Commit graph

10631 commits

Author SHA1 Message Date
Andrzej Kurek e6c3aa7e7b Fix minor issues and clean up the code
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-18 15:06:42 -05:00
Andrzej Kurek e2134ed4b1 Fix certificate management when freeing handshake
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-18 11:23:19 -05:00
Andrzej Kurek 38c7f2d32f Refactor the immediate transmission feature
The original way or handling it did not cover
message fragmentation or retransmission.
Now, the messages are always appended
to the flight and sent immediately, using 
the same function as normal flight 
transmission.
Moreover, epoch handling is different for this feature,
with a possibility to perform the usual retransmission
using previous methods. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 18:17:31 -05:00
Andrzej Kurek d886d9f93c Fix freeing uninitialized fields from the ssl context
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 9627202d3a Move MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION to baremetal config
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 5ac3a50924 DTLS: disable datagram packing tests when immediate transmission is on
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek c3dde3f2f9 Fix unreachable code error
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 52e08cbcb2 Fix unused parameters and ifdefs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 777d4217f1 Fix define and function names to conform to Mbed TLS rules
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek b22e64045b Update generated files
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 131512440e Move the new config optimization defines to be optional
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Hannes Tschofenig 32846c62ac Moving the ecdhe_computed variable into the handshake structure 2020-12-15 12:50:37 +01:00
Hannes Tschofenig 34630562cd Making sure that the ECDHE pre-computation is only done once. 2020-12-15 12:33:45 +01:00
Hannes Tschofenig c162895030 Add call to mbedtls_x509_crt_free() 2020-12-07 11:04:09 +01:00
Hannes Tschofenig e151a3528a Adding early ECDHE key generation to ssl_cli.c 2020-12-03 17:37:49 +01:00
Hannes Tschofenig c34d9cf37a Adding storage for public key to handshake_params 2020-12-03 17:37:06 +01:00
Hannes Tschofenig 77cddb3ef7 Adding early key computation config option 2020-12-03 17:36:00 +01:00
Hannes Tschofenig 3cb3db7961 Adding early key computation config check 2020-12-03 17:35:50 +01:00
Hannes Tschofenig 2279ffd2a0 Adding immediate message transmission 2020-12-03 15:52:35 +01:00
Hannes Tschofenig dfa4bae320 Adding immediate transmission option 2020-12-03 15:49:35 +01:00
Hannes Tschofenig cb6410c67d Wrapper function for calling parse_certificate_verify 2020-12-03 15:48:55 +01:00
Hannes Tschofenig 635f86874f Adding delayed server cert verification to client state machine 2020-12-03 15:48:32 +01:00
Hannes Tschofenig 4f8c88312c Adding wrapper function for certificate verification function 2020-12-03 15:48:12 +01:00
Hannes Tschofenig f336c7ea71 Adding delayed server cert verification config option 2020-12-03 15:47:47 +01:00
Hannes Tschofenig c7f6d7f75c Making sure that keep peer certificate option is set when server cert verification is used. 2020-12-03 15:47:31 +01:00
Andrzej Kurek b0b1cdc059
Merge pull request #3932 from AndrzejKurek/tinycrypt-ecdh-test-vectors
Tinycrypt - ecdh test vectors
2020-12-02 11:43:35 -05:00
Shelly Liberman c6603c501c
Merge pull request #3931 from shelib01/plat_rand_buf_FI_protection
Platform  random buf FI mitigation added
2020-12-02 13:30:25 +02:00
Andrzej Kurek 0e6c01796d Add NIST CAVP SP 800-56A tests for tinycrypt ecdh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-01 07:29:50 -05:00
Shelly Liberman 7326c62efb Add flow control to platform rnd buf
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-12-01 14:04:51 +02:00
Shelly Liberman 26bea33674
Merge pull request #3899 from shelib01/masked-aes
Masked AES 128 bit, encrypt only (boolean mask technique)
2020-11-27 17:17:23 +02:00
Shelly Liberman 11c64885a6 After review fixes
1. Formating
2. Check config added
3. Dependency description fixed

Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-26 23:58:41 +02:00
Andrzej Kurek 6994eb2b52
Merge pull request #3919 from AndrzejKurek/fi-flag-ccm-countermeasures
Make CCM shuffling an masking optional
2020-11-26 14:08:32 -05:00
Andrzej Kurek 7d0a6864d3 Make CCM shuffling and masking optional
Add a define for CCM shuffling and masking operations.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-26 06:35:04 -05:00
Shelly Liberman 44b4229352 masked-aes CI problems fixes
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-26 10:54:19 +02:00
Andrzej Kurek ab3de1daff Add flow control protection to ccm
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-26 03:24:14 -05:00
Shelly Liberman c907c81a3b aes boolean masking
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-25 20:58:25 +02:00
Andrzej Kurek 8265f5cc4f
Merge pull request #3880 from AndrzejKurek/fi-random-delays
Add random delays to sha256 to protect against fault injection
2020-11-25 13:38:52 -05:00
Shelly Liberman 88da3c245b
Merge branch 'baremetal' into masked-aes 2020-11-25 18:32:19 +02:00
Shelly Liberman cdebcfe1a3 aes boolean masking
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-25 18:14:59 +02:00
Andrzej Kurek 9b92865bcd
Merge pull request #3850 from AndrzejKurek/ccm-clean-temp-data
ccm - clean temp data
2020-11-25 11:14:05 -05:00
Andrzej Kurek 549a35690c
Merge pull request #3890 from AndrzejKurek/fi-memcpy-memset-fail
Add a callback for platform faults in platform_util.c
2020-11-25 11:13:32 -05:00
Andrzej Kurek 1c448168b2
Merge pull request #3913 from jarvte/memfix_variablebuffer
Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined
2020-11-25 09:45:53 -05:00
Andrzej Kurek 7f81c86a0d Add a callback for platform faults in platform_util.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:53:59 -05:00
Andrzej Kurek 9bc6119bb9 Add random delays to sha256 to protect against fault injection
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:38:05 -05:00
Andrzej Kurek 142f09fb96 ccm: zeroize buffers before and after usage
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-11-25 06:20:43 -05:00
Andrzej Kurek 5eba1d82a2
Merge pull request #3841 from AndrzejKurek/baremetal-rnd-in-range-fix
Move size checks outside of mbedtls_platform_random_in_range
2020-11-25 11:41:40 +01:00
Andrzej Kurek 21f64d3633
Merge pull request #3840 from AndrzejKurek/baremetal-aes-shuffling-2
CCM countermeasures - shuffling and masking
2020-11-25 11:33:53 +01:00
Teppo Järvelin b89cf99a57 Fix possible memory leak when MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH is defined
Signed-off-by: Teppo Järvelin <teppo.jarvelin@arm.com>
2020-11-25 11:44:05 +02:00
Shelly Liberman 9e27b901b7
Merge pull request #3900 from shelib01/fix_uninitialized_var
Fix uninitialized variables
2020-11-25 11:25:51 +02:00
Shelly Liberman c5b0c6e8ae fix uninitialized variables
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-11-19 20:01:21 +02:00