mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 09:05:39 +01:00
Merge pull request #3481 from AndrzejKurek/fi_duplicate_buffers_2
Duplicate sensitive buffer and buffer length information
This commit is contained in:
commit
c417c783e5
@ -686,6 +686,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||||||
unsigned int flow_ctrl = 0;
|
unsigned int flow_ctrl = 0;
|
||||||
volatile unsigned int i = 0;
|
volatile unsigned int i = 0;
|
||||||
volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
volatile const unsigned char *key_dup = key;
|
||||||
|
volatile unsigned int keybits_dup = keybits;
|
||||||
uint32_t *RK;
|
uint32_t *RK;
|
||||||
uint32_t offset = 0;
|
uint32_t offset = 0;
|
||||||
|
|
||||||
@ -813,10 +815,14 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
|||||||
|| ( ctx->nr == 14 && i == 7 )
|
|| ( ctx->nr == 14 && i == 7 )
|
||||||
#endif
|
#endif
|
||||||
) )
|
) )
|
||||||
|
{
|
||||||
|
if( keybits_dup == keybits && key_dup == key )
|
||||||
{
|
{
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
|
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
|
||||||
@ -1063,6 +1069,8 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
|||||||
aes_r_data_t *aes_data_table[2]; // pointers to real and fake data
|
aes_r_data_t *aes_data_table[2]; // pointers to real and fake data
|
||||||
int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
|
int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
|
||||||
volatile int flow_control;
|
volatile int flow_control;
|
||||||
|
volatile const unsigned char *input_dup = input;
|
||||||
|
volatile unsigned char *output_dup = output;
|
||||||
// control bytes for AES calculation rounds,
|
// control bytes for AES calculation rounds,
|
||||||
// reserve based on max rounds + dummy rounds + 2 (for initial key addition)
|
// reserve based on max rounds + dummy rounds + 2 (for initial key addition)
|
||||||
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
|
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
|
||||||
@ -1163,9 +1171,14 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
|
|||||||
if( flow_control == tindex + dummy_rounds + 8 )
|
if( flow_control == tindex + dummy_rounds + 8 )
|
||||||
{
|
{
|
||||||
/* Validate control path due possible fault injection */
|
/* Validate control path due possible fault injection */
|
||||||
|
if( output_dup == output && input_dup == input )
|
||||||
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Clear the output in case of a FI
|
||||||
|
mbedtls_platform_memset( output, 0, 16 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1342,6 +1355,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||||||
aes_r_data_t *aes_data_table[2]; // pointers to real and fake data
|
aes_r_data_t *aes_data_table[2]; // pointers to real and fake data
|
||||||
int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
|
int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
|
||||||
volatile int flow_control;
|
volatile int flow_control;
|
||||||
|
volatile const unsigned char *input_dup = input;
|
||||||
|
volatile unsigned char *output_dup = output;
|
||||||
// control bytes for AES calculation rounds,
|
// control bytes for AES calculation rounds,
|
||||||
// reserve based on max rounds + dummy rounds + 2 (for initial key addition)
|
// reserve based on max rounds + dummy rounds + 2 (for initial key addition)
|
||||||
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
|
uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
|
||||||
@ -1442,9 +1457,14 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
|
|||||||
if( flow_control == tindex + dummy_rounds + 8 )
|
if( flow_control == tindex + dummy_rounds + 8 )
|
||||||
{
|
{
|
||||||
/* Validate control path due possible fault injection */
|
/* Validate control path due possible fault injection */
|
||||||
|
if( output_dup == output && input_dup == input )
|
||||||
|
{
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Clear the output in case of a FI
|
||||||
|
mbedtls_platform_memset( output, 0, 16 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,6 +77,8 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
const mbedtls_cipher_info_t *cipher_info;
|
const mbedtls_cipher_info_t *cipher_info;
|
||||||
|
volatile const unsigned char *key_dup = key;
|
||||||
|
volatile unsigned int keybits_dup = keybits;
|
||||||
|
|
||||||
CCM_VALIDATE_RET( ctx != NULL );
|
CCM_VALIDATE_RET( ctx != NULL );
|
||||||
CCM_VALIDATE_RET( key != NULL );
|
CCM_VALIDATE_RET( key != NULL );
|
||||||
@ -99,7 +101,14 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( keybits_dup == keybits && key_dup == key )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
// In case of a FI - clear the context
|
||||||
|
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -165,6 +174,15 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
|||||||
unsigned char ctr[16];
|
unsigned char ctr[16];
|
||||||
const unsigned char *src;
|
const unsigned char *src;
|
||||||
unsigned char *dst;
|
unsigned char *dst;
|
||||||
|
volatile size_t length_dup = length;
|
||||||
|
volatile const unsigned char *iv_dup = iv;
|
||||||
|
volatile size_t iv_len_dup = iv_len;
|
||||||
|
volatile const unsigned char *add_dup = add;
|
||||||
|
volatile size_t add_len_dup = add_len;
|
||||||
|
