Gilles Peskine
c32f74cf8e
Fix wording
2020-03-13 12:03:12 +00:00
Gilles Peskine
03642fa026
Remove warning that the previous expanded discussion has obsoleted
2020-03-13 12:03:12 +00:00
Gilles Peskine
2d83fe1383
CTR_DRBG: improve the discussion of entropy length vs strength
2020-03-13 12:03:12 +00:00
Gilles Peskine
bb2b8da7d7
CTR_DRBG: Finish an unfinished paragraph
2020-03-13 12:03:12 +00:00
Gilles Peskine
ca28583e95
CTR_DRBG documentation: add changelog entry
...
This is a documentation-only change, but one that users who care about
NIST compliance may be interested in, to review if they're using the
module in a compliant way.
2020-03-13 12:03:12 +00:00
Gilles Peskine
e3dc5942c5
CTR_DRBG: Document the security strength and SP 800-90A compliance
...
Document that a derivation function is used.
Document the security strength of the DRBG depending on the
compile-time configuration and how it is set up. In particular,
document how the nonce specified in SP 800-90A is set.
Mention how to link the ctr_drbg module with the entropy module.
2020-03-13 12:01:28 +00:00
Gilles Peskine
c1c9292d2f
CTR_DRBG: Document the maximum size of some parameters
2020-03-13 12:01:28 +00:00
Gilles Peskine
da5ccce88e
CTR_DRBG documentation clarifications
...
* State explicit whether several numbers are in bits or bytes.
* Clarify whether buffer pointer parameters can be NULL.
* Explain the value of constants that are dependent on the configuration.
2020-03-13 12:01:28 +00:00
Simon Butcher
eb7428cc33
Merge remote-tracking branch 'public/pr/3093' into baremetal
2020-03-10 15:17:39 +00:00
Manuel Pégourié-Gonnard
f0658b18dc
Add detection for zlib headers to all.sh
...
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Manuel Pégourié-Gonnard
ae48d86cb1
Fix bug in record decompression
...
ssl_decompress_buf() was operating on data from the ssl context, but called at
a point where this data is actually in the rec structure. Call it later so
that the data is back to the ssl structure.
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Manuel Pégourié-Gonnard
079864ef54
Add test for record compression in ssl-opt.sh
...
Deprecated but still needs to be tested.
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Manuel Pégourié-Gonnard
df59bfc9d6
Add all.sh components with ZLIB enabled
...
ZLIB support is deprecated, but until it's removed it should still be tested.
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Gilles Peskine
e4d4b1f3d3
Add changelog entry for the zlib support fix
...
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
jiblime
92af9a9792
Fixes definition error when the deprecated MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for zlib support in mbedtls
...
100% tests passed, 0 tests failed out of 85
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Simon Butcher
8eefb9b3b8
Merge remote-tracking branch 'public/pr/2986' into baremetal
2020-01-30 19:49:37 +00:00
Arto Kinnunen
17540ab74c
Fix usage of randomized number in AES
...
-Fix usage of randomized bits (do not reuse the bits)
-Update comments
2020-01-21 12:01:42 +02:00
Arto Kinnunen
311ab594d7
Flag SCA_CM encrypt/decrypt functions
...
There is a 50% performance drop in the SCA_CM enabled encrypt and
decrypt functions. Therefore use the older version of encrypt/decypt
functions when SCA_CM is disabled.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
2b24f4280f
AES review corrections
...
-Do not reuse any part of randomized number, use separate byte for
each purpose.
-Combine some separate loops together to get rid of gap between them
-Extend usage of flow_control
2020-01-21 12:01:42 +02:00
Arto Kinnunen
98c93af1ef
Randomize number of AES dummy calculation rounds
...
Use either 4 or 5 dummy rounds in AES encryption/decryption.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
2eb678f5e8
Update AES SCA countermeasures
...
-Add dummy rounds to the start and/or end of the AES calculation
rounds.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
28ecfb002f
Merge remote-tracking branch 'upstream/pr/2983' into baremetal
...
* upstream/pr/2983:
Fix mbedtls_strerror to work with all wanted codes
2020-01-17 11:21:53 +02:00
Arto Kinnunen
ca1978b7d5
Merge remote-tracking branch 'upstream/pr/2982' into baremetal
...
* upstream/pr/2982:
Use mbedtls_platform_memset in data_randomize
Protect get/put on secret data on AES-module
2020-01-17 11:21:41 +02:00
Arto Kinnunen
d1340e455c
Merge remote-tracking branch 'upstream/pr/2980' into baremetal
...
* upstream/pr/2980:
Protect get/put on secret data on sha256-module
2020-01-17 11:21:32 +02:00
Arto Kinnunen
10a2ffde5d
Merge remote-tracking branch 'upstream/pr/2945' into baremetal
...
