Add FI/SCA compliant versions of mem-functions

Add FI/SCA compliant memset, memcmp and memcpy-functions to platform_util. Also add a stub implementation of a global RNG-function.
2025-03-23 02:45:05 +00:00 · 2019-09-27 16:20:11 +03:00 · 2019-09-27 16:20:11 +03:00 · 0736325d80
parent bf77960368
commit 0736325d80
2 changed files with 73 additions and 0 deletions
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@ -164,6 +164,14 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
 */
 void mbedtls_platform_zeroize( void *buf, size_t len );

+void mbedtls_platform_memset( void *ptr, int value, size_t num );
+
+void mbedtls_platform_memcpy( void *dst, const void *src, size_t num );
+
+int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num );
+
+size_t mbedtls_random_in_range( size_t num );
+
 #if defined(MBEDTLS_HAVE_TIME_DATE)
 /**
 * \brief      Platform-specific implementation of gmtime_r()
--- a/library/platform_util.c
+++ b/library/platform_util.c
@ -79,6 +79,71 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 }
 #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */

+void mbedtls_platform_memset( void *ptr, int value, size_t num )
+{
+    /* Randomize start offset. */
+    size_t startOffset = mbedtls_random_in_range( num );
+    /* Randomize data */
+    size_t data = mbedtls_random_in_range( 0xff );
+
+    /* Perform a pair of memset operations from random locations with
+     * random data */
+    memset( ( void * ) ( ptr + startOffset ), value, ( num - startOffset ) );
+    memset( ( void * ) ptr, data, startOffset );
+
+    /* Perform the original memset */
+    memset( ptr, value, num );
+}
+
+void mbedtls_platform_memcpy( void *dst, const void *src, size_t num )
+{
+    /* Randomize start offset. */
+    size_t startOffset = mbedtls_random_in_range( num );
+    /* Randomize initial data to prevent leakage while copying */
+    size_t data = mbedtls_random_in_range( 0xff );
+
+    memset( ( void * ) dst, data, num );
+    memcpy( ( void * ) ( ( unsigned char * ) dst + startOffset ),
+            ( void * ) ( ( unsigned char * ) src + startOffset ),
+            ( num - startOffset ) );
+    memcpy( ( void * ) dst, ( void * ) src, startOffset );
+}
+
+int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num )
+{
+    volatile unsigned int equal = 0;
+
+    size_t i = num;
+
+    size_t startOffset = mbedtls_random_in_range( num );
+
+    for( i = startOffset; i < num; i++ )
+    {
+        equal += ( ( ( unsigned char * ) buf1 )[i] ==
+                   ( ( unsigned char * ) buf2 )[i] );
+    }
+
+    for( i = 0; i < startOffset; i++ )
+    {
+        equal += ( ( ( unsigned char * ) buf1 )[i] ==
+                   ( ( unsigned char * ) buf2 )[i] );
+    }
+
+    if ( equal == num )
+    {
+        return 0;
+    }
+
+    return 1;
+}
+
+//TODO: This is a stub implementation of the global RNG function.
+size_t mbedtls_random_in_range( size_t num )
+{
+    (void) num;
+    return 0;
+}
+
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
 #include <time.h>
 #if !defined(_WIN32) && (defined(unix) || \