Commit Graph

10419 Commits

Author SHA1 Message Date
Hanno Becker
f6cc3cd2a5 Fixup: Typo in check_config.h entry for single hash encoding 2019-09-09 09:45:57 +01:00
Hanno Becker
f207562cdc Fixup: Typo in all.sh component description for single-MD hardcoding 2019-09-09 09:45:57 +01:00
Hanno Becker
55fdae04f7 Fixup: Improve comment on helper macros in md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker
3252c4d913 Fixup MD: Avoid always-false pointer comparison
When MBEDTLS_MD_SINGLE_HASH is set, both the underlying digest context
and the HMAC data are embedded into the mbedtls_md_context; otherwise,
they're dynamically allocated and referenced from mbedtls_md_context.

When the HMAC data is embedded in mbedtls_md_context, it's unnecessary
to check whether mbedtls_md_context::hmac_ctx is NULL, because that's
never the case in defined behaviour, but the check has kept for
uniformity so far. However, contrary to the expectation that compilers
would silently remove this check as always false, ARMC6 complains about
it, breaking some tests in all.sh.

This commit fixes this by guarding checks for

   mbedtls_md_context::hmac_ctx == NULL

by !MBEDTLS_MD_SINGLE_HASH.
2019-09-09 09:45:57 +01:00
Hanno Becker
94f48e0052 MD: Use no-op for context SHA-256 init() and free()
When MBEDTLS_MD_SINGLE_HASH is set, the underlying digest's
context is embedded into mbedtls_md_context_t, which is
zeroized before the underlying digest's init() function
is called. For those digests where initialization is
zeroization, the init() call can therefore be omitted.

Similarly, when free()-ing an mbedtls_md_context_t, the
entire context is zeroized in the end, hence if the
underlying digest's free() function is zeroization,
it can be omitted.
2019-09-09 09:45:57 +01:00
Hanno Becker
64b0623cbb MD: Implement config dep'n inlining of mbedtls_md_setup() 2019-09-09 09:45:57 +01:00
Hanno Becker
52e36bc1a1 MD: Embed digest context structure into MD wrapper context 2019-09-09 09:45:57 +01:00
Hanno Becker
4a99765f94 MD: Introduce macro for initialization function 2019-09-09 09:45:57 +01:00
Hanno Becker
6deddf761a MD: Introduce macro for underlying context type 2019-09-09 09:45:57 +01:00
Hanno Becker
c290847719 Fixup md.h: Fix use of inline keyword in MSVC 2019-09-09 09:45:57 +01:00
Hanno Becker
7a78fe409b Fixup: Avoid unused function warning for MD wrappers 2019-09-09 09:45:57 +01:00
Hanno Becker
d73aabd1c2 Fixup: Declare digest info structures as static
They're defined and used within library/md.c only and hence
need not be of external linkage.
2019-09-09 09:45:57 +01:00
Hanno Becker
53ade9fa62 MD: Implement config dep'n inlining of mbedtls_md_process() 2019-09-09 09:45:57 +01:00
Hanno Becker
993691d9ba MD: Implement config dep'n inlining of mbedtls_md_finish() 2019-09-09 09:45:57 +01:00
Hanno Becker
fdef5ac13b MD: Implement config dep'n inlining of mbedtls_md_update() 2019-09-09 09:45:57 +01:00
Hanno Becker
527f7c9307 MD: Demonstrate config-dep'n API inlining for mbedtls_md_starts() 2019-09-09 09:45:57 +01:00
Hanno Becker
7a7b7227cb Add dummy def of MBEDTLS_MD_INFO_SHA256 to make check-names.sh happy 2019-09-09 09:45:57 +01:00
Hanno Becker
c4e4210aab Introduce md_internal.h
Recall that in the default configuration, Mbed TLS provides access
digest implementations through two layers of indirection:

1) Call of MD API (e.g. mbedtls_md_update())
2) Call of function pointer from MD info structure
3) Actual digest implementation (e.g. mbedtls_sha256_update()).

