lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity
22,908 Commits 174 Branches 272 Tags
archive/new-code-style/test/old/rename-delete
Commit Graph

22908 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Valerio Setti
fdb77cdae3 psa_crypto_pake: internally call to psa_pake_abort() in case of errors 
In this way, in case of error, it is not possible to continue using
the same psa_pake_operation_t without reinitializing it.
This should make the PSA pake's behavior closer to what expected by
the specification

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:41:01 +01:00
Dave Rodgman
c36a56e890 Use mbedtls_xor in TLS messaging layer 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman
74b345f282 Use mbedtls_xor in PKCS #5 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman
99a507ee55 Use mbedtls_xor in md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman
d22fb73e3e Use mbedtls_xor in GCM 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman
2e9db8e9bf Use mbedtls_xor in DES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman
ffb5499988 Use mbedtls_xor in CTR_DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman
8c0ff81ce7 Use mbedtls_xor in CMAC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman
c1d9022bab Use mbedtls_xor in ChaCha20 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman
0d3b55bca8 Use mbedtls_xor in ccm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman
d23399eb69 Use mbedtls_xor in Camellia 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman
7bb6b84b29 Use mbedtls_xor in ARIA 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman
a8cf607458 Use mbedtls_xor in AES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman
4413b6690f Add tests for mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Tom Cosgrove
d66d5b2fef Add unit tests for mbedtls_mpi_core_sub_int(), MPI A - scalar b 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 15:07:31 +00:00
Janos Follath
3165f063b5 mpi_exp_mod: use x_index consistently 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath
33480a372b Changelog: expand conference acronym for clarity 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath
c8d66d50d0 mpi_exp_mod: reduce the table size by one 
The first half of the table is not used, let's reuse index 0 for the
result instead of appending it in the end.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath
060009518b mpi_exp_mod: fix out of bounds access 
The table size was set before the configured window size bound was
applied which lead to out of bounds access when the configured window
size bound is less.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath
9c09326572 mpi_mod_exp: be pedantic about right shift 
The window size starts giving diminishing returns around 6 on most
platforms and highly unlikely to be more than 31 in practical use cases.
Still, compilers and static analysers might complain about this and
better to be pedantic.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath
74369b2497 Add paper title to Changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
be54ca77e2 mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
74601209fa mpi_exp_mod: remove the 'one' variable 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
b2c2fca974 mpi_exp_mod: simplify freeing loop 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
3646ff02ad mpi_exp_mod: move X next to the precomputed values 
With small exponents (for example, when doing RSA-1024 with CRT, each
prime is 512 bits and we'll use wsize = 5 which may be smaller that the
maximum - or even worse when doing public RSA operations which typically
have a 16-bit exponent so we'll use wsize = 1) the usage of W will have
pre-computed values, then empty space, then the accumulator at the very
end.

Move X next to the precomputed values to make accesses more efficient
and intuitive.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
7fa11b88f3 mpi_exp_mod: rename local variables 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
844614814e mpi_exp_mod: remove memory ownership confusion 
Elements of W didn't all have the same owner: all were owned by this
function, except W[x_index]. It is more robust if we make a proper copy
of X.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
f08b40eaab mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
b3608afe29 Add ChangeLog entry 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
b764ee1603 mpi_exp_mod: protect out of window zeroes 
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.

Loading the output variable from the table in constant time removes this
leakage.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath
8e7d6a0386 mpi_exp_mod: load the output variable to the table 
This is done in preparation for constant time loading that will be added
in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Valerio Setti
99d88c1ab4 tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 16:03:43 +01:00
Dave Rodgman
c3d8041fe7 Introduce mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 15:01:39 +00:00
Tom Cosgrove
452c99c173 Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Tom Cosgrove
f7ff4c9a11 Tidy up, remove MPI_CORE(), and apply the naming convention 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Hanno Becker
d9b2348d8f Extract MPI_CORE(sub_int) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Janos Follath
0fc88779ec Merge pull request #6632 from yanesca/refactor_bignum_test_framework 
Refactor bignum test framework
 2022-11-22 14:53:58 +00:00
Gilles Peskine
a08103aa94 Merge pull request #6611 from gilles-peskine-arm/run-test-suites-out-of-tree 
Fix run-test-suites.pl in out-of-tree builds
 2022-11-22 15:01:13 +01:00
Gilles Peskine
4f19d86e3f Merge pull request #6608 from mprse/ecjpake_password_fix 
Make a copy of the password key in operation object while setting j-pake password
 2022-11-22 14:52:12 +01:00
Ronald Cron
da13072c5b tls13: Make ..._RECEIVED_NEW_SESSION_TICKET experimental 
We are considering using a callback instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-22 13:21:13 +01:00
Aditya Deshpande
2f7fd76d91 Replace PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE with PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE in psa_key_agreement_internal(). 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-22 11:10:34 +00:00
Manuel Pégourié-Gonnard
18a3856a03 Document another limitation of driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-22 11:59:55 +01:00
Valerio Setti
d4a9b1ab8d tls: psa_pake: remove useless defines and fix a comment 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 11:11:10 +01:00
Xiaokang Qian
8bee89994d Add parse function for early data in encrypted extentions 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-22 09:40:07 +00:00
Przemek Stekiel
0bdec19c93 Further optimizations of pake set_password implementation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-22 09:10:35 +01:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default 
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-22 09:01:46 +01:00
Jerry Yu
fdd24b8c49 Revert change in flight transmit 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-22 14:08:03 +08:00
Aditya Deshpande
39e08d4094 Add tests for the key agreement driver wrapper to test_suite_psa_crypto_driver_wrappers 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-21 19:39:35 +00:00
Gilles Peskine
339406daf9 Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub 
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:51:58 +01:00