volatile const unsigned char *input_dup = input;
|
||||||
|
volatile unsigned char *output_dup = output;
|
||||||
|
volatile unsigned char *tag_dup = tag;
|
||||||
|
volatile size_t tag_len_dup = tag_len;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check length requirements: SP800-38C A.1
|
* Check length requirements: SP800-38C A.1
|
||||||
@ -316,6 +334,16 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
|
|||||||
CTR_CRYPT( y, y, 16 );
|
CTR_CRYPT( y, y, 16 );
|
||||||
mbedtls_platform_memcpy( tag, y, tag_len );
|
mbedtls_platform_memcpy( tag, y, tag_len );
|
||||||
|
|
||||||
|
if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
|
||||||
|
add_dup != add || add_len_dup != add_len || input_dup != input ||
|
||||||
|
output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
|
||||||
|
{
|
||||||
|
|
||||||
|
// In case of a FI - clear the output
|
||||||
|
mbedtls_platform_memset( output, 0, length );
|
||||||
|
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -370,6 +398,15 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||||||
unsigned char check_tag[16];
|
unsigned char check_tag[16];
|
||||||
unsigned char i;
|
unsigned char i;
|
||||||
int diff;
|
int diff;
|
||||||
|
volatile size_t length_dup = length;
|
||||||
|
volatile const unsigned char *iv_dup = iv;
|
||||||
|
volatile size_t iv_len_dup = iv_len;
|
||||||
|
volatile const unsigned char *add_dup = add;
|
||||||
|
volatile size_t add_len_dup = add_len;
|
||||||
|
volatile const unsigned char *input_dup = input;
|
||||||
|
volatile unsigned char *output_dup = output;
|
||||||
|
volatile const unsigned char *tag_dup = tag;
|
||||||
|
volatile size_t tag_len_dup = tag_len;
|
||||||
|
|
||||||
CCM_VALIDATE_RET( ctx != NULL );
|
CCM_VALIDATE_RET( ctx != NULL );
|
||||||
CCM_VALIDATE_RET( iv != NULL );
|
CCM_VALIDATE_RET( iv != NULL );
|
||||||
@ -395,6 +432,13 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
|
|||||||
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
|
return( MBEDTLS_ERR_CCM_AUTH_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( length_dup != length || iv_dup != iv || iv_len_dup != iv_len ||
|
||||||
|
add_dup != add || add_len_dup != add_len || input_dup != input ||
|
||||||
|
output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
|
||||||
|
{
|
||||||
|
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -143,6 +143,10 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
|
|||||||
size_t threshold, int strong )
|
size_t threshold, int strong )
|
||||||
{
|
{
|
||||||
int idx, ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int idx, ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
volatile mbedtls_entropy_f_source_ptr f_source_dup = f_source;
|
||||||
|
volatile void *p_source_dup = p_source;
|
||||||
|
volatile size_t threshold_dup = threshold;
|
||||||
|
volatile int strong_dup = strong;
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||||
@ -170,6 +174,11 @@ exit:
|
|||||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if( f_source_dup != f_source || p_source_dup != p_source ||
|
||||||
|
threshold_dup != threshold || strong_dup != strong )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -184,7 +193,8 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
|
|||||||
size_t use_len = len;
|
size_t use_len = len;
|
||||||
const unsigned char *p = data;
|
const unsigned char *p = data;
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
volatile const unsigned char *data_dup = data;
|
||||||
|
volatile size_t len_dup = len;
|
||||||
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||||
@ -229,6 +239,10 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
|
|||||||
cleanup:
|
cleanup:
|
||||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||||
|
|
||||||
|
if( len_dup != len || data_dup != data )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -349,6 +363,9 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
|
|||||||
int count = 0, i, done;
|
int count = 0, i, done;
|
||||||
mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
|
mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
|
||||||
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||||
|
volatile void *data_dup = data;
|
||||||
|
volatile unsigned char *output_dup = output;
|
||||||
|
volatile size_t len_dup = len;
|
||||||
|
|
||||||
if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
|
||||||
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
||||||
@ -456,7 +473,10 @@ exit:
|
|||||||
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
|
||||||
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
|
||||||
#endif
|
#endif
|
||||||
|
if( data_dup != data || len_dup != len || output_dup != output )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -81,6 +81,8 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
|
|||||||
volatile unsigned int flow_counter = 0;
|
volatile unsigned int flow_counter = 0;
|
||||||
unsigned char K[MBEDTLS_MD_MAX_SIZE];
|
unsigned char K[MBEDTLS_MD_MAX_SIZE];
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
volatile const unsigned char *additional_dup = additional;
|
||||||
|
volatile size_t add_len_dup = add_len;
|
||||||
|
|
||||||
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
|
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
|
||||||
{
|
{
|
||||||
