mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-09 01:15:31 +00:00
Merge pull request #3336 from piotr-now/baremetal_flowmon
Increasing resistance to fault injection attacks related with memory operations.
This commit is contained in:
Piotr Nowicki
GitHub
commit
e071e42480
|
|
@ -111,6 +111,9 @@ void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num )
|
|||
/* Randomize initial data to prevent leakage while copying */
|
||||
uint32_t data = mbedtls_platform_random_in_range( 256 );
|
||||
|
||||
/* Use memset with random value at first to increase security - memset is
|
||||
not normally part of the memcpy function and here can be useed
|
||||
with regular, unsecured implementation */
|
||||
memset( (void *) dst, data, num );
|
||||
memcpy( (void *) ( (unsigned char *) dst + start_offset ),
|
||||
(void *) ( (unsigned char *) src + start_offset ),
|
||||
|
|
@ -124,23 +127,26 @@ int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num )
|
|||
volatile const unsigned char *B = (volatile const unsigned char *) buf2;
|
||||
volatile unsigned char diff = 0;
|
||||
|
||||
size_t i = num;
|
||||
|
||||
/* Start from a random location and check the correct number of iterations */
|
||||
size_t i, flow_counter = 0;
|
||||
size_t start_offset = (size_t) mbedtls_platform_random_in_range( num );
|
||||
|
||||
for( i = start_offset; i < num; i++ )
|
||||
{
|
||||
unsigned char x = A[i], y = B[i];
|
||||
flow_counter++;
|
||||
diff |= x ^ y;
|
||||
}
|
||||
|
||||
for( i = 0; i < start_offset; i++ )
|
||||
{
|
||||
unsigned char x = A[i], y = B[i];
|
||||
flow_counter++;
|
||||
diff |= x ^ y;
|
||||
}
|
||||
|
||||
return( diff );
|
||||
/* Return 0 only when diff is 0 and flow_counter is equal to num */
|
||||
return( (int) diff | (int) ( flow_counter ^ num ) );
|
||||
}
|
||||
|
||||
uint32_t mbedtls_platform_random_in_range( size_t num )
|
||||
|
|
|
|||
|
|
@ -286,20 +286,32 @@ uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right)
|
|||
{
|
||||
|
||||
uECC_word_t diff = 0;
|
||||
uECC_word_t flow_monitor = 0;
|
||||
uECC_word_t tmp1, tmp2;
|
||||
volatile int i;
|
||||
|
||||
for (i = NUM_ECC_WORDS - 1; i >= 0; --i) {
|
||||
/* Start from a random location and check the correct number of iterations */
|
||||
int start_offset = mbedtls_platform_random_in_range(NUM_ECC_WORDS);
|
||||
|
||||
for (i = start_offset; i < NUM_ECC_WORDS; ++i) {
|
||||
tmp1 = left[i];
|
||||
tmp2 = right[i];
|
||||
flow_monitor++;
|
||||
diff |= (tmp1 ^ tmp2);
|
||||
}
|
||||
|
||||
/* i should be -1 now */
|
||||
mbedtls_platform_random_delay();
|
||||
diff |= i ^ -1;
|
||||
for (i = 0; i < start_offset; ++i) {
|
||||
tmp1 = left[i];
|
||||
tmp2 = right[i];
|
||||
flow_monitor++;
|
||||
diff |= (tmp1 ^ tmp2);
|
||||
}
|
||||
|
||||
return diff;
|
||||
/* Random delay to increase security */
|
||||
mbedtls_platform_random_delay();
|
||||
|
||||
/* Return 0 only when diff is 0 and flow_counter is equal to NUM_ECC_WORDS */
|
||||
return (diff | (flow_monitor ^ NUM_ECC_WORDS));
|
||||
}
|
||||
|
||||
uECC_word_t cond_set(uECC_word_t p_true, uECC_word_t p_false, unsigned int cond)
|
||||
|
|
@ -848,7 +860,7 @@ void vli_mmod_fast_secp256r1(unsigned int *result, unsigned int*product)
|
|||
}
|
||||
while (carry < 0);
|
||||
} else {
|
||||
while (carry ||
|
||||
while (carry ||
|
||||
uECC_vli_cmp_unsafe(curve_p, result) != 1) {
|
||||
carry -= uECC_vli_sub(result, result, curve_p);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue