yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-21 00:17:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add flow monitor for mbedtls_platform_memcpy() and mbedtls_platform_memmove()

Browse source 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
This commit is contained in:
Piotr Nowicki 2020-08-10 15:20:26 +02:00
parent a6348edc23
commit ea8e846fdc
2 changed files with 58 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
include/mbedtls/platform_util.h
View file

@ -197,6 +197,7 @@ void *mbedtls_platform_memset( void *ptr, int value, size_t num );
* \param num The length of the buffers in bytes. * \param num The length of the buffers in bytes.
* *
* \return The value of \p dst. * \return The value of \p dst.
* \return NULL if a potential FI attack was detected.
*/ */
void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num ); void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num );

77
library/platform_util.c
View file

@ -127,20 +127,29 @@ void *mbedtls_platform_memset( void *ptr, int value, size_t num )
start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num ); start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num );
rnd_data = (char) mbedtls_platform_random_in_range( 256 ); rnd_data = (char) mbedtls_platform_random_in_range( 256 );
/* Start from a random location */ /* Perform a memset operations with random data and start from a random
* location */
for( i = start_offset; i < num; ++i )
{
b[i] = rnd_data;
flow_counter++;
}
/* Start from a random location with target data */
for( i = start_offset; i < num; ++i ) for( i = start_offset; i < num; ++i )
{ {
b[i] = value; b[i] = value;
flow_counter++; flow_counter++;
} }
/* Perform a memset operations with random data */ /* Second memset operation with random data */
for( i = 0; i < start_offset; ++i ) for( i = 0; i < start_offset; ++i )
{ {
b[i] = rnd_data; b[i] = rnd_data;
flow_counter++;
} }
/* Finish a memset operations with correct data */ /* Finish memset operation with correct data */
for( i = 0; i < start_offset; ++i ) for( i = 0; i < start_offset; ++i )
{ {
b[i] = value; b[i] = value;
@ -148,10 +157,10 @@ void *mbedtls_platform_memset( void *ptr, int value, size_t num )
} }
/* check the correct number of iterations */ /* check the correct number of iterations */
if( flow_counter == num ) if( flow_counter == 2 * num )
{ {
mbedtls_platform_random_delay(); mbedtls_platform_random_delay();
if( flow_counter == num ) if( flow_counter == 2 * num )
{ {
return ptr; return ptr;
} }
@ -161,33 +170,61 @@ void *mbedtls_platform_memset( void *ptr, int value, size_t num )
void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num ) void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num )
{ {
/* Randomize start offset. */ size_t i;
size_t start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num ); volatile size_t flow_counter = 0;
/* Randomize initial data to prevent leakage while copying */
uint32_t data = mbedtls_platform_random_in_range( 256 );
/* Use memset with random value at first to increase security - memset is if( num > 0 )
not normally part of the memcpy function and here can be useed {
with regular, unsecured implementation */ /* Randomize start offset. */
memset( (void *) dst, data, num ); size_t start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num );
memcpy( (void *) ( (unsigned char *) dst + start_offset ), /* Randomize initial data to prevent leakage while copying */
(void *) ( (unsigned char *) src + start_offset ), uint32_t data = mbedtls_platform_random_in_range( 256 );
( num - start_offset ) );
return( memcpy( (void *) dst, (void *) src, start_offset ) ); /* Use memset with random value at first to increase security - memset is
not normally part of the memcpy function and here can be useed
with regular, unsecured implementation */
memset( (void *) dst, data, num );
/* Make a copy starting from a random location. */
i = start_offset;
do
{
( (char*) dst )[i] = ( (char*) src )[i];
flow_counter++;
}
while( ( i = ( i + 1 ) % num ) != start_offset );
}
/* check the correct number of iterations */
if( flow_counter == num )
{
mbedtls_platform_random_delay();
if( flow_counter == num )
{
return dst;
}
}
return NULL;
} }
int mbedtls_platform_memmove( void *dst, const void *src, size_t num ) int mbedtls_platform_memmove( void *dst, const void *src, size_t num )
{ {
void *ret1 = NULL;
void *ret2 = NULL;
/* The buffers can have a common part, so we cannot do a copy from a random /* The buffers can have a common part, so we cannot do a copy from a random
* location. By using a temporary buffer we can do so, but the cost of it * location. By using a temporary buffer we can do so, but the cost of it
* is using more memory and longer transfer time. */ * is using more memory and longer transfer time. */
void *tmp = mbedtls_calloc( 1, num ); void *tmp = mbedtls_calloc( 1, num );
if( tmp != NULL ) if( tmp != NULL )
{ {
mbedtls_platform_memcpy( tmp, src, num ); ret1 = mbedtls_platform_memcpy( tmp, src, num );
mbedtls_platform_memcpy( dst, tmp, num ); ret2 = mbedtls_platform_memcpy( dst, tmp, num );
mbedtls_free( tmp ); mbedtls_free( tmp );
return 0; if( ret1 == tmp && ret2 == dst )
{
return 0;
}
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
} }
return MBEDTLS_ERR_PLATFORM_ALLOC_FAILED; return MBEDTLS_ERR_PLATFORM_ALLOC_FAILED;