@ -142,10 +144,13 @@ exit:
|
|||||||
flow_counter = flow_counter - sep[0];
|
flow_counter = flow_counter - sep[0];
|
||||||
// Double check flow_counter
|
// Double check flow_counter
|
||||||
if ( ( flow_counter == 7 ) || ( flow_counter == 16 ) )
|
if ( ( flow_counter == 7 ) || ( flow_counter == 16 ) )
|
||||||
|
{
|
||||||
|
if( additional_dup == additional && add_len_dup == add_len )
|
||||||
{
|
{
|
||||||
return ret; // success, return 0 from ret
|
return ret; // success, return 0 from ret
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
@ -167,6 +172,8 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
|
|||||||
const unsigned char *data, size_t data_len )
|
const unsigned char *data, size_t data_len )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
volatile const unsigned char *data_dup = data;
|
||||||
|
volatile size_t data_len_dup = data_len;
|
||||||
|
|
||||||
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
|
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -183,7 +190,10 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
|
|||||||
|
|
||||||
if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
|
if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
if( data_dup != data || data_len_dup != data_len )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -200,6 +210,9 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
|
|||||||
size_t seedlen = 0;
|
size_t seedlen = 0;
|
||||||
size_t total_entropy_len;
|
size_t total_entropy_len;
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
volatile const unsigned char *additional_dup = additional;
|
||||||
|
volatile size_t len_dup = len;
|
||||||
|
int reseed_counter_backup = -1;
|
||||||
|
|
||||||
if( use_nonce == HMAC_NONCE_NO )
|
if( use_nonce == HMAC_NONCE_NO )
|
||||||
total_entropy_len = ctx->entropy_len;
|
total_entropy_len = ctx->entropy_len;
|
||||||
@ -257,6 +270,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
|
|||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
/* 3. Reset reseed_counter */
|
/* 3. Reset reseed_counter */
|
||||||
|
reseed_counter_backup = ctx->reseed_counter;
|
||||||
ctx->reseed_counter = 1;
|
ctx->reseed_counter = 1;
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
@ -264,6 +278,15 @@ exit:
|
|||||||
/* 4. Done */
|
/* 4. Done */
|
||||||
mbedtls_platform_zeroize( seed, seedlen );
|
mbedtls_platform_zeroize( seed, seedlen );
|
||||||
|
|
||||||
|
if( additional_dup != additional || len_dup != len )
|
||||||
|
{
|
||||||
|
/* Rollback the reseed_counter in case of FI */
|
||||||
|
if( reseed_counter_backup != -1 )
|
||||||
|
ctx->reseed_counter = reseed_counter_backup;
|
||||||
|
|
||||||
|
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
|
|
||||||
if ( ret != 0 )
|
if ( ret != 0 )
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
@ -273,6 +296,9 @@ exit:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Rollback the reseed_counter in case of FI */
|
||||||
|
if( reseed_counter_backup != -1 )
|
||||||
|
ctx->reseed_counter = reseed_counter_backup;
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -299,6 +325,11 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
|||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
int (* volatile f_entropy_dup)(void *, unsigned char *, size_t) = f_entropy;
|
||||||
|
volatile void *p_entropy_dup = p_entropy;
|
||||||
|
volatile const unsigned char *custom_dup = custom;
|
||||||
|
volatile size_t len_dup = len;
|
||||||
|
|
||||||
size_t md_size;
|
size_t md_size;
|
||||||
|
|
||||||
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
|
if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
|
||||||
@ -339,6 +370,11 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( f_entropy != f_entropy_dup || p_entropy != p_entropy_dup ||
|
||||||
|
custom_dup != custom || len_dup != len )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -287,7 +287,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
|
|||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
/* Free the ctx upon suspected FI */
|
||||||
|
mbedtls_sha256_free( ctx );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -310,7 +311,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
|||||||
int ret;
|
int ret;
|
||||||
size_t fill;
|
size_t fill;
|
||||||
uint32_t left;
|
uint32_t left;
|
||||||
|
volatile const unsigned char *input_dup = input;
|
||||||
|
volatile size_t ilen_dup = ilen;
|
||||||
|
size_t ilen_change;
|
||||||
SHA256_VALIDATE_RET( ctx != NULL );
|
SHA256_VALIDATE_RET( ctx != NULL );
|
||||||
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||||
|
|
||||||
@ -352,9 +355,16 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
|
|||||||
|
|
||||||
/* Re-check ilen to protect from a FI attack */
|
/* Re-check ilen to protect from a FI attack */
|
||||||
if( ilen < 64 )
|
if( ilen < 64 )
|
||||||
|
{
|
||||||
|
/* Re-check that the calculated offsets are correct */
|
||||||
|
ilen_change = ilen_dup - ilen;
|
||||||
|
if( ( input_dup + ilen_change ) == input )
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
/* Free the ctx upon suspected FI */
|
||||||
|
mbedtls_sha256_free( ctx );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -451,6 +461,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
|
|||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
