Commit graph

10145 commits

Author SHA1 Message Date
Teppo Järvelin 3137fb271a Added include platform_util.h to padlock.c to fix compile with all defines variants 2019-10-30 14:07:04 +02:00
Teppo Järvelin 91d7938761 Changed every memcpy to SCA equivalent mbedtls_platform_memcpy
This makes physical attacks more difficult.
2019-10-30 14:07:04 +02:00
Simon Butcher aeecf04be3 Merge remote-tracking branch 'public/pr/2907' into baremetal 2019-10-29 15:42:52 +00:00
Simon Butcher 8b2c642994 Merge remote-tracking branch 'public/pr/2904' into baremetal 2019-10-29 15:31:48 +00:00
Simon Butcher f5a64048b7 Merge remote-tracking branch 'public/pr/2892' into baremetal 2019-10-29 15:30:38 +00:00
Simon Butcher 9d36fa16f8 Merge remote-tracking branch 'public/pr/2891' into baremetal 2019-10-29 15:25:26 +00:00
Simon Butcher a85b3e4dde Merge remote-tracking branch 'public/pr/2890' into baremetal 2019-10-29 14:41:13 +00:00
Simon Butcher 2f99f3d8a2 Merge remote-tracking branch 'public/pr/2850' into baremetal 2019-10-29 14:24:33 +00:00
Arto Kinnunen 8a8488c1cf Fix mbedtls_ssl_check_record usage with ext buf
Record checking fails if mbedtls_ssl_check_record() is called with
external buffer. Received record sequence number is available in the
incoming record but it is not available in the ssl contexts `in_ctr`-
variable that is used when decoding the sequence number.

To fix the problem, temporarily update ssl context `in_ctr` to
point to the received record header and restore value later.
2019-10-29 11:13:33 +02:00
Teppo Järvelin 7800719551 Adjusted buf allocated from heap in ssl_client2 to be as small as possible 2019-10-25 14:30:33 +03:00
Teppo Järvelin 614efc268e Moved allocation checks to correct place in ssl_server2.c 2019-10-25 11:03:20 +03:00
Arto Kinnunen 4ecfbd3b16 Fix tests to work in Mbed OS test environment
Update x509parse and x509write test suites to include "x509.c" from
correct location.
2019-10-24 15:48:47 +03:00
Teppo Järvelin 99082aeac7 Fixed CI tests by overriding value MBEDTLS_ENTROPY_MAX_SOURCES
Override define MBEDTLS_ENTROPY_MAX_SOURCES from 1 to 3 in baremetal_test.h

mbedtls_entropy_init adds 2 sources already so max must be 3 so that
one source can be added with mbedtls_entropy_add_source.
2019-10-24 15:03:33 +03:00
Arto Kinnunen 0fa65aabf0 Review corrections
-Guard additional static variables with AES_ONLY_ENCRYPT
-Update config.h description about memory savings
-Update test: fix typo in all.sh and adjust compiler flags
2019-10-24 12:19:50 +03:00
Arto Kinnunen c0a8bd40fc Tests for AES encypt only 2019-10-24 12:19:43 +03:00
Arto Kinnunen 1480444e8e Add config option for AES encryption only
-Add config option for AES encyption only to config.h. Feature is
 disabled by default.
-Enable AES encrypt only feature in baremetal.h configuration
-Remove AES encypt only feature from full config
2019-10-24 12:19:33 +03:00
Arto Kinnunen 366c13eaad Update AES 128-bit key test
Flag out 192/256-bit key tests from test_suite_cipher.gcm
2019-10-24 09:49:23 +03:00
Arto Kinnunen 4c003ca80c Update AES 128-key test
- Unset MBEDTLS_PADLOCK_C in aes_only_128_bit_keys test to get RAM
  optimised version tested
- Use compiler flag "-O1" instead of "-Wall -Wextra" to see warnings
2019-10-24 09:49:23 +03:00
Arto Kinnunen 5ed870da72 Adjust AES RAM usage according to config options
Do not reserve additionl space for mbedtls_aes_context if config
option AES_ONLY_128_BIT_KEY_LENGTH is used and PADLOCK_C is not used.
This reduces RAM usage by 96 bytes.

