Commit Graph

31 Commits

Author SHA1 Message Date
Hanno Becker
de67154658 Allow compile-time configuration of DTLS badmac limit
Introduces MBEDTLS_SSL_CONF_BADMAC_LIMIT to fix the maximum
number of records with bad MAC tolerated in DTLS at compile-time.

Impact on code-size:

|  | GCC | ARMC5 | ARMC6 |
| --- | --- | --- | --- |
| `libmbedtls.a` before  | 23511 | 24049 | 27903 |
| `libmbedtls.a` after | 23487 | 24025 | 27885 |
| gain in Bytes | 24 | 24 | 18 |
2019-07-02 16:40:50 +01:00
Hanno Becker
7f376f4ece Allow compile-time configuration of DTLS anti replay
Introduce MBEDTLS_SSL_CONF_ANTI_REPLAY to allow configuring
the use/nonuse of DTLS anti replay protection at compile-time.

Impact on code-size, measured with
> ./scripts/baremetal.sh --rom --gcc --armc5 --armc6

|  | GCC | ARMC5 | ARMC6 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23559 | 24089 | 27921 |
| `libmbedtls.a` after  | 23511 | 24049 | 27903 |
| gain in Bytes | 48 | 40 | 18 |
2019-06-25 08:43:31 +01:00
Hanno Becker
aa9fc6dd33 Update query_config.c 2019-06-25 08:42:20 +01:00
Hanno Becker
aabbb582eb Exemplify harcoding SSL config at compile-time in example of ExtMS
This commit is the first in a series demonstrating how code-size
can be reduced by hardcoding parts of the SSL configuration at
compile-time, focusing on the example of the configuration of
the ExtendedMasterSecret extension.

The flexibility of an SSL configuration defined a runtime vs.
compile-time is necessary for the use of Mbed TLS as a
dynamically linked library, but is undesirable in constrained
environments because it introduces the following overhead:
- Definition of SSL configuration API (code-size overhead)
  (and on the application-side: The API needs to be called)
- Additional fields in the SSL configuration (RAM overhead,
  and potentially code-size overhead if structures grow
  beyond immediate-offset bounds).
- Dereferencing is needed to obtain configuration settings.
- Code contains branches and potentially additional structure
  fields to distinguish between different configurations.

Considering the example of the ExtendedMasterSecret extension,
this instantiates as follows:
- mbedtls_ssl_conf_extended_master_secret() and
  mbedtls_ssl_conf_extended_master_secret_enforced()
  are introduced to configure the ExtendedMasterSecret extension.
- mbedtls_ssl_config contains bitflags `extended_ms` and
  `enforce_extended_master_secret` reflecting the runtime
  configuration of the ExtendedMasterSecret extension.
- Whenever we need to access these fields, we need a chain
  of dereferences `ssl->conf->extended_ms`.
- Determining whether Client/Server should write the
  ExtendedMasterSecret extension needs a branch
  depending on `extended_ms`, and the state of the
  ExtendedMasterSecret negotiation needs to be stored in a new
  handshake-local variable mbedtls_ssl_handshake_params::extended_ms.
  Finally (that's the point of ExtendedMasterSecret) key derivation
  depends on this handshake-local state of ExtendedMasterSecret.

All this is unnecessary if it is known at compile-time that the
ExtendedMasterSecret extension is used and enforced:
- No API calls are necessary because the configuration is fixed
  at compile-time.
- No SSL config fields are necessary because there are corresponding
  compile-time constants instead.
- Accordingly, no dereferences for field accesses are necessary,
  and these accesses can instead be replaced by the corresponding
  compile-time constants.
- Branches can be eliminated at compile-time because the compiler
  knows the configuration. Also, specifically for the ExtendedMasterSecret
  extension, the field `extended_ms` in the handshake structure
  is unnecessary, because we can fail immediately during the Hello-
  stage of the handshake if the ExtendedMasterSecret extension
  is not negotiated; accordingly, the non-ExtendedMS code-path
  can be eliminated from the key derivation logic.

A way needs to be found to allow fixing parts of the SSL configuration
at compile-time which removes this overhead in case it is used,
while at the same time maintaining readability and backwards
compatibility.

This commit proposes the following approach:

From the user perspective, for aspect of the SSL configuration
mbedtls_ssl_config that should be configurable at compile-time,
introduce a compile-time option MBEDTLS_SSL_CONF_FIELD_NAME.
If this option is not defined, the field is kept and configurable
at runtime as usual. If the option is defined, the field is logically
forced to the value of the option at compile time.

Internally, read-access to fields in the SSL configuration which are
configurable at compile-time gets replaced by new `static inline` getter
functions which evaluate to the corresponding field access or to the
constant MBEDTLS_SSL_CONF_FIELD_NAME, depending on whether the latter
is defined or not.

