Commit graph

136 commits

Author SHA1 Message Date
Dave Rodgman
7d4f019810 Move some bignum functions out of constant_time module
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-26 12:42:48 +01:00
Dave Rodgman
19e8cd06fe Move mbedtls_ct_rsaes_pkcs1_v15_unpadding into rsa.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-26 12:42:48 +01:00
Dave Rodgman
0afe001871 Expose mbedtls_ct_size_gt and mbedtls_ct_mem_move_to_left in ct interface
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-26 12:42:48 +01:00
Dave Rodgman
2801f7fa8d Move mbedtls_ct_hmac into ssl_msg.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-26 12:42:48 +01:00
Dave Rodgman
0ee9683987 Move mbedtls_ct_base64_(enc|dec)_char into base64.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-26 12:42:40 +01:00
Tom Cosgrove
e22413c8df Use mbedtls_ct_uint_if() rather than mbedtls_ct_cond_select_sign()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-05-03 09:44:01 +01:00
Andrzej Kurek
8a045ce5e6 Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
Dave Rodgman
4610d4b7a6 Inhibit compiler from optimising out const-time asm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-30 09:26:48 +00:00
Dave Rodgman
7658b63390 Remove volatile from diff; add explanatory comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
b9cd19bc8c Prevent perf regressions in mbedtls_xor
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
051225d07a Address potential perf regression
Ensure platforms that don't have an assembly implementation for
mbedtls_get_unaligned_volatile_uint32() don't experience a performance
regression.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
36dfc5a237 Improve efficiency of some constant time functions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum
Bignum: Add safe conditional assign and swap for the new MPI types
2022-10-19 15:51:19 +02:00
Gabor Mezei
d7edb1d225
Initialize variable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:32:09 +02:00
Gabor Mezei
3eff425b1a
Use only one limb parameter for assign
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
cfc0eb8d22
Remove unused parameter
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
87638a9ead
Add missing include
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
24d183aa00
Use the new swap and assign function in the old interface
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Przemek Stekiel
89ad62352d Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq()
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Janos Follath
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
Janos Follath
b7a88eca42 Bignum: Apply naming conventions
Numbers:

- A, B for mbedtls_mpi_uint* operands
- a, b for mbedtls_mpi_uint operands
- X or x for result
- HAC references where applicable

Lengths:

- Reserve size or length for length/size in bytes or byte buffers.
- For length of mbedtls_mpi_uint* buffers use limbs
- Length parameters are qualified if possible (eg. input_length or
  a_limbs)

Setup functions:

- The parameters match the corresponding structure member's name
- The structure to set up is a standard lower case name even if in other
  functions different naming conventions would apply

Scope of changes/conventions:

- bignum_core
- bignum_mod
- bignum_mod_raw

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Tom Cosgrove
583816caaf Be explicit about constant time bignum functions that must take a 0 or 1 condition value
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-18 14:09:18 +01:00
Gabor Mezei
5a5c0c5f0a
Move the declaration of variables to their scope of usage
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:40:09 +02:00
Janos Follath
6318468183 Improve bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:42:59 +01:00
Janos Follath
23bdeca64d Add core constant time comparison
Unfortunately reusing the new function from the signed constant time
comparison is not trivial.

One option would be to do temporary conditional swaps which would prevent
qualifying input to const. Another way would be to add an additional
flag for the sign and make it an integral part of the computation, which
would defeat the purpose of having an unsigned core comparison.

Going with two separate function for now and the signed version can be
retired/compiled out with the legacy API eventually.