/* Free the ctx and clear output upon suspected FI */
|
||||||
|
mbedtls_sha256_free( ctx );
|
||||||
|
mbedtls_platform_memset( output, 0, 32 );
|
||||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -472,8 +485,10 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
|||||||
unsigned char output[32],
|
unsigned char output[32],
|
||||||
int is224 )
|
int is224 )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
mbedtls_sha256_context ctx;
|
mbedtls_sha256_context ctx;
|
||||||
|
volatile const unsigned char *input_dup = input;
|
||||||
|
volatile size_t ilen_dup = ilen;
|
||||||
|
|
||||||
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
|
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
|
||||||
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||||
@ -493,7 +508,12 @@ int mbedtls_sha256_ret( const unsigned char *input,
|
|||||||
exit:
|
exit:
|
||||||
mbedtls_sha256_free( &ctx );
|
mbedtls_sha256_free( &ctx );
|
||||||
|
|
||||||
|
if( input_dup == input && ilen_dup == ilen )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
mbedtls_platform_memset( output, 0, 32 );
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
|
@ -2796,10 +2796,14 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||||||
volatile int ret = 0;
|
volatile int ret = 0;
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
unsigned char *end;
|
unsigned char *end;
|
||||||
|
volatile unsigned char *buf_dup = buf;
|
||||||
|
volatile size_t buflen_dup = buflen;
|
||||||
|
|
||||||
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
||||||
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
||||||
|
|
||||||
|
((void) buf_dup);
|
||||||
|
((void) buflen_dup);
|
||||||
p = buf + mbedtls_ssl_hs_hdr_len( ssl );
|
p = buf + mbedtls_ssl_hs_hdr_len( ssl );
|
||||||
end = buf + buflen;
|
end = buf + buflen;
|
||||||
|
|
||||||
@ -3100,7 +3104,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
mbedtls_platform_random_delay();
|
mbedtls_platform_random_delay();
|
||||||
|
|
||||||
if( ret == 0 )
|
if( ret == 0 && buf_dup == buf && buflen_dup == buflen )
|
||||||
{
|
{
|
||||||
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
/* We don't need the peer's public key anymore. Free it,
|
/* We don't need the peer's public key anymore. Free it,
|
||||||
@ -3583,7 +3587,10 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
|
volatile unsigned char *buf_dup = buf;
|
||||||
|
volatile size_t buflen_dup = buflen;
|
||||||
size_t n;
|
size_t n;
|
||||||
|
|
||||||
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
||||||
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
||||||
|
|
||||||
@ -3866,7 +3873,12 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
*olen = p - buf;
|
*olen = p - buf;
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( buf_dup == buf && buflen_dup == buflen )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ssl_out_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )
|
static int ssl_out_client_key_exchange_postprocess( mbedtls_ssl_context *ssl )
|
||||||
|
@ -3269,13 +3269,19 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||||||
- sig_start );
|
- sig_start );
|
||||||
int ret = ssl->conf->f_async_resume( ssl,
|
int ret = ssl->conf->f_async_resume( ssl,
|
||||||
sig_start, signature_len, sig_max_len );
|
sig_start, signature_len, sig_max_len );
|
||||||
|
volatile size_t *signature_len_dup = signature_len;
|
||||||
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
|
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
|
||||||
{
|
{
|
||||||
ssl->handshake->async_in_progress = 0;
|
ssl->handshake->async_in_progress = 0;
|
||||||
mbedtls_ssl_set_async_operation_data( ssl, NULL );
|
mbedtls_ssl_set_async_operation_data( ssl, NULL );
|
||||||
}
|
}
|
||||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret );
|
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret );
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( signature_len_dup == signature_len )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
|
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
|
||||||
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
|
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
|
||||||
@ -3286,6 +3292,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||||||
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||||
size_t *signature_len )
|
size_t *signature_len )
|
||||||
{
|
{
|
||||||
|
volatile size_t *signature_len_dup = signature_len;
|
||||||
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
||||||
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
||||||
|
|
||||||
@ -3673,7 +3680,11 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||||
|
|
||||||
|
if( signature_len_dup == signature_len )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Prepare the ServerKeyExchange message and send it. For ciphersuites
|
/* Prepare the ServerKeyExchange message and send it. For ciphersuites
|
||||||
@ -3821,6 +3832,8 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
|
|||||||
const unsigned char *end )
|
const unsigned char *end )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||||
|
unsigned char ** volatile p_dup = p;
|
||||||
|
volatile const unsigned char *end_dup = end;
|
||||||
size_t n;
|
