Commit ed27a041 authored by Paul Bakker's avatar Paul Bakker
Browse files

More granular define selections within code to allow for smaller code

sizes
parent 7e5e7ca2
......@@ -33,7 +33,9 @@
int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
#if defined(POLARSSL_BIGNUM_C)
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
#endif
int asn1_write_null( unsigned char **p, unsigned char *start );
int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid );
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *algorithm_oid );
......
......@@ -44,14 +44,20 @@
#define SSL_DEBUG_BUF( level, text, buf, len ) \
debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
#if defined(POLARSSL_BIGNUM_C)
#define SSL_DEBUG_MPI( level, text, X ) \
debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_ECP_C)
#define SSL_DEBUG_ECP( level, text, X ) \
debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
#endif
#if defined(POLARSSL_X509_PARSE_C)
#define SSL_DEBUG_CRT( level, text, crt ) \
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
#endif
#else
......@@ -81,9 +87,11 @@ void debug_print_buf( const ssl_context *ssl, int level,
const char *file, int line, const char *text,
unsigned char *buf, size_t len );
#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mpi *X );
#endif
#if defined(POLARSSL_ECP_C)
void debug_print_ecp( const ssl_context *ssl, int level,
......@@ -91,9 +99,11 @@ void debug_print_ecp( const ssl_context *ssl, int level,
const char *text, const ecp_point *X );
#endif
#if defined(POLARSSL_X509_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const x509_cert *crt );
#endif
#ifdef __cplusplus
}
......
......@@ -30,6 +30,7 @@
#include <string.h>
#include "asn1.h"
#include "md.h"
#include "pk.h"
#include "x509.h"
#define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
......@@ -196,6 +197,7 @@ typedef struct {
*/
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Translate an X.509 extension OID into local values
*
......@@ -205,6 +207,7 @@ int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
* \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
*/
int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type );
#endif
/**
* \brief Translate an X.509 attribute type OID into the short name
......
/**
* \file pk.h
*
* \brief Public Key abstraction layer
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PK_H
#define POLARSSL_PK_H
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Public key types
*/
typedef enum {
POLARSSL_PK_NONE=0,
POLARSSL_PK_RSA,
POLARSSL_PK_ECDSA,
} pk_type_t;
#ifdef __cplusplus
}
#endif
#endif /* pk.h */
......@@ -27,6 +27,10 @@
#ifndef POLARSSL_RSA_H
#define POLARSSL_RSA_H
#include "config.h"
#if defined(POLARSSL_RSA_C)
#include "bignum.h"
#include "md.h"
......@@ -520,4 +524,6 @@ int rsa_self_test( int verbose );
}
#endif
#endif /* POLARSSL_RSA_C */
#endif /* rsa.h */
......@@ -29,16 +29,25 @@
#include <time.h>
#include "config.h"
#include "net.h"
#include "rsa.h"
#include "bignum.h"
#include "md5.h"
#include "sha1.h"
#include "sha2.h"
#include "sha4.h"
#include "x509.h"
#include "config.h"
#include "ssl_ciphersuites.h"
#if defined(POLARSSL_X509_PARSE_C)
#include "x509.h"
#endif
#if defined(POLARSSL_RSA_C)
#include "rsa.h"
#endif
#if defined(POLARSSL_DHM_C)
#include "dhm.h"
#endif
......@@ -227,6 +236,15 @@
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
/*
* Size defines
*/
#if !defined(POLARSSL_MPI_MAX_SIZE)
#define POLARSSL_PREMASTER_SIZE 512
#else
#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
#endif
/*
* Generic function pointers for allowing external RSA private key
* implementations.