Ideally, if only a single digest is enabled - say SHA-256 - then calling
mbedtls_md_update() should _directly_ jump to mbedtls_sha256_update(),
with both layers of indirection removed. So far, however, setting
MBEDTLS_MD_SINGLE_HASH will only remove the second - function pointer -
layer of indirection, while keeping the non-inlined stub implementations
of e.g. mbedtls_md_update() around.

This commit is a step towards allowing to define implementations of
the MD API as `static inline` in case we know that they are so small
that they should be defined in md.h and not in md.c.

In a nutshell, the approach is as follows: For an MD API function
mbedtls_md_xxx() that should be inlin-able, introduce its implementation
as a `static inline` wrapper `mbedtls_md_xxx_internal()` in md.h,
and then define mbedtls_md_xxx() either in md.h or in md.c, by just
calling mbedtls_md_xxx_internal().

Moving the implementations of those MD API functions that should be
inlinable to md.h requires the presence of both the MD info struct
and all specific digest wrapper functions in md.h, and this is what
this commit ensures, by moving them from md.c into a new internal
header file md_internal.h. Implementing the aforementioned wrappers for
those MD API that should be inlinable is left for subsequent commits.
2019-09-09 09:45:57 +01:00
Hanno Becker
3f7d270c18 md.c: Avoid overly long lines 2019-09-09 09:45:57 +01:00
Hanno Becker
3a98eab2c4 Don't return function pointers from MD info getters
ARMC5 appears to use the heuristic that as soon as a function's address
is taken, the function can no longer be removed from the resulting object
file (which is not necessarily true if all uses of the functions address
can be inlined).

Circumvent this lack of optimization by not returning function pointers.
2019-09-09 09:45:57 +01:00
Hanno Becker
08cf43a9ec Fix typo MBEDTLS_SSL_CONF_SINGLE_HASH -> MBEDTLS_MD_SINGLE_HASH 2019-09-09 09:45:57 +01:00
Hanno Becker
8fbacf941f check_config.h: Check MBEDTLS_MD_SINGLE_HASH is used with single MD
This commit modifies check_config.h to check that precisely one
hash is enabled if MBEDTLS_MD_SINGLE_HASH is set.

This is not only a reasonable expectation, it is also necessary,
because test suites assume that if a digest is enabled, it is also
accessible through the MD abstraction layer.
2019-09-09 09:45:57 +01:00
Hanno Becker
c763e9dc70 Add test for MD hardcoding to all.sh 2019-09-09 09:45:57 +01:00
Hanno Becker
bdaf0ea5d9 Make MD info getters always inline 2019-09-09 09:45:57 +01:00
Hanno Becker
d9bf935725 Disable invalid argument MD test case
With the removal of the MD handle from the MD context, it's a precondition
for any MD API outside of mbedtls_md_init() and mbedtls_md_setup() that
the MD context has been successfully setup by precisely those functions
beforehand, and hence must be bound to the single enabled valid MD handle.
2019-09-09 09:45:57 +01:00
Hanno Becker
c94fc6c0c2 Add MBEDTLS_ALWAYS_INLINE macro to platform_util.h 2019-09-09 09:45:57 +01:00
Hanno Becker
d806d9da89 Use SHA-256 as single hardcoded hash in baremetal configuration 2019-09-09 09:45:57 +01:00
Hanno Becker
ccb2b62f0a Remove handle from MD context in single hash config 2019-09-09 09:45:57 +01:00
Hanno Becker
1292c35c03 Add config.h option to hardcode choice of single MD algorithm
This commit introduces the configuration option

  MBEDTLS_MD_SINGLE_HASH

which can be used to hardcode support for a single digest algorithm
at compile-time, at the benefit of reduced code-size.

To use, it needs to be defined to evaluate to a macro of the form
MBEDTLS_MD_INFO_{DIGEST}, and macros MBEDTLS_MD_INFO_{DIGEST}_FIELD
must be defined, giving rise to the various aspects (name, type,
size, ...) of the chosen digest algorithm. MBEDTLS_MD_INFO_SHA256
provides an example, but other algorithms can be added if needed.

At the moment, the effect of using MBEDTLS_MD_SINGLE_HASH is that
the implementation of the MD API (e.g. mbedtls_md_update()) need no
longer to through the abstraction of the mbedtls_md_info structures
by calling their corresponding function pointers fields (akin to
virtual functions in C++), but the directly call the corresponding
core digest function (such as mbedtls_sha256_update()).

