Commit Graph

74 Commits

Author SHA1 Message Date
Andrzej Kurek
b04208151b
tinycrypt: make asm optimizations optional for baremetal
Disable asm optimizations for strict armcc baremetal builds.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 19:42:23 +02:00
Andrzej Kurek
db0e50ea70
Introduce MBEDTLS_OPTIMIZE_TINYCRYPT_ASM
Make the ASM optimizations in tinycrypt optional.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-14 14:32:50 +02:00
Andrzej Kurek
a793237998
Calculate hashes of ssl encryption and decryption keys
Optimize the key switching mechanism to set the key only if 
a different operation is performed with the context.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-19 08:04:05 +02:00
Andrzej Kurek
1175044156
Merge enc/dec cipher contexts in ssl transforms
Store the raw encryption and decryption keys in transforms
to set them before each cipher operation. Add a config option
for this - MBEDTLS_SSL_TRANSFORM_OPTIMIZE_CIPHERS.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-09-17 23:51:58 +02:00
Andrzej Kurek
9539f831b2
Swap out CRC calculation in AES in favour of a simple hash
XOR the key bytes upon setting and re-check hash during each use.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-08-10 20:46:48 -04:00
Andrzej Kurek
fba5921186
aes: validate keys using crc before encryption/decryption
CRC is calculated when the key is set. This commit also adds new tests
for ecb encryption and decryption, simulating a fault injection after the key is set.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-08-08 19:06:44 -04:00
Andrzej Kurek
9df2b416b9
Add a CRC module to mbedtls and baremetal config
Add a new CRC module along with some tests for it.
The table and the CRC function body is generated using pycrc v0.9.2. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-08-08 02:10:52 -04:00
Shelly Liberman
c6a7e6b0c4 Enhancement fixes
Co-authored-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-08-05 15:40:15 +03:00
shelib01
4062d6ca68 Add user pointer and data size duplication to ssl context.
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-08-05 15:01:05 +03:00
Arto Kinnunen
be1bb06acd Enable AES countermeasures in baremetal config
Enable AES countermeasures in baremetal configuration.
2019-12-10 14:54:43 +02:00
Simon Butcher
9d36fa16f8 Merge remote-tracking branch 'public/pr/2891' into baremetal 2019-10-29 15:25:26 +00:00
Simon Butcher
a85b3e4dde Merge remote-tracking branch 'public/pr/2890' into baremetal 2019-10-29 14:41:13 +00:00
Arto Kinnunen
1480444e8e Add config option for AES encryption only
-Add config option for AES encyption only to config.h. Feature is
 disabled by default.
-Enable AES encrypt only feature in baremetal.h configuration
-Remove AES encypt only feature from full config
2019-10-24 12:19:33 +03:00
Arto Kinnunen
77b9cfcea9 AES: add config option for 128-bit keys
Add configuration options to support only 128-bit key lengths in AES
calculation.
2019-10-24 09:49:23 +03:00
Hanno Becker
ead3aae8d9 Reduce number of entropy sources to 1 in baremetal configuration 2019-10-10 11:47:28 +03:00
Manuel Pégourié-Gonnard
1c1cc0d373 Add config.h option MBEDTLS_PK_SINGLE_HASH
No effect for now, just declaring it here, implemented in subsequent commits.

The option requires MBEDTLS_USE_TINYCRYPT and is incompatible with
MBEDTLS_PK_RSA_ALT_SUPPORT and MBEDTLS_RSA_C.

Currently users (including the X.509 and SSL libraries) assume that if both PK
and RSA are enabled, then RSA is available through PK. If we allowed RSA to be
enabled together with PK_SINGLE_TYPE, we'd break that assumption. Going
through the code to find all place that rely on that assumption and fix them
would be cumbersome, and people who want PK_SINGLE_TYPE are unlikely to care
about RSA anyway, so let's just make them incompatible.