size_t n;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -3851,7 +3864,12 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char *
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
|
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( p_dup == p && end_dup == end )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
|
||||||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||||
@ -4218,6 +4236,8 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||||||
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
|
||||||
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
|
volatile unsigned char *buf_dup = buf;
|
||||||
|
volatile size_t buflen_dup = buflen;
|
||||||
|
|
||||||
p = buf + mbedtls_ssl_hs_hdr_len( ssl );
|
p = buf + mbedtls_ssl_hs_hdr_len( ssl );
|
||||||
end = buf + buflen;
|
end = buf + buflen;
|
||||||
@ -4412,8 +4432,11 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
|
|||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
if( buf_dup == buf && buflen_dup == buflen )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Update the handshake state */
|
/* Update the handshake state */
|
||||||
|
@ -177,6 +177,8 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
|
|||||||
size_t buflen )
|
size_t buflen )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
|
volatile unsigned char *buf_dup = buf;
|
||||||
|
volatile size_t buflen_dup = buflen;
|
||||||
mbedtls_record rec;
|
mbedtls_record rec;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
|
||||||
@ -228,6 +230,10 @@ exit:
|
|||||||
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
|
ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( buf_dup != buf || buflen_dup != buflen )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
|
}
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
@ -282,6 +288,9 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
|
|||||||
unsigned char const *own_cid,
|
unsigned char const *own_cid,
|
||||||
size_t own_cid_len )
|
size_t own_cid_len )
|
||||||
{
|
{
|
||||||
|
volatile unsigned char const *own_cid_dup = own_cid;
|
||||||
|
volatile size_t own_cid_len_dup = own_cid_len;
|
||||||
|
|
||||||
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
|
if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
@ -308,7 +317,12 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
|
|||||||
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
|
* MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */
|
||||||
ssl->own_cid_len = (uint8_t) own_cid_len;
|
ssl->own_cid_len = (uint8_t) own_cid_len;
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( own_cid_dup == own_cid && own_cid_len_dup == own_cid_len )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
|
||||||
@ -605,7 +619,13 @@ MBEDTLS_NO_INLINE static int ssl3_prf( const unsigned char *secret, size_t slen,
|
|||||||
mbedtls_sha1_context sha1;
|
mbedtls_sha1_context sha1;
|
||||||
unsigned char padding[16];
|
unsigned char padding[16];
|
||||||
unsigned char sha1sum[20];
|
unsigned char sha1sum[20];
|
||||||
((void)label);
|
volatile const unsigned char *secret_dup = secret;
|
||||||
|
volatile size_t slen_dup = slen;
|
||||||
|
volatile const char *label_dup = label;
|
||||||
|
volatile const unsigned char *random_dup = random;
|
||||||
|
volatile size_t rlen_dup = rlen;
|
||||||
|
volatile unsigned char *dstbuf_dup = dstbuf;
|
||||||
|
volatile size_t dlen_dup = dlen;
|
||||||
|
|
||||||
mbedtls_md5_init( &md5 );
|
mbedtls_md5_init( &md5 );
|
||||||
mbedtls_sha1_init( &sha1 );
|
mbedtls_sha1_init( &sha1 );
|
||||||
@ -650,7 +670,14 @@ exit:
|
|||||||
mbedtls_platform_zeroize( padding, sizeof( padding ) );
|
mbedtls_platform_zeroize( padding, sizeof( padding ) );
|
||||||
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
|
mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) );
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( secret_dup == secret && slen_dup == slen && label_dup == label &&
|
||||||
|
random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
|
||||||
|
dlen_dup == dlen )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
|
||||||
|
|
||||||
@ -668,6 +695,13 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
|
|||||||
mbedtls_md_handle_t md_info;
|
mbedtls_md_handle_t md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
int ret;
|
int ret;
|
||||||
|
volatile const unsigned char *secret_dup = secret;
|
||||||
|
volatile size_t slen_dup = slen;
|
||||||
|
volatile const char *label_dup = label;
|
||||||
|
volatile const unsigned char *random_dup = random;
|
||||||
|
volatile size_t rlen_dup = rlen;
|
||||||
|
volatile unsigned char *dstbuf_dup = dstbuf;
|
||||||
|
volatile size_t dlen_dup = dlen;
|
||||||
|
|
||||||
mbedtls_md_init( &md_ctx );
|
mbedtls_md_init( &md_ctx );
|
||||||
|
|
||||||
@ -754,7 +788,14 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
|
|||||||
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||||
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( secret_dup == secret && slen_dup == slen && label_dup == label &&
|
||||||
|
random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
|
||||||
|
dlen_dup == dlen )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||||
|
|
||||||
@ -777,6 +818,13 @@ int tls_prf_generic( mbedtls_md_type_t md_type,
|
|||||||
mbedtls_md_handle_t md_info;
|
mbedtls_md_handle_t md_info;
|
||||||
