Commit Graph

55 Commits

Author SHA1 Message Date
Andrzej Kurek
189ee74a82
Add a platform function to return a random uint32_t
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-17 03:28:32 -04:00
Piotr Nowicki
f523c47578
Merge pull request #3403 from piotr-now/sca_memmove
Add mbedtls_platform_memmove() as a secured memcmp()
2020-06-10 14:52:02 +02:00
Piotr Nowicki
ce0aab4474 Add new error code PLATFORM_ALLOC_FAILED for mbedtls_platform_memmove()
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-10 13:51:32 +02:00
Piotr Nowicki
5d5841f450 Add mbedtls_platform_memmove() as a secured memcmp()
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-09 14:31:55 +02:00
Piotr Nowicki
b06ec05dc0 Add comment for mbedtls_platform_random_delay()
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-08 14:21:38 +02:00
Piotr Nowicki
f0ab6d62ac Added some descriptions of functions
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-05-27 15:35:44 +02:00
Piotr Nowicki
4aaa34c03f Add flow monitor protection to mbedtls_platform_memcmp()
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-05-20 16:50:24 +02:00
Arto Kinnunen
b148651e49 Rename macro MBEDTLS_MAX_RAND_DELAY
MBEDTLS_MAX_RAND_DELAY renamed to MAX_RAND_DELAY to get CI passing.
2020-01-09 11:11:23 +02:00
Arto Kinnunen
ac6d226939 Update signature of mbedtls_platform_random_delay
Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks.
2020-01-09 10:19:07 +02:00
Arto Kinnunen
e91f0dc905 Replace mbedtls_platform_enforce_volatile_reads
Replace function mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
dbf2b43ceb Add more variation to random delay countermeasure
Add more variation to the random delay function by xor:ing two
variables. It is not enough to increment just a counter to create a
delay as it will be visible as uniform delay that can be easily
removed from the trace by analysis.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
0490485be5 Add random delay to enforce_volatile_reads
Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
b47b105838 Follow Mbed TLS coding style 2020-01-07 10:47:58 +02:00
Arto Kinnunen
4c63b98e94 Add random delay function to platform_utils
Add delay function to platform_utils. The function will delay
program execution by incrementing local variable randomised number of
times.
2020-01-07 10:47:58 +02:00
Simon Butcher
171f422109 Merge remote-tracking branch 'public/pr/2952' into baremetal 2019-12-13 14:51:40 +00:00
Arto Kinnunen
de657fca6b Revert "Disable use of HRNG in SCA-hardened mem-functions"
This reverts commit 1e96b46b03.
2019-12-04 16:30:54 +02:00
Manuel Pégourié-Gonnard
72a8c9e7dc Force some compilers to respect volatile reads
Inspection of the generated assembly showed that before this commit, armcc 5
was optimizing away the successive reads to the volatile local variable that's
used for double-checks. Inspection also reveals that inserting a call to an
external function is enough to prevent it from doing that.

The tested versions of ARM-GCC, Clang and Armcc 6 (aka armclang) all keep the
double read, with our without a call to an external function in the middle.

The inserted function can also be changed to insert a random delay if
desired in the future, as it is appropriately places between the reads.
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
1e96b46b03 Disable use of HRNG in SCA-hardened mem-functions
This is a temporary work-around for an integration issue.

A future task will re-integrate randomness into these functions are their
entire point is to be randomized; this is really just temporary.
2019-11-19 11:49:05 +01:00
Manuel Pégourié-Gonnard
14f33e74c0 Use platform_memset() in platform_zeroize()
We're using zeroize in many places in order to erase secrets, so we really
need it to be as secure as possible.
2019-10-22 10:03:07 +02:00
Jarno Lamsa
436d18dcaa Prevent a 0-modulus
If given range for a random is [0, 0), return 0.
Modulus 0 is undefined behaviour.
2019-10-03 13:49:35 +03:00
Jarno Lamsa
e29e8a49b8 Use MBEDTLS_ENTROPY_HARDWARE_ALT
Use MBEDTLS_ENTROPY_HARDWARE_ALT instead of a new global RNG
flag. When this flag is enabled, the platform provides the RNG.
When running unit tests, rnd_std_rand should be used by overriding
the mbedtls_hardware_poll.
2019-10-03 13:49:34 +03:00
Manuel Pégourié-Gonnard
51f65e4b86 Standardize prototypes of platform_memcpy/memset
As replacements of standard library functions, they should have the same
prototype, including return type.

