mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 16:55:42 +01:00

Author	SHA1	Message	Date
Andrzej Kurek	c87e91ce2b	Merge pull request #3553 from AndrzejKurek/crc-calculation-base Validate AES keys after each use checking CRC	2020-08-13 12:42:54 +02:00
Piotr Nowicki	c2b682ab71	Merge pull request #3468 from piotr-now/fic_flow_monitor Add flow monitor for memory block operations	2020-08-13 09:34:00 +02:00
Piotr Nowicki	305a5ec496	Checking in critical places if secured memset() and memcpy() was successful Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:22:20 +02:00
Piotr Nowicki	ea8e846fdc	Add flow monitor for mbedtls_platform_memcpy() and mbedtls_platform_memmove() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:22:06 +02:00
Piotr Nowicki	a6348edc23	Checking in critical places if the mbedtls_platform_zeroize() was successful Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:12:20 +02:00
Piotr Nowicki	ed840dbcd8	Add flow montitor to the mbedtls_platform_memset() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-12 15:12:20 +02:00
Piotr Nowicki	2bb1376560	Merge pull request #3537 from piotr-now/platform_random Expanded the random number generator in the `platform_util.c` file	2020-08-12 15:09:05 +02:00
Piotr Nowicki	26c33692b0	Fix CI failure. For ASanDbg tests of the earlier implementation of the mbedtls_platform_random_in_range(), there was no case where ‘shift’ value was zero. Such a case generated a bit shift of 32, which is treated as an error by ASanDbg. Increasing the ‘shift’ value by one ensures that it will always be non-zero. Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:41:34 +02:00
Piotr Nowicki	057daa3b28	Random delay can be disabled in configuration Use random delay depending on whether MBEDTLS_FI_COUNTERMEASURES is defined Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:41:34 +02:00
Piotr Nowicki	77b7a7754c	Expanded the random number generator in the `platform_util.c` file The earlier implementation had two problems: the random generator always returned 0 if the MBEDTLS_ENTROPY_HARDWARE_ALT flag was not defined and there was no protection needed if the HW RNG was malfunctioning. Both these problems have been solved in this commit by adding the linear congruential generator algorithm. Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:41:34 +02:00
Piotr Nowicki	8656fc6525	Change the value type in the mbedtls_platform_random_in_range() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-11 16:38:25 +02:00
Piotr Nowicki	fa635dfaa1	Merge pull request #3448 from piotr-now/platform_util Renamed mbedtls_platform_memcmp() to mbedtls_platform_memequal()	2020-08-11 14:30:35 +02:00
Andrzej Kurek	8fba6e99ce	Merge pull request #3532 from AndrzejKurek/fi-hmac-drbg-fixes Fi-related hmac_drbg fixes	2020-08-10 19:02:25 +02:00
Andrzej Kurek	0305753d7a	Merge pull request #3477 from AndrzejKurek/aes-fake-key Use a fake random key in AES calculations	2020-08-10 13:05:46 +02:00
Piotr Nowicki	e3c4ee51b2	Rename mbedtls_platform_memcmp() to mbedtls_platform_memequal() Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>	2020-08-10 12:41:00 +02:00
Andrzej Kurek	e4f865d53c	Makefile: alphabetically order object files Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-08 19:08:26 -04:00
Andrzej Kurek	fba5921186	aes: validate keys using crc before encryption/decryption CRC is calculated when the key is set. This commit also adds new tests for ecb encryption and decryption, simulating a fault injection after the key is set. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-08 19:06:44 -04:00
Andrzej Kurek	9df2b416b9	Add a CRC module to mbedtls and baremetal config Add a new CRC module along with some tests for it. The table and the CRC function body is generated using pycrc v0.9.2. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-08-08 02:10:52 -04:00
Shelly Liberman	c6319a70ab	Merge pull request #3514 from shelib01/fi_write_user_data Fi write user data	2020-08-06 07:41:15 +03:00
Shelly Liberman	3799fc1578	Splitting buffers comment added Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>	2020-08-05 17:53:31 +03:00
Shelly Liberman	c6a7e6b0c4	Enhancement fixes Co-authored-by: Andrzej Kurek <andrzej.kurek@arm.com> Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>	2020-08-05 15:40:15 +03:00
shelib01	4062d6ca68	Add user pointer and data size duplication to ssl context. Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>	2020-08-05 15:01:05 +03:00
Andrzej Kurek	e9cb642748	Merge pull request #3516 from AndrzejKurek/fi-pkparse-changes FI-related pkparse.c fixes	2020-08-03 12:14:22 +02:00