mbedtls_md_context_t md_ctx;
|
mbedtls_md_context_t md_ctx;
|
||||||
int ret;
|
int ret;
|
||||||
|
volatile const unsigned char *secret_dup = secret;
|
||||||
|
volatile size_t slen_dup = slen;
|
||||||
|
volatile const char *label_dup = label;
|
||||||
|
volatile const unsigned char *random_dup = random;
|
||||||
|
volatile size_t rlen_dup = rlen;
|
||||||
|
volatile unsigned char *dstbuf_dup = dstbuf;
|
||||||
|
volatile size_t dlen_dup = dlen;
|
||||||
|
|
||||||
mbedtls_md_init( &md_ctx );
|
mbedtls_md_init( &md_ctx );
|
||||||
|
|
||||||
@ -836,7 +884,14 @@ int tls_prf_generic( mbedtls_md_type_t md_type,
|
|||||||
(void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
(void)mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
|
||||||
(void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
(void)mbedtls_platform_zeroize( h_i, sizeof( h_i ) );
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( secret_dup == secret && slen_dup == slen && label_dup == label &&
|
||||||
|
random_dup == random && rlen_dup == rlen && dstbuf_dup == dstbuf &&
|
||||||
|
dlen_dup == dlen )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_SHA256_C)
|
||||||
@ -1828,6 +1883,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
|||||||
const mbedtls_ssl_context *ssl )
|
const mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
volatile unsigned char *master_dup = master;
|
||||||
|
|
||||||
/* #if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) */
|
/* #if !defined(MBEDTLS_DEBUG_C) && !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) */
|
||||||
/* ssl = NULL; /\* make sure we don't use it except for debug and EMS *\/ */
|
/* ssl = NULL; /\* make sure we don't use it except for debug and EMS *\/ */
|
||||||
@ -1888,8 +1944,12 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
|
|||||||
|
|
||||||
mbedtls_platform_zeroize( handshake->premaster,
|
mbedtls_platform_zeroize( handshake->premaster,
|
||||||
sizeof(handshake->premaster) );
|
sizeof(handshake->premaster) );
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( master_dup == master )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
||||||
@ -2406,22 +2466,32 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content,
|
|||||||
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
|
size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY -
|
||||||
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
|
( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) %
|
||||||
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
|
MBEDTLS_SSL_CID_PADDING_GRANULARITY;
|
||||||
|
volatile unsigned char *content_dup = content;
|
||||||
|
volatile size_t *content_size_dup = content_size;
|
||||||
|
volatile size_t remaining_dup = remaining;
|
||||||
|
|
||||||
/* Write real content type */
|
/* Write real content type */
|
||||||
if( remaining == 0 )
|
if( remaining == 0 )
|
||||||
return( -1 );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
content[ len ] = rec_type;
|
content[ len ] = rec_type;
|
||||||
len++;
|
len++;
|
||||||
remaining--;
|
remaining--;
|
||||||
|
|
||||||
if( remaining < pad )
|
if( remaining < pad )
|
||||||
return( -1 );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
mbedtls_platform_memset( content + len, 0, pad );
|
mbedtls_platform_memset( content + len, 0, pad );
|
||||||
len += pad;
|
len += pad;
|
||||||
remaining -= pad;
|
remaining -= pad;
|
||||||
|
|
||||||
*content_size = len;
|
*content_size = len;
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( content_dup == content && content_size_dup == content_size &&
|
||||||
|
( remaining_dup - 1 - pad ) == remaining )
|
||||||
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This function parses a DTLSInnerPlaintext structure.
|
/* This function parses a DTLSInnerPlaintext structure.
|
||||||
@ -2566,6 +2636,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
if( rec->cid_len != 0 )
|
if( rec->cid_len != 0 )
|
||||||
{
|
{
|
||||||
|
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||||
/*
|
/*
|
||||||
* Wrap plaintext into DTLSInnerPlaintext structure.
|
* Wrap plaintext into DTLSInnerPlaintext structure.
|
||||||
* See ssl_cid_build_inner_plaintext() for more information.
|
* See ssl_cid_build_inner_plaintext() for more information.
|
||||||
@ -2573,12 +2644,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
|||||||
* Note that this changes `rec->data_len`, and hence
|
* Note that this changes `rec->data_len`, and hence
|
||||||
* `post_avail` needs to be recalculated afterwards.
|
* `post_avail` needs to be recalculated afterwards.
|
||||||
*/
|
*/
|
||||||
if( ssl_cid_build_inner_plaintext( data,
|
if( ( ret = ssl_cid_build_inner_plaintext( data,
|
||||||
&rec->data_len,
|
&rec->data_len,
|
||||||
post_avail,
|
post_avail,
|
||||||
rec->type ) != 0 )
|
rec->type ) ) != 0 )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
rec->type = MBEDTLS_SSL_MSG_CID;
|
rec->type = MBEDTLS_SSL_MSG_CID;
|
||||||
@ -4816,6 +4887,7 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
|
|||||||
memset( mask + offset / 8, 0xFF, len / 8 );
|
memset( mask + offset / 8, 0xFF, len / 8 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define BITMASK_CHECK_FAILED 0x75555555
|
||||||
/*
|
/*
|
||||||
* Check that bitmask is full
|
* Check that bitmask is full
|
