mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 09:35:39 +00:00
Add buffer and context clearing upon suspected FI
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
0919b142b6
commit
ca60937cf9
|
@ -822,6 +822,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
|
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
|
||||||
|
@ -1176,6 +1177,8 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Clear the output in case of a FI
|
||||||
|
mbedtls_platform_memset( output, 0, 16 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1460,6 +1463,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Clear the output in case of a FI
|
||||||
|
mbedtls_platform_memset( output, 0, 16 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -101,12 +101,14 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( keybits_dup != keybits || key_dup != key )
|
if( keybits_dup == keybits && key_dup == key )
|
||||||
{
|
{
|
||||||
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( ret );
|
// In case of a FI - clear the context
|
||||||
|
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -336,6 +338,9 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
||||||
add_dup != add || add_len_dup != add_len || input_dup != input ||
|
add_dup != add || add_len_dup != add_len || input_dup != input ||
|
||||||
output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
|
output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
// In case of a FI - clear the output
|
||||||
|
mbedtls_platform_memset( output, 0, length );
|
||||||
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -212,6 +212,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
volatile const unsigned char *additional_dup = additional;
|
volatile const unsigned char *additional_dup = additional;
|
||||||
volatile size_t len_dup = len;
|
volatile size_t len_dup = len;
|
||||||
|
int reseed_counter_backup = -1;
|
||||||
|
|
||||||
if( use_nonce == HMAC_NONCE_NO )
|
if( use_nonce == HMAC_NONCE_NO )
|
||||||
total_entropy_len = ctx->entropy_len;
|
total_entropy_len = ctx->entropy_len;
|
||||||
|
@ -269,6 +270,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
/* 3. Reset reseed_counter */
|
/* 3. Reset reseed_counter */
|
||||||
|
reseed_counter_backup = ctx->reseed_counter;
|
||||||
ctx->reseed_counter = 1;
|
ctx->reseed_counter = 1;
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
@ -278,6 +280,10 @@ exit:
|
||||||
|
|
||||||
if( additional_dup != additional || len_dup != len )
|
if( additional_dup != additional || len_dup != len )
|
||||||
{
|
{
|
||||||
|
/* Rollback the reseed_counter in case of FI */
|
||||||
|
if( reseed_counter_backup != -1 )
|
||||||
|
ctx->reseed_counter = reseed_counter_backup;
|
||||||
|
|
||||||
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -290,6 +296,9 @@ exit:
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Rollback the reseed_counter in case of FI */
|
||||||
|
if( reseed_counter_backup != -1 )
|
||||||
|
ctx->reseed_counter = reseed_counter_backup;
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -287,7 +287,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
/* Free the ctx upon suspected FI */
|
||||||
|
mbedtls_sha256_free( ctx );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -362,6 +363,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* Free the ctx upon suspected FI */
|
||||||
|
mbedtls_sha256_free( ctx );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -458,6 +461,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
/* Free the ctx and clear output upon suspected FI */
|
||||||
|
mbedtls_sha256_free( ctx );
|
||||||
|
mbedtls_platform_memset( output, 0, 32 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -506,6 +512,7 @@ exit:
|
||||||
{
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
mbedtls_platform_memset( output, 0, 32 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -153,6 +153,8 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key)
|
||||||
if (private_key == private_key_dup && public_key == public_key_dup) {
|
if (private_key == private_key_dup && public_key == public_key_dup) {
|
||||||
return UECC_SUCCESS;
|
return UECC_SUCCESS;
|
||||||
}
|
}
|
||||||
|
/* Erase key in case of FI */
|
||||||
|
mbedtls_platform_memset(public_key, 0, 2*NUM_ECC_BYTES);
|
||||||
return UECC_FAULT_DETECTED;
|
return UECC_FAULT_DETECTED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -189,6 +191,8 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
|
||||||
/* erasing temporary buffer used to store secret: */
|
/* erasing temporary buffer used to store secret: */
|
||||||
mbedtls_platform_zeroize(_private, sizeof(_private));
|
mbedtls_platform_zeroize(_private, sizeof(_private));
|
||||||
if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
|
if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
|
||||||
|
/* Erase secret in case of FI */
|
||||||
|
mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES);
|
||||||
return UECC_FAULT_DETECTED;
|
return UECC_FAULT_DETECTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -165,11 +165,13 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
|
||||||
r = uECC_sign_with_k(private_key, message_hash, hash_size, k, signature);
|
r = uECC_sign_with_k(private_key, message_hash, hash_size, k, signature);
|
||||||
/* don't keep trying if a fault was detected */
|
/* don't keep trying if a fault was detected */
|
||||||
if (r == UECC_FAULT_DETECTED) {
|
if (r == UECC_FAULT_DETECTED) {
|
||||||
|
mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
if (r == UECC_SUCCESS) {
|
if (r == UECC_SUCCESS) {
|
||||||
if (private_key_dup != private_key || message_hash_dup != message_hash ||
|
if (private_key_dup != private_key || message_hash_dup != message_hash ||
|
||||||
hash_size_dup != hash_size || signature_dup != signature) {
|
hash_size_dup != hash_size || signature_dup != signature) {
|
||||||
|
mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
|
||||||
return UECC_FAULT_DETECTED;
|
return UECC_FAULT_DETECTED;
|
||||||
}
|
}
|
||||||
return UECC_SUCCESS;
|
return UECC_SUCCESS;
|
||||||
|
|
Loading…
Reference in a new issue