Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								10a2ffde5d 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'upstream/pr/2945' into baremetal  
							
							... 
							
							
							
							* upstream/pr/2945:
  Rename macro MBEDTLS_MAX_RAND_DELAY
  Update signature of mbedtls_platform_random_delay
  Replace mbedtls_platform_enforce_volatile_reads 2
  Replace mbedtls_platform_enforce_volatile_reads
  Add more variation to random delay countermeasure
  Add random  delay to enforce_volatile_reads
  Update comments of mbedtls_platform_random_delay
  Follow Mbed TLS coding style
  Add random delay function to platform_utils 
							
						 
						
							2020-01-17 11:21:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								b148651e49 
								
							 
						 
						
							
							
								
								Rename macro MBEDTLS_MAX_RAND_DELAY  
							
							... 
							
							
							
							MBEDTLS_MAX_RAND_DELAY renamed to MAX_RAND_DELAY to get CI passing. 
							
						 
						
							2020-01-09 11:11:23 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								ac6d226939 
								
							 
						 
						
							
							
								
								Update signature of mbedtls_platform_random_delay  
							
							... 
							
							
							
							Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks. 
							
						 
						
							2020-01-09 10:19:07 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								05ca9d46c1 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2979' into baremetal  
							
							
							
						 
						
							2020-01-08 18:15:52 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								282911eabf 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2978' into baremetal  
							
							
							
						 
						
							2020-01-08 18:14:21 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								01d78fcefe 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2971' into baremetal  
							
							
							
						 
						
							2020-01-08 18:10:44 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								2d9c0eb215 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2948' into baremetal  
							
							
							
						 
						
							2020-01-08 18:08:28 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								4b3b8c208e 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2886' into baremetal  
							
							
							
						 
						
							2020-01-08 17:53:43 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								5dc7faf56e 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2956' into baremetal  
							
							
							
						 
						
							2020-01-08 17:53:16 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Teppo Järvelin 
							
						 
						
							
							
							
							
								
							
							
								cafb6c91b0 
								
							 
						 
						
							
							
								
								Clear internal decrypted buffer after read  
							
							
							
						 
						
							2020-01-08 10:25:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								0a8f87f5eb 
								
							 
						 
						
							
							
								
								Remove entropy source overwrite in baremetal_test  
							
							... 
							
							
							
							-Do not overwrite MBEDTLS_ENTROPY_MAX_SOURCES in baremetal_test.h
-Skip tests that are not suitable for low number of entropy sources 
							
						 
						
							2020-01-07 14:48:33 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								7195571681 
								
							 
						 
						
							
							
								
								Replace mbedtls_platform_enforce_volatile_reads 2  
							
							... 
							
							
							
							Replace remaining mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay(). 
							
						 
						
							2020-01-07 10:47:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								e91f0dc905 
								
							 
						 
						
							
							
								
								Replace mbedtls_platform_enforce_volatile_reads  
							
							... 
							
							
							
							Replace function mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay(). 
							
						 
						
							2020-01-07 10:47:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								dbf2b43ceb 
								
							 
						 
						
							
							
								
								Add more variation to random delay countermeasure  
							
							... 
							
							
							
							Add more variation to the random delay function by xor:ing two
variables. It is not enough to increment just a counter to create a
delay as it will be visible as uniform delay that can be easily
removed from the trace by analysis. 
							
						 
						
							2020-01-07 10:47:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								0490485be5 
								
							 
						 
						
							
							
								
								Add random  delay to enforce_volatile_reads  
							
							... 
							
							
							
							Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks. 
							
						 
						
							2020-01-07 10:47:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								9a506e7424 
								
							 
						 
						
							
							
								
								Update comments of mbedtls_platform_random_delay  
							
							
							
						 
						
							2020-01-07 10:47:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								b47b105838 
								
							 
						 
						
							
							
								
								Follow Mbed TLS coding style  
							
							
							
						 
						
							2020-01-07 10:47:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Arto Kinnunen 
							
						 
						
							
							
							
							
								
							
							
								4c63b98e94 
								
							 
						 
						
							
							
								
								Add random delay function to platform_utils  
							
							... 
							
