yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-02 02:11:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add flow control protection to ccm

Browse source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-11-10 10:52:56 +01:00
parent 8265f5cc4f
commit ab3de1daff
1 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
library/ccm.c
View file

@ -228,6 +228,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
unsigned char mask_table[16]; unsigned char mask_table[16];
const unsigned char *src; const unsigned char *src;
unsigned char *dst; unsigned char *dst;
volatile size_t flow_ctrl = 0;
/* /*
* Check length requirements: SP800-38C A.1 * Check length requirements: SP800-38C A.1
@ -251,6 +252,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
mbedtls_platform_zeroize( ctr, 16 ); mbedtls_platform_zeroize( ctr, 16 );
q = (uint_fast8_t) (16 - 1 - iv_len); q = (uint_fast8_t) (16 - 1 - iv_len);
flow_ctrl++; /* 1 */
/* /*
* First block B_0: * First block B_0:
@ -271,7 +273,10 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
( q - 1 ) ) ^ mask_table[0]; ( q - 1 ) ) ^ mask_table[0];
for( i = 0; i < iv_len; i++ ) for( i = 0; i < iv_len; i++ )
{
b[i+1] = iv[i] ^ mask_table[i+1]; b[i+1] = iv[i] ^ mask_table[i+1];
flow_ctrl++; /* iv_len + 1 */
}
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 ) for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
b[15-i] = (unsigned char)( ( len_left & 0xFF ) ) ^ mask_table[15-i]; b[15-i] = (unsigned char)( ( len_left & 0xFF ) ) ^ mask_table[15-i];
@ -282,6 +287,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
/* Start CBC-MAC with first block */ /* Start CBC-MAC with first block */
memset( y, 0, 16 ); memset( y, 0, 16 );
UPDATE_CBC_MAC; UPDATE_CBC_MAC;
flow_ctrl++; /* iv_len + 2 */
/* /*
* If there is additional data, update CBC-MAC with * If there is additional data, update CBC-MAC with
@ -307,6 +313,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
src += use_len; src += use_len;
UPDATE_CBC_MAC; UPDATE_CBC_MAC;
flow_ctrl++; /* iv_len + 2 + ( add_len? 1 : 0 ) */
while( len_left > 0 ) while( len_left > 0 )
{ {
@ -337,6 +344,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
mbedtls_platform_memcpy( ctr + 1, iv, iv_len ); mbedtls_platform_memcpy( ctr + 1, iv, iv_len );
mbedtls_platform_memset( ctr + 1 + iv_len, 0, q ); mbedtls_platform_memset( ctr + 1 + iv_len, 0, q );
ctr[15] = 1; ctr[15] = 1;
flow_ctrl++; /* iv_len + 3 + ( add_len? 1 : 0 ) */
/* /*
* Authenticate and {en,de}crypt the message. * Authenticate and {en,de}crypt the message.
@ -359,6 +367,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
mbedtls_platform_memset( b, 0, 16 ); mbedtls_platform_memset( b, 0, 16 );
COPY_MASK( b, src, mask_table, use_len, 16 ); COPY_MASK( b, src, mask_table, use_len, 16 );
UPDATE_CBC_MAC; UPDATE_CBC_MAC;
flow_ctrl++; /* iv_len + 3 + ( add_len? 1 : 0 ) + encryptions */
} }
CTR_CRYPT( dst, src, use_len ); CTR_CRYPT( dst, src, use_len );
@ -370,6 +379,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
mbedtls_platform_memset( b, 0, 16 ); mbedtls_platform_memset( b, 0, 16 );
COPY_MASK( b, dst, mask_table, use_len, 16 ); COPY_MASK( b, dst, mask_table, use_len, 16 );
UPDATE_CBC_MAC; UPDATE_CBC_MAC;
flow_ctrl++; /* iv_len + 3 + ( add_len? 1 : 0 ) + decryptions */
} }
dst += use_len; dst += use_len;
@ -384,6 +394,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
if( ++ctr[15-i] != 0 ) if( ++ctr[15-i] != 0 )
break; break;
} }
flow_ctrl++; /* iv_len + 4 + ( add_len? 1 : 0 ) + enc/dec */
/* /*
* Authentication: reset counter and crypt/mask internal tag * Authentication: reset counter and crypt/mask internal tag
@ -394,12 +405,26 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
CTR_CRYPT( y, y, 16 ); CTR_CRYPT( y, y, 16 );
mbedtls_platform_memcpy( tag, y, tag_len ); mbedtls_platform_memcpy( tag, y, tag_len );
flow_ctrl++; /* iv_len + 5 + ( add_len? 1 : 0 ) + enc/dec */
mbedtls_platform_zeroize( b, 16 ); mbedtls_platform_zeroize( b, 16 );
mbedtls_platform_zeroize( y, 16 ); mbedtls_platform_zeroize( y, 16 );
mbedtls_platform_zeroize( ctr, 16 ); mbedtls_platform_zeroize( ctr, 16 );
{
size_t operations = length / 16;
operations += ( length % 16 ? 1 : 0 );
operations += ( add_len > 0 ? 1 : 0 );
/* See comments above on steps in calculating flow_ctrl */
if( flow_ctrl == iv_len + 5 + operations )
{
mbedtls_platform_random_delay();
if( flow_ctrl == iv_len + 5 + operations )
return( ret ); return( ret );
} }
}
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
/* /*
* Authenticated encryption * Authenticated encryption