This is also consistent with what's done in the MD module: MD_SINGLE_HASH
requires that exactly one hash be enabled.
2019-09-19 10:45:14 +02:00
Simon Butcher
88b535a47e Merge remote-tracking branch 'origin/pr/654' into baremetal 2019-09-10 14:54:28 +01:00
Simon Butcher
303d399f42 Merge remote-tracking branch 'origin/pr/609' into baremetal 2019-09-10 14:50:04 +01:00
Hanno Becker
9ec3fe0d43 Introduce configuration option to remove CRT verification callbacks 2019-09-09 09:55:31 +01:00
Hanno Becker
d806d9da89 Use SHA-256 as single hardcoded hash in baremetal configuration 2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard
e06cc3109c Add MBEDTLS_SHA256_NO_SHA224 to baremetal.h 2019-09-09 10:21:30 +02:00
Simon Butcher
2da461e657 Merge remote-tracking branch 'origin/pr/655' into baremetal 2019-09-07 12:35:54 +01:00
Hanno Becker
d016e44e3c Baremetal config: Remove deprecated functions
This doesn't make a difference after link time optimization
because they aren't used, but it yields more accurate code-size
figures from baremetal.sh.
2019-09-05 13:37:03 +01:00
Hanno Becker
fceba69c25 Baremetal config: Remove MBEDTLS_SSL_TICKETS_C
This doesn't make a difference after link time optimization because
tickets aren't used, but it yields more accurate code-size figures
from baremetal.sh.
2019-09-05 13:36:49 +01:00
Hanno Becker
96d34d57ec TinyCrypt PK Wrap: Remove dependency on ASN.1 writing
The TinyCrypt PK signature wrapper uses ASN.1 writing functions
for length and tag, accounting for the only dependency of the
baremetal build on ASN.1 writing.

Since all lengths to be encoded are below 128 Bytes and are hence
ASN.1 encoded as single Bytes, the dependency on ASN.1 writing can
be removed at low complexity by writing the length and tags directly.
2019-09-04 16:19:49 +01:00
Hanno Becker
a007e0db47 baremetal.h: Use TinyCrypt curve identifier 2019-09-04 16:19:49 +01:00
Hanno Becker
b251e01a0f Remove legacy ECC from baremetal.h 2019-09-04 16:19:49 +01:00
Hanno Becker
bd52604f9a Remove PK and CSR writing functionality from baremetal.h 2019-09-04 16:19:49 +01:00
Teppo Järvelin
4009d8f377 Make function mbedtls_ssl_set_hostname(...) as optional
Now function mbedtls_ssl_set_hostname is compile-time configurable
in config.h with define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION.
This affects to many x509 API's. See config.h for details.
2019-08-27 10:47:08 +03:00
Hanno Becker
cdce332d8c Remove MBEDTLS_ECDH_C from baremetal configuration
Baremetal uses the tinyCrypt implementation of ECDHE.
2019-08-12 18:01:47 +01:00
Hanno Becker
c6c0fe6c5f Add MBEDTLS_USE_TINYCRYPT to baremetal configuration 2019-08-12 17:05:38 +01:00
Hanno Becker
572d448ab2 Enforce NULL context for hardcoded RNG 2019-08-12 17:05:03 +01:00
Manuel Pégourié-Gonnard
7c575d29dc
Merge pull request #605 from ARMmbed/x509_ondemand_remove_unneeded_fields
[Baremetal] Allow removal of unneeded fields in X.509 CRT structures
2019-07-29 11:58:58 +02:00
Hanno Becker
56595f4f7b Allow hardcoding single signature hash at compile-time
This commit introduces the option MBEDTLS_SSL_CONF_SINGLE_HASH
which can be used to register a single supported signature hash
algorithm at compile time. It replaces the runtime configuration
API mbedtls_ssl_conf_sig_hashes() which allows to register a _list_
of supported signature hash algorithms.

In contrast to other options used to hardcode configuration options,
MBEDTLS_SSL_CONF_SINGLE_HASH isn't a numeric option, but instead it's
only relevant if it's defined or not. To actually set the single
supported hash algorithm that should be supported, numeric options

MBEDTLS_SSL_CONF_SINGLE_HASH_TLS_ID
MBEDTLS_SSL_CONF_SINGLE_HASH_MD_ID

must both be defined and provide the TLS ID and the Mbed TLS internal
ID and the chosen hash algorithm, respectively.
2019-07-17 10:19:27 +01:00
Simon Butcher
feb1cee36e Merge remote-tracking branch 'origin/pr/602' into baremetal 2019-07-15 19:24:11 +01:00
Hanno Becker
c1096e7514 Allow hardcoding single supported elliptic curve
This commit introduces the option MBEDTLS_SSL_CONF_SINGLE_EC
which can be used to register a single supported elliptic curve
at compile time. It replaces the runtime configuration API
mbedtls_ssl_conf_curves() which allows to register a _list_
of supported elliptic curves.