Therefore, MBEDTLS_MD_SINGLE_HASH so far removes the second layer
of indirection in the chain

  User calls MD API -> MD API calls underlying digest impl'n
                    -> Core digest impl'n does the actual work,

but the first indirection remains, as the MD API remains untouched
and cannot yet be inlined. Studying to what extend inlining the
shortened MD API implementations would lead to further code-savings
is left for a later commit.
2019-09-09 09:45:57 +01:00
Hanno Becker
d03949e2a4 Remove md_wrap.c and md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker
d3827c74d5 Introduce getter for MD handle from MD context 2019-09-09 09:45:57 +01:00
Hanno Becker
62a44d43b0 Allow defining MD information structs through macros
In builds enabling only a single MD digest, we want to be able to
implement the MD info getter functions by returning compile-time
constants matching the fields of the MD info structures used so far.

To avoid information duplication hardening maintainability, this
commit introduces the possibility of providing the various aspects
of a particular digest implementation by defining macros
MBEDTLS_MD_INFO_DIGEST_FIELD (e.g. MBEDTLS_MD_INFO_SHA256_SIZE)
and to generate the corresponding mbedtls_md_info instance from
this set of macros, via the new macro MBEDTLS_MD_INFO().

This way, we'll be able to switch between MD info based builds
and single-digest builds without information duplication.
2019-09-09 09:45:57 +01:00
Hanno Becker
0e7fc3166d Inline md_wrap.c in md.c
md_wrap.c doesn't expose any public functionality and doesn't
need to be present as a separate compilation unit.
2019-09-09 09:45:57 +01:00
Hanno Becker
530387eaa3 Introduce getter functions for MD info fields
This commit continues the introduction of the MD digest implementation
abstraction layer given by `mbedtls_md_handle_t` by adding getter
functions returning the various properties of an implementation
(e.g. name, digest type, digest size). For the existing implementation,
these are just structure field accesses; however, in configurations
hardcoding the choice of a fixed digest algorithm, we'll be able to
implement them as inline functions returning compile-time constants.
2019-09-09 09:45:57 +01:00
Hanno Becker
a5cedbcd3f Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard
505be8be4d Remove unnecessary depends in a test case 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
d6ac3308cd Adjust depends-hashes.pl to test NO_SHA224 as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
7f2c3e4034 Remove dependency of ssl_cookie on SHA-224
Cookies are fully opaque so we can change the hash used at any time, it's not
part of the API.

The cookie module handles truncation, so it's simpler to always use SHA-256
rather than check if SHA-224 is available.
2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
81ed9fb277 Exclude SHA-224 from some reduced config examples
Besides the value as an example, this is usefull for testing the option, via
test-ref-configs.pl (which is included in all.sh).
2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
efd344894d Completely ignore is224 if SHA-224 is disabled 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
0956e3ebed Exclude NO_SHA224 option from scripts/config.pl
As a negative option that removes a feature it should be excluded.
2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
e06cc3109c Add MBEDTLS_SHA256_NO_SHA224 to baremetal.h 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
394c5fb24b Implement NO_SHA224 in MD layer as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
5a26ff3cf9 Declare dependencies on !NO_SHA224 in test suites 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
abebdd16ef Adapt SHA-256 selftest to NO_SHA224 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
8463d29156 Implement MBEDTLS_SHA256_NO_SHA224 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
9b781b2880 Add MBEDTLS_SHA256_NO_SHA244 option (unimplemented) 2019-09-09 09:06:56 +02:00
Jarno Lamsa
28012e2ea2 Remove redundant rng wrapper 2019-09-09 08:42:11 +03:00
Jarno Lamsa
f35f35bcbe Use rnd_std_rand for generating hash 2019-09-09 08:19:56 +03:00
Jarno Lamsa
a7e0f632fc Add unit tests for primitive test vectors
Add a unit test for both ECDSA and ECDH, testing
reference test vectors for secp256r1.
2019-09-09 08:19:56 +03:00