This improves readibility and prepares for further changes
like the introduction of a single double-width temporary for
ECP arithmetic.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
`ecp_add_mixed()` and `ecp_double_jac()` are the core subroutines
for elliptic curve arithmetic, and as such crucial for the performance
of ECP primitives like ECDHE and ECDSA.
This commit provides a very slight simplification and performance and
memory usage improvement to `ecp_add_mixed()` by removing the use of
three temporary MPIs used for coordinate calculations.
Where those variables were used, the code now writes directly to the
coordinate MPIs of the target elliptic curve point.
This is a valid change even if there is aliasing between input and
output, since at the time any of the coordinate MPIs in question is
written, the corresponding coordinates of both inputs are no longer
read.
(The analogous change in `ecp_double_jac()` can not be made since
this property does not hold for `ecp_double_jac()`.)
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit removes code from the Montgomery multiplication routine
`mpi_montmul()` which seems to serve no purpose.
Details: `mpi_montmul()` uses a temporary storage `T` for intermediate
results which is assumed to be of twice the size as the inputs to be
multiplied, and which is used as follows: After the i-th (i=0,1,...)
iteration, the n-limb word starting at `T->p + i + 1` contains the
Montgomery multiplication of B with the limbs 0,..,i of A, and the
variable `d` points to `T->p + i + 1`. In particular, after `n` iterations,
`T->p + n` holds the full multiplication
(subject to conditional subtraction).
As a consequence of this way of using the temporary `T`, the contents
of `{T->p, ..., T->p + i}` are irrelevant after the i-th iteration. Nonetheless,
the code copies `A[i]` to `T->p[i]` at the end of the i-th iterations, which is
redundant and can be removed.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
* Updated the default argument to create less noise with argument
passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
requirements
Signed-off-by: Archana <archana.madhavan@silabs.com>
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)
check-generated-files.sh and CMakeLists.sh updated.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.
Signed-off-by: Archana <archana.madhavan@silabs.com>
The file psa_crypto_driver_wrappers.c is deleted to be autogenerated.
Updated psa_crypto_driver_wrappers.h, this file only contains the
prototypes for the driver wrappers, we don't expect this to be auto
generated.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Having an automatically generated header file makes it harder to have
working build scripts. The content of ssl_debug_helpers_generated.h isn't
likely to change often, so we can update it manually.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.
List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.
List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.
This fixes random failures of `make -j` from a fresh checkout.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Zeroize temporary buffers used to sanity-check the signature.
If there is an error, overwrite the tentative signature in the output
buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.
Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption,
this is just good hygiene but probably not needed for security since the
data protected by the MAC that could leak is about to be transmitted anyway.
In DTLS decryption, this could be a security issue since an adversary could
learn the MAC of data that they were trying to inject. At least with
encrypt-then-MAC, the adversary could then easily inject a datagram with
a corrected packet. TLS would still be safe since the receiver would close
the connection after the bad MAC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_pk_parse_key() makes a temporary copy of the key when it calls
pk_parse_key_pkcs8_encrypted_der(), because that function requires a
writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an
empty password, so skip calling it in that case, which allows us to
skip the allocation as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