In contrast to other options used to hardcode configuration options,
MBEDTLS_SSL_CONF_SINGLE_EC isn't a numeric option, but instead it's
only relevant if it's defined or not. To actually set the single
elliptic curve that should be supported, numeric options

MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID

must both be defined and provide the TLS ID and the Mbed TLS internal
ID and the chosen curve, respectively.
2019-07-12 15:25:03 +01:00
Hanno Becker
e965bd397e Allow hardcoding of min/max minor/major SSL version at compile-time
This commit introduces the numeric compile-time constants

- MBEDTLS_SSL_CONF_MIN_MINOR_VER
- MBEDTLS_SSL_CONF_MAX_MINOR_VER
- MBEDTLS_SSL_CONF_MIN_MAJOR_VER
- MBEDTLS_SSL_CONF_MAX_MAJOR_VER

which, when defined, overwrite the runtime configurable fields
mbedtls_ssl_config::min_major_ver etc. in the SSL configuration.

As for the preceding case of the ExtendedMasterSecret configuration,
it also introduces and puts to use getter functions for these variables
which evaluate to either a field access or the macro value, maintaining
readability of the code.

The runtime configuration API mbedtls_ssl_conf_{min|max}_version()
is kept for now but has no effect if MBEDTLS_SSL_CONF_XXX are set.
This is likely to be changed in a later commit but deliberately omitted
for now, in order to be able to study code-size benefits earlier in the
process.
2019-07-12 15:14:51 +01:00
Hanno Becker
73f4cb126d Rename XXX_SINGLE_CIPHERSUITE -> XXX_CONF_SINGLE_CIPHERSUITE
This is in line with the other configurations options used
to hardcoded aspects of the SSL configuration.
2019-07-08 11:23:24 +01:00
Hanno Becker
6ace4657b6 Remove ciphersuite from SSL config if single suite hardcoded
If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, it overwrites
the runtime configuration of supported ciphersuites, which
includes both the configuration API and the fields which are
used to store the configuration. Both are therefore no longer
needed and should be removed for the benefit of code-size,
memory usage, and API clarity (no accidental hiccup of runtime
vs. compile-time configuration possible).

The configuration API mbedtls_ssl_conf_ciphersuites() has
already been removed in case MBEDTLS_SSL_SINGLE_CIPHERSUITE,
and this commit removes the field

  mbedtls_ssl_config::ciphersuite_list

which it updates.
2019-07-08 11:23:24 +01:00
Hanno Becker
5cce936e62 Add compile-time option to hardcode choice of single ciphersuite 2019-07-08 11:17:53 +01:00
Hanno Becker
d07614c529 Introduce MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID removing IDs 2019-07-04 14:04:03 +01:00
Hanno Becker
843b71a1df Introduce MBEDTLS_X509_CRT_REMOVE_TIME removing time fields from CRT 2019-07-04 14:04:03 +01:00
Hanno Becker
0ae6b244c8 Allow compile-time configuration of timer callbacks
Introduces
- MBEDTLS_SSL_CONF_SET_TIMER
- MBEDTLS_SSL_CONF_GET_TIMER
which allows to configure timer callbacks at compile-time.

Impact on code-size:

|  | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23379 | 23981 | 26941 |
| `libmbedtls.a` after | 23351 | 23953 | 26869 |
| gain in Bytes | 28 | 28 | 72 |
2019-07-04 10:29:44 +01:00
Hanno Becker
a58a896172 Allow compile-time configuration of I/O function pointers
Introduce the compile-time options
- MBEDTLS_SSL_CONF_RECV
- MBEDTLS_SSL_CONF_SEND
- MBEDTLS_SSL_CONF_RECV_TIMEOUT
which can be used to configure the callbacks for the underlying
transport at compile-time.

Code-size impact:

|  | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23471 | 24077 | 27045 |
| `libmbedtls.a` before | 23379 | 23981 | 26941 |
| gain in Bytes | 92 | 96 | 104 |
2019-07-04 10:28:55 +01:00
Hanno Becker
ece325c8dd Allow compile-time configuration of PRNG in SSL module
Introduces MBEDTLS_SSL_CONF_RNG to allow configuring the
RNG to be used by the SSL module at compile-time.