......@@ -281,7 +299,10 @@ struct _ssl_session
size_t length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */
#if defined(POLARSSL_X509_PARSE_C)
x509_cert *peer_cert; /*!< peer X.509 cert chain */
#endif /* POLARSSL_X509_PARSE_C */
};
/*
......@@ -340,8 +361,8 @@ struct _ssl_handshake_params
#if defined(POLARSSL_ECDH_C)
ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif
#if defined(POLARSSL_ECP_C)
int ec_curve; /*!< Selected elliptic curve */
#if defined(POLARSSL_ECP_C)
int ec_point_format; /*!< Client supported format */
#endif
......@@ -363,7 +384,7 @@ struct _ssl_handshake_params
size_t pmslen; /*!< premaster length */
unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[POLARSSL_MPI_MAX_SIZE];
unsigned char premaster[POLARSSL_PREMASTER_SIZE];
/*!< premaster secret */
int resume; /*!< session resume indicator*/
......@@ -392,7 +413,6 @@ struct _ssl_context
void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, size_t);
int (*f_send)(void *, const unsigned char *, size_t);
int (*f_vrfy)(void *, x509_cert *, int, int *);
int (*f_get_cache)(void *, ssl_session *);
int (*f_set_cache)(void *, const ssl_session *);
int (*f_sni)(void *, ssl_context *, const unsigned char *, size_t);
......@@ -401,12 +421,16 @@ struct _ssl_context
void *p_dbg; /*!< context for the debug function */
void *p_recv; /*!< context for reading operations */
void *p_send; /*!< context for writing operations */
void *p_vrfy; /*!< context for verification */
void *p_get_cache; /*!< context for cache retrieval */
void *p_set_cache; /*!< context for cache store */
void *p_sni; /*!< context for SNI extension */
void *p_hw_data; /*!< context for HW acceleration */
#if defined(POLARSSL_X509_PARSE_C)
int (*f_vrfy)(void *, x509_cert *, int, int *);
void *p_vrfy; /*!< context for verification */
#endif
/*
* Session layer
*/
......@@ -458,15 +482,19 @@ struct _ssl_context
/*
* PKI layer
*/
#if defined(POLARSSL_RSA_C)
void *rsa_key; /*!< own RSA private key */
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
rsa_sign_func rsa_sign; /*!< function for RSA sign */
rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_X509_PARSE_C)
x509_cert *own_cert; /*!< own X.509 certificate */
x509_cert *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */
const char *peer_cn; /*!< expected peer CN */
#endif /* POLARSSL_X509_PARSE_C */
/*
* User settings
......@@ -610,6 +638,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
*/
void ssl_set_authmode( ssl_context *ssl, int authmode );
#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Set the verification callback (Optional).
*
......@@ -624,6 +653,7 @@ void ssl_set_authmode( ssl_context *ssl, int authmode );
void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int *),
void *p_vrfy );
#endif /* POLARSSL_X509_PARSE_C */
/**
* \brief Set the random number generator callback
......@@ -741,6 +771,7 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
const int *ciphersuites,
int major, int minor );
#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Set the data required to verify peer certificate
*
......@@ -790,6 +821,7 @@ void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
/**
......@@ -976,6 +1008,7 @@ const char *ssl_get_ciphersuite( const ssl_context *ssl );
*/
const char *ssl_get_version( const ssl_context *ssl );
#if defined(POLARSSL_X509_PARSE_C)
/**
* \brief Return the peer certificate from the current connection
*
......@@ -991,6 +1024,7 @@ const char *ssl_get_version( const ssl_context *ssl );
* \return the current peer certificate
*/
const x509_cert *ssl_get_peer_cert( const ssl_context *ssl );
#endif /* POLARSSL_X509_PARSE_C */
/**
* \brief Perform the SSL handshake
......
......@@ -46,7 +46,9 @@ struct _ssl_cache_entry
{
time_t timestamp; /*!< entry timestamp */
ssl_session session; /*!< entry session */
#if defined(POLARSSL_X509_PARSE_C)
x509_buf peer_cert; /*!< entry peer_cert */
#endif
ssl_cache_entry *next; /*!< chain pointer */
};
......