||||||
*/
|
*/
|
||||||
@ -4825,11 +4897,11 @@ static int ssl_bitmask_check( unsigned char *mask, size_t len )
|
|||||||
|
|
||||||
for( i = 0; i < len / 8; i++ )
|
for( i = 0; i < len / 8; i++ )
|
||||||
if( mask[i] != 0xFF )
|
if( mask[i] != 0xFF )
|
||||||
return( -1 );
|
return( BITMASK_CHECK_FAILED );
|
||||||
|
|
||||||
for( i = 0; i < len % 8; i++ )
|
for( i = 0; i < len % 8; i++ )
|
||||||
if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
|
if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
|
||||||
return( -1 );
|
return( BITMASK_CHECK_FAILED );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -7057,6 +7129,7 @@ write_msg:
|
|||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||||
|
#define PEER_CRT_CHANGED 0x75555555
|
||||||
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *crt_buf,
|
unsigned char *crt_buf,
|
||||||
size_t crt_buf_len )
|
size_t crt_buf_len )
|
||||||
@ -7064,14 +7137,15 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
|||||||
mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
|
mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert;
|
||||||
|
|
||||||
if( peer_crt == NULL )
|
if( peer_crt == NULL )
|
||||||
return( -1 );
|
return( PEER_CRT_CHANGED );
|
||||||
|
|
||||||
if( peer_crt->raw.len != crt_buf_len )
|
if( peer_crt->raw.len != crt_buf_len )
|
||||||
return( -1 );
|
return( PEER_CRT_CHANGED );
|
||||||
|
|
||||||
return( mbedtls_platform_memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
|
return( mbedtls_platform_memcmp( peer_crt->raw.p, crt_buf, crt_buf_len ) );
|
||||||
}
|
}
|
||||||
#elif defined(MBEDTLS_SSL_RENEGOTIATION)
|
#elif defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
|
#define PEER_CRT_CHANGED 0x75555555
|
||||||
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *crt_buf,
|
unsigned char *crt_buf,
|
||||||
size_t crt_buf_len )
|
size_t crt_buf_len )
|
||||||
@ -7089,16 +7163,16 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
|
|||||||
if( peer_cert_digest == NULL ||
|
if( peer_cert_digest == NULL ||
|
||||||
digest_info == MBEDTLS_MD_INVALID_HANDLE )
|
digest_info == MBEDTLS_MD_INVALID_HANDLE )
|
||||||
{
|
{
|
||||||
return( -1 );
|
return( PEER_CRT_CHANGED );
|
||||||
}
|
}
|
||||||
|
|
||||||
digest_len = mbedtls_md_get_size( digest_info );
|
digest_len = mbedtls_md_get_size( digest_info );
|
||||||
if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
|
if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
|
||||||
return( -1 );
|
return( PEER_CRT_CHANGED );
|
||||||
|
|
||||||
ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
|
ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( -1 );
|
return( PEER_CRT_CHANGED );
|
||||||
|
|
||||||
return( mbedtls_platform_memcmp( tmp_digest, peer_cert_digest, digest_len ) );
|
return( mbedtls_platform_memcmp( tmp_digest, peer_cert_digest, digest_len ) );
|
||||||
}
|
}
|
||||||
@ -10878,6 +10952,8 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t n;
|
size_t n;
|
||||||
|
volatile unsigned char *buf_dup = buf;
|
||||||
|
volatile size_t len_dup = len;
|
||||||
|
|
||||||
if( ssl == NULL || ssl->conf == NULL )
|
if( ssl == NULL || ssl->conf == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
@ -11191,7 +11267,12 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( buf_dup == buf && len_dup == len )
|
||||||
|
{
|
||||||
return( (int) n );
|
return( (int) n );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -11211,6 +11292,8 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
|
int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
|
||||||
const size_t max_len = (size_t) ret;
|
const size_t max_len = (size_t) ret;
|
||||||
|
volatile const unsigned char *buf_dup = buf;
|
||||||
|
volatile size_t len_dup = len;
|
||||||
|
|
||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
{
|
{
|
||||||
@ -11233,6 +11316,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||||||
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
#if defined(MBEDTLS_SSL_PROTO_TLS)
|
||||||
{
|
{
|
||||||
len = max_len;
|
len = max_len;
|
||||||
|
len_dup = len;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -11268,8 +11352,12 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( buf_dup == buf && len_dup == len )
|
||||||
|
{
|
||||||
return( (int) len );
|
return( (int) len );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -11318,6 +11406,8 @@ static int ssl_write_split( mbedtls_ssl_context *ssl,
|
|||||||
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
|
int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
volatile const unsigned char *buf_dup = buf;
|
||||||
|
volatile size_t len_dup = len;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
|
||||||
|
|
||||||
@ -11349,7 +11439,12 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( buf_dup == buf && len_dup == len )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -12933,6 +13028,11 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
mbedtls_md_context_t ctx;
|
mbedtls_md_context_t ctx;
|
||||||
|
volatile unsigned char* hash_dup = hash;
|
||||||
|
volatile size_t *hashlen_dup = hashlen;
|
||||||
|
volatile unsigned char* data_dup = data;
|
||||||
|
volatile size_t data_len_dup = data_len;
|
||||||
|
|
||||||
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
|