Write-access to fields which are configurable at compile-time needs
to be removed: Specifically, the corresponding API itself either
needs to be removed or replaced by a stub function without effect.
This commit takes the latter approach, which has the benefit of
not requiring any change on the example applications, but introducing
the risk of mismatching API calls and compile-time configuration,
in case a user doesn't correctly keep track of which parts of the
configuration have been fixed at compile-time, and which haven't.
Write-access for the purpose of setting defaults is simply omitted.
2019-06-25 08:42:20 +01:00
Hanno Becker
b6f7241741 Update programs/ssl/query_config.c 2019-06-19 14:59:42 +01:00
Simon Butcher
7400e8fb36 Merge remote-tracking branch 'origin/pr/591' into baremetal 2019-06-18 17:36:45 +01:00
Simon Butcher
f2ef573f2b Merge remote-tracking branch 'origin/pr/598' into baremetal 2019-06-18 15:00:02 +01:00
Hanno Becker
02a2193f60 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO 2019-06-18 11:05:44 +01:00
Peter Kolbus
dc470ae8af Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Change-Id: I056312613379890e0d70e1d08c34171287c0aa17
2019-06-18 11:05:37 +01:00
Manuel Pégourié-Gonnard
91fa5bade3 Add new config MBEDTLS_SSL_CONTEXT_SERIALIZATION
This is enabled by default as we generally enable things by default unless
there's a reason not to (experimental, deprecated, security risk).

We need a compile-time option because, even though the functions themselves
can be easily garbage-collected by the linker, implementing them will require
saving 64 bytes of Client/ServerHello.random values after the handshake, that
would otherwise not be needed, and people who don't need this feature
shouldn't have to pay the price of increased RAM usage.
2019-06-18 10:09:27 +02:00
Manuel Pégourié-Gonnard
ba8b1eb5d9 Use negated option for controlling TLS support.
A positive option looks better, but comes with the following compatibility
issue: people using a custom config.h that is not based on the default
config.h and need TLS support would need to manually change their config in
order to still get TLS.

Work around that by making the public option negative. Internally the positive
option is used, though.

In the future (when preparing the next major version), we might want to switch
back to a positive option as this would be more consistent with other options
we have.
2019-06-17 15:26:34 +02:00
Manuel Pégourié-Gonnard
a771160799 Introduce new config.h flag for TLS
For now the option has no effect.

Adapted existing example config files. The fact that I needed to do this
highlights that this is a slightly incompatible change: existing users need to
update their existing custom configs (if standalone as opposed to based on the
default config) in order to still get the same behaviour.

The alternative would be to have a negative config option (eg NO_TLS or
DTLS_ONLY) but this doesn't fit as nicely with the existing options, so
hopefully the minor incompatibility is acceptable.

I don't think it's worth adding a new component to all.sh:
- builds with both DTLS and TLS are done in the default (and full) config
- TLS-only builds are done with eg config-suite-b.h in test-ref-configs
- a DTLS-only build is done with config-thread.h in test-ref-configs
- builds with none of them (and SSL_TLS_C enabled) are forbidden
2019-06-06 12:59:48 +02:00
Simon Butcher
0d1d76f987 Merge remote-tracking branch 'origin/pr/561' into baremetal 2019-05-29 15:09:24 +01:00
Simon Butcher
0edb924e16 Merge remote-tracking branch 'origin/pr/565' into baremetal 2019-05-24 15:06:56 +01:00
Hanno Becker
a5a2b08a05 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-05-20 15:35:36 +01:00
Hanno Becker
550e1662c7 Allow the configuration of padding when using CID extension 2019-05-20 15:32:36 +01:00
Simon Butcher
e372d5fb8f Merge remote-tracking branch 'origin/pr/558' into baremetal 2019-05-09 17:03:18 +01:00
Manuel Pégourié-Gonnard
afdc1b5cbd Consistently use the name tinycrypt over uecc
We called in tinycrypt in the file names, but uecc in config.h, all.sh and
other places, which could be confusing. Just use tinycrypt everywhere because
that's the name of the project and repo where we took the files.

The changes were made using the following commands (with GNU sed and zsh):

sed -i 's/uecc/tinycrypt/g' **/*.[ch] tests/scripts/all.sh
sed -i 's/MBEDTLS_USE_UECC/MBEDTLS_USE_TINYCRYPT/g' **/*.[ch] tests/scripts/all.sh scripts/config.pl
2019-05-09 11:24:11 +02:00
Jarno Lamsa
6fe99be972 Fix check-generated-files after creating a flag 2019-04-25 13:54:32 +03:00
Hanno Becker
c8e80eeda0 Update query_config.c 2019-04-09 18:26:59 +01:00
Manuel Pégourié-Gonnard
2eee0c3166 Update query_config.c 2019-03-01 10:30:30 +01:00
Andres Amaya Garcia
9da4674060 Suppress visual studio preprocessor warnings on query_config.c 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
fe52d2af51 Update query_config.c with new macros 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
4eb040af4a Exclude macros from query_config.c generation 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
c500ad8cc0 Fix query_config macro expansion for windows 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
c46ea38f90 Fix query_config macro expansion for windows 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
5547a405b2 Improve comments in query_config.fmt 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
d2689e3876 Fix GCC 0-length printf format string error 2019-02-07 10:32:31 +00:00
Andres AG
b6ff184f5c Ensure query_config.c includes stdio only when needed 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
55a6c367bb query_config.c: remove duplicated inc of platform.h 2019-02-07 10:32:31 +00:00
Andres Amaya Garcia
bfa3e0914b Query config through ssl_server2 and ssl_client2 cmdline 2019-02-07 10:30:05 +00:00