Some sample programs access structure fields directly. Making these work is
desirable in the long term, but these are not essential for the core
functionality in non-legacy mode.
We want to support alternative software implementations and we extend
the ECDH context to enable this. The actual functional change that makes
use of the new context is out of scope for this commit.
Changing the context breaks the API and therefore it has to be
excluded from the default configuration by a compile time flag.
We add the compile time flag to the module header instead of
`config.h`, because this is not a standalone feature, it only
enables adding new implementations in the future.
The new context features a union of the individual implementations
and a selector that chooses the implementation in use. An alternative
is to use an opaque context and function pointers, like for example the
PK module does it, but it is more dangerous, error prone and tedious to
implement.
We leave the group ID and the point format at the top level of the
structure, because they are very simple and adding an abstraction
layer around them away does not come with any obvious benefit.
Other alternatives considered:
- Using the module level replacement mechanism in the ECP module. This
would have made the use of the replacement feature more difficult and
the benefit limited.
- Replacing our Montgomery implementations with a new one directly. This
would have prevented using Montgomery curves across implementations.
(For example use implementation A for Curve448 and implementation B for
Curve22519.) Also it would have been inflexible and limited to
Montgomery curves.
- Encoding the implementation selector and the alternative context in
`mbedtls_ecp_point` somehow and rewriting `mbedtls_ecp_mul()` to
dispatch between implementations. This would have been a dangerous and
ugly hack, and very likely to break legacy applications.
- Same as above just with hardcoding the selector and using a compile
time option to make the selection. Rejected for the same reasons as
above.
- Using the PK module to provide to provide an entry point for
alternative implementations. Like most of the above options this
wouldn't have come with a new compile time option, but conceptually
would have been very out of place and would have meant much more work to
complete the abstraction around the context.
In retrospect:
- We could have used the group ID as the selector, but this would have
made the code less flexible and only marginally simpler. On the other
hand it would have allowed to get rid of the compile time option if a
tight integration of the alternative is possible. (It does not seem
possible at this point.)
- We could have used the same approach we do in this commit to the
`mbedtls_ecp_point` structure. Completing the abstraction around this
structure would have been a much bigger and much riskier code change
with increase in memory footprint, potential decrease in performance
and no immediate benefit.
The recently added `mbedtls_ecdh_setup()` function is not used in the
tests yet. This commit adapts the tests to the new workflow.
Having done that, the old lifecycle is not tested anymore, so we add a
new test to ensure backward compatibility.
In the future we want to support alternative ECDH implementations. We
can't make assumptions about the structure of the context they might
use, and therefore shouldn't access the members of
`mbedtls_ecdh_context`.
Currently the lifecycle of the context can't be done without direct
manipulation. This commit adds `mbedtls_ecdh_setup()` to complete
covering the context lifecycle with functions.
`mbedtls_ecp_tls_read_group()` both parses the group ID and loads the
group into the structure provided. We want to support alternative
implementations of ECDH in the future and for that we need to parse the
group ID without populating an `mbedtls_ecp_group` structure (because
alternative implementations might not use that).
This commit moves the part that parses the group ID to a new function.
There is no need to test the new function directly, because the tests
for `mbedtls_ecp_tls_read_group()` are already implicitly testing it.
There is no intended change in behaviour in this commit.
Add missing compilation guards that broke the build if either GCM or
CCM was not defined.
Add missing guards on test cases that require GCM or CBC.
The build and tests now pass for any subset of {MBEDTLS_CCM_C,
MBEDTLS_GCM_C}. There are still unused variables warnings if neither
is defined.
Fix parsing error that contains special character.
The previous implementation replaced the `:` char with `\n`,
and split on `\n`. Test data containing strings with `\n`
were split as well. Fixes#2193.
The split function caused strings containing `\:` to add
another escape char, resulting in `\\:`. This caused the
tests with the `\:` in the string data to fail.
The fix doesn't replace with `\n`, but splits all `:` that
are not preceded with `\`. After that, removes the preceding `\` char.
Refactor `mpi_write_hlp()` to not be recursive, to fix stack overflows.
Iterate over the `mbedtls_mpi` division of the radix requested,
until it is zero. Each iteration, put the residue in the next LSB
of the output buffer. Fixes#2190
Refactor mbedtls_ctr_drbg_update_seed_file and
mbedtls_hmac_drbg_update_seed_file to make the error logic clearer.
The new code does not use fseek, so it works with non-seekable files.
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in #1996.
Write an all-bits-zero NV seed file for the tests. Without this, if
the seed file is not present when this test suite is executed, the
PSA module initialization will fail, causing most test cases to fail.
Also write an all-bits-zero NV seed file at the end. The test cases in
this test suite mess with the file, but subsequent test suites may
need it.
When testing with custom entropy sources, if MBEDTLS_ENTROPY_NV_SEED
is enabled at compile time but the NV seed source is not used at
runtime, mbedtls_entropy_func makes a second pass anyway. Cope with
this in the test code by telling the entropy module not to make this
second pass.
Add a function to configure entropy sources. For testing only.
Use it to test that the library initialization fails properly if there is no
entropy source.
Detect Git merge artifacts. These are lines starting with "<<<<<<",
"|||||||" or ">>>>>>>" followed by a space, or containing just
"=======". For "=======", exempt Markdown files, because this can be
used to underline a title, as a compromise between false negatives and
false positives.