Commit Graph

10400 Commits

Author SHA1 Message Date
Gilles Peskine
c32f74cf8e Fix wording 2020-03-13 12:03:12 +00:00
Gilles Peskine
03642fa026 Remove warning that the previous expanded discussion has obsoleted 2020-03-13 12:03:12 +00:00
Gilles Peskine
2d83fe1383 CTR_DRBG: improve the discussion of entropy length vs strength 2020-03-13 12:03:12 +00:00
Gilles Peskine
bb2b8da7d7 CTR_DRBG: Finish an unfinished paragraph 2020-03-13 12:03:12 +00:00
Gilles Peskine
ca28583e95 CTR_DRBG documentation: add changelog entry
This is a documentation-only change, but one that users who care about
NIST compliance may be interested in, to review if they're using the
module in a compliant way.
2020-03-13 12:03:12 +00:00
Gilles Peskine
e3dc5942c5 CTR_DRBG: Document the security strength and SP 800-90A compliance
Document that a derivation function is used.

Document the security strength of the DRBG depending on the
compile-time configuration and how it is set up. In particular,
document how the nonce specified in SP 800-90A is set.

Mention how to link the ctr_drbg module with the entropy module.
2020-03-13 12:01:28 +00:00
Gilles Peskine
c1c9292d2f CTR_DRBG: Document the maximum size of some parameters 2020-03-13 12:01:28 +00:00
Gilles Peskine
da5ccce88e CTR_DRBG documentation clarifications
* State explicit whether several numbers are in bits or bytes.
* Clarify whether buffer pointer parameters can be NULL.
* Explain the value of constants that are dependent on the configuration.
2020-03-13 12:01:28 +00:00
Simon Butcher
eb7428cc33 Merge remote-tracking branch 'public/pr/3093' into baremetal 2020-03-10 15:17:39 +00:00
Manuel Pégourié-Gonnard
f0658b18dc Add detection for zlib headers to all.sh
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Manuel Pégourié-Gonnard
ae48d86cb1 Fix bug in record decompression
ssl_decompress_buf() was operating on data from the ssl context, but called at
a point where this data is actually in the rec structure. Call it later so
that the data is back to the ssl structure.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Manuel Pégourié-Gonnard
079864ef54 Add test for record compression in ssl-opt.sh
Deprecated but still needs to be tested.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Manuel Pégourié-Gonnard
df59bfc9d6 Add all.sh components with ZLIB enabled
ZLIB support is deprecated, but until it's removed it should still be tested.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Gilles Peskine
e4d4b1f3d3 Add changelog entry for the zlib support fix
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
jiblime
92af9a9792 Fixes definition error when the deprecated MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for zlib support in mbedtls
100% tests passed, 0 tests failed out of 85

