Commit Graph

10480 Commits

Author SHA1 Message Date
Arto Kinnunen
1480444e8e Add config option for AES encryption only
-Add config option for AES encyption only to config.h. Feature is
 disabled by default.
-Enable AES encrypt only feature in baremetal.h configuration
-Remove AES encypt only feature from full config
2019-10-24 12:19:33 +03:00
Arto Kinnunen
366c13eaad Update AES 128-bit key test
Flag out 192/256-bit key tests from test_suite_cipher.gcm
2019-10-24 09:49:23 +03:00
Arto Kinnunen
4c003ca80c Update AES 128-key test
- Unset MBEDTLS_PADLOCK_C in aes_only_128_bit_keys test to get RAM
  optimised version tested
- Use compiler flag "-O1" instead of "-Wall -Wextra" to see warnings
2019-10-24 09:49:23 +03:00
Arto Kinnunen
5ed870da72 Adjust AES RAM usage according to config options
Do not reserve additionl space for mbedtls_aes_context if config
option AES_ONLY_128_BIT_KEY_LENGTH is used and PADLOCK_C is not used.
This reduces RAM usage by 96 bytes.

In baremetal configuration reserve space for 10 128-bit keys in order
to save 112 bytes of heap.
2019-10-24 09:49:23 +03:00
Arto Kinnunen
5bdafa21e0 Update version_features.c 2019-10-24 09:49:23 +03:00
Arto Kinnunen
265d162d07 Update AES-128 bit configuration
- Do not include MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to full config
  as it requires also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY

- Update check_config to check availability of flags:
   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
   MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-10-24 09:49:23 +03:00
Arto Kinnunen
60b11064c5 Update configuration
Move MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to proper place in config.h
2019-10-24 09:49:23 +03:00
Arto Kinnunen
4ab702b24a Add AES 128-bit key dependency to tests
- Do not run tests that are using 192/256-bit keys if only
  128-bit keys are allowed for AES.
- Add AES 128-bit-only test to all.sh
2019-10-24 09:49:23 +03:00
Arto Kinnunen
77b9cfcea9 AES: add config option for 128-bit keys
Add configuration options to support only 128-bit key lengths in AES
calculation.
2019-10-24 09:49:23 +03:00
Simon Butcher
e2bf54d3d1 Merge remote-tracking branch 'public/pr/2877' into baremetal 2019-10-23 14:53:29 +01:00
Simon Butcher
713e5c365d Merge remote-tracking branch 'public/pr/2880' into baremetal 2019-10-23 14:52:27 +01:00
Simon Butcher
a26fb4c64f Merge remote-tracking branch 'public/pr/2870' into baremetal 2019-10-23 14:51:37 +01:00
Teppo Järvelin
3d414bfb65 Increased MEMORY_HEAP_SIZE to 140000 in ssl_server2 to get CI passing. 2019-10-22 14:44:13 +03:00
Teppo Järvelin
11e881b536 Changed entropy to be allocated from stack to heap in ssl_server2 2019-10-22 14:44:13 +03:00
Teppo Järvelin
8e0e48199b Changed main buf to be allocated from heap in ssl_client2 2019-10-22 14:44:13 +03:00
Teppo Järvelin
8e0fe19a6a Various changes to get CI passing after changes in ssl_server and client stack to heap 2019-10-22 14:43:56 +03:00
Manuel Pégourié-Gonnard
66491e1840 Fix undefined references to hardware_poll()
Ultimately, mbedtls_hardware_poll() is going to be provided by the
OS/environment when running on target. But for on-host programs and tests, we
need to define (a fake version) in each program that we want to be able to
link.

A previous commit took care of ssl_client2 and ssl_server2. But if we want to
be able to compile all programs, we need to modify each of them. This doesn't
seem useful, so instead let's just build the programs we need for testing -
this means only udp_proxy needs fixing in addition to what's already done.

