Commit graph

22015 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
660b396e41
Merge pull request #975 from yanesca/issue-946
Fix RSA side channel
2022-11-23 10:30:35 +01:00
Janos Follath
3165f063b5 mpi_exp_mod: use x_index consistently
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
33480a372b Changelog: expand conference acronym for clarity
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
c8d66d50d0 mpi_exp_mod: reduce the table size by one
The first half of the table is not used, let's reuse index 0 for the
result instead of appending it in the end.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
060009518b mpi_exp_mod: fix out of bounds access
The table size was set before the configured window size bound was
applied which lead to out of bounds access when the configured window
size bound is less.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
9c09326572 mpi_mod_exp: be pedantic about right shift
The window size starts giving diminishing returns around 6 on most
platforms and highly unlikely to be more than 31 in practical use cases.
Still, compilers and static analysers might complain about this and
better to be pedantic.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
74369b2497 Add paper title to Changelog
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
be54ca77e2 mpi_exp_mod: improve documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
74601209fa mpi_exp_mod: remove the 'one' variable
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b2c2fca974 mpi_exp_mod: simplify freeing loop
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
3646ff02ad mpi_exp_mod: move X next to the precomputed values
With small exponents (for example, when doing RSA-1024 with CRT, each
prime is 512 bits and we'll use wsize = 5 which may be smaller that the
maximum - or even worse when doing public RSA operations which typically
have a 16-bit exponent so we'll use wsize = 1) the usage of W will have
pre-computed values, then empty space, then the accumulator at the very
end.

Move X next to the precomputed values to make accesses more efficient
and intuitive.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
7fa11b88f3 mpi_exp_mod: rename local variables
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
844614814e mpi_exp_mod: remove memory ownership confusion
Elements of W didn't all have the same owner: all were owned by this
function, except W[x_index]. It is more robust if we make a proper copy
of X.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
f08b40eaab mpi_exp_mod: improve documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b3608afe29 Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b764ee1603 mpi_exp_mod: protect out of window zeroes
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.

Loading the output variable from the table in constant time removes this
leakage.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
8e7d6a0386 mpi_exp_mod: load the output variable to the table
This is done in preparation for constant time loading that will be added
in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Manuel Pégourié-Gonnard
b7805b0a67
Merge pull request #972 from ronald-cron-arm/buffer-overflow-in-cid-fix
Fix in_cid buffer size in transform structure
2022-11-18 09:48:12 +01:00
Ronald Cron
5dc7999946 Simplify the change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-17 14:51:52 +01:00
Ronald Cron
9a1396bfcc Add ChangeLog
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-16 11:04:48 +01:00
Ronald Cron
e9f92c4fbc tls: Fix in_cid buffer size in transform structure
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-16 10:23:05 +01:00
Gilles Peskine
faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format
Fix ecjpake PSA format
2022-11-07 17:35:44 +01:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Gilles Peskine
34c09469f3
Merge pull request #5396 from SiliconLabs/codegen_1.1
Driver dispatch Codegen 1.1
2022-11-07 15:27:41 +01:00
Janos Follath
49e9fbd6bc
Merge pull request #6532 from yanesca/bignum_common_merge_slots
Add merge slots to bignum_common.py
2022-11-04 08:37:07 +00:00
Janos Follath
f8b3b72910 Add merge slots to bignum_common.py
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-03 14:46:18 +00:00
Janos Follath
4feb94a965
Merge pull request #6530 from yanesca/bignum_merge_scaffolding
Bignum merge scaffolding
2022-11-03 11:29:32 +00:00
Asfandyar Orakzai
9b656d3c80 removed stray whitespaces from change logs
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:39:36 +01:00
Asfandyar Orakzai
65cd8a4a23 fixed formating issues in psa_crypto_code_gen_1_1.txt
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 11:16:40 +01:00
Asfandyar Orakzai
4f63ac4358 fixed changelog formating
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-03 10:18:05 +01:00
Janos Follath
d820ca5d07
Fix bignum test generator class names
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-03 08:42:54 +00:00
Asfandyar Orakzai
ee2b637d03 Fixed change log issue
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-02 21:50:27 +01:00
Janos Follath
c1a81bc998 Remove trailing new lines
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:33:11 +00:00
Janos Follath
9cf14cd6b0 Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:28:39 +00:00
Janos Follath
6642cafae3 Fix merge separator position
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:28:39 +00:00
Janos Follath
be13652296 Use comments for merge separators in .data files
We do have a comment syntax for .data files, there is no need for dummy
test cases.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:28:37 +00:00
Janos Follath
1be322a795 Add merge slots to raw and mod_raw test generation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
b99b056f0a Add script for generating mod test cases
This commit only adds the boilerplate, no actual tests are added.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
df8239b846 Add script for generating mod_raw test cases
This commit only adds the boilerplate, no actual tests are added.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
5933f691a2 Add merge slots to Bignum files
Legacy Bignum is excluded as it doesn't get regular extensions like new
ones.

Each slot uses comments of their respective filetype. Since .data files
don't have a syntax for comments, dummy test cases are used. (These test
cases will never be executed and no noise will be added to tests.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:25 +00:00
Janos Follath
2a8bcf8c6f Add bignum merge scaffolding
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:25:48 +00:00
Janos Follath
7b96f52b39
Merge pull request #6450 from gilles-peskine-arm/bignum-core-fill_random
Bignum core: fill_random
2022-11-02 17:23:31 +00:00
Asfandyar Orakzai
9bd28dc1e1 Update changed log
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-11-02 16:36:14 +01:00
Gilles Peskine
22cdd0ccd3 Update some internal comments
The refactoring of fill_random had left some obsolete bits in comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
dd54324765 Increase iterations for some statistical tests
I ran into a sequence where the assertion `stats[8] > 0` failed for the
range 1..272 with 100 iterations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
009d195a56 Move mbedtls_mpi_core_fill_random to the proper .c file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
5980f2bd36 Implement mbedtls_mpi_core_fill_random
Turn mpi_fill_random_internal() into mbedtls_mpi_core_fill_random(). It
had basically the right code except for how X is passed to the function.

Write unit tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 15:59:36 +01:00
Gilles Peskine
909e03c52f Bignum core: fill_random: prototype
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 15:59:16 +01:00
Janos Follath
f1ed5815ba
Merge pull request #6512 from yanesca/extract_uint_table_lookup_core
Implement mbedtls_mpi_core_ct_uint_table_lookup()
2022-11-02 13:58:19 +00:00
Dave Rodgman
90c6836271
Merge pull request #6524 from daverodgman/fix-duplicate-header
Remove duplicate function prototype
2022-11-02 13:06:08 +00:00