tracking branch 'origin/pr/566' into baremetal
2019-05-09 16:59:02 +01:00
Simon Butcher
ec998c6426
Merge remote-tracking branch 'origin/pr/564' into baremetal
2019-05-09 16:56:42 +01:00
Jarno Lamsa
8751e35751
Remove baremetal from build component names
2019-05-02 13:04:08 +03:00
Jarno Lamsa
4498de57b8
Address review comments about all.sh
2019-05-02 11:45:57 +03:00
Jarno Lamsa
0668b8f59e
Description of MBEDTLS_USE_UECC
2019-05-02 09:39:09 +03:00
Jarno Lamsa
d91f7fa26b
Add native build targets for uecc baremetal config
2019-04-30 14:29:23 +03:00
Jarno Lamsa
65ea285759
Fix typo
2019-04-30 13:00:41 +03:00
Jarno Lamsa
f6371ff923
Add armcc5 build for uecc and baremetal config
2019-04-30 10:10:03 +03:00
Jarno Lamsa
46132207f8
Make compiler happy when MBEDTLS_USE_UECC disabled
2019-04-29 14:29:52 +03:00
Hanno Becker
08885813c3
Fix uninitialized variable access in debug output of record enc/dec
2019-04-29 12:21:31 +02:00
Hanno Becker
a131766743
Ensure non-NULL key buffer when building SSL test transforms
2019-04-29 12:19:38 +02:00
Hanno Becker
1acadb77cb
Catch errors while building SSL test transforms
2019-04-29 12:19:38 +02:00
Hanno Becker
afc528ad56
Use mbedtls_{calloc|free}() in SSL unit test suite
2019-04-29 12:19:24 +02:00
Hanno Becker
f832343c1d
Improve documentation of mbedtls_record
2019-04-29 12:19:07 +02:00
Hanno Becker
c5aee96855
Adapt record length value after encryption
2019-04-29 12:19:07 +02:00
Hanno Becker
b17a1a2068
Alternative between send/recv transform in SSL record test suite
2019-04-29 12:19:07 +02:00
Hanno Becker
5c1176e53f
Fix memory leak on failure in test_suite_ssl
2019-04-29 12:18:50 +02:00
Hanno Becker
30d02cdeb0
Rename ssl_decrypt_buf() to mbedtls_ssl_decrypt_buf() in comment
2019-04-29 12:18:38 +02:00
Hanno Becker
3693c72b82
Add record encryption/decryption tests for ARIA to SSL test suite
2019-04-29 12:18:27 +02:00
Hanno Becker
a198bb7359
Improve documentation of mbedtls_ssl_transform
2019-04-29 12:18:11 +02:00
Hanno Becker
93012fe8e8
Double check that record expansion is as expected during decryption
2019-04-29 12:17:58 +02:00
Hanno Becker
a795323cd5
Move debugging output after record decryption
...
The debugging call printing the decrypted record payload happened
before updating ssl->in_msglen.
2019-04-29 12:17:51 +02:00
Hanno Becker
d300003b2c
Add encryption/decryption tests for small records
...
This commit adds tests to check the behavior of the record encryption
routine `ssl_encrypt_buf` when the buffer surrounding the plaintext is
too small to hold the expansion in the beginning and end (due to IV's,
padding, and MAC).
Each test starts successively increases the space available at the
beginning, end, or both, of the record buffer, and checks that the
record encryption either fails with a BUFFER_TOO_SMALL error, or
that it succeeds. Moreover, if it succeeds, it is checked that
decryption succeeds, too, and results in the original record.
2019-04-29 12:15:30 +02:00
Hanno Becker
611a83b571
Add tests for record encryption/decryption
...
This commit adds tests exercising mutually inverse pairs of
record encryption and decryption transformations for the various
transformation types allowed in TLS: Stream, CBC, and AEAD.
2019-04-29 12:15:21 +02:00
Hanno Becker
92231325a7
Reduce size of ssl_transform
if no MAC ciphersuite is enabled
...
The hash contexts `ssl_transform->md_ctx_{enc/dec}` are not used if
only AEAD ciphersuites are enabled. This commit removes them from the
`ssl_transform` struct in this case, saving a few bytes.
2019-04-29 12:15:05 +02:00