This issue went unnoticed in the PR that introduced the new all.sh component,
because at that time the platform_memxxx() functions were not actually used in
the library (nor in programs), so the linker could live with
mbedtls_hardware_poll() not being defined, as it wasn't called anywhere. This
changed when we started using the new platform_memxxx() functions in the
library.
2019-10-22 12:50:13 +02:00
Jarno Lamsa
08d6cf2070 Modify the test_baremetal in all.sh
Allow it to run the whole ssl-opt.sh instead of filtering only to
Default, DTLS
2019-10-22 13:32:26 +03:00
Jarno Lamsa
33281d5546 Add requires entries for tests
To be able to pass the ssl_opt.sh with the baremetal configuration
2019-10-22 13:32:26 +03:00
Manuel Pégourié-Gonnard
3d01f2313b Use plain memset() in HMAC-DRBG seeding
The line above the memset() relies on the fact that V is all-zero at that
point (see the comment above), so it doesn't contain a sensitive value.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
895454da01 Use plain memset() for public data in ssl_tls.c
- out_ctr is public because it's transmited over the wire in DTLS (and in TLS
  it can be inferred by a passive network attacker just by counting records).
- handshake mask is not a secret because it can be inferred by a passive
  network attacker just logging record sequence number seen so far.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
ee0c35fbf5 Use plain memset() for session ID and Hello.Random
Those are public values (transmitted in the clear over the wire).
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
6bf30be457 Use plain memset() for signature transcoding
By nature, signatures don't need to be kept secret.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
54526c3c89 Use plain memset() for freshly allocated objects
This commits reverts to plain memset() for cases like:

    some_type foo;
    memset( &foo, 0, sizeof( foo ) );

(Sometimes there is code between declaration in memset(), but it doesn't
matter as long as it doesn't touch foo.)

The reasoning is the same as in the previous commit: the stack shouldn't
contain sensitive data as we carefully wipe it after use.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
994193326b Use plain memset() in context init functions
We call xxx_init() on a structure when it has been freshly allocated (on the
stack or heap).

At this point it contains random-looking data none of which should be
sensitive, as all sensitive data is wiped using mbedtls_platform_zeroize()
when we're done using it and the memory area is going to be reclaimed (by
exiting the function or free()ing the buffer).
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
14f33e74c0 Use platform_memset() in platform_zeroize()
We're using zeroize in many places in order to erase secrets, so we really
need it to be as secure as possible.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
5220781b98 Fix missing include in some files
Add it in all files that use mbedtls_plaform_memset() but didn't already
include platfom_util.h.

In some configurations it just happened to work, either because it was
included indirectly or because the part of the code that used that function
was disabled, but it some configurations it broke, so let's fix it properly.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
7a346b866c Replace memset() with mbedtls_platform_memset()
Steps:

1. sed -i 's/\bmemset(\([^)]\)/mbedtls_platform_memset(\1/g' library/*.c tinycrypt/*.c include/mbedtls/*.h scripts/data_files/*.fmt

2. Manually edit library/platform_util.c to revert to memset() in the
implementations of mbedtls_platform_memset() and mbedtls_platform_memcpy()