Andrzej Kurek	7400fae7ee	Merge pull request #3510 from AndrzejKurek/fi-pk-fixes pk.c FI-related fixes	2020-08-03 12:14:06 +02:00
Andrzej Kurek	898d330148	Merge pull request #3500 from AndrzejKurek/fi-sha256-fixes Introduce sha256 security review fixes	2020-08-03 12:13:40 +02:00
Andrzej Kurek	84afe68ad4	Merge pull request #3509 from AndrzejKurek/fi-x509-changes x509.c: Remove one unnecessary cast	2020-08-03 12:11:47 +02:00
Andrzej Kurek	4b700a3db3	Merge pull request #3456 from AndrzejKurek/aes-fi-improvements Minor AES module improvements	2020-07-30 16:29:48 +02:00
Andrzej Kurek	7e6075b7fd	Merge pull request #3499 from AndrzejKurek/fi-duplicate-buffers-revert Revert a part of the sensitive information duplication changes	2020-07-21 11:03:50 +02:00
Andrzej Kurek	4353b698ed	hmac_drbg: make no reseeding behaviour explicit Add a flag to the hmac_drbg context that will signal that reseeding is not required. Change tests and one ecdsa call to not use reseeding, as was the previous case. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-19 09:00:18 -04:00
Andrzej Kurek	fac2f9b4ce	aes: move the fake key operations to AES_SCA_COUNTERMEASURES define Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-19 05:01:44 -04:00
Andrzej Kurek	f6265441b0	hmac_drbg: fix default value of the prediction resistance in ctx After changing the possible prediction resistance values to have more hamming distance between them, 0 (default initialization value) no longer meant no prediction resistance. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-18 07:09:04 -04:00
Andrzej Kurek	6bc37fa4e2	hmac_drbg: set_entropy_len can now return an error Make mbedtls_hmac_drbg_set_entropy_len return an error in case of a too long entropy length setting. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-18 06:05:03 -04:00
Andrzej Kurek	9167aa96f8	hmac_drbg: change two variables to be volatile Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-18 06:02:59 -04:00
Andrzej Kurek	e78775eed2	Use a fake random key in AES calculations Create an additional field in the AES context to store a randomized fake key. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-18 05:21:32 -04:00
Andrzej Kurek	8917326d7b	Introduce sha256 security review fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-18 00:42:39 -04:00
Andrzej Kurek	3403969645	Add a comment regarding remaining space check Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-17 05:49:47 -04:00
Andrzej Kurek	a9a5ff5f31	aes: add a comment about expected keybits value. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-17 03:28:32 -04:00
Andrzej Kurek	11ddf25828	Add minor FI countermeasures improvements Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-17 03:28:32 -04:00
Andrzej Kurek	189ee74a82	Add a platform function to return a random uint32_t Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-17 03:28:32 -04:00
Andrzej Kurek	3ed65d2b84	Add a return from pk_get_ueccpubkey if uecc_public_key_read_binary fails Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-17 02:17:38 -04:00
Andrzej Kurek	c3b69edd2f	Increase hamming distance by changing UECC_SUCCESS from 0 to FFAAAA Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-16 11:33:34 -04:00
Andrzej Kurek	a798e5d5cc	Introduce additional buffer size checks to pk.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-16 11:32:53 -04:00
Andrzej Kurek	ddc2db4c13	x509.c: Remove one unnecessary cast Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-16 04:41:48 -04:00
Andrzej Kurek	cf3e35cc58	Revert a part of sensitive information duplication from tinycrypt Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-15 22:32:30 -04:00
Andrzej Kurek	afec8853c5	Revert a part of the sensitive information duplication changes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-15 16:31:27 -04:00
Andrzej Kurek	c417c783e5	Merge pull request #3481 from AndrzejKurek/fi_duplicate_buffers_2 Duplicate sensitive buffer and buffer length information	2020-07-15 11:56:36 +02:00
Andrzej Kurek	45e719983f	Minor formatting and cosmetic changes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-08 10:09:44 -04:00
Andrzej Kurek	ca60937cf9	Add buffer and context clearing upon suspected FI Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-08 09:25:49 -04:00
Andrzej Kurek	0919b142b6	Formatting changes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-06 15:28:59 -04:00
Andrzej Kurek	84bde419e1	Add FI countermeasures to the ssl module This commit adds mainly buffer pointer and length duplication and checks, but also some hamming distance and return values checking improvements. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2020-07-06 15:27:34 -04:00

1 2 3 4 5 ...

10520 Commits