* upstream/pr/2945:
Rename macro MBEDTLS_MAX_RAND_DELAY
Update signature of mbedtls_platform_random_delay
Replace mbedtls_platform_enforce_volatile_reads 2
Replace mbedtls_platform_enforce_volatile_reads
Add more variation to random delay countermeasure
Add random delay to enforce_volatile_reads
Update comments of mbedtls_platform_random_delay
Follow Mbed TLS coding style
Add random delay function to platform_utils
2020-01-17 11:21:16 +02:00
Jarno Lamsa
8f8c0bdfc7
Use mbedtls_platform_memset in data_randomize
...
More secure memset should be used here instead
of standard memset.
2020-01-10 08:19:37 +02:00
Jarno Lamsa
282db8e3f8
Protect get/put on secret data on AES-module
...
When reading the input, buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will start
from a random offset.
2020-01-10 08:19:37 +02:00
Teppo Järvelin
5bc072f737
Fix mbedtls_strerror to work with all wanted codes
2020-01-09 14:22:32 +02:00
Arto Kinnunen
b148651e49
Rename macro MBEDTLS_MAX_RAND_DELAY
...
MBEDTLS_MAX_RAND_DELAY renamed to MAX_RAND_DELAY to get CI passing.
2020-01-09 11:11:23 +02:00
Arto Kinnunen
ac6d226939
Update signature of mbedtls_platform_random_delay
...
Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks.
2020-01-09 10:19:07 +02:00
Simon Butcher
05ca9d46c1
Merge remote-tracking branch 'public/pr/2979' into baremetal
2020-01-08 18:15:52 +00:00
Simon Butcher
282911eabf
Merge remote-tracking branch 'public/pr/2978' into baremetal
2020-01-08 18:14:21 +00:00
Simon Butcher
01d78fcefe
Merge remote-tracking branch 'public/pr/2971' into baremetal
2020-01-08 18:10:44 +00:00
Simon Butcher
2d9c0eb215
Merge remote-tracking branch 'public/pr/2948' into baremetal
2020-01-08 18:08:28 +00:00
Simon Butcher
4b3b8c208e
Merge remote-tracking branch 'public/pr/2886' into baremetal
2020-01-08 17:53:43 +00:00
Simon Butcher
5dc7faf56e
Merge remote-tracking branch 'public/pr/2956' into baremetal
2020-01-08 17:53:16 +00:00
Jarno Lamsa
bb86c52430
Protect get/put on secret data on sha256-module
...
When reading the input, the buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will
start from a random offset.
2020-01-08 10:45:51 +02:00
Teppo Järvelin
cafb6c91b0
Clear internal decrypted buffer after read
2020-01-08 10:25:16 +02:00
Arto Kinnunen
0a8f87f5eb
Remove entropy source overwrite in baremetal_test
...
-Do not overwrite MBEDTLS_ENTROPY_MAX_SOURCES in baremetal_test.h
-Skip tests that are not suitable for low number of entropy sources
2020-01-07 14:48:33 +02:00
Arto Kinnunen
7195571681
Replace mbedtls_platform_enforce_volatile_reads 2
...
Replace remaining mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
e91f0dc905
Replace mbedtls_platform_enforce_volatile_reads
...
Replace function mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
dbf2b43ceb
Add more variation to random delay countermeasure
...
Add more variation to the random delay function by xor:ing two
variables. It is not enough to increment just a counter to create a
delay as it will be visible as uniform delay that can be easily
removed from the trace by analysis.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
0490485be5
Add random delay to enforce_volatile_reads
...
Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
9a506e7424
Update comments of mbedtls_platform_random_delay
2020-01-07 10:47:58 +02:00
Arto Kinnunen
b47b105838
Follow Mbed TLS coding style
2020-01-07 10:47:58 +02:00
Arto Kinnunen
4c63b98e94
Add random delay function to platform_utils
...
Add delay function to platform_utils. The function will delay
program execution by incrementing local variable randomised number of
times.
2020-01-07 10:47:58 +02:00
Teppo Järvelin
c2fa3eaa81
Removed dead code after optimization in tinycrypt
2020-01-05 12:02:37 +02:00
Teppo Järvelin
8f7e36fc98
Coverity fixes, check hmac return values
2020-01-05 12:02:37 +02:00
Teppo Järvelin
0b1d7d946d
Coverity fix: dead error condition removed from ecc.c
2020-01-05 12:02:04 +02:00
Simon Butcher
7d2434fac2
Merge remote-tracking branch 'public/pr/2973' into baremetal
2020-01-03 15:52:36 +00:00