Manuel Pégourié-Gonnard
660b396e41
Merge pull request #975 from yanesca/issue-946
...
Fix RSA side channel
2022-11-23 10:30:35 +01:00
Janos Follath
3165f063b5
mpi_exp_mod: use x_index consistently
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
33480a372b
Changelog: expand conference acronym for clarity
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
c8d66d50d0
mpi_exp_mod: reduce the table size by one
...
The first half of the table is not used, let's reuse index 0 for the
result instead of appending it in the end.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
060009518b
mpi_exp_mod: fix out of bounds access
...
The table size was set before the configured window size bound was
applied which lead to out of bounds access when the configured window
size bound is less.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
9c09326572
mpi_mod_exp: be pedantic about right shift
...
The window size starts giving diminishing returns around 6 on most
platforms and highly unlikely to be more than 31 in practical use cases.
Still, compilers and static analysers might complain about this and
better to be pedantic.
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
74369b2497
Add paper title to Changelog
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
be54ca77e2
mpi_exp_mod: improve documentation
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
74601209fa
mpi_exp_mod: remove the 'one' variable
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b2c2fca974
mpi_exp_mod: simplify freeing loop
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
3646ff02ad
mpi_exp_mod: move X next to the precomputed values
...
With small exponents (for example, when doing RSA-1024 with CRT, each
prime is 512 bits and we'll use wsize = 5 which may be smaller that the
maximum - or even worse when doing public RSA operations which typically
have a 16-bit exponent so we'll use wsize = 1) the usage of W will have
pre-computed values, then empty space, then the accumulator at the very
end.
Move X next to the precomputed values to make accesses more efficient
and intuitive.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
7fa11b88f3
mpi_exp_mod: rename local variables
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
844614814e
mpi_exp_mod: remove memory ownership confusion
...
Elements of W didn't all have the same owner: all were owned by this
function, except W[x_index]. It is more robust if we make a proper copy
of X.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
f08b40eaab
mpi_exp_mod: improve documentation
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b3608afe29
Add ChangeLog entry
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b764ee1603
mpi_exp_mod: protect out of window zeroes
...
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.
Loading the output variable from the table in constant time removes this
leakage.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
8e7d6a0386
mpi_exp_mod: load the output variable to the table
...
This is done in preparation for constant time loading that will be added
in a later commit.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Manuel Pégourié-Gonnard
b7805b0a67
Merge pull request #972 from ronald-cron-arm/buffer-overflow-in-cid-fix
...
Fix in_cid buffer size in transform structure
2022-11-18 09:48:12 +01:00
Ronald Cron
5dc7999946
Simplify the change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-17 14:51:52 +01:00
Ronald Cron
9a1396bfcc
Add ChangeLog
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-16 11:04:48 +01:00
Ronald Cron
e9f92c4fbc
tls: Fix in_cid buffer size in transform structure
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-16 10:23:05 +01:00
Gilles Peskine
faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format
...
Fix ecjpake PSA format
2022-11-07 17:35:44 +01:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
...
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Gilles Peskine
34c09469f3
Merge pull request #5396 from SiliconLabs/codegen_1.1
...
Driver dispatch Codegen 1.1
2022-11-07 15:27:41 +01:00
Janos Follath
49e9fbd6bc
Merge pull request #6532 from yanesca/bignum_common_merge_slots
...
Add merge slots to bignum_common.py
2022-11-04 08:37:07 +00:00
Janos Follath
f8b3b72910
Add merge slots to bignum_common.py
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-03 14:46:18 +00:00
Janos Follath
4feb94a965
Merge pull request #6530 from yanesca/bignum_merge_scaffolding
...
Bignum merge scaffolding
2022-11-03 11:29:32 +00:00
Asfandyar Orakzai
9b656d3c80
removed stray whitespaces from change logs
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:39:36 +01:00
Asfandyar Orakzai
65cd8a4a23
fixed formating issues in psa_crypto_code_gen_1_1.txt
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:16:40 +01:00
Asfandyar Orakzai
4f63ac4358
fixed changelog formating
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 10:18:05 +01:00
Janos Follath
d820ca5d07
Fix bignum test generator class names
...
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-03 08:42:54 +00:00
Asfandyar Orakzai
ee2b637d03
Fixed change log issue
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-02 21:50:27 +01:00
Janos Follath
c1a81bc998
Remove trailing new lines
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:33:11 +00:00
Janos Follath
9cf14cd6b0
Make pylint happy
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:28:39 +00:00
Janos Follath
6642cafae3
Fix merge separator position
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:28:39 +00:00
Janos Follath
be13652296
Use comments for merge separators in .data files
...
We do have a comment syntax for .data files, there is no need for dummy
test cases.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:28:37 +00:00
Janos Follath
1be322a795
Add merge slots to raw and mod_raw test generation
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
b99b056f0a
Add script for generating mod test cases
...
This commit only adds the boilerplate, no actual tests are added.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
df8239b846
Add script for generating mod_raw test cases
...
This commit only adds the boilerplate, no actual tests are added.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
5933f691a2
Add merge slots to Bignum files
...
Legacy Bignum is excluded as it doesn't get regular extensions like new
ones.
Each slot uses comments of their respective filetype. Since .data files
don't have a syntax for comments, dummy test cases are used. (These test
cases will never be executed and no noise will be added to tests.)
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:25 +00:00
Janos Follath
2a8bcf8c6f
Add bignum merge scaffolding
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:25:48 +00:00
Janos Follath
7b96f52b39
Merge pull request #6450 from gilles-peskine-arm/bignum-core-fill_random
...
Bignum core: fill_random
2022-11-02 17:23:31 +00:00
Asfandyar Orakzai
9bd28dc1e1
Update changed log
...
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-02 16:36:14 +01:00
Gilles Peskine
22cdd0ccd3
Update some internal comments
...
The refactoring of fill_random had left some obsolete bits in comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
dd54324765
Increase iterations for some statistical tests
...
I ran into a sequence where the assertion `stats[8] > 0` failed for the
range 1..272 with 100 iterations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
009d195a56
Move mbedtls_mpi_core_fill_random to the proper .c file
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
5980f2bd36
Implement mbedtls_mpi_core_fill_random
...
Turn mpi_fill_random_internal() into mbedtls_mpi_core_fill_random(). It
had basically the right code except for how X is passed to the function.
Write unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 15:59:36 +01:00
Gilles Peskine
909e03c52f
Bignum core: fill_random: prototype
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 15:59:16 +01:00
Janos Follath
f1ed5815ba
Merge pull request #6512 from yanesca/extract_uint_table_lookup_core
...
Implement mbedtls_mpi_core_ct_uint_table_lookup()
2022-11-02 13:58:19 +00:00
Dave Rodgman
90c6836271
Merge pull request #6524 from daverodgman/fix-duplicate-header
...
Remove duplicate function prototype
2022-11-02 13:06:08 +00:00