Andrzej Kurek
8472bc76c6
Merge pull request #3806 from AndrzejKurek/baremetal-refactor-variable-buffers
...
Refactor the buffer resize feature to reduce codesize
2020-10-23 11:21:44 +02:00
Andrzej Kurek
2e49d079d6
Describe the behaviour of buffer resizing on an out-of-memory error
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:16:25 +02:00
Andrzej Kurek
cd9a6ff3c1
Introduce additional flags for buffer upsizing and downsizing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:12:07 +02:00
Andrzej Kurek
79db2f14da
Refactor the buffer resize feature to reduce codesize
...
Extract a common part of the code to a function.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-20 17:11:54 +02:00
Andrzej Kurek
21afee2304
Merge pull request #3800 from AndrzejKurek/variable-buffers-baremetal
...
Sideport the variable IO buffer size feature to baremetal
2020-10-19 10:29:27 +02:00
Andrzej Kurek
f384495972
Sideport the variable IO buffer size feature to baremetal
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-17 00:55:17 +02:00
Andrzej Kurek
dd5ad6924e
Merge pull request #3785 from AndrzejKurek/m_tinycrypt_asm
...
TinyCrypt ARM assembler and other optimisations
2020-10-15 13:27:39 +02:00
Andrzej Kurek
d66d13eaa9
Add a no-strict build to armcc baremetal tests in all.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-15 09:54:49 +02:00
Andrzej Kurek
b04208151b
tinycrypt: make asm optimizations optional for baremetal
...
Disable asm optimizations for strict armcc baremetal builds.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 19:42:23 +02:00
Andrzej Kurek
db0e50ea70
Introduce MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
...
Make the ASM optimizations in tinycrypt optional.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 14:32:50 +02:00
Andrzej Kurek
7e62c31097
Guard the tinycrypt code with MBEDTLS_USE_TINYCRYPT
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 12:02:40 +02:00
Kevin Bracey
8b2014bdb6
Add .syntax divided markers
...
Old GCC (pre-5?) natively use divided syntax, so we must put it back
after changing it.
More recent GCCs natively use unified syntax, and themselves are
surrounding our blocks with divided/unified directives for backwards
compatibility, so we don't need to restore for those.
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-13 10:24:39 +03:00
Kevin Bracey
045e576e02
Adjust fixed-time arithmetic to not use boolean ops
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
99c64e142e
Use builtin CLZ
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
3be252e252
vli_isZero and vli_clear assembly
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
4aea62569b
More GCC assembly
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
06060330d8
Add GCC vli_rshift1 assembly
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
0a1884bba4
Use GCC extended assembler
...
Naked functions and basic assembler don't seem to work reliably - basic
assembler is assumed to not change registers or memory, and there does
not appear to be any special handling of naked functions in this regard.
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
e0f88d5140
Add GCC/Clang muladd assembly
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
84f31d3eaa
Optimise muladd more
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
1959c18c69
tinycrypt: Add ARM assembler optimisations
...
For ARM Compiler 5 only, provide assembler versions of vli_add, vli_sub,
vli_rshift1 and muladd.
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Andrzej Kurek
ce62080a99
Merge pull request #3613 from AndrzejKurek/fi-double-crypto-calls
...
Add double pk verification and double master secret calculation
2020-10-07 16:03:23 +01:00
Kevin Bracey
f40c79272f
tinycrypt: use fast integer types
...
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-07 14:13:41 +03:00
Andrzej Kurek
2544cd3582
Merge pull request #3724 from AndrzejKurek/transform-cipher-optimization-2
...
Add hash calculation to the ssl module
2020-10-06 14:20:10 +01:00
Andrzej Kurek
73680ad5a2
Merge pull request #3694 from AndrzejKurek/transform-cipher-optimization
...
Merge enc/dec cipher contexts in ssl transforms
2020-09-23 14:06:43 +01:00
Andrzej Kurek
f4d2c7de31
Improve FI resistance of pk verification in ssl_cli.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 02:15:16 +02:00
Andrzej Kurek
f74a86c0b0
Improve FI resistance of certificate verification in ssl_srv.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 01:57:30 +02:00
Andrzej Kurek
ef34494d80
ssl_srv.c: change the initial return variable value
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
ff51721e99
ssl_tls: reduce the complexity of encryption validation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
8ec9e136cf
ssl_tls: Add a flag indicating that encryption succeeded
...