Impact on code-size:

|  | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23535 | 24089 | 27103 |
| `libmbedtls.a` after | 23471 | 24077 | 27045 |
| gain in Bytes | 64 | 12 | 58 |
2019-07-04 10:27:41 +01:00
Manuel Pégourié-Gonnard
44ba6b0d26 Merge remote-tracking branch 'restricted/pr/594' into baremetal-proposed
* restricted/pr/594:
  Adapt baremetal.h and baremetal.sh
  Don't incl. CAs in CertReq message in baremetal build
  Allow config'n of incl of CertificateReq CA list Y/N at compile-time
  Allow configuration of endpoint (cli/srv) at compile-time
  Allow configuration of read timeouts at compile-time
  Allow configuration of ConnectionID at compile-time
  Allow compile-time configuration of legacy renegotiation
  Allow compile-time configuration of authentication mode
  Allow compile-time configuration of DTLS badmac limit
  Allow compile-time configuration of DTLS anti replay
2019-07-03 10:22:28 +02:00
Manuel Pégourié-Gonnard
37261e6f6b Merge remote-tracking branch 'restricted/pr/601' into baremetal-proposed
* restricted/pr/601: (27 commits)
  Fix compile-time guard for optional field in struct
  Move code to reduce probability of conflicts
  Fix typos caught by check-names.sh
  Clarify conditions related to resumption in client
  Introduce getter function for renego_status
  Add getter function for handshake->resume
  Remove now-redundant code
  Remove cache callbacks from config on client
  Fix a few style issues
  Expand documentation of new options a bit
  Fix renaming oversight in documentation
  Remove backticks in doxygen in config.h
  Declare dependency on tickets for two ssl-opt.sh tests
  Exclude new negative options from config.pl full
  Restore config.h defaults
  Address review comments
  Fix ssl_cli resumption guards
  Fix check-files, check-names and check-generated-features
  Add test to all.sh
  Add changelog entry
  ...
2019-07-03 10:04:13 +02:00
Manuel Pégourié-Gonnard
417d2ce076 Merge remote-tracking branch 'restricted/pr/584' into baremetal-proposed
* restricted/pr/584: (140 commits)
  Remove superfluous new line in x509.c
  Add comment about X.509 name comparison of buffer with itself
  [Fixup] Add missing PK release call in Cert Verify parsing
  Fix guard controlling whether nested acquire calls are allowed
  Add X.509 CRT test for nested calls for CRT frame / PK acquire
  Don't return threading error on release()-without-acquire() calls
  Don't allow nested CRT acquire()-calls if MBEDTLS_X509_ALWAYS_FLUSH
  Make X.509 CRT cache reference counting unconditional
  Remove memory buffer alloc from i386 test in all.sh
  Don't mention pk_sign() in the context of public-key contexts
  Don't use assertion for failures of mbedtls_x509_crt_x_acquire()
  Fix copy pasta in x509_crt.h
  Reference copy-less versions of X.509 CRT frame/PK getters
  x509_crt.c: Add blank line to increase readability
  [FIXUP] Fix bug in ASN.1 traversal of silently ignored tag
  [FIXUP] Fix typo in declaration of mbedtls_x509_memcasecmp()
  Move signature-info extraction out of MBEDTLS_X509_REMOVE_INFO
  Fix certificate validity checking logic to work with !TIME_DATE
  Simplify X.509 CRT version check in UID parsing
  Remove unused variable warning in on-demand X.509 parsing
  ...
2019-07-03 10:03:45 +02:00
Hanno Becker
3b876acff4 Adapt baremetal.h and baremetal.sh 2019-07-02 16:42:45 +01:00
Hanno Becker
f3400da3ca Don't incl. CAs in CertReq message in baremetal build
This commit modifies the baremetal configuration to disables the inclusion
of the list of accepted CAs in the CertificateRequest message sent by the
server.

Impact on code-size:

|  | GCC 8.2.1 | ARMC5 5.06 | ARMC6 6.12 |
| --- | --- | --- | --- |
| `libmbedtls.a` before | 23099 | 23781 | 26639 |
| `libmbedtls.a` before  | 22995 | 23689 | 26515 |
| gain in Bytes | 104 | 92 | 124 |
2019-07-02 16:42:45 +01:00