db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum
...
Bignum: Add safe conditional assign and swap for the new MPI types
2022-10-19 15:51:19 +02:00
d7edb1d225
Initialize variable
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-10-10 14:32:09 +02:00
3eff425b1a
Use only one limb parameter for assign
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:40 +02:00
cfc0eb8d22
Remove unused parameter
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
87638a9ead
Add missing include
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
24d183aa00
Use the new swap and assign function in the old interface
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
89ad62352d
Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq()
...
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-27 15:04:14 +02:00
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
...
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
b7a88eca42
Bignum: Apply naming conventions
...
Numbers:
- A, B for mbedtls_mpi_uint* operands
- a, b for mbedtls_mpi_uint operands
- X or x for result
- HAC references where applicable
Lengths:
- Reserve size or length for length/size in bytes or byte buffers.
- For length of mbedtls_mpi_uint* buffers use limbs
- Length parameters are qualified if possible (eg. input_length or
a_limbs)
Setup functions:
- The parameters match the corresponding structure member's name
- The structure to set up is a standard lower case name even if in other
functions different naming conventions would apply
Scope of changes/conventions:
- bignum_core
- bignum_mod
- bignum_mod_raw
Signed-off-by: Janos Follath <janos.follath@arm.com >
2022-08-19 13:11:22 +01:00
583816caaf
Be explicit about constant time bignum functions that must take a 0 or 1 condition value
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-08-18 14:09:18 +01:00
5a5c0c5f0a
Move the declaration of variables to their scope of usage
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-08-12 15:40:09 +02:00
6318468183
Improve bignum documentation
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2022-08-11 17:42:59 +01:00
23bdeca64d
Add core constant time comparison
...
Unfortunately reusing the new function from the signed constant time
comparison is not trivial.
One option would be to do temporary conditional swaps which would prevent
qualifying input to const. Another way would be to add an additional
flag for the sign and make it an integral part of the computation, which
would defeat the purpose of having an unsigned core comparison.
Going with two separate function for now and the signed version can be
retired/compiled out with the legacy API eventually.
The new function in theory could be placed into either
`library/constant_time.c` or `library/bignum_new.c`. Going with the
first as the other functions in the second are not constant time yet and
this distinction seems more valuable for new (as opposed to belonging to
the `_core` functions.
Signed-off-by: Janos Follath <janos.follath@arm.com >
2022-08-05 17:08:52 +01:00
8399cccd2e
Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access
...
Fix uninitialised memory access in constant time functions
2022-06-01 11:42:51 +02:00
5260ce27ed
Fix uninitialised memory access in constant time functions
...
Fix an issue reported by Coverity whereby some constant time functions
called from the ssl decrypt code could potentially access uninitialised
memory.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-05-19 18:23:24 +01:00
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-05-11 21:25:51 +01:00
9ebb9ff60c
Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-18 11:09:58 +01:00
72c2f76c43
Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-18 11:09:36 +01:00
36cc13b340
Use PSA defines for buffers in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-18 11:09:20 +01:00
ae57cfd3e7
Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-18 10:00:10 +01:00
28d9c631b8
Fix comments in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-18 10:00:10 +01:00
6958bd0206
Clean aux_out in PSA version of mbedtls_ct_hmac()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-02 15:37:11 +01:00
2968d306e4
Implement mbedtls_ct_hmac() using PSA hash API
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:16:50 +01:00
40fc7da101
Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
...
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com >
2022-01-31 13:34:01 -08:00
60165d7708
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug.
...
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com >
2022-01-26 15:44:10 -08:00
a09697527b
Add documentation for the functions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-11-26 17:25:14 +01:00
14d5fac11d
Unify function parameters
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-11-26 17:23:26 +01:00
c0d8dda60d
Make mbedtls_ct_uchar_mask_of_range function static
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-11-26 17:20:36 +01:00
358829abc9
Move mbedtls_ct_base64_dec_value function to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-11-26 17:14:52 +01:00
9a4074aa1e
Move mbedtls_ct_base64_enc_char function to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-11-26 17:14:21 +01:00
28d611559e
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-11-26 17:09:38 +01:00
642eeb2879
Fix documentation and comments
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-11-03 16:13:32 +01:00
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-20 12:15:20 +02:00
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
...
Rename functions to better suite with the module name.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-20 11:59:27 +02:00
6a426c9f9f
Bind functions' availability for config options
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-20 11:17:43 +02:00
765862c4f3
Move mbedtls_cf_memcmp to a new public header
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-19 12:22:25 +02:00
e212379810
Bind functions' availability for config options
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 19:38:02 +02:00
949455892f
Remove unused function
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 17:02:29 +02:00
a2d0f90c5a
Make functions static
...
These functions are only used as an auxiliary function for constant-time functions.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 16:56:50 +02:00
a316fc8eb0
Update documentation and comments
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 16:39:13 +02:00
63bbba5c13
Rename and reorder function parameters
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 16:39:13 +02:00
7013f62ee5
Use condition for not sensitive data
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 16:39:13 +02:00
eab90bcc36
Move implementation specific comment
...
This comment is about how the functions are implemented, not about their
public interface, so it doesn't belong in the header file.
It applies to everything in constant_time.c so moved there.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 16:39:13 +02:00
1e64261da5
Make mbedtls_cf_size_mask_lt function static
...
The mbedtls_cf_size_mask_lt is solely used as an auxiliary function
for mbedtls_cf_size_mask_ge.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-18 16:39:13 +02:00
5b3a32d883
Fix missing includes
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-29 10:53:55 +02:00
90d96cc741
Add documentation for the functions
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 17:07:51 +02:00
b11a56e34c
Unify equality checker functions return value
...
The equality checker functions always return 0 or 1 value,
thus the type of return value can be the same dispite of the
size of the parameters.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:42:19 +02:00
9cb55698aa
Propagate usage of mask generation functions
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:42:19 +02:00
396438c57b
Unify mask generation functions
...
Generate all-bits 0 or all bits 1 mask from a value instead of from a bit.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:42:19 +02:00
87ac5bef97
Unify function parameters
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:42:16 +02:00
