Add flow montitor to the mbedtls_platform_memset()

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
This commit is contained in:
Piotr Nowicki 2020-06-23 12:59:56 +02:00
parent 2bb1376560
commit ed840dbcd8
2 changed files with 59 additions and 17 deletions

View file

@ -161,8 +161,11 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
* \param buf Buffer to be zeroized * \param buf Buffer to be zeroized
* \param len Length of the buffer in bytes * \param len Length of the buffer in bytes
* *
* \return The value of \p buf if the operation was successful.
* \return NULL if a potential FI attack was detected or input parameters
* are not valid.
*/ */
void mbedtls_platform_zeroize( void *buf, size_t len ); void *mbedtls_platform_zeroize( void *buf, size_t len );
/** /**
* \brief Secure memset * \brief Secure memset
@ -176,7 +179,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
* \param value Value to be used when setting the buffer. * \param value Value to be used when setting the buffer.
* \param num The length of the buffer in bytes. * \param num The length of the buffer in bytes.
* *
* \return The value of \p ptr. * \return The value of \p ptr if the operation was successful.
* \return NULL if a potential FI attack was detected.
*/ */
void *mbedtls_platform_memset( void *ptr, int value, size_t num ); void *mbedtls_platform_memset( void *ptr, int value, size_t num );

View file

@ -95,30 +95,68 @@
void *mbedtls_platform_memset( void *, int, size_t ); void *mbedtls_platform_memset( void *, int, size_t );
static void * (* const volatile memset_func)( void *, int, size_t ) = mbedtls_platform_memset; static void * (* const volatile memset_func)( void *, int, size_t ) = mbedtls_platform_memset;
void mbedtls_platform_zeroize( void *buf, size_t len ) void *mbedtls_platform_zeroize( void *buf, size_t len )
{ {
MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL ); volatile size_t vlen = len;
if( len > 0 ) MBEDTLS_INTERNAL_VALIDATE_RET( ( len == 0 || buf != NULL ), NULL );
memset_func( buf, 0, len );
if( vlen > 0 )
{
return memset_func( buf, 0, vlen );
}
else
{
mbedtls_platform_random_delay();
if( vlen == 0 && vlen == len )
{
return buf;
}
}
return NULL;
} }
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
void *mbedtls_platform_memset( void *ptr, int value, size_t num ) void *mbedtls_platform_memset( void *ptr, int value, size_t num )
{ {
/* Randomize start offset. */ size_t i, start_offset;
size_t start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num ); volatile size_t flow_counter = 0;
/* Randomize data */ volatile char *b = ptr;
uint32_t data = mbedtls_platform_random_in_range( 256 ); char rnd_data;
/* Perform a pair of memset operations from random locations with start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num );
* random data */ rnd_data = (char) mbedtls_platform_random_in_range( 256 );
memset( (void *) ( (unsigned char *) ptr + start_offset ), data,
( num - start_offset ) );
memset( (void *) ptr, data, start_offset );
/* Perform the original memset */ /* Start from a random location */
return( memset( ptr, value, num ) ); for( i = start_offset; i < num; ++i )
{
b[i] = value;
flow_counter++;
}
/* Perform a memset operations with random data */
for( i = 0; i < start_offset; ++i )
{
b[i] = rnd_data;
}
/* Finish a memset operations with correct data */
for( i = 0; i < start_offset; ++i )
{
b[i] = value;
flow_counter++;
}
/* check the correct number of iterations */
if( flow_counter == num )
{
mbedtls_platform_random_delay();
if( flow_counter == num )
{
return ptr;
}
}
return NULL;
} }
void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num ) void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num )