Commit Graph

5139 Commits

Author SHA1 Message Date
Andrzej Kurek
e2134ed4b1 Fix certificate management when freeing handshake
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-18 11:23:19 -05:00
Andrzej Kurek
38c7f2d32f Refactor the immediate transmission feature
The original way or handling it did not cover
message fragmentation or retransmission.
Now, the messages are always appended
to the flight and sent immediately, using 
the same function as normal flight 
transmission.
Moreover, epoch handling is different for this feature,
with a possibility to perform the usual retransmission
using previous methods. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 18:17:31 -05:00
Andrzej Kurek
d886d9f93c Fix freeing uninitialized fields from the ssl context
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
c3dde3f2f9 Fix unreachable code error
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
52e08cbcb2 Fix unused parameters and ifdefs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
777d4217f1 Fix define and function names to conform to Mbed TLS rules
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
b22e64045b Update generated files
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek
131512440e Move the new config optimization defines to be optional
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Hannes Tschofenig
32846c62ac Moving the ecdhe_computed variable into the handshake structure 2020-12-15 12:50:37 +01:00
Hannes Tschofenig
34630562cd Making sure that the ECDHE pre-computation is only done once. 2020-12-15 12:33:45 +01:00
Hannes Tschofenig
c162895030 Add call to mbedtls_x509_crt_free() 2020-12-07 11:04:09 +01:00
Hannes Tschofenig
e151a3528a Adding early ECDHE key generation to ssl_cli.c 2020-12-03 17:37:49 +01:00
Hannes Tschofenig
2279ffd2a0 Adding immediate message transmission 2020-12-03 15:52:35 +01:00
Hannes Tschofenig
cb6410c67d Wrapper function for calling parse_certificate_verify 2020-12-03 15:48:55 +01:00
Hannes Tschofenig
635f86874f Adding delayed server cert verification to client state machine 2020-12-03 15:48:32 +01:00
Shelly Liberman
7326c62efb Add flow control to platform rnd buf
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-12-01 14:04:51 +02:00
Shelly Liberman
26bea33674
Merge pull request #3899 from shelib01/masked-aes
Masked AES 128 bit, encrypt only (boolean mask technique)
2020-11-27 17:17:23 +02:00
Shelly Liberman
11c64885a6 After review fixes
1. Formating
2. Check config added
3. Dependency description fixed

Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-26 23:58:41 +02:00
Andrzej Kurek
7d0a6864d3 Make CCM shuffling and masking optional
Add a define for CCM shuffling and masking operations.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-26 06:35:04 -05:00
Shelly Liberman
44b4229352 masked-aes CI problems fixes
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-26 10:54:19 +02:00
Andrzej Kurek
ab3de1daff Add flow control protection to ccm
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-26 03:24:14 -05:00
Shelly Liberman
c907c81a3b aes boolean masking
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-25 20:58:25 +02:00
Andrzej Kurek
8265f5cc4f
Merge pull request #3880 from AndrzejKurek/fi-random-delays
Add random delays to sha256 to protect against fault injection
2020-11-25 13:38:52 -05:00
Shelly Liberman
88da3c245b
Merge branch 'baremetal' into masked-aes 2020-11-25 18:32:19 +02:00
Shelly Liberman
cdebcfe1a3 aes boolean masking
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-25 18:14:59 +02:00
Andrzej Kurek
9b92865bcd
Merge pull request #3850 from AndrzejKurek/ccm-clean-temp-data
ccm - clean temp data
2020-11-25 11:14:05 -05:00
Andrzej Kurek
549a35690c
Merge pull request #3890 from AndrzejKurek/fi-memcpy-memset-fail
Add a callback for platform faults in platform_util.c
2020-11-25 11:13:32 -05:00
Andrzej Kurek
1c448168b2
Merge pull request #3913 from jarvte/memfix_variablebuffer
Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined
2020-11-25 09:45:53 -05:00
Andrzej Kurek
7f81c86a0d Add a callback for platform faults in platform_util.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:53:59 -05:00
Andrzej Kurek
9bc6119bb9 Add random delays to sha256 to protect against fault injection
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:38:05 -05:00
Andrzej Kurek
142f09fb96 ccm: zeroize buffers before and after usage
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:20:43 -05:00
Andrzej Kurek
5eba1d82a2
Merge pull request #3841 from AndrzejKurek/baremetal-rnd-in-range-fix
Move size checks outside of mbedtls_platform_random_in_range
2020-11-25 11:41:40 +01:00
Andrzej Kurek
21f64d3633
Merge pull request #3840 from AndrzejKurek/baremetal-aes-shuffling-2
CCM countermeasures - shuffling and masking
2020-11-25 11:33:53 +01:00
Teppo Järvelin
b89cf99a57 Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is defined
Signed-off-by: Teppo Järvelin <teppo.jarvelin@arm.com>
2020-11-25 11:44:05 +02:00
Shelly Liberman
c5b0c6e8ae fix uninitialized variables
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-19 20:01:21 +02:00
Andrzej Kurek
18c60aaca1
ccm: use random_in_range instead of duplicating its functionality
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-18 12:37:41 +01:00
Andrzej Kurek
a138c0a0b0
Move size checks outside of mbedtls_platform_random_in_range
Update the documentation to mention that calling it with zero
as an argument will result in an undefined behavior.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-12 17:05:51 +01:00
Shelly Liberman
560203ae01
Merge pull request #3853 from kjbracey-arm/m_narrowloop
[baremetal] Avoid narrow loop counters etc
2020-11-08 08:03:48 +02:00
Kevin Bracey
a967a58ed3 [baremetal] Avoid narrow loop counters etc
Use `uint_fast8_t` instead of `unsigned char` in various loop-type
situations. This avoids the need for a 16 or 32-bit system to insert
explicit narrow-to-8-bit instructions.

