yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-03 00:21:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/pr/2982' into baremetal

Browse source 
* upstream/pr/2982:
  Use mbedtls_platform_memset in data_randomize
  Protect get/put on secret data on AES-module
This commit is contained in:
Arto Kinnunen 2020-01-17 11:21:41 +02:00
parent d1340e455c 8f8c0bdfc7
commit ca1978b7d5
1 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
library/aes.c
View file

@ -541,7 +541,7 @@ static int aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
int num; int num;
#endif #endif
memset( tbl, 0, tbl_len ); mbedtls_platform_memset( tbl, 0, tbl_len );
#if AES_SCA_CM_ROUNDS != 0 #if AES_SCA_CM_ROUNDS != 0
// Randomize SCA CM positions to tbl // Randomize SCA CM positions to tbl
@ -679,9 +679,11 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits ) unsigned int keybits )
{ {
unsigned int j = 0; unsigned int j = 0;
unsigned int flow_ctrl = 0;
volatile unsigned int i = 0; volatile unsigned int i = 0;
volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
uint32_t *RK; uint32_t *RK;
uint32_t offset = 0;
AES_VALIDATE_RET( ctx != NULL ); AES_VALIDATE_RET( ctx != NULL );
AES_VALIDATE_RET( key != NULL ); AES_VALIDATE_RET( key != NULL );
@ -719,9 +721,19 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) ); return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
#endif #endif
for( j = 0; j < ( keybits >> 5 ); j++ ) mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
offset = mbedtls_platform_random_in_range( keybits >> 5 );
for( j = offset; j < ( keybits >> 5 ); j++ )
{ {
GET_UINT32_LE( RK[j], key, j << 2 ); GET_UINT32_LE( RK[j], key, j << 2 );
flow_ctrl++;
}
for( j = 0; j < offset; j++ )
{
GET_UINT32_LE( RK[j], key, j << 2 );
flow_ctrl++;
} }
switch( ctx->nr ) switch( ctx->nr )
@ -791,7 +803,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
ret = 0; ret = 0;
/* Validate execution path */ /* Validate execution path */
if( ( j == keybits >> 5 ) && ( ( ctx->nr == 10 && i == 10 ) if( ( flow_ctrl == keybits >> 5 ) && ( ( ctx->nr == 10 && i == 10 )
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|| ( ctx->nr == 12 && i == 8 ) || ( ctx->nr == 12 && i == 8 )
|| ( ctx->nr == 14 && i == 7 ) || ( ctx->nr == 14 && i == 7 )
@ -1066,9 +1078,21 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
flow_control = aes_sca_cm_data_randomize( round_ctrl_table, flow_control = aes_sca_cm_data_randomize( round_ctrl_table,
round_ctrl_table_len ); round_ctrl_table_len );
for( i = 0; i < 4; i++ ) mbedtls_platform_memset( aes_data_real.xy_values, 0, 16 );
offset = mbedtls_platform_random_in_range( 4 );
for( i = offset; i < 4; i++ )
{ {
GET_UINT32_LE( aes_data_real.xy_values[i], input, ( i * 4 ) ); GET_UINT32_LE( aes_data_real.xy_values[i], input, ( i * 4 ) );
}
for( i = 0; i < offset; i++ )
{
GET_UINT32_LE( aes_data_real.xy_values[i], input, ( i * 4 ) );
}
for( i = 0; i < 4; i++ )
{
for( j = 0; j < start_fin_loops; j++ ) for( j = 0; j < start_fin_loops; j++ )
{ {
aes_data_ptr = aes_data_ptr =
@ -1111,7 +1135,16 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
flow_control++; flow_control++;
} }
for( i = 0; i < 4; i++ ) mbedtls_platform_memset( output, 0, 16 );
offset = mbedtls_platform_random_in_range( 4 );
for( i = offset; i < 4; i++ )
{
PUT_UINT32_LE( aes_data_real.xy_values[i], output, ( i * 4 ) );
flow_control++;
}
for( i = 0; i < offset; i++ )
{ {
PUT_UINT32_LE( aes_data_real.xy_values[i], output, ( i * 4 ) ); PUT_UINT32_LE( aes_data_real.xy_values[i], output, ( i * 4 ) );
flow_control++; flow_control++;