Andrzej Kurek
7d0a6864d3
Make CCM shuffling and masking optional
...
Add a define for CCM shuffling and masking operations.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-26 06:35:04 -05:00
Andrzej Kurek
ab3de1daff
Add flow control protection to ccm
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-26 03:24:14 -05:00
Andrzej Kurek
8265f5cc4f
Merge pull request #3880 from AndrzejKurek/fi-random-delays
...
Add random delays to sha256 to protect against fault injection
2020-11-25 13:38:52 -05:00
Andrzej Kurek
9b92865bcd
Merge pull request #3850 from AndrzejKurek/ccm-clean-temp-data
...
ccm - clean temp data
2020-11-25 11:14:05 -05:00
Andrzej Kurek
549a35690c
Merge pull request #3890 from AndrzejKurek/fi-memcpy-memset-fail
...
Add a callback for platform faults in platform_util.c
2020-11-25 11:13:32 -05:00
Andrzej Kurek
1c448168b2
Merge pull request #3913 from jarvte/memfix_variablebuffer
...
Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined
2020-11-25 09:45:53 -05:00
Andrzej Kurek
7f81c86a0d
Add a callback for platform faults in platform_util.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:53:59 -05:00
Andrzej Kurek
9bc6119bb9
Add random delays to sha256 to protect against fault injection
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:38:05 -05:00
Andrzej Kurek
142f09fb96
ccm: zeroize buffers before and after usage
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:20:43 -05:00
Andrzej Kurek
5eba1d82a2
Merge pull request #3841 from AndrzejKurek/baremetal-rnd-in-range-fix
...
Move size checks outside of mbedtls_platform_random_in_range
2020-11-25 11:41:40 +01:00
Andrzej Kurek
21f64d3633
Merge pull request #3840 from AndrzejKurek/baremetal-aes-shuffling-2
...
CCM countermeasures - shuffling and masking
2020-11-25 11:33:53 +01:00
Teppo Järvelin
b89cf99a57
Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is defined
...
Signed-off-by: Teppo Järvelin <teppo.jarvelin@arm.com>
2020-11-25 11:44:05 +02:00
Shelly Liberman
c5b0c6e8ae
fix uninitialized variables
...
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-19 20:01:21 +02:00
Andrzej Kurek
18c60aaca1
ccm: use random_in_range instead of duplicating its functionality
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-18 12:37:41 +01:00
Andrzej Kurek
a138c0a0b0
Move size checks outside of mbedtls_platform_random_in_range
...
Update the documentation to mention that calling it with zero
as an argument will result in an undefined behavior.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-12 17:05:51 +01:00
Shelly Liberman
560203ae01
Merge pull request #3853 from kjbracey-arm/m_narrowloop
...
[baremetal] Avoid narrow loop counters etc
2020-11-08 08:03:48 +02:00
Kevin Bracey
a967a58ed3
[baremetal] Avoid narrow loop counters etc
...
Use `uint_fast8_t` instead of `unsigned char` in various loop-type
situations. This avoids the need for a 16 or 32-bit system to insert
explicit narrow-to-8-bit instructions.
Not the result of an exhaustive source analysis, rather inspecting
the disassembly output for a cut-down Cortex-M0+ build looking for
UXTB etc instructions, so there could well be more in the complete
configuration.
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-06 10:56:16 +02:00
Kevin Bracey
585e9e0922
Add MBEDTLS_SSL_CONF_TRANSPORT
...
Follow the model of `MBEDTLS_SSL_CONF_ENDPOINT`. This saves a small
amount - most of the saving was already acheived via`
MBEDTLS_SSL_TRANSPORT_IS_TLS` but we can scrape out a little more by
totally eliminating `ssl->conf->transport` references.
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:22 +02:00
Kevin Bracey
d859db833c
Fix MBEDTLS_SSL_CONF_ENDPOINT flagging
...
Compilation failed if MBEDTLS_SSL_CONF_ENDPOINT was set - add necessary
conditions.
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:09 +02:00
Andrzej Kurek
8b0910a791
Merge pull request #3815 from AndrzejKurek/cipher-optim-mem-fix
...
ssl_tls.c: Fix unchecked memory allocation
2020-11-02 11:41:24 +01:00
Andrzej Kurek
0fa427b027
ccm: add masking to the UPDATE_CBC_MAC macro
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-31 17:55:21 +01:00
Andrzej Kurek
8bef87ee5e
Add basic shuffling and masking to CCM operations
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-31 10:19:07 +01:00
Andrzej Kurek
28b3b29306
ssl_tls.c: Fix unchecked memory allocation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:40:41 +02:00
Andrzej Kurek
2e49d079d6
Describe the behaviour of buffer resizing on an out-of-memory error
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:16:25 +02:00
Andrzej Kurek
cd9a6ff3c1
Introduce additional flags for buffer upsizing and downsizing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:12:07 +02:00
Andrzej Kurek
79db2f14da
Refactor the buffer resize feature to reduce codesize
...