Not the result of an exhaustive source analysis, rather inspecting
the disassembly output for a cut-down Cortex-M0+ build looking for
UXTB etc instructions, so there could well be more in the complete
configuration.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-06 10:56:16 +02:00
Kevin Bracey
585e9e0922 Add MBEDTLS_SSL_CONF_TRANSPORT
Follow the model of `MBEDTLS_SSL_CONF_ENDPOINT`. This saves a small
amount - most of the saving was already acheived via`
MBEDTLS_SSL_TRANSPORT_IS_TLS` but we can scrape out a little more by
totally eliminating `ssl->conf->transport` references.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:22 +02:00
Kevin Bracey
d859db833c Fix MBEDTLS_SSL_CONF_ENDPOINT flagging
Compilation failed if MBEDTLS_SSL_CONF_ENDPOINT was set - add necessary
conditions.

Signed-off-by: Kevin Bracey <kevin.bracey@arm.com>
2020-11-04 15:16:09 +02:00
Andrzej Kurek
8b0910a791
Merge pull request #3815 from AndrzejKurek/cipher-optim-mem-fix
ssl_tls.c: Fix unchecked memory allocation
2020-11-02 11:41:24 +01:00
Andrzej Kurek
0fa427b027
ccm: add masking to the UPDATE_CBC_MAC macro
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-31 17:55:21 +01:00
Andrzej Kurek
8bef87ee5e
Add basic shuffling and masking to CCM operations
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-31 10:19:07 +01:00
Andrzej Kurek
28b3b29306
ssl_tls.c: Fix unchecked memory allocation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:40:41 +02:00
Andrzej Kurek
2e49d079d6
Describe the behaviour of buffer resizing on an out-of-memory error
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:16:25 +02:00
Andrzej Kurek
cd9a6ff3c1
Introduce additional flags for buffer upsizing and downsizing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-22 11:12:07 +02:00
Andrzej Kurek
79db2f14da
Refactor the buffer resize feature to reduce codesize
Extract a common part of the code to a function.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-20 17:11:54 +02:00
Andrzej Kurek
f384495972
Sideport the variable IO buffer size feature to baremetal
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-10-17 00:55:17 +02:00
Andrzej Kurek
dd5ad6924e
Merge pull request #3785 from AndrzejKurek/m_tinycrypt_asm
TinyCrypt ARM assembler and other optimisations
2020-10-15 13:27:39 +02:00