Protect against encryption skipping by introducing a new flag.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
6c30be8e4b
ssl: call signature verification twice for non-restartable operations
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00
Andrzej Kurek
69bafce7a3
Improve the FI resistance in ssl_tls.c key switching
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 12:45:20 +02:00
Andrzej Kurek
f7df0d37ab
Reduce the size of used constant in ssl_tls.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 12:00:57 +02:00
Andrzej Kurek
a793237998
Calculate hashes of ssl encryption and decryption keys
...
Optimize the key switching mechanism to set the key only if
a different operation is performed with the context.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 08:04:05 +02:00
Andrzej Kurek
d81351b047
Change the default value of initialized cipher operation to NONE
...
This way, an initialized cipher context but without a key set can be identified.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 04:07:03 +02:00
Andrzej Kurek
1175044156
Merge enc/dec cipher contexts in ssl transforms
...
Store the raw encryption and decryption keys in transforms
to set them before each cipher operation. Add a config option
for this - MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-17 23:51:58 +02:00
Shelly Liberman
f8d7e0112a
Merge pull request #3669 from shelib01/ec_key_gen_optimization
...
replace user rand by platform rand in ecc delays
2020-09-16 20:32:52 +03:00
Shelly Liberman
05beb9ac70
replace user rand by platform rand in ecc delays
...
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-09-16 18:58:50 +03:00
Andrzej Kurek
6f3a987ae3
Merge pull request #3640 from AndrzejKurek/fi-hash-instead-of-crc
...
Swap out CRC calculation in AES in favour of a simple hash
2020-09-03 15:21:47 +02:00
Andrzej Kurek
a00c3eeaca
Merge pull request #3619 from AndrzejKurek/fi-uecc-return-value
...
Change the tinycrypt return values to be below 256
2020-08-31 14:53:39 +02:00
Andrzej Kurek
858e4325d2
Merge pull request #3604 from AndrzejKurek/alias-memcmp-memequal
...
Add a deprecated version of mbedtls_platform_memcmp.
2020-08-24 15:26:23 +02:00
Andrzej Kurek
c87e91ce2b
Merge pull request #3553 from AndrzejKurek/crc-calculation-base
...
Validate AES keys after each use checking CRC
2020-08-13 12:42:54 +02:00
Piotr Nowicki
c2b682ab71
Merge pull request #3468 from piotr-now/fic_flow_monitor
...
Add flow monitor for memory block operations
2020-08-13 09:34:00 +02:00
Piotr Nowicki
305a5ec496
Checking in critical places if secured memset() and memcpy() was successful
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:22:20 +02:00
Piotr Nowicki
ea8e846fdc
Add flow monitor for mbedtls_platform_memcpy() and mbedtls_platform_memmove()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:22:06 +02:00
Piotr Nowicki
a6348edc23
Checking in critical places if the mbedtls_platform_zeroize() was successful
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:12:20 +02:00
Piotr Nowicki
ed840dbcd8
Add flow montitor to the mbedtls_platform_memset()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-12 15:12:20 +02:00
Piotr Nowicki
2bb1376560
Merge pull request #3537 from piotr-now/platform_random
...
Expanded the random number generator in the `platform_util.c` file
2020-08-12 15:09:05 +02:00
Piotr Nowicki
26c33692b0
Fix CI failure.
...
For ASanDbg tests of the earlier implementation of the
mbedtls_platform_random_in_range(), there was no case where ‘shift’
value was zero. Such a case generated a bit shift of 32, which is treated
as an error by ASanDbg. Increasing the ‘shift’ value by one ensures that
it will always be non-zero.
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-11 16:41:34 +02:00
Piotr Nowicki
057daa3b28
Random delay can be disabled in configuration
...
Use random delay depending on whether MBEDTLS_FI_COUNTERMEASURES is defined
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-11 16:41:34 +02:00