yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:15:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updates to AES countermeasures

Browse source 
-Update comments regarding flag MBEDTLS_AES_SCA_COUNTERMEASURES
-Remove MBEDTLS_AES_SCA_COUNTERMEASURES dependency check
-More comments and coding style changes
This commit is contained in:
Arto Kinnunen 2019-12-03 15:43:27 +02:00
parent be1bb06acd
commit 34139ba9fc
3 changed files with 10 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/mbedtls/check_config.h
View file

@ -70,10 +70,6 @@
#error "MBEDTLS_AESNI_C defined, but not all prerequisites" #error "MBEDTLS_AESNI_C defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES) && !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
#error "MBEDTLS_AES_SCA_COUNTERMEASURES defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif #endif

6
include/mbedtls/config.h
View file

@ -639,12 +639,12 @@
* *
* Add countermeasures against possible side-channel-attack to AES calculation. * Add countermeasures against possible side-channel-attack to AES calculation.
* *
* Uncommenting this macro adds three additional calculation rounds to AES * Uncommenting this macro adds additional calculation rounds to AES
* calculation. Additional rounds are using random data and can occur in any * calculation. Additional rounds are using random data and can occur in any
* AES calculation round. * AES calculation round.
* *
* Tradeoff: Uncommenting this increases ROM footprint by ~800 bytes. * Tradeoff: Uncommenting this increases ROM footprint by ~100 bytes.
* The performance loss is 3/11= 27% with 128 bit AES. * The performance loss is ~50% with 128 bit AES.
* *
* This option is dependent of \c MBEDTLS_ENTROPY_HARDWARE_ALT. * This option is dependent of \c MBEDTLS_ENTROPY_HARDWARE_ALT.
* *

14
library/aes.c
View file

@ -90,7 +90,7 @@
*/ */
typedef struct _aes_r_data_s { typedef struct _aes_r_data_s {
uint32_t *rk_ptr; /* Round Key */ uint32_t *rk_ptr; /* Round Key */
uint32_t xy_values[8]; /* X0, X1, X2, X3, Y0, U1, Y2, Y3 */ uint32_t xy_values[8]; /* X0, X1, X2, X3, Y0, Y1, Y2, Y3 */
} aes_r_data_t; } aes_r_data_t;
#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES) #if defined(MBEDTLS_AES_SCA_COUNTERMEASURES)
@ -547,20 +547,20 @@ static void aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
is_unique_number = 0; is_unique_number = 0;
tbl[num] = 0x10; tbl[num] = 0x10;
} }
} while ( is_unique_number == 1 ); } while( is_unique_number == 1 );
} }
// Fill start/final round control data // Fill start/final round control data
num = /* mbedtls_platform_random_in_range( tbl_len - 1 ) */rand() % 0xff; num = /* mbedtls_platform_random_in_range( tbl_len - 1 ) */rand() % 0xff;
if( ( num % 2 ) == 0 ) if( ( num % 2 ) == 0 )
{ {
tbl[tbl_len - 2] = 0x10; tbl[tbl_len - 2] = 0x10; // fake data
tbl[tbl_len - 1] = 0x0; tbl[tbl_len - 1] = 0x0; // real data
} }
else else
{ {
tbl[tbl_len - 2] = 0x00; tbl[tbl_len - 2] = 0x00; // real data
tbl[tbl_len - 1] = 0x10; tbl[tbl_len - 1] = 0x10; // fake data
} }
#endif /* AES_SCA_CM_ROUNDS != 0 */ #endif /* AES_SCA_CM_ROUNDS != 0 */
@ -572,7 +572,7 @@ static void aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
{ {
if( is_even_pos == 1 ) if( is_even_pos == 1 )
{ {
tbl[i] = 0x04; // real data, offset 0 tbl[i] = 0x04; // real data, offset 4
is_even_pos = 0; is_even_pos = 0;
} }
else else