From e91f0dc905dde1177140de4452601883dca84d63 Mon Sep 17 00:00:00 2001 From: Arto Kinnunen Date: Mon, 30 Dec 2019 17:32:58 +0200 Subject: [PATCH] Replace mbedtls_platform_enforce_volatile_reads Replace function mbedtls_platform_enforce_volatile_reads() with mbedtls_platform_random_delay(). --- include/mbedtls/platform_util.h | 10 ---------- library/pk.c | 2 +- library/platform_util.c | 6 ------ library/x509_crt.c | 6 +++--- tinycrypt/ecc.c | 14 +++++++------- tinycrypt/ecc_dsa.c | 2 +- 6 files changed, 12 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 3bad5598a..27989d68d 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -259,16 +259,6 @@ uint32_t mbedtls_platform_random_in_range( size_t num ); */ int mbedtls_platform_random_delay( size_t num ); -/** - * \brief This function can be inserted between successive reads to a - * volatile local variable to prevent compilers from optimizing - * them away. In addition, this function will spent a small random - * time in a busy loop as a counter-measure to fault injection - * attack. - * - */ -void mbedtls_platform_enforce_volatile_reads( void ); - #if defined(MBEDTLS_HAVE_TIME_DATE) /** * \brief Platform-specific implementation of gmtime_r() diff --git a/library/pk.c b/library/pk.c index 27276a829..1e991c5a0 100644 --- a/library/pk.c +++ b/library/pk.c @@ -597,7 +597,7 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, if( ret_fi == UECC_SUCCESS ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 50 ); if( ret_fi == UECC_SUCCESS ) return( 0 ); else diff --git a/library/platform_util.c b/library/platform_util.c index 691af7100..6c5bd3e2c 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -198,12 +198,6 @@ int mbedtls_platform_random_delay( size_t max_rand ) #endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT */ } -void mbedtls_platform_enforce_volatile_reads( void ) -{ - // Add a small random delay as a counter-measure to fault injection attack. - mbedtls_platform_random_delay( 50 ); -} - #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) #include #if !defined(_WIN32) && (defined(unix) || \ diff --git a/library/x509_crt.c b/library/x509_crt.c index fd3fa1a04..e624c6da1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3043,7 +3043,7 @@ check_signature: if( ret_fi == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 50 ); if( ret_fi == 0 ) signature_is_good = X509_SIGNATURE_IS_GOOD; } @@ -3549,7 +3549,7 @@ find_parent: if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA; - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 50 ); if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD ) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA; @@ -3861,7 +3861,7 @@ exit: flags_fi = *flags; if( flags_fi == 0 ) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 50 ); if( flags_fi == 0 ) return( 0 ); } diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c index a0333b049..d0519b45e 100644 --- a/tinycrypt/ecc.c +++ b/tinycrypt/ecc.c @@ -168,7 +168,7 @@ static int uECC_check_curve_integrity(void) } /* i should be 32 */ - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 10 ); diff |= (unsigned char) i ^ 32; return diff; @@ -296,7 +296,7 @@ uECC_word_t uECC_vli_equal(const uECC_word_t *left, const uECC_word_t *right) } /* i should be -1 now */ - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 10 ); diff |= i ^ -1; return diff; @@ -1046,7 +1046,7 @@ int EccPoint_mult_safer(uECC_word_t * result, const uECC_word_t * point, if (problem != 0) { return UECC_FAULT_DETECTED; } - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 50 ); if (problem != 0) { return UECC_FAULT_DETECTED; } @@ -1058,7 +1058,7 @@ int EccPoint_mult_safer(uECC_word_t * result, const uECC_word_t * point, /* invalid input, can happen without fault */ return UECC_FAILURE; } - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 50 ); if (problem != 0) { /* failure on second check means fault, though */ return UECC_FAULT_DETECTED; @@ -1088,7 +1088,7 @@ int EccPoint_mult_safer(uECC_word_t * result, const uECC_word_t * point, r = UECC_FAULT_DETECTED; goto clear_and_out; } - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 10 ); if (problem != 0) { r = UECC_FAULT_DETECTED; goto clear_and_out; @@ -1101,7 +1101,7 @@ int EccPoint_mult_safer(uECC_word_t * result, const uECC_word_t * point, r = UECC_FAULT_DETECTED; goto clear_and_out; } - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 10 ); if (problem != 0) { r = UECC_FAULT_DETECTED; goto clear_and_out; @@ -1198,7 +1198,7 @@ int uECC_valid_point(const uECC_word_t *point) /* Make sure that y^2 == x^3 + ax + b */ diff = uECC_vli_equal(tmp1, tmp2); if (diff == 0) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 10 ); if (diff == 0) { return 0; } diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index ca071f814..c19c73e9c 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -299,7 +299,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash, /* Accept only if v == r. */ diff = uECC_vli_equal(rx, r); if (diff == 0) { - mbedtls_platform_enforce_volatile_reads(); + mbedtls_platform_random_delay( 50 ); if (diff == 0) { return UECC_SUCCESS; }