Commit Graph

10586 Commits

Author SHA1 Message Date
Andrzej Kurek
9bc6119bb9 Add random delays to sha256 to protect against fault injection
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:38:05 -05:00
Andrzej Kurek
5eba1d82a2
Merge pull request #3841 from AndrzejKurek/baremetal-rnd-in-range-fix
Move size checks outside of mbedtls_platform_random_in_range
2020-11-25 11:41:40 +01:00
Andrzej Kurek
21f64d3633
Merge pull request #3840 from AndrzejKurek/baremetal-aes-shuffling-2
CCM countermeasures - shuffling and masking
2020-11-25 11:33:53 +01:00
Shelly Liberman
9e27b901b7
Merge pull request #3900 from shelib01/fix_uninitialized_var
Fix uninitialized variables
2020-11-25 11:25:51 +02:00
Shelly Liberman
c5b0c6e8ae fix uninitialized variables
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-19 20:01:21 +02:00
Andrzej Kurek
18c60aaca1
ccm: use random_in_range instead of duplicating its functionality
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-18 12:37:41 +01:00
Andrzej Kurek
a138c0a0b0
Move size checks outside of mbedtls_platform_random_in_range
Update the documentation to mention that calling it with zero
as an argument will result in an undefined behavior.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-12 17:05:51 +01:00
Shelly Liberman
560203ae01
Merge pull request #3853 from kjbracey-arm/m_narrowloop
[baremetal] Avoid narrow loop counters etc
2020-11-08 08:03:48 +02:00
Kevin Bracey
a967a58ed3 [baremetal] Avoid narrow loop counters etc
Use `uint_fast8_t` instead of `unsigned char` in various loop-type
situations. This avoids the need for a 16 or 32-bit system to insert
explicit narrow-to-8-bit instructions.

Not the result of an exhaustive source analysis, rather inspecting
the disassembly output for a cut-down Cortex-M0+ build looking for
UXTB etc instructions, so there could well be more in the complete
configuration.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-06 10:56:16 +02:00
Shelly Liberman
e766628db1
Merge pull request #3827 from AndrzejKurek/ssl_server2_memory_fixes
[baremetal] ssl_server2: move memory allocation to the beginning
2020-11-05 13:37:22 +02:00
Shelly Liberman
356121903f
Merge pull request #3849 from kjbracey-arm/m_tlsopt
[baremetal] micro-optimisations for Thumb and small configs
2020-11-05 13:34:59 +02:00
Kevin Bracey
57d9bdc5f9 Reorder structures
Place smallest items first, as this makes them most easily addressable
in Thumb architecture. 16-bit access instructions have a 5-bit offset
field, which is interpreted as bytes, halfwords, or words depending
on access size, so smaller fields have smaller range. Range is 0-31
times the access size.

The mbedtls_ssl_context structure is too large to be fully easily
accessed even for words, so reorder functional blocks to put more
frequently-referenced fields in the first 128 bytes, reducing
total code size.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:22 +02:00
Kevin Bracey
1d53ce33c4 Avoid bitfields
Bitfields in context structures do not have sufficient (if any) RAM
payoff for the ROM complexity to manipulate them. Replace with
plain uint8_t.

On the smallest targets, the configuration options mean that there
are 4 or fewer members anyway, so a bitfield saves no RAM compared
to uint8_t.

ROM saving will be further increased if the uint8_t members are at the
start of the structure (when compiling for Thumb).

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:22 +02:00
Kevin Bracey
585e9e0922 Add MBEDTLS_SSL_CONF_TRANSPORT
Follow the model of `MBEDTLS_SSL_CONF_ENDPOINT`. This saves a small
amount - most of the saving was already acheived via`
MBEDTLS_SSL_TRANSPORT_IS_TLS` but we can scrape out a little more by
totally eliminating `ssl->conf->transport` references.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:22 +02:00
Kevin Bracey
d859db833c Fix MBEDTLS_SSL_CONF_ENDPOINT flagging
Compilation failed if MBEDTLS_SSL_CONF_ENDPOINT was set - add necessary
conditions.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:09 +02:00
Andrzej Kurek
8b0910a791
Merge pull request #3815 from AndrzejKurek/cipher-optim-mem-fix
ssl_tls.c: Fix unchecked memory allocation
2020-11-02 11:41:24 +01:00
Andrzej Kurek
0fa427b027
ccm: add masking to the UPDATE_CBC_MAC macro
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-31 17:55:21 +01:00
Andrzej Kurek
8bef87ee5e
Add basic shuffling and masking to CCM operations
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-31 10:19:07 +01:00
Andrzej Kurek
b7dc52a965
ssl_server2: move memory allocation to the beginning
This way, even when an error is encountered early, the memory
will be deallocated properly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-27 16:46:18 +01:00
Shelly Liberman
938d4d3fa3
Merge pull request #3820 from shelib01/regularize_k_restore
Restore tinycrypt implementation of regularize_k()
2020-10-27 12:57:00 +02:00
Shelly Liberman
8176022b22 Restore tinycrypt implementation of regularize_k()
The fix is required to prevent array overrun

Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-10-26 17:35:49 +02:00
Andrzej Kurek
8472bc76c6
Merge pull request #3806 from AndrzejKurek/baremetal-refactor-variable-buffers
Refactor the buffer resize feature to reduce codesize
2020-10-23 11:21:44 +02:00
Andrzej Kurek
28b3b29306
ssl_tls.c: Fix unchecked memory allocation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:40:41 +02:00
Andrzej Kurek
2e49d079d6
Describe the behaviour of buffer resizing on an out-of-memory error
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:16:25 +02:00
Andrzej Kurek
cd9a6ff3c1
Introduce additional flags for buffer upsizing and downsizing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:12:07 +02:00
Andrzej Kurek
79db2f14da
Refactor the buffer resize feature to reduce codesize
Extract a common part of the code to a function.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-20 17:11:54 +02:00
Andrzej Kurek
21afee2304
Merge pull request #3800 from AndrzejKurek/variable-buffers-baremetal
Sideport the variable IO buffer size feature to baremetal
2020-10-19 10:29:27 +02:00
Andrzej Kurek
f384495972
Sideport the variable IO buffer size feature to baremetal
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-17 00:55:17 +02:00
Andrzej Kurek
dd5ad6924e
Merge pull request #3785 from AndrzejKurek/m_tinycrypt_asm
TinyCrypt ARM assembler and other optimisations
2020-10-15 13:27:39 +02:00
Andrzej Kurek
d66d13eaa9
Add a no-strict build to armcc baremetal tests in all.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-15 09:54:49 +02:00
Andrzej Kurek
b04208151b
tinycrypt: make asm optimizations optional for baremetal
Disable asm optimizations for strict armcc baremetal builds.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 19:42:23 +02:00
Andrzej Kurek
db0e50ea70
Introduce MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
Make the ASM optimizations in tinycrypt optional.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 14:32:50 +02:00
Andrzej Kurek
7e62c31097
Guard the tinycrypt code with MBEDTLS_USE_TINYCRYPT
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 12:02:40 +02:00
Kevin Bracey
8b2014bdb6 Add .syntax divided markers
Old GCC (pre-5?) natively use divided syntax, so we must put it back
after changing it.

More recent GCCs natively use unified syntax, and themselves are
surrounding our blocks with divided/unified directives for backwards
compatibility, so we don't need to restore for those.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-13 10:24:39 +03:00
Kevin Bracey
045e576e02 Adjust fixed-time arithmetic to not use boolean ops
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
99c64e142e Use builtin CLZ
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
3be252e252 vli_isZero and vli_clear assembly
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
4aea62569b More GCC assembly
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
06060330d8 Add GCC vli_rshift1 assembly
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
0a1884bba4 Use GCC extended assembler
Naked functions and basic assembler don't seem to work reliably - basic
assembler is assumed to not change registers or memory, and there does
not appear to be any special handling of naked functions in this regard.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
e0f88d5140 Add GCC/Clang muladd assembly
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
84f31d3eaa Optimise muladd more
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Kevin Bracey
1959c18c69 tinycrypt: Add ARM assembler optimisations
For ARM Compiler 5 only, provide assembler versions of vli_add, vli_sub,
vli_rshift1 and muladd.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-12 18:09:04 +03:00
Andrzej Kurek
ce62080a99
Merge pull request #3613 from AndrzejKurek/fi-double-crypto-calls
Add double pk verification and double master secret calculation
2020-10-07 16:03:23 +01:00
Kevin Bracey
f40c79272f tinycrypt: use fast integer types
Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-10-07 14:13:41 +03:00
Andrzej Kurek
2544cd3582
Merge pull request #3724 from AndrzejKurek/transform-cipher-optimization-2
Add hash calculation to the ssl module
2020-10-06 14:20:10 +01:00
Andrzej Kurek
73680ad5a2
Merge pull request #3694 from AndrzejKurek/transform-cipher-optimization
Merge enc/dec cipher contexts in ssl transforms
2020-09-23 14:06:43 +01:00
Andrzej Kurek
f4d2c7de31
Improve FI resistance of pk verification in ssl_cli.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 02:15:16 +02:00
Andrzej Kurek
f74a86c0b0
Improve FI resistance of certificate verification in ssl_srv.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 01:57:30 +02:00
Andrzej Kurek
ef34494d80
ssl_srv.c: change the initial return variable value
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-20 00:29:43 +02:00