Merge pull request #3456 from AndrzejKurek/aes-fi-improvements

Minor AES module improvements
2025-06-21 00:17:49 +00:00 · 2020-07-30 16:29:48 +02:00 · 2020-07-30 16:29:48 +02:00 · 4b700a3db3
parent 7e6075b7fd a9a5ff5f31
commit 4b700a3db3
3 changed files with 32 additions and 4 deletions
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@ -231,6 +231,18 @@ int mbedtls_platform_memmove( void *dst, const void *src, size_t num );
 */
 int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num );
 /**
 * \brief       RNG-function for getting a random 32-bit integer.
 *
 *
 * \note        Currently the function is dependent of hardware providing an
 *              rng with MBEDTLS_ENTROPY_HARDWARE_ALT. By default, 0 is
 *              returned.
 *
 * \return      The generated random number.
 */
 uint32_t mbedtls_platform_random_uint32( void );
 /**
 * \brief       RNG-function for getting a random in given range.
 *
--- a/library/aes.c
+++ b/library/aes.c
@ -552,7 +552,7 @@ static int aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
    int i = 0, j, is_even_pos, dummy_rounds, num;
    mbedtls_platform_memset( tbl, 0, tbl_len );
-    // get random from 0x0fff (each f will be used separately)
+    // get random from 0x0fff
    num = mbedtls_platform_random_in_range( 0x1000 );
    // Randomize execution order of initial round key addition
@ -570,7 +570,7 @@ static int aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
    tbl_len = tbl_len - (AES_SCA_CM_ROUNDS - dummy_rounds);
    // randomize positions for the dummy rounds
-    num = ( num & 0x000f ) % ( dummy_rounds + 1 );
+    num = ( num & 0x0fff ) % ( dummy_rounds + 1 );
    // add dummy rounds after initial round key addition (if needed)
    for ( ; i < num + 2; i++ )
@ -725,7 +725,9 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
        return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
 #endif
-    mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
+    /* Three least significant bits are truncated from keybits, which is
     * expected to be a multiple of 8. */
    mbedtls_platform_memset( RK, 0, keybits >> 3 );
    offset = mbedtls_platform_random_in_range( keybits >> 5 );
    for( j = offset; j < ( keybits >> 5 ); j++ )
@ -1089,7 +1091,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
    do
    {
        GET_UINT32_LE( aes_data_real.xy_values[i], input,  ( i * 4 ) );
-        aes_data_fake.xy_values[i] = mbedtls_platform_random_in_range( 0xffffffff );
+        aes_data_fake.xy_values[i] = mbedtls_platform_random_uint32();
        flow_control++;
    } while( ( i = ( i + 1 ) % 4 ) != offset );
--- a/library/platform_util.c
+++ b/library/platform_util.c
@ -172,6 +172,20 @@ int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num )
    return( (int) diff | (int) ( flow_counter ^ num ) );
 }
 uint32_t mbedtls_platform_random_uint32( )
 {
 #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
    return 0;
 #else
    uint32_t result = 0;
    size_t olen = 0;
    mbedtls_hardware_poll( NULL, (unsigned char *) &result, sizeof( result ),
                           &olen );
    return( result );
 #endif
 }
 uint32_t mbedtls_platform_random_in_range( size_t num )
 {
 #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)