Add random delay to enforce_volatile_reads

Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks.
This commit is contained in:
Arto Kinnunen 2019-12-09 14:39:51 +02:00
parent 9a506e7424
commit 0490485be5
2 changed files with 8 additions and 8 deletions

View file

@ -260,9 +260,12 @@ uint32_t mbedtls_platform_random_in_range( size_t num );
int mbedtls_platform_random_delay( size_t num );
/**
* \brief This function does nothing, but can be inserted between
* successive reads to a volatile local variable to prevent
* compilers from optimizing them away.
* \brief This function can be inserted between successive reads to a
* volatile local variable to prevent compilers from optimizing
* them away. In addition, this function will spent a small random
* time in a busy loop as a counter-measure to fault injection
* attack.
*
*/
void mbedtls_platform_enforce_volatile_reads( void );

View file

@ -189,13 +189,10 @@ int mbedtls_platform_random_delay( size_t max_rand )
#endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT */
}
/* Some compilers (armcc 5 for example) optimize away successive reads from a
* volatile local variable (which we use as a counter-measure to fault
* injection attacks), unless there is a call to an external function between
* them. This functions doesn't need to do anything, it just needs to be
* in another compilation unit. So here's a function that does nothing. */
void mbedtls_platform_enforce_volatile_reads( void )
{
// Add a small random delay as a counter-measure to fault injection attack.
mbedtls_platform_random_delay( 50 );
}
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)