The new function in theory could be placed into either
`library/constant_time.c` or `library/bignum_new.c`. Going with the
first as the other functions in the second are not constant time yet and
this distinction seems more valuable for new (as opposed to belonging to
the `_core` functions.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Gilles Peskine
8399cccd2e
Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access
Fix uninitialised memory access in constant time functions
2022-06-01 11:42:51 +02:00
Paul Elliott
5260ce27ed Fix uninitialised memory access in constant time functions
Fix an issue reported by Coverity whereby some constant time functions
called from the ssl decrypt code could potentially access uninitialised
memory.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-19 18:23:24 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Neil Armstrong
9ebb9ff60c Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:58 +01:00
Neil Armstrong
72c2f76c43 Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:36 +01:00
Neil Armstrong
36cc13b340 Use PSA defines for buffers in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:20 +01:00
Neil Armstrong
ae57cfd3e7 Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 10:00:10 +01:00
Neil Armstrong
28d9c631b8 Fix comments in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 10:00:10 +01:00
Neil Armstrong
6958bd0206 Clean aux_out in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-02 15:37:11 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:50 +01:00
Tautvydas Žilys
40fc7da101 Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-31 13:34:01 -08:00
Tautvydas Žilys
60165d7708 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug.
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-26 15:44:10 -08:00
Gabor Mezei
a09697527b
Add documentation for the functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:25:14 +01:00
Gabor Mezei
14d5fac11d
Unify function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:23:26 +01:00
Gabor Mezei
c0d8dda60d
Make mbedtls_ct_uchar_mask_of_range function static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:20:36 +01:00
Gabor Mezei
358829abc9
Move mbedtls_ct_base64_dec_value function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:14:52 +01:00
Gabor Mezei
9a4074aa1e
Move mbedtls_ct_base64_enc_char function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:14:21 +01:00
Gabor Mezei
28d611559e
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:09:38 +01:00
Gabor Mezei
642eeb2879
Fix documentation and comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-03 16:13:32 +01:00
Gabor Mezei
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 12:15:20 +02:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Gabor Mezei
6a426c9f9f
Bind functions' availability for config options
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:17:43 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00
Gabor Mezei
e212379810
Bind functions' availability for config options
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 19:38:02 +02:00
Gabor Mezei
949455892f
Remove unused function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 17:02:29 +02:00
Gabor Mezei
a2d0f90c5a
Make functions static
These functions are only used as an auxiliary function for constant-time functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:56:50 +02:00
Gabor Mezei
a316fc8eb0
Update documentation and comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
63bbba5c13
Rename and reorder function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
7013f62ee5
Use condition for not sensitive data
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
eab90bcc36
Move implementation specific comment
This comment is about how the functions are implemented, not about their
public interface, so it doesn't belong in the header file.
It applies to everything in constant_time.c so moved there.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
1e64261da5
Make mbedtls_cf_size_mask_lt function static
The mbedtls_cf_size_mask_lt is solely used as an auxiliary function
for mbedtls_cf_size_mask_ge.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
gabor-mezei-arm
5b3a32d883
Fix missing includes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-29 10:53:55 +02:00
gabor-mezei-arm
90d96cc741 Add documentation for the functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 17:07:51 +02:00
gabor-mezei-arm
b11a56e34c
Unify equality checker functions return value
The equality checker functions always return 0 or 1 value,
thus the type of return value can be the same dispite of the
size of the parameters.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
9cb55698aa
Propagate usage of mask generation functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
396438c57b
Unify mask generation functions
Generate all-bits 0 or all bits 1 mask from a value instead of from a bit.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
87ac5bef97 Unify function parameters
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:16 +02:00
gabor-mezei-arm
4602564d7a
Unify memcmp functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:47 +02:00
gabor-mezei-arm
2dcd7686ce Typo: Unify indentation of function parameters
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:44 +02:00
gabor-mezei-arm
fdb71183f8
Move mbedtls_cf_rsaes_pkcs1_v15_unpadding function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:45 +02:00
gabor-mezei-arm
65cefdbfcb
Create mbedtls_cf_size_if function
Add a constant-time function with size_t parameter for choosing
between two integer values, like the ?: ternary operator.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
c29a3da599
Move mbedtls_mpi_lt_mpi_ct function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
5c97621215
Move mbedtls_mpi_safe_cond_swap function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
40a4925128
Move mbedtls_mpi_safe_cond_assign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
1349ffde84
Move mbedtls_cf_hmac function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
0e7f71e1a9
Move mbedtls_cf_memcpy_offset function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
dee0fd33f1
Move mbedtls_cf_memcpy_if_eq function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:43 +02:00
gabor-mezei-arm
394aeaaefb Move mbedtls_cf_mem_move_to_left function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:41 +02:00
gabor-mezei-arm
be8d98b0be Move mbedtls_cf_mpi_uint_cond_assign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:23:57 +02:00
gabor-mezei-arm
d3230d533c
Move mbedtls_cf_cond_select_sign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
b2dbf2c113
Move mbedtls_cf_uint_if function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
3f90fd540a
Move mbedtls_cf_mpi_uint_lt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
5a85442604
Move mbedtls_cf_size_gt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:09 +02:00
gabor-mezei-arm
8d1d5fd204 Move mbedtls_cf_size_bool_eq function to the constant-time module
There were multiple functions called mbedtls_cf_size_bool_eq. They had exactly
the same behavior, so move the one in bignum.c and remove the other.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:20:07 +02:00
gabor-mezei-arm
16fc57bcc4
Move mbedtls_cf_size_mask_ge function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
c76227d808
Move mbedtls_cf_size_mask_lt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
3733bf805a
Move mbedtls_cf_size_mask function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
340948e4a5
Move mbedtls_cf_uint_mask function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
db9a38c672
Move contatnt-time memcmp functions to the contant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
d112534585 Add a new file for constant-time functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-08-11 15:35:28 +02:00