Extract a common part of the code to a function.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-20 17:11:54 +02:00
Andrzej Kurek
f384495972
Sideport the variable IO buffer size feature to baremetal
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-17 00:55:17 +02:00
Andrzej Kurek
dd5ad6924e
Merge pull request #3785 from AndrzejKurek/m_tinycrypt_asm
...
TinyCrypt ARM assembler and other optimisations
2020-10-15 13:27:39 +02:00
Andrzej Kurek
db0e50ea70
Introduce MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
...
Make the ASM optimizations in tinycrypt optional.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 14:32:50 +02:00
Andrzej Kurek
f4d2c7de31
Improve FI resistance of pk verification in ssl_cli.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 02:15:16 +02:00
Andrzej Kurek
f74a86c0b0
Improve FI resistance of certificate verification in ssl_srv.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 01:57:30 +02:00
Andrzej Kurek
ef34494d80
ssl_srv.c: change the initial return variable value
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
ff51721e99
ssl_tls: reduce the complexity of encryption validation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
8ec9e136cf
ssl_tls: Add a flag indicating that encryption succeeded
...
Protect against encryption skipping by introducing a new flag.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
6c30be8e4b
ssl: call signature verification twice for non-restartable operations
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
69bafce7a3
Improve the FI resistance in ssl_tls.c key switching
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 12:45:20 +02:00
Andrzej Kurek
f7df0d37ab
Reduce the size of used constant in ssl_tls.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 12:00:57 +02:00
Andrzej Kurek
a793237998
Calculate hashes of ssl encryption and decryption keys
...
Optimize the key switching mechanism to set the key only if
a different operation is performed with the context.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 08:04:05 +02:00
Andrzej Kurek
d81351b047
Change the default value of initialized cipher operation to NONE
...
This way, an initialized cipher context but without a key set can be identified.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 04:07:03 +02:00
Andrzej Kurek
73680ad5a2
Merge pull request #3694 from AndrzejKurek/transform-cipher-optimization
...
Merge enc/dec cipher contexts in ssl transforms
2020-09-23 14:06:43 +01:00
Andrzej Kurek
1175044156
Merge enc/dec cipher contexts in ssl transforms
...
Store the raw encryption and decryption keys in transforms
to set them before each cipher operation. Add a config option
for this - MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-17 23:51:58 +02:00
Shelly Liberman
05beb9ac70
replace user rand by platform rand in ecc delays
...
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-09-16 18:58:50 +03:00
Andrzej Kurek
9539f831b2
Swap out CRC calculation in AES in favour of a simple hash
...
XOR the key bytes upon setting and re-check hash during each use.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-08-10 20:46:48 -04:00
Andrzej Kurek
8bb0839555
Add a deprecated version of mbedtls_platform_memcmp.
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-08-09 02:18:12 -04:00
Andrzej Kurek
c87e91ce2b
Merge pull request #3553 from AndrzejKurek/crc-calculation-base
...
Validate AES keys after each use checking CRC
2020-08-13 12:42:54 +02:00
Piotr Nowicki
305a5ec496
Checking in critical places if secured memset() and memcpy() was successful
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:22:20 +02:00
Piotr Nowicki
ea8e846fdc
Add flow monitor for mbedtls_platform_memcpy() and mbedtls_platform_memmove()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:22:06 +02:00
Piotr Nowicki
a6348edc23
Checking in critical places if the mbedtls_platform_zeroize() was successful
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:12:20 +02:00
Piotr Nowicki
ed840dbcd8
Add flow montitor to the mbedtls_platform_memset()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:12:20 +02:00
Piotr Nowicki
26c33692b0
Fix CI failure.
...
For ASanDbg tests of the earlier implementation of the
mbedtls_platform_random_in_range(), there was no case where ‘shift’
value was zero. Such a case generated a bit shift of 32, which is treated
as an error by ASanDbg. Increasing the ‘shift’ value by one ensures that
it will always be non-zero.
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-11 16:41:34 +02:00