......@@ -27,10 +27,14 @@
#ifndef POLARSSL_X509_H
#define POLARSSL_X509_H
#include "config.h"
#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
#include "asn1.h"
#include "rsa.h"
#include "dhm.h"
#include "md.h"
#include "pk.h"
/**
* \addtogroup x509_module
......@@ -134,12 +138,6 @@
#define X509_FORMAT_DER 1
#define X509_FORMAT_PEM 2
typedef enum {
POLARSSL_PK_NONE=0,
POLARSSL_PK_RSA,
POLARSSL_PK_ECDSA,
} pk_type_t;
/**
* \addtogroup x509_module
* \{ */
......@@ -668,4 +666,5 @@ int x509_self_test( int verbose );
}
#endif
#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
#endif /* x509.h */
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_X509_WRITE_H
#define POLARSSL_X509_WRITE_H
#if defined(POLARSSL_X509_WRITE_C)
#include "rsa.h"
typedef struct _x509_req_name
......@@ -43,4 +45,6 @@ int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa );
int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
x509_req_name *req_name, md_type_t md_alg );
#endif /* POLARSSL_X509_WRITE_C */
#endif /* POLARSSL_X509_WRITE_H */
......@@ -72,6 +72,7 @@ int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
return( 1 );
}
#if defined(POLARSSL_BIGNUM_C)
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
{
int ret;
......@@ -104,7 +105,8 @@ int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
return( len );
}
#endif /* POLARSSL_BIGNUM_C */
int asn1_write_null( unsigned char **p, unsigned char *start )
{
int ret;
......
......@@ -150,6 +150,7 @@ void debug_print_ecp( const ssl_context *ssl, int level,
}
#endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_BIGNUM_C)
void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mpi *X )
......@@ -221,7 +222,9 @@ void debug_print_mpi( const ssl_context *ssl, int level,
ssl->f_dbg( ssl->p_dbg, level, "\n" );
}
#endif /* POLARSSL_BIGNUM_C */
#if defined(POLARSSL_X509_PARSE_C)
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const x509_cert *crt )
......@@ -256,5 +259,6 @@ void debug_print_crt( const ssl_context *ssl, int level,
crt = crt->next;
}
}
#endif /* POLARSSL_X509_PARSE_C */
#endif
......@@ -33,6 +33,8 @@
#include "polarssl/md.h"
#include "polarssl/rsa.h"
#include <stdio.h>
/*
* For X520 attribute types
*/
......@@ -77,6 +79,7 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
}
};
#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
/*
* For X509 extensions
*/
......@@ -123,6 +126,7 @@ static const oid_descriptor_t oid_ext_key_usage[] =
{ OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" },
{ NULL, NULL, NULL },
};
#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
/*
* For SignatureAlgorithmIdentifier
......@@ -378,6 +382,7 @@ static const oid_descriptor_t *oid_descriptor_from_asn1(
oid->p, oid->len );
}
#if defined(POLARSSL_X509_PARSE_C) || defined(POLARSSL_X509_WRITE_C)
int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc )
{
const oid_descriptor_t *data = oid_descriptor_from_asn1(
......@@ -401,6 +406,20 @@ static const oid_x509_ext_t *oid_x509_ext_from_asn1( const asn1_buf *oid )
oid );
}
int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type )
{
const oid_x509_ext_t *data = oid_x509_ext_from_asn1( oid );
if( data == NULL )
return( POLARSSL_ERR_OID_NOT_FOUND );
*ext_type = data->ext_type;
return( 0 );
}
#endif /* POLARSSL_X509_PARSE_C || POLARSSL_X509_WRITE_C */
static const oid_x520_attr_t *oid_x520_attr_from_asn1( const asn1_buf *oid )
{
return (const oid_x520_attr_t *) oid_descriptor_from_asn1(
......@@ -433,18 +452,6 @@ static const oid_md_alg_t *oid_md_alg_from_asn1( const asn1_buf *oid )
oid );
}
int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type )
{
const oid_x509_ext_t *data = oid_x509_ext_from_asn1( oid );
if( data == NULL )
return( POLARSSL_ERR_OID_NOT_FOUND );
*ext_type = data->ext_type;
return( 0 );
}
int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name )
{
const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid );
......