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842

https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-09 17:39:04 +00:00
Simon Butcher
8eefb9b3b8 Merge remote-tracking branch 'public/pr/2986' into baremetal 2020-01-30 19:49:37 +00:00
Arto Kinnunen
17540ab74c Fix usage of randomized number in AES
-Fix usage of randomized bits (do not reuse the bits)
-Update comments
2020-01-21 12:01:42 +02:00
Arto Kinnunen
311ab594d7 Flag SCA_CM encrypt/decrypt functions
There is a 50% performance drop in the SCA_CM enabled encrypt and
decrypt functions. Therefore use the older version of encrypt/decypt
functions when SCA_CM is disabled.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
2b24f4280f AES review corrections
-Do not reuse any part of randomized number, use separate byte for
 each purpose.
-Combine some separate loops together to get rid of gap between them
-Extend usage of flow_control
2020-01-21 12:01:42 +02:00
Arto Kinnunen
98c93af1ef Randomize number of AES dummy calculation rounds
Use either 4 or 5 dummy rounds in AES encryption/decryption.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
2eb678f5e8 Update AES SCA countermeasures
-Add dummy rounds to the start and/or end of the AES calculation
 rounds.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
28ecfb002f Merge remote-tracking branch 'upstream/pr/2983' into baremetal
* upstream/pr/2983:
  Fix mbedtls_strerror to work with all wanted codes
2020-01-17 11:21:53 +02:00
Arto Kinnunen
ca1978b7d5 Merge remote-tracking branch 'upstream/pr/2982' into baremetal
* upstream/pr/2982:
  Use mbedtls_platform_memset in data_randomize
  Protect get/put on secret data on AES-module
2020-01-17 11:21:41 +02:00
Arto Kinnunen
d1340e455c Merge remote-tracking branch 'upstream/pr/2980' into baremetal
* upstream/pr/2980:
  Protect get/put on secret data on sha256-module
2020-01-17 11:21:32 +02:00
Arto Kinnunen
10a2ffde5d Merge remote-tracking branch 'upstream/pr/2945' into baremetal
* upstream/pr/2945:
  Rename macro MBEDTLS_MAX_RAND_DELAY
  Update signature of mbedtls_platform_random_delay
  Replace mbedtls_platform_enforce_volatile_reads 2
  Replace mbedtls_platform_enforce_volatile_reads
  Add more variation to random delay countermeasure
  Add random  delay to enforce_volatile_reads
  Update comments of mbedtls_platform_random_delay
  Follow Mbed TLS coding style
  Add random delay function to platform_utils
2020-01-17 11:21:16 +02:00
Jarno Lamsa
8f8c0bdfc7 Use mbedtls_platform_memset in data_randomize
More secure memset should be used here instead
of standard memset.
2020-01-10 08:19:37 +02:00
Jarno Lamsa
282db8e3f8 Protect get/put on secret data on AES-module
When reading the input, buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will start
from a random offset.
2020-01-10 08:19:37 +02:00
Teppo Järvelin
5bc072f737 Fix mbedtls_strerror to work with all wanted codes 2020-01-09 14:22:32 +02:00
Arto Kinnunen
b148651e49 Rename macro MBEDTLS_MAX_RAND_DELAY
MBEDTLS_MAX_RAND_DELAY renamed to MAX_RAND_DELAY to get CI passing.
2020-01-09 11:11:23 +02:00
Arto Kinnunen
ac6d226939 Update signature of mbedtls_platform_random_delay
Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks.
2020-01-09 10:19:07 +02:00
Simon Butcher
05ca9d46c1 Merge remote-tracking branch 'public/pr/2979' into baremetal 2020-01-08 18:15:52 +00:00
Simon Butcher
282911eabf Merge remote-tracking branch 'public/pr/2978' into baremetal 2020-01-08 18:14:21 +00:00
Simon Butcher
01d78fcefe Merge remote-tracking branch 'public/pr/2971' into baremetal 2020-01-08 18:10:44 +00:00
Simon Butcher
2d9c0eb215 Merge remote-tracking branch 'public/pr/2948' into baremetal 2020-01-08 18:08:28 +00:00
Simon Butcher
4b3b8c208e Merge remote-tracking branch 'public/pr/2886' into baremetal 2020-01-08 17:53:43 +00:00
Simon Butcher
5dc7faf56e Merge remote-tracking branch 'public/pr/2956' into baremetal 2020-01-08 17:53:16 +00:00
Jarno Lamsa
bb86c52430 Protect get/put on secret data on sha256-module
When reading the input, the buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will
start from a random offset.
2020-01-08 10:45:51 +02:00
Teppo Järvelin
cafb6c91b0 Clear internal decrypted buffer after read 2020-01-08 10:25:16 +02:00
Arto Kinnunen
0a8f87f5eb Remove entropy source overwrite in baremetal_test
-Do not overwrite MBEDTLS_ENTROPY_MAX_SOURCES in baremetal_test.h
-Skip tests that are not suitable for low number of entropy sources
2020-01-07 14:48:33 +02:00
Arto Kinnunen
7195571681 Replace mbedtls_platform_enforce_volatile_reads 2
Replace remaining mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
e91f0dc905 Replace mbedtls_platform_enforce_volatile_reads
Replace function mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
dbf2b43ceb Add more variation to random delay countermeasure
Add more variation to the random delay function by xor:ing two
variables. It is not enough to increment just a counter to create a
delay as it will be visible as uniform delay that can be easily
removed from the trace by analysis.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
0490485be5 Add random delay to enforce_volatile_reads
Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
9a506e7424 Update comments of mbedtls_platform_random_delay 2020-01-07 10:47:58 +02:00
Arto Kinnunen
b47b105838 Follow Mbed TLS coding style 2020-01-07 10:47:58 +02:00
Arto Kinnunen
4c63b98e94 Add random delay function to platform_utils
Add delay function to platform_utils. The function will delay
program execution by incrementing local variable randomised number of
times.
2020-01-07 10:47:58 +02:00
Teppo Järvelin
c2fa3eaa81 Removed dead code after optimization in tinycrypt 2020-01-05 12:02:37 +02:00
Teppo Järvelin
8f7e36fc98 Coverity fixes, check hmac return values 2020-01-05 12:02:37 +02:00
Teppo Järvelin
0b1d7d946d Coverity fix: dead error condition removed from ecc.c 2020-01-05 12:02:04 +02:00
Simon Butcher
7d2434fac2 Merge remote-tracking branch 'public/pr/2973' into baremetal 2020-01-03 15:52:36 +00:00