Use a fake random key in AES calculations

Create an additional field in the AES context to store a randomized fake key.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-07-02 10:57:00 -04:00
parent 4b700a3db3
commit e78775eed2
No known key found for this signature in database
GPG key ID: 89A90840DC388527
2 changed files with 15 additions and 2 deletions

View file

@ -87,6 +87,7 @@ typedef struct mbedtls_aes_context
{ {
int nr; /*!< The number of rounds. */ int nr; /*!< The number of rounds. */
uint32_t *rk; /*!< AES round keys. */ uint32_t *rk; /*!< AES round keys. */
uint32_t frk[8]; /*!< Fake AES round keys. */
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C) #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
uint32_t buf[44]; /*!< Unaligned data buffer */ uint32_t buf[44]; /*!< Unaligned data buffer */
#else /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ #else /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */

View file

@ -675,6 +675,16 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
} }
#endif /* MBEDTLS_CIPHER_MODE_XTS */ #endif /* MBEDTLS_CIPHER_MODE_XTS */
static void mbedtls_generate_fake_key( unsigned int keybits, mbedtls_aes_context *ctx )
{
unsigned int qword;
for( qword = keybits >> 5; qword > 0; qword-- )
{
ctx->frk[ qword - 1 ] = mbedtls_platform_random_uint32();
}
}
/* /*
* AES key schedule (encryption) * AES key schedule (encryption)
*/ */
@ -719,6 +729,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
else else
#endif #endif
ctx->rk = RK = ctx->buf; ctx->rk = RK = ctx->buf;
mbedtls_generate_fake_key( keybits, ctx );
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
@ -858,6 +869,7 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
else else
#endif #endif
ctx->rk = RK = ctx->buf; ctx->rk = RK = ctx->buf;
mbedtls_generate_fake_key( keybits, ctx );
/* Also checks keybits */ /* Also checks keybits */
if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 ) if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
@ -1071,7 +1083,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
aes_data_real.rk_ptr = ctx->rk; aes_data_real.rk_ptr = ctx->rk;
aes_data_fake.rk_ptr = ctx->rk; aes_data_fake.rk_ptr = ctx->frk;
aes_data_table[0] = &aes_data_real; aes_data_table[0] = &aes_data_real;
aes_data_table[1] = &aes_data_fake; aes_data_table[1] = &aes_data_fake;
@ -1351,7 +1363,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )]; uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
aes_data_real.rk_ptr = ctx->rk; aes_data_real.rk_ptr = ctx->rk;
aes_data_fake.rk_ptr = ctx->rk; aes_data_fake.rk_ptr = ctx->frk;
aes_data_table[0] = &aes_data_real; aes_data_table[0] = &aes_data_real;
aes_data_table[1] = &aes_data_fake; aes_data_table[1] = &aes_data_fake;