In baremetal configuration reserve space for 10 128-bit keys in order
to save 112 bytes of heap.
2019-10-24 09:49:23 +03:00
Arto Kinnunen 5bdafa21e0 Update version_features.c 2019-10-24 09:49:23 +03:00
Arto Kinnunen 265d162d07 Update AES-128 bit configuration
- Do not include MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to full config
  as it requires also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY

- Update check_config to check availability of flags:
   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
   MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-10-24 09:49:23 +03:00
Arto Kinnunen 60b11064c5 Update configuration
Move MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to proper place in config.h
2019-10-24 09:49:23 +03:00
Arto Kinnunen 4ab702b24a Add AES 128-bit key dependency to tests
- Do not run tests that are using 192/256-bit keys if only
  128-bit keys are allowed for AES.
- Add AES 128-bit-only test to all.sh
2019-10-24 09:49:23 +03:00
Arto Kinnunen 77b9cfcea9 AES: add config option for 128-bit keys
Add configuration options to support only 128-bit key lengths in AES
calculation.
2019-10-24 09:49:23 +03:00
Simon Butcher e2bf54d3d1 Merge remote-tracking branch 'public/pr/2877' into baremetal 2019-10-23 14:53:29 +01:00
Simon Butcher 713e5c365d Merge remote-tracking branch 'public/pr/2880' into baremetal 2019-10-23 14:52:27 +01:00
Simon Butcher a26fb4c64f Merge remote-tracking branch 'public/pr/2870' into baremetal 2019-10-23 14:51:37 +01:00
Teppo Järvelin 3d414bfb65 Increased MEMORY_HEAP_SIZE to 140000 in ssl_server2 to get CI passing. 2019-10-22 14:44:13 +03:00
Teppo Järvelin 11e881b536 Changed entropy to be allocated from stack to heap in ssl_server2 2019-10-22 14:44:13 +03:00
Teppo Järvelin 8e0e48199b Changed main buf to be allocated from heap in ssl_client2 2019-10-22 14:44:13 +03:00
Teppo Järvelin 8e0fe19a6a Various changes to get CI passing after changes in ssl_server and client stack to heap 2019-10-22 14:43:56 +03:00
Manuel Pégourié-Gonnard 66491e1840 Fix undefined references to hardware_poll()
Ultimately, mbedtls_hardware_poll() is going to be provided by the
OS/environment when running on target. But for on-host programs and tests, we
need to define (a fake version) in each program that we want to be able to
link.

A previous commit took care of ssl_client2 and ssl_server2. But if we want to
be able to compile all programs, we need to modify each of them. This doesn't
seem useful, so instead let's just build the programs we need for testing -
this means only udp_proxy needs fixing in addition to what's already done.

This issue went unnoticed in the PR that introduced the new all.sh component,
because at that time the platform_memxxx() functions were not actually used in
the library (nor in programs), so the linker could live with
mbedtls_hardware_poll() not being defined, as it wasn't called anywhere. This
changed when we started using the new platform_memxxx() functions in the
library.
2019-10-22 12:50:13 +02:00
Jarno Lamsa 08d6cf2070 Modify the test_baremetal in all.sh
Allow it to run the whole ssl-opt.sh instead of filtering only to
Default, DTLS
2019-10-22 13:32:26 +03:00
Jarno Lamsa 33281d5546 Add requires entries for tests
To be able to pass the ssl_opt.sh with the baremetal configuration
2019-10-22 13:32:26 +03:00
Manuel Pégourié-Gonnard 3d01f2313b Use plain memset() in HMAC-DRBG seeding
The line above the memset() relies on the fact that V is all-zero at that
point (see the comment above), so it doesn't contain a sensitive value.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 895454da01 Use plain memset() for public data in ssl_tls.c
- out_ctr is public because it's transmited over the wire in DTLS (and in TLS
  it can be inferred by a passive network attacker just by counting records).
- handshake mask is not a secret because it can be inferred by a passive
  network attacker just logging record sequence number seen so far.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard ee0c35fbf5 Use plain memset() for session ID and Hello.Random
Those are public values (transmitted in the clear over the wire).
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 6bf30be457 Use plain memset() for signature transcoding
By nature, signatures don't need to be kept secret.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 54526c3c89 Use plain memset() for freshly allocated objects
This commits reverts to plain memset() for cases like:

    some_type foo;
    memset( &foo, 0, sizeof( foo ) );

(Sometimes there is code between declaration in memset(), but it doesn't
matter as long as it doesn't touch foo.)

The reasoning is the same as in the previous commit: the stack shouldn't
contain sensitive data as we carefully wipe it after use.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 994193326b Use plain memset() in context init functions
We call xxx_init() on a structure when it has been freshly allocated (on the
stack or heap).

At this point it contains random-looking data none of which should be
sensitive, as all sensitive data is wiped using mbedtls_platform_zeroize()
when we're done using it and the memory area is going to be reclaimed (by
exiting the function or free()ing the buffer).
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 14f33e74c0 Use platform_memset() in platform_zeroize()
We're using zeroize in many places in order to erase secrets, so we really
need it to be as secure as possible.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 5220781b98 Fix missing include in some files
Add it in all files that use mbedtls_plaform_memset() but didn't already
include platfom_util.h.

In some configurations it just happened to work, either because it was
included indirectly or because the part of the code that used that function
was disabled, but it some configurations it broke, so let's fix it properly.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard 7a346b866c Replace memset() with mbedtls_platform_memset()
Steps:

1. sed -i 's/\bmemset(\([^)]\)/mbedtls_platform_memset(\1/g' library/*.c tinycrypt/*.c include/mbedtls/*.h scripts/data_files/*.fmt

2. Manually edit library/platform_util.c to revert to memset() in the
implementations of mbedtls_platform_memset() and mbedtls_platform_memcpy()

3. egrep -n '\<memset\>' library/*.c include/mbedtls/*.h tinycrypt/*.c
The remaining occurrences are in three categories:
    a. From point 2 above.
    b. In comments.
    c. In the initialisation of memset_func, to be changed in a future commit.
2019-10-22 10:03:07 +02:00
Teppo Järvelin 52c9ecb408 Fixed memory leak in ssl_server2.c main
Allocations are now done after command line parsing.
Added more checks if allocations are needed and fixed
baremetal tests with these defines.
2019-10-15 14:21:29 +03:00
Teppo Järvelin ff1ce269d0 Fixed to compile: ssl_async_keys is not a pointer but was treated that way when giving to functions. 2019-10-14 08:14:34 +03:00
Hanno Becker ead3aae8d9 Reduce number of entropy sources to 1 in baremetal configuration 2019-10-10 11:47:28 +03:00
Hanno Becker c828432920 Make use of copy-less CRT parsing API in ssl_client2/ssl_server2 2019-10-10 11:47:28 +03:00
Hanno Becker 7d864c494a ssl_client2/ssl_server2: Use heap for various structures
This commit modifies the example programs ssl_client2 and ssl_server2
to allocate various structures on the heap instead of the stack. This
allows more fine-grained memory usage tracking via valgrind massif.
2019-10-10 11:47:28 +03:00
Simon Butcher f0963f7141 Merge remote-tracking branch 'public/pr/2867' into baremetal 2019-10-08 18:57:31 +01:00
Simon Butcher f7881ad2b7 Merge remote-tracking branch 'public/pr/2865' into baremetal 2019-10-08 18:42:04 +01:00