Commit graph

10663 commits

Author SHA1 Message Date
Shelly Liberman f63b2283f2
Merge pull request #4053 from TeroJaasko/baremetal_aes_masking_speedup
Baremetal aes masking speedup
2021-01-24 11:22:23 +02:00
Shelly Liberman ae7bf2c05e
Merge pull request #3999 from AndrzejKurek/baremetal-fi-parse-certificate
[baremetal] Improved fi protection in ssl_parse_certificate
2021-01-24 10:41:43 +02:00
Andrzej Kurek 8fde918b4e Improved fi protection to ssl_parse_certificate
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-22 05:29:47 -05:00
Andrzej Kurek f1b4a593c7
Merge pull request #4027 from AndrzejKurek/coverity-tinycrypt-uECC_vli_mmod-2
Introduce a platform fault on bad input in uECC_vli_mmod
2021-01-20 12:51:11 +01:00
Tero Jääskö ada61f05b3 AES: masked config: remove 176 bytes of zeroing on each AES finalize round
On MBEDTLS_AES_128_BIT_MASKED+FI_COUNTERMEASURES config the rk_mask array
was unconditionally zeroed on each dummy finalization round even though
it will be zeroed after the loop too. Remove the repeated zeroing to increase
overall transfer speed on DTLS session by 17..20% on a Cortex-M4.

Signed-off-by: Tero Jääskö <tero.jaasko@arm.com>
2021-01-19 18:43:02 +02:00
Tero Jääskö 0241f81cbc AES: masked config: increase total transfer speed by 5% by removing zeroing
On MBEDTLS_AES_128_BIT_MASKED config the overall DTLS transfer speed can be
increased by 3..5% or so on a Cortex-M4 by removing 472 bytes worth of
buffer zeroing done on each block {en|de}cryption. The buffer zeroings
were done before overwriting them on in masking code.

