Add flow control to sha256

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-06-04 08:09:53 -04:00
parent 0da03c70e9
commit 78f77eb4e6
No known key found for this signature in database
GPG key ID: 89A90840DC388527

View file

@ -34,6 +34,7 @@
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/platform.h"
#include <string.h> #include <string.h>
@ -187,6 +188,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
{ {
uint32_t temp1, temp2, W[64]; uint32_t temp1, temp2, W[64];
uint32_t A[8]; uint32_t A[8];
uint32_t flow_ctrl = 0;
unsigned int i; unsigned int i;
SHA256_VALIDATE_RET( ctx != NULL ); SHA256_VALIDATE_RET( ctx != NULL );
@ -203,13 +205,20 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
for( i = offset; i < 16; i++ ) for( i = offset; i < 16; i++ )
{ {
W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] );
flow_ctrl++;
} }
for( i = 0; i < offset; i++ ) for( i = 0; i < offset; i++ )
{ {
W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] );
flow_ctrl++;
} }
} }
if( flow_ctrl != 16 )
{
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
}
for( i = 0; i < 64; i++ ) for( i = 0; i < 64; i++ )
{ {
if( i >= 16 ) if( i >= 16 )
@ -219,10 +228,20 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3]; temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1; A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
flow_ctrl++;
} }
if( flow_ctrl != 80 )
{
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
}
#else /* MBEDTLS_SHA256_SMALLER */ #else /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
{
W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] );
flow_ctrl++;
}
for( i = 0; i < 16; i += 8 ) for( i = 0; i < 16; i += 8 )
{ {
@ -234,6 +253,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] ); P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] ); P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] ); P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
flow_ctrl++;
} }
for( i = 16; i < 64; i += 8 ) for( i = 16; i < 64; i += 8 )
@ -246,15 +266,31 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] ); P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] ); P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] ); P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
flow_ctrl++;
}
/* 16 from the first loop, 2 from the second and 6 from the third. */
if( flow_ctrl != 24 )
{
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
} }
#endif /* MBEDTLS_SHA256_SMALLER */ #endif /* MBEDTLS_SHA256_SMALLER */
flow_ctrl = 0;
for( i = 0; i < 8; i++ ) for( i = 0; i < 8; i++ )
{
ctx->state[i] += A[i]; ctx->state[i] += A[i];
flow_ctrl++;
}
if( flow_ctrl == 8 )
{
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_process( mbedtls_sha256_context *ctx, void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
const unsigned char data[64] ) const unsigned char data[64] )
@ -314,8 +350,13 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
if( ilen > 0 ) if( ilen > 0 )
mbedtls_platform_memcpy( (void *) (ctx->buffer + left), input, ilen ); mbedtls_platform_memcpy( (void *) (ctx->buffer + left), input, ilen );
/* Re-check ilen to protect from a FI attack */
if( ilen < 64 )
{
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_update( mbedtls_sha256_context *ctx, void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
@ -336,6 +377,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
uint32_t used; uint32_t used;
uint32_t high, low; uint32_t high, low;
uint32_t offset = 0; uint32_t offset = 0;
uint32_t flow_ctrl = 0;
SHA256_VALIDATE_RET( ctx != NULL ); SHA256_VALIDATE_RET( ctx != NULL );
SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
@ -346,6 +388,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
used = ctx->total[0] & 0x3F; used = ctx->total[0] & 0x3F;
ctx->buffer[used++] = 0x80; ctx->buffer[used++] = 0x80;
flow_ctrl++;
if( used <= 56 ) if( used <= 56 )
{ {
@ -372,6 +415,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
(void)mbedtls_platform_put_uint32_be( ctx->buffer + 56, high ); (void)mbedtls_platform_put_uint32_be( ctx->buffer + 56, high );
(void)mbedtls_platform_put_uint32_be( ctx->buffer + 60, low ); (void)mbedtls_platform_put_uint32_be( ctx->buffer + 60, low );
flow_ctrl++;
if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
return( ret ); return( ret );
@ -388,6 +432,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
{ {
(void)mbedtls_platform_put_uint32_be( &output[o_pos], (void)mbedtls_platform_put_uint32_be( &output[o_pos],
ctx->state[s_pos] ); ctx->state[s_pos] );
flow_ctrl++;
} }
#if !defined(MBEDTLS_SHA256_NO_SHA224) #if !defined(MBEDTLS_SHA256_NO_SHA224)
@ -399,9 +444,15 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
{ {
(void)mbedtls_platform_put_uint32_be( &output[o_pos], (void)mbedtls_platform_put_uint32_be( &output[o_pos],
ctx->state[s_pos] ); ctx->state[s_pos] );
flow_ctrl++;
} }
/* flow ctrl was incremented twice and then 7 times in two loops */
if( flow_ctrl == 9 )
{
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if !defined(MBEDTLS_DEPRECATED_REMOVED)
void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,