While it doesn't usually matter when used directly, it does when the address
of the function is taken, as done with memset_func, used for implementing
mbedtls_platform_zeroize().
2019-10-03 07:59:58 +03:00
Jarno Lamsa
a1e5054d91 Fix issues in CI 2019-10-02 12:52:39 +03:00
Jarno Lamsa
7cb902737b Use bitwise comparison in memcmp
It is safer than == operator.
2019-10-02 08:32:51 +03:00
Jarno Lamsa
32db938463 Fix buffer initalisation
Initialise the buffer tail with random data instead of
given value.
2019-10-02 08:25:57 +03:00
Jarno Lamsa
f5ebe2a7ce Make RNG exclude the given maximum value
The RNG will give numbers in range of [0, num), so that
the given maximum is excluded.
2019-10-02 08:23:11 +03:00
Jarno Lamsa
0ff7109b7c Fix style issues 2019-10-02 08:18:29 +03:00
Jarno Lamsa
f65e9de57b Change rng-function return-type 2019-10-01 16:09:35 +03:00
Jarno Lamsa
a19673222b Change the rng-function name
Change the name to mbedtls_platform_random_in_range
2019-10-01 15:31:08 +03:00
Jarno Lamsa
21d6a201ee Add missing typecast for memset 2019-10-01 15:20:13 +03:00
Jarno Lamsa
d82e559a48 Add a config flag for the global RNG
The global RNG should be provided by the application depending on
the RNG used there. (I.e. TRNG)
2019-10-01 14:54:41 +03:00
Jarno Lamsa
0736325d80 Add FI/SCA compliant versions of mem-functions
Add FI/SCA compliant memset, memcmp and memcpy-functions
to platform_util. Also add a stub implementation of a global
RNG-function.
2019-09-30 09:40:03 +03:00
Manuel Pégourié-Gonnard
e5a0b366f8 Merge branch 'baremetal' into baremetal-2.16-20190909
* baremetal: (78 commits)
  Review corrections 6
  Review corrections 5
  Minor changes to tinycrypt README
  Typos in the tinycrypt README
  Addition of copyright statements to tinycrypt files
  Add LICENSE and README for tinycrypt
  Add SPDX lines to each imported TinyCrypt file
  Review corrections 4
  Review corrections 3
  Review corrections 2
  Review corrections
  Update signature of BE conversion functions
  Use function for 16/24/32-bit BE conversion
  x509.c: Minor readability improvement
  x509_crt.c: Indicate guarding condition in #else branch
  X.509: Don't remove verify callback by default
  Fix Doxygen warnings regarding removed verify cb+ctx parameters
  ECC restart: Use optional verification mode in bad signature test
  Re-implement verify chain if vrfy cbs are disabled
  Add zero-cost abstraction layer for CRT verification chain
  ...
2019-09-12 09:58:14 +02:00
Arto Kinnunen
4f4849a379 Review corrections 2
-Fix MSVC compiler warnings about size_t to uint32_t conversions by
 updating GET/PUT functions signature to use size_t.
-Add type casts to functions calling GET/PUT conversions
-Remove additional space after return statement
2019-09-09 17:21:18 +03:00
Arto Kinnunen
ee9bfca823 Update signature of BE conversion functions 2019-09-09 17:21:18 +03:00
Arto Kinnunen
0b62ce8ed4 Use function for 16/24/32-bit BE conversion
Use functions for 16/24/32-bit big endian conversion to save ROM.
2019-09-09 17:21:18 +03:00
Vikas Katariya
0c34499805 Check for zero length and NULL buffer pointer
In reference to issue https://github.com/ARMmbed/mbed-crypto/issues/49
2019-09-04 11:19:38 +01:00
Simon Butcher
4c37db6d87 Remove the library provided function of MBEDTLS_PARAM_FAILED
The function called through the macro MBEDTLS_PARAM_FAILED() must be supplied by
users and makes no sense as a library function, apart from debug and test.
2018-12-11 12:28:56 +01:00
Simon Butcher
b4868034dd Add initial options and support for parameter validation
This function adds the additional config.h option of MBEDTLS_CHECK_PARAMS which
allows additional validation of parameters passed to the library.
2018-12-11 12:28:56 +01:00
Hanno Becker
f5106d54eb Don't declare and define gmtime()-mutex on Windows platforms 2018-09-06 12:09:56 +01:00
Hanno Becker
323d8019bf Correct preprocessor guards determining use of gmtime()
The previous code erroneously used gmtime_r() to implement
mbedtls_platform_gmtime() in case of a non-windows, non-unix system.
2018-09-06 11:30:57 +01:00
Hanno Becker
6f70581c4a Correct POSIX version check to determine presence of gmtime_r()
Recent versions of POSIX move gmtime_r to the base.
2018-09-06 09:06:33 +01:00
Hanno Becker
7dd82b4f51 platform_utils.{c/h} -> platform_util.{c/h} 2018-09-05 16:26:04 +01:00
Hanno Becker
48a816ff26 Minor documentation improvements 2018-09-05 15:22:22 +01:00
Hanno Becker
6a739789f3 Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
For consistency, also rename MBEDTLS_PLATFORM_GMTIME_ALT to
MBEDTLS_PLATFORM_GMTIME_R_ALT.
2018-09-05 15:06:19 +01:00
Hanno Becker
cfeb70c6b9 gmtime: Remove special treatment for IAR
Previous commits attempted to use `gmtime_s()` for IAR systems; however,
this attempt depends on the use of C11 extensions which lead to incompatibility
with other pieces of the library, such as the use of `memset()` which is
being deprecated in favor of `memset_s()` in C11.
2018-09-05 13:52:46 +01:00
Andres Amaya Garcia
94b540ac63 Avoid redefining _POSIX_C_SOURCE 2018-09-05 12:27:32 +01:00
Andres Amaya Garcia
433f911e59 Check for IAR in gmtime macros 2018-09-05 12:01:57 +01:00
Andres Amaya Garcia
3c9733a0a3 Fix typo in comment for gmtime macro defines 2018-09-05 11:52:07 +01:00
Andres Amaya Garcia
ca04a01bb8 Document shorthand gmtime macros 2018-09-05 11:43:57 +01:00