Signed-off-by: Tero Jääskö <tero.jaasko@arm.com>
2021-01-19 18:41:30 +02:00
Andrzej Kurek a4ffa3c474
Merge pull request #4026 from AndrzejKurek/baremetal-ci-spurious-resend
Fix spurious resend in one of the ssl-opt.sh tests.
2021-01-18 10:59:56 +01:00
Andrzej Kurek 7aebd7f55d Introduce a platform fault on bad input in uECC_vli_mmod
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-14 07:48:49 -05:00
Andrzej Kurek 7ad75b6a22 Increase the min hs timeout in one of the ssl_opt tests
This triggered some spurious CI failure, where
the network is flaky. Increasing the min value,
leaving the max at the same distance should 
account for this.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-14 06:17:40 -05:00
Andrzej Kurek 5ef12c0cbc
Merge pull request #4016 from AndrzejKurek/baremetal-ci-spurious-resend
Fix spurious resend in one of the ssl-opt.sh tests.
2021-01-13 21:58:49 +01:00
Andrzej Kurek 95b87f32f6 Increase the min hs timeout in one of the ssl_opt tests
This triggered some spurious CI failure, where
the network is flaky. Increasing the min value,
leaving the max at the same distance should 
account for this.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-12 07:49:41 -05:00
Andrzej Kurek d7073d9290
Merge pull request #3979 from AndrzejKurek/coverity-seg-fault-context
Fix the usage of ssl context after its nullified
2021-01-05 12:47:41 +01:00
Andrzej Kurek ffe07bf020
Merge pull request #3977 from AndrzejKurek/fi-missing-volatile
FI variables missing 'volatile'
2021-01-05 12:05:52 +01:00
Andrzej Kurek 42ed2d3c59 Fix the usage of ssl context after its nullified
Previously, it was possible to access a null pointer
even though the given configuration should work.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-04 09:36:53 -05:00
Andrzej Kurek 17c3531b4b Add missing volatile identifiers before fi-related variables
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-31 09:56:42 -05:00
Andrzej Kurek 165564de07
Merge pull request #3946 from AndrzejKurek/optimized-key-exchange
Key exchange optimizations
2020-12-23 20:03:17 +01:00
Andrzej Kurek 5d3d2327ce Introduce additional fault injection protection to ssl_cli.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-23 03:45:53 -05:00
Andrzej Kurek 25997053a8 Introduce FI protection to ssl client handshake step handling
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-23 03:34:24 -05:00
Andrzej Kurek ad3c4ffb56 Add an "SSL" infix to MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 08:11:36 -05:00
Andrzej Kurek 6b5c9a3744 Add an "SSL" infix to MBEDTLS_EARLY_KEY_COMPUTATION
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 08:02:59 -05:00
Andrzej Kurek 4f5549f595 Add an "SSL" infix to MBEDTLS_IMMEDIATE_TRANSMISSION
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 07:56:57 -05:00
Andrzej Kurek df6e684460 Add a valgrind test for baremetal config
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-21 07:45:43 -05:00
Andrzej Kurek 0719b3c129 Add output flushing after each message transmission
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-19 17:15:52 -05:00
Andrzej Kurek e6c3aa7e7b Fix minor issues and clean up the code
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-18 15:06:42 -05:00
Andrzej Kurek e2134ed4b1 Fix certificate management when freeing handshake
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-18 11:23:19 -05:00
Shelly Liberman a981a9605d
Merge pull request #3961 from shelib01/random_buf_fix
fix flow control check
2020-12-16 10:35:22 +02:00
Andrzej Kurek 38c7f2d32f Refactor the immediate transmission feature
The original way or handling it did not cover
message fragmentation or retransmission.
Now, the messages are always appended
to the flight and sent immediately, using 
the same function as normal flight 
transmission.
Moreover, epoch handling is different for this feature,
with a possibility to perform the usual retransmission
using previous methods. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 18:17:31 -05:00
Andrzej Kurek d886d9f93c Fix freeing uninitialized fields from the ssl context
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 9627202d3a Move MBEDTLS_DELAYED_SERVER_CERT_VERIFICATION to baremetal config
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 5ac3a50924 DTLS: disable datagram packing tests when immediate transmission is on
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek c3dde3f2f9 Fix unreachable code error
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 52e08cbcb2 Fix unused parameters and ifdefs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 777d4217f1 Fix define and function names to conform to Mbed TLS rules
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek b22e64045b Update generated files
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Andrzej Kurek 131512440e Move the new config optimization defines to be optional
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-15 15:43:12 -05:00
Hannes Tschofenig 32846c62ac Moving the ecdhe_computed variable into the handshake structure 2020-12-15 12:50:37 +01:00
Hannes Tschofenig 34630562cd Making sure that the ECDHE pre-computation is only done once. 2020-12-15 12:33:45 +01:00
Shelly Liberman 699aebecb9 fix flow control check
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-12-14 18:57:52 +02:00
Andrzej Kurek cee7ee86af
Merge pull request #3956 from shelib01/aes_masking_fix
AES masking bug fix
2020-12-14 09:37:12 +01:00
Shelly Liberman 51701bb4af aes masking bug fix
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-12-13 18:32:09 +02:00
Andrzej Kurek 25d0202ac5
Merge pull request #3941 from AndrzejKurek/tinycrypt-ecdsa-signature
Add ECDSA signature generation tests to tinycrypt
2020-12-08 06:18:33 -05:00
Andrzej Kurek 3e80b1a657 Fix compilation errors when building sign_with_k test function
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-07 08:54:50 -05:00
Hannes Tschofenig c162895030 Add call to mbedtls_x509_crt_free() 2020-12-07 11:04:09 +01:00
Andrzej Kurek bef771bf50 Add ECDSA signature generation tests to tinycrypt
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-12-04 09:54:11 -05:00
Andrzej Kurek fca6731ddd
Merge pull request #3934 from AndrzejKurek/tinycrypt-ecdsa-test-vectors
Add NIST CAVP FIPS 186-4 test vectors for tinycrypt ecdsa
2020-12-04 09:47:00 -05:00
Hannes Tschofenig e151a3528a Adding early ECDHE key generation to ssl_cli.c 2020-12-03 17:37:49 +01:00
Hannes Tschofenig c34d9cf37a Adding storage for public key to handshake_params 2020-12-03 17:37:06 +01:00
Hannes Tschofenig 77cddb3ef7 Adding early key computation config option 2020-12-03 17:36:00 +01:00
Hannes Tschofenig 3cb3db7961 Adding early key computation config check 2020-12-03 17:35:50 +01:00
Hannes Tschofenig 2279ffd2a0 Adding immediate message transmission 2020-12-03 15:52:35 +01:00