3. egrep -n '\<memset\>' library/*.c include/mbedtls/*.h tinycrypt/*.c
The remaining occurrences are in three categories:
    a. From point 2 above.
    b. In comments.
    c. In the initialisation of memset_func, to be changed in a future commit.
2019-10-22 10:03:07 +02:00
Teppo Järvelin
52c9ecb408 Fixed memory leak in ssl_server2.c main
Allocations are now done after command line parsing.
Added more checks if allocations are needed and fixed
baremetal tests with these defines.
2019-10-15 14:21:29 +03:00
Teppo Järvelin
ff1ce269d0 Fixed to compile: ssl_async_keys is not a pointer but was treated that way when giving to functions. 2019-10-14 08:14:34 +03:00
Hanno Becker
ead3aae8d9 Reduce number of entropy sources to 1 in baremetal configuration 2019-10-10 11:47:28 +03:00
Hanno Becker
c828432920 Make use of copy-less CRT parsing API in ssl_client2/ssl_server2 2019-10-10 11:47:28 +03:00
Hanno Becker
7d864c494a ssl_client2/ssl_server2: Use heap for various structures
This commit modifies the example programs ssl_client2 and ssl_server2
to allocate various structures on the heap instead of the stack. This
allows more fine-grained memory usage tracking via valgrind massif.
2019-10-10 11:47:28 +03:00
Simon Butcher
f0963f7141 Merge remote-tracking branch 'public/pr/2867' into baremetal 2019-10-08 18:57:31 +01:00
Simon Butcher
f7881ad2b7 Merge remote-tracking branch 'public/pr/2865' into baremetal 2019-10-08 18:42:04 +01:00
Simon Butcher
3a9d8a54e4 Merge remote-tracking branch 'public/pr/2881' into baremetal 2019-10-08 18:39:34 +01:00
Manuel Pégourié-Gonnard
0a9b44ddaa Merge branch 'mbedtls-2.16' into baremetal-2.16-20191004
* mbedtls-2.16: (25 commits)
  Fix compilation error
  Add const to variable
  Fix endianity issue when reading uint32
  Increase test suite timeout
  Reduce stack usage of test_suite_pkcs1_v15
  Reduce stack usage of test_suite_pkcs1_v21
  Reduce stack usage of test_suite_rsa
  Reduce stack usage of test_suite_pk
  Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh
  Remove unnecessary memory buffer alloc and memory backtrace unsets
  Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test
  all.sh: restructure memory allocator tests
  Add missing dependency in memory buffer alloc set in all.sh
  Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full`
  Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C
  Add all.sh run with full config and ASan enabled
  Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
  Update documentation of exceptions for `config.pl full`
  Adapt all.sh to removal of buffer allocator from full config
  Disable memory buffer allocator in full config
  ...
2019-10-07 12:44:09 +02:00
Jarno Lamsa
c4315e6d5e Address review comments for documentation 2019-10-04 15:42:39 +03:00
Jarno Lamsa
1881ef53b7 Move the definition of function in zeroize
There is a static dependency in the test system for
this file. To prevent the issue from happening, move
the definition to the end of file so that the last
return in the main remains in the same line.
2019-10-04 15:02:57 +03:00
Jarno Lamsa
990135eb4e Add all.sh entry 2019-10-04 14:50:50 +03:00
Teppo Järvelin
0efac53cdc Review fixes: fixed comments to be more accurate and changed one memcmp to safer version 2019-10-04 13:21:08 +03:00
Jarno Lamsa
642596e931 Adapt the example programs
Adapt the example programs if MBEDTLS_ENTROPY_HARDWARE_ALT
is defined.
2019-10-04 12:52:42 +03:00
Jarno Lamsa
f098b26b83 Add rng for the test suites 2019-10-04 12:51:45 +03:00
Teppo Järvelin
707ceb88f0 Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp
Saves some bytes and mbedtls_platform_memcmp is a bit safer for side channel
attacks.
2019-10-04 08:52:00 +03:00
Teppo Järvelin
650343cdcd Changed mbedtls_platform_memcmp to memcmp for places that don't have critical data and are under baremetal
Changed back because we don't wan't to slow down the performance more than we must.
2019-10-04 07:35:55 +03:00
Jarno Lamsa
39a9d40f84 Update documentation for the RNG-function 2019-10-03 13:49:35 +03:00
Jarno Lamsa
436d18dcaa Prevent a 0-modulus
If given range for a random is [0, 0), return 0.
Modulus 0 is undefined behaviour.
2019-10-03 13:49:35 +03:00
Jarno Lamsa
e29e8a49b8 Use MBEDTLS_ENTROPY_HARDWARE_ALT
Use MBEDTLS_ENTROPY_HARDWARE_ALT instead of a new global RNG
flag. When this flag is enabled, the platform provides the RNG.
When running unit tests, rnd_std_rand should be used by overriding
the mbedtls_hardware_poll.
2019-10-03 13:49:34 +03:00
Teppo Järvelin
61f412eb58 Changed every memcmp to SCA equivalent mbedtls_platform_memcmp
This makes physical attacks more difficult.
Selftest memcmp functions were not changed.
2019-10-03 13:14:33 +03:00
Manuel Pégourié-Gonnard
51f65e4b86 Standardize prototypes of platform_memcpy/memset
As replacements of standard library functions, they should have the same
prototype, including return type.

While it doesn't usually matter when used directly, it does when the address
of the function is taken, as done with memset_func, used for implementing
mbedtls_platform_zeroize().
2019-10-03 07:59:58 +03:00