							
							
							Add delay function to platform_utils. The function will delay
program execution by incrementing local variable randomised number of
times. 
							
						 
						
							2020-01-07 10:47:58 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Teppo Järvelin 
							
						 
						
							
							
							
							
								
							
							
								c2fa3eaa81 
								
							 
						 
						
							
							
								
								Removed dead code after optimization in tinycrypt  
							
							
							
						 
						
							2020-01-05 12:02:37 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Teppo Järvelin 
							
						 
						
							
							
							
							
								
							
							
								8f7e36fc98 
								
							 
						 
						
							
							
								
								Coverity fixes, check hmac return values  
							
							
							
						 
						
							2020-01-05 12:02:37 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Teppo Järvelin 
							
						 
						
							
							
							
							
								
							
							
								0b1d7d946d 
								
							 
						 
						
							
							
								
								Coverity fix: dead error condition removed from ecc.c  
							
							
							
						 
						
							2020-01-05 12:02:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								7d2434fac2 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2973' into baremetal  
							
							
							
						 
						
							2020-01-03 15:52:36 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Darryl Green 
							
						 
						
							
							
							
							
								
							
							
								029fe86c53 
								
							 
						 
						
							
							
								
								Fix some pylint warnings  
							
							... 
							
							
							
							Fix a too-long line to meet PEP8 standards 
							
						 
						
							2020-01-03 13:41:20 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								1b370a63ec 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2960' into baremetal  
							
							
							
						 
						
							2019-12-27 18:18:22 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Simon Butcher 
							
						 
						
							
							
							
							
								
							
							
								58813498f7 
								
							 
						 
						
							
							
								
								Merge remote-tracking branch 'public/pr/2957' into baremetal  
							
							
							
						 
						
							2019-12-27 18:18:04 +00:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								5aa4c07b85 
								
							 
						 
						
							
							
								
								Minor review fixes  
							
							
							
						 
						
							2019-12-20 13:09:27 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								015aa44b93 
								
							 
						 
						
							
							
								
								Make authmode volatile  
							
							... 
							
							
							
							This is to enforce reading it from memory for the double
check to prevent compiler from optimising it away. 
							
						 
						
							2019-12-20 12:09:37 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								af60cd7698 
								
							 
						 
						
							
							
								
								Protect the peer_authenticated flag more  
							
							... 
							
							
							
							Add more protection to the flag preventing attacker
possibly to glitch using faulty certificate. 
							
						 
						
							2019-12-20 10:50:33 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								616fbe177c 
								
							 
						 
						
							
							
								
								Increase hamming distance for authmode  
							
							... 
							
							
							
							Prevent glitching mode by single bit flipping. 
							
						 
						
							2019-12-19 17:07:35 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								8d09e5744c 
								
							 
						 
						
							
							
								
								Increase hamming distance for session resume flag  
							
							... 
							
							
							
							This is to prevent glitching a single bit for the resume flag. 
							
						 
						
							2019-12-19 17:07:35 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								489dccd158 
								
							 
						 
						
							
							
								
								Adress review comments  
							
							
							
						 
						
							2019-12-19 17:07:35 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								88db2ae9a0 
								
							 
						 
						
							
							
								
								Use Platform fault when double check fails  
							
							
							
						 
						
							2019-12-19 17:07:35 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								f5b6af01d3 
								
							 
						 
						
							
							
								
								Fix double check in entropy_gather_internal  
							
							... 
							
							
							
							The double check was wrong way, glitching either check
could have compromised the flow there. 
							
						 
						
							2019-12-19 17:07:29 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								afff4d0679 
								
							 
						 
						
							
							
								
								Remove unused flag  
							
							
							
						 
						
							2019-12-19 14:41:56 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								06164057b3 
								
							 
						 
						
							
							
								
								Check that we have all the proper keys  
							
							... 
							
							
							
							The proper keys should be set at the end of
the handshake, if not, fail the handshake. 
							
