Commit Graph

1136 Commits

Author SHA1 Message Date
Gilles Peskine
38808fa094 psa_constant_names: fix some copypasta 2018-10-08 14:45:35 +02:00
Gilles Peskine
0deaf3d8d7 psa_constant_names: new function append_integer
Factor repeated code into a new function append_integer.
2018-10-08 14:45:35 +02:00
Gilles Peskine
daea26f70f Correct and simplify block-based cipher modes
OFB and CFB are streaming modes. XTS is a not a cipher mode but it
doesn't use a separate padding step. This leaves only CBC as a block
cipher mode that needs a padding step.

Since CBC is the only mode that uses a separate padding step, and is
likely to remain the only mode in the future, encode the padding mode
directly in the algorithm constant, rather than building up an
algorithm value from a chaining mode and a padding mode. This greatly
simplifies the interface as well as some parts of the implementation.
2018-09-20 11:58:22 +02:00
itayzafrir
18ac331e15 psa: programs: Add cipher example fallback main
When dependencies are missing, print an error message from the example
about missing dependencies at run-time.
2018-09-12 16:50:07 +03:00
itayzafrir
44b09d2a67 psa: programs: Add cipher AES CTR multipart 2018-09-12 16:50:07 +03:00
itayzafrir
a2d0804b33 psa: programs: Add cipher AES CBC PKCS7 multipart 2018-09-12 16:50:07 +03:00
itayzafrir
10366708d6 psa: programs: Add cipher AES CBC no padding 2018-09-12 16:50:07 +03:00
itayzafrir
a3ff8a6ed5 psa: programs: Add cipher example
Add `programs/psa/crypto_examples.c`. Update relevant Makefiles,
CMakeLists.txt, and .gitignore files.
2018-09-12 16:50:07 +03:00
Gilles Peskine
f0fa436b65 New sample program key_ladder_demo
Demo of a key derivation ladder.

Sample run in key_ladder_demo.sh.
2018-09-12 16:50:07 +03:00
Gilles Peskine
029b5d648d New utility program psa/psa_constant_names
Print the symbolic name corresponding to a numerical value.

Supported types: status values, algorithms, elliptic curves,
key types, key usage masks.

The program is partly generated from parsing psa/crypto.h with a few
hard-coded assumptions. This isn't ideal but it works and requires
little machinery.
2018-09-12 16:41:12 +03:00
Simon Butcher
552754a6ee Merge remote-tracking branch 'public/pr/1988' into development 2018-08-30 00:57:28 +01:00
Simon Butcher
68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Hanno Becker
f34a4c176c UDP proxy: Correct debug output for delay_srv option 2018-08-28 17:52:53 +01:00
Simon Butcher
676d3fd116 Merge remote-tracking branch 'public/pr/1129' into development 2018-08-28 12:31:23 +01:00
Simon Butcher
14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher
1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Hanno Becker
41038108e9 Style: Correct indentation in UDP proxy code 2018-08-28 11:15:32 +01:00
Hanno Becker
cf469458ca Style: Add empty line before comment in UDP proxy code 2018-08-28 10:09:47 +01:00
Hanno Becker
0e96585bdd Merge branch 'datagram_packing' into message_reordering 2018-08-24 12:16:41 +01:00
Hanno Becker
1841b0a11c Rename ssl_conf_datagram_packing() to ssl_set_datagram_packing()
The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
2018-08-24 11:13:57 +01:00
Hanno Becker
a63c1c3a25 pk_encrypt: Uniformize debugging output 2018-08-23 15:56:03 +01:00
Hanno Becker
25d882b916 Fix typos in programs/x509/cert_write.c
Fixes #1922.
2018-08-23 15:26:06 +01:00
Hanno Becker
ae513a5396 Minor formatting improvements in pk_encrypt and pk_decrypt examples 2018-08-23 14:39:04 +01:00
Hanno Becker
bd336c1fac Correct memory leak in pk_decrypt example program 2018-08-23 14:36:50 +01:00
Hanno Becker
55c11ba283 Correct memory-leak in pk_encrypt example program 2018-08-23 14:36:33 +01:00
Hanno Becker
12b72c182e UDP proxy: Fix bug in freeing delayed messages 2018-08-23 13:15:36 +01:00
Hanno Becker
903ee3d363 Merge branch 'datagram_packing' into message_reordering 2018-08-21 17:24:17 +01:00
Hanno Becker
101bcba26f UDP proxy: Allow more than one message to be delayed
Previously, the UDP proxy could only remember one delayed message
for future transmission; if two messages were delayed in succession,
without another one being normally forwarded in between,
the message that got delayed first would be dropped.

This commit enhances the UDP proxy to allow to delay an arbitrary
(compile-time fixed) number of messages in succession.
2018-08-21 16:50:30 +01:00
Hanno Becker
f61ff4e1d6 ssl_server2: Remove redundant new line 2018-08-21 13:17:47 +01:00
Hanno Becker
6aeaa05a95 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-20 12:53:37 +01:00
Hanno Becker
caf8741891 Fix typo in documentation of UDP proxy argument 'delay_cli' 2018-08-20 09:45:51 +01:00
Manuel Pégourié-Gonnard
6e7aaca146 Move MTU setting to SSL context, not config
This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)

There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
  during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
  based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
2018-08-20 10:37:23 +02:00
Hanno Becker
01ea778363 UDP proxy: Add option to delay specific handshake messages 2018-08-17 16:52:08 +01:00
Hanno Becker
4d61591c0c Add cmd line option to ssl_client2 for datagram packing
This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_client2
allowing to allow/forbid the use of datagram packing.
2018-08-17 15:45:40 +01:00
Hanno Becker
e7675d0d3d Add cmd line option to ssl_server2 for datagram packing
This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_server2
allowing to allow/forbid the use of datagram packing.
2018-08-17 15:45:33 +01:00
Manuel Pégourié-Gonnard
b747c6cf9b Add basic first tests for MTU setting
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Mohammad Azim Khan
9ebdcffef4 Fix Wformat-overflow warning in ssl_mail_client.c
sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
2018-08-14 11:02:23 +01:00
Simon Butcher
2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher
c88c627fba Merge remote-tracking branch 'public/pr/1658' into development 2018-07-24 17:19:10 +01:00
Jaeden Amero
4ed32d065b cpp_dummy_build: Add NIST key wrapping header 2018-07-24 16:51:09 +01:00
Ron Eldor
9ab746c7c9 Add selftests
Add selftests for key wrapping
2018-07-24 16:43:20 +01:00
Simon Butcher
fb3b0320d0 Merge remote-tracking branch 'public/pr/919' into development 2018-07-24 13:28:51 +01:00
Simon Butcher
116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher
cce68bec1d Add a macro to define the memory size in ssl_server2.c
When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
2018-07-23 14:26:09 +01:00
Simon Butcher
ccbd46435f Increase the memory buffer size for ssl_server2.c
Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
2018-07-22 14:43:39 +01:00
Andres Amaya Garcia
ce6fbac247 Fix ssl_client2 to send 0-length app data 2018-07-20 23:09:29 +01:00
Simon Butcher
7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher
fad547072a Merge remote-tracking branch 'public/pr/532' into development 2018-07-19 16:15:51 +01:00
Andrzej Kurek
991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Nicholas Wilson
61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00