......@@ -72,6 +72,7 @@ int ssl_cache_get( void *data, ssl_session *session )
memcpy( session->master, entry->session.master, 48 );
#if defined(POLARSSL_X509_PARSE_C)
/*
* Restore peer certificate (without rest of the original chain)
*/
......@@ -90,6 +91,7 @@ int ssl_cache_get( void *data, ssl_session *session )
return( 1 );
}
}
#endif /* POLARSSL_X509_PARSE_C */
return( 0 );
}
......@@ -140,11 +142,13 @@ int ssl_cache_set( void *data, const ssl_session *session )
{
cur = old;
memset( &cur->session, 0, sizeof(ssl_session) );
#if defined(POLARSSL_X509_PARSE_C)
if( cur->peer_cert.p != NULL )
{
free( cur->peer_cert.p );
memset( &cur->peer_cert, 0, sizeof(x509_buf) );
}
#endif /* POLARSSL_X509_PARSE_C */
}
else
{
......@@ -164,7 +168,8 @@ int ssl_cache_set( void *data, const ssl_session *session )
}
memcpy( &cur->session, session, sizeof( ssl_session ) );
#if defined(POLARSSL_X509_PARSE_C)
/*
* Store peer certificate
*/
......@@ -180,6 +185,7 @@ int ssl_cache_set( void *data, const ssl_session *session )
cur->session.peer_cert = NULL;
}
#endif /* POLARSSL_X509_PARSE_C */
return( 0 );
}
......@@ -211,8 +217,10 @@ void ssl_cache_free( ssl_cache_context *cache )
ssl_session_free( &prv->session );
#if defined(POLARSSL_X509_PARSE_C)
if( prv->peer_cert.p != NULL )
free( prv->peer_cert.p );
#endif /* POLARSSL_X509_PARSE_C */
free( prv );
}
......
......@@ -128,6 +128,7 @@ static int supported_init = 0;
static const ssl_ciphersuite_t ciphersuite_definitions[] =
{
#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C)
#if defined(POLARSSL_ECDH_C)
#if defined(POLARSSL_AES_C)
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
......@@ -201,7 +202,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC },
#endif
#endif /* POLARSSL_ARC4_C */
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
{ TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
......@@ -209,8 +210,8 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
#endif
#endif
#endif /* POLARSSL_CIPHER_NULL_CIPHER */
#endif /* POLARSSL_ECDH_C */
#if defined(POLARSSL_ARC4_C)
{ TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
......@@ -387,6 +388,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_DES_C */
#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
#if defined(POLARSSL_AES_C)
......@@ -451,6 +453,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#endif /* POLARSSL_ARC4_C */
#endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C)
#if defined(POLARSSL_AES_C)
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
......@@ -480,9 +483,11 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
#endif /* POLARSSL_ARC4_C */
#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */
#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
#if defined(POLARSSL_X509_PARSE_C) && defined(POLARSSL_RSA_C)
#if defined(POLARSSL_CIPHER_NULL_CIPHER)
{ TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
POLARSSL_CIPHER_NULL, POLARSSL_MD_MD5, POLARSSL_KEY_EXCHANGE_RSA,
......@@ -518,6 +523,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK },
#endif /* POLARSSL_DES_C */
#endif /* POLARSSL_X509_PARSE_C && POLARSSL_RSA_C */
#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
......
......@@ -742,7 +742,11 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_DHM_C)
#if !defined(POLARSSL_DHM_C)
((void) ssl);
((void) p);
((void) end);
#else
/*
* Ephemeral DH parameters:
*
......@@ -779,7 +783,11 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_ECDH_C)
#if !defined(POLARSSL_ECDH_C)
((void) ssl);
((void) p);
((void) end);
#else
/*
* Ephemeral ECDH parameters:
*
......@@ -816,7 +824,11 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl,
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
#if !defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
((void) ssl);
((void) p);
((void) end);
#else
size_t len;
/*
......@@ -840,6 +852,7 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl,
return( ret );