						 
						
							2019-12-19 14:40:36 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								e1621d4700 
								
							 
						 
						
							
							
								
								Check that the peer_authenticated flag  
							
							... 
							
							
							
							Check that the peer has been authenticated in the end
of the handshake. 
							
						 
						
							2019-12-19 14:29:24 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								ba4730fe4c 
								
							 
						 
						
							
							
								
								Protect setting of peer_authenticated flag  
							
							... 
							
							
							
							Use flow counting and double checks when setting the flag.
Also protect the flow to prevent causing a glitch. 
							
						 
						
							2019-12-19 09:43:25 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								4031a45019 
								
							 
						 
						
							
							
								
								Protect key_derivation_done flag  
							
							... 
							
							
							
							The flag is used to track that the key derivation
has been done. 
							
						 
						
							2019-12-19 09:43:25 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								67f0a1e833 
								
							 
						 
						
							
							
								
								Protect setting of premaster_generated flag  
							
							... 
							
							
							
							The flag is used for tracking if the premaster has
been succesfully generated. Note that when resuming
a session, the flag should not be used when trying to
notice if all the key generation/derivation has been done. 
							
						 
						
							2019-12-19 09:43:19 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								98801af26b 
								
							 
						 
						
							
							
								
								Protect setting of hello_random flag  
							
							... 
							
							
							
							The handshake flag tells when the handshake hello.random
is set and can be used later to decide if we have the correct
keys. 
							
						 
						
							2019-12-19 09:02:02 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								b57d7fd568 
								
							 
						 
						
							
							
								
								Add flags for protecting TLS state machine  
							
							... 
							
							
							
							Flags are there to prevent skipping vital parts of the TLS
handshake. 
							
						 
						
							2019-12-19 09:01:54 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								6122b59042 
								
							 
						 
						
							
							
								
								Address review comments  
							
							
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								46afd5d8fa 
								
							 
						 
						
							
							
								
								Fix CI issues  
							
							... 
							
							
							
							Default flow assumes failure causes multiple issues with
compatibility tests when the return value is initialised
with error value in ssl_in_server_key_exchange_parse.
The function would need a significant change in structure for this. 
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								91dbb79ae4 
								
							 
						 
						
							
							
								
								Fix error return code  
							
							
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								b83a2136d6 
								
							 
						 
						
							
							
								
								Protect the return value from mbedtls_pk_verify  
							
							... 
							
							
							
							Add double checks to the return value and default flow assumes
failure. 
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								47aab8da8a 
								
							 
						 
						
							
							
								
								Protect return value from mbedtls_pk_verify  
							
							... 
							
							
							
							Use double checks and default flow assumes failure. 
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								83a56a630a 
								
							 
						 
						
							
							
								
								Double check mbedtls_pk_verify  
							
							... 
							
							
							
							The verification could be skipped in server, changed the default flow
so that the handshake status is ever updated if the verify
succeeds, and that is checked twice. 
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								9e8e820993 
								
							 
						 
						
							
							
								
								Increase hamming distance for some error codes  
							
							... 
							
							
							
							The MBEDTLS_ERR_SSL_WANT_READ and MBEDTLS_ERR_SSL_WANT_WRITE are
errors that can be ignored, so increase the hamming distance between
them and the non-ignorable errors and keep still some distance from
a success case. This mitigates an attack where single bit-flipping could
change a non-ignorable error to being an ignorable one. 
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								acb5eb00ca 
								
							 
						 
						
							
							
								
								Add a double check to protect from glitch  
							
							... 
							
							
							
							Check that the encryption has been done for the outbut buffer.
This is to ensure that glitching out the encryption doesn't
result as a unecrypted buffer to be sent. 
							
						 
						
							2019-12-19 07:56:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
							
								Jarno Lamsa 
							
						 
						
							
							
							
							
								
							
							
								d05da1fa45 
								
							 
						 
						
							
							
								
								Add double check for checking if source is strong  
							
							... 
							
							
							
							To prevent glitching past a strong source. 
							
						 
						
							2019-12-19 07:56:10 +02:00