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
|
||||||
*hashlen = mbedtls_md_get_size( md_info );
|
*hashlen = mbedtls_md_get_size( md_info );
|
||||||
|
|
||||||
@ -12978,7 +13078,13 @@ exit:
|
|||||||
mbedtls_ssl_pend_fatal_alert( ssl,
|
mbedtls_ssl_pend_fatal_alert( ssl,
|
||||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||||
|
|
||||||
|
/* Secure against buffer substitution */
|
||||||
|
if( hash_dup == hash && hashlen_dup == hashlen &&
|
||||||
|
data_dup == data && data_len_dup == data_len )
|
||||||
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
}
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
@ -1239,6 +1239,8 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
|
|||||||
int ret = UECC_FAULT_DETECTED;
|
int ret = UECC_FAULT_DETECTED;
|
||||||
uECC_word_t _private[NUM_ECC_WORDS];
|
uECC_word_t _private[NUM_ECC_WORDS];
|
||||||
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
||||||
|
volatile const uint8_t *private_key_dup = private_key;
|
||||||
|
volatile const uint8_t *public_key_dup = public_key;
|
||||||
|
|
||||||
uECC_vli_bytesToNative(
|
uECC_vli_bytesToNative(
|
||||||
_private,
|
_private,
|
||||||
@ -1264,5 +1266,8 @@ int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
|
|||||||
uECC_vli_nativeToBytes(
|
uECC_vli_nativeToBytes(
|
||||||
public_key +
|
public_key +
|
||||||
NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
|
NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
|
||||||
|
if (private_key_dup != private_key || public_key_dup != public_key){
|
||||||
|
return UECC_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -114,6 +114,8 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key)
|
|||||||
uECC_word_t _private[NUM_ECC_WORDS];
|
uECC_word_t _private[NUM_ECC_WORDS];
|
||||||
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
||||||
uECC_word_t tries;
|
uECC_word_t tries;
|
||||||
|
volatile uint8_t *public_key_dup = public_key;
|
||||||
|
volatile uint8_t *private_key_dup = private_key;
|
||||||
|
|
||||||
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
|
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
|
||||||
/* Generating _private uniformly at random: */
|
/* Generating _private uniformly at random: */
|
||||||
@ -148,8 +150,13 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key)
|
|||||||
/* erasing temporary buffer that stored secret: */
|
/* erasing temporary buffer that stored secret: */
|
||||||
mbedtls_platform_memset(_private, 0, NUM_ECC_BYTES);
|
mbedtls_platform_memset(_private, 0, NUM_ECC_BYTES);
|
||||||
|
|
||||||
|
if (private_key == private_key_dup && public_key == public_key_dup) {
|
||||||
return UECC_SUCCESS;
|
return UECC_SUCCESS;
|
||||||
}
|
}
|
||||||
|
/* Erase key in case of FI */
|
||||||
|
mbedtls_platform_memset(public_key, 0, 2*NUM_ECC_BYTES);
|
||||||
|
return UECC_FAULT_DETECTED;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return UECC_FAILURE;
|
return UECC_FAILURE;
|
||||||
}
|
}
|
||||||
@ -163,6 +170,9 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
|
|||||||
wordcount_t num_words = NUM_ECC_WORDS;
|
wordcount_t num_words = NUM_ECC_WORDS;
|
||||||
wordcount_t num_bytes = NUM_ECC_BYTES;
|
wordcount_t num_bytes = NUM_ECC_BYTES;
|
||||||
int r = UECC_FAULT_DETECTED;
|
int r = UECC_FAULT_DETECTED;
|
||||||
|
volatile const uint8_t *public_key_dup = public_key;
|
||||||
|
volatile const uint8_t *private_key_dup = private_key;
|
||||||
|
volatile const uint8_t *secret_dup = secret;
|
||||||
|
|
||||||
/* Converting buffers to correct bit order: */
|
/* Converting buffers to correct bit order: */
|
||||||
uECC_vli_bytesToNative(_private,
|
uECC_vli_bytesToNative(_private,
|
||||||
@ -180,6 +190,11 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
|
|||||||
|
|
||||||
/* erasing temporary buffer used to store secret: */
|
/* erasing temporary buffer used to store secret: */
|
||||||
mbedtls_platform_zeroize(_private, sizeof(_private));
|
mbedtls_platform_zeroize(_private, sizeof(_private));
|
||||||
|
if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
|
||||||
|
/* Erase secret in case of FI */
|
||||||
|
mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES);
|
||||||
|
return UECC_FAULT_DETECTED;
|
||||||
|
}
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
@ -146,6 +146,10 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
|
|||||||
uECC_word_t _random[2*NUM_ECC_WORDS];
|
uECC_word_t _random[2*NUM_ECC_WORDS];
|
||||||
uECC_word_t k[NUM_ECC_WORDS];
|
uECC_word_t k[NUM_ECC_WORDS];
|
||||||
uECC_word_t tries;
|
uECC_word_t tries;
|
||||||
|
volatile const uint8_t *private_key_dup = private_key;
|
||||||
|
volatile const uint8_t *message_hash_dup = message_hash;
|
||||||
|
volatile unsigned hash_size_dup = hash_size;
|
||||||
|
volatile uint8_t *signature_dup = signature;
|
||||||
|
|
||||||
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
|
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
|
||||||
/* Generating _random uniformly at random: */
|
/* Generating _random uniformly at random: */
|
||||||
@ -161,9 +165,15 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
|
|||||||
r = uECC_sign_with_k(private_key, message_hash, hash_size, k, signature);
|
r = uECC_sign_with_k(private_key, message_hash, hash_size, k, signature);
|
||||||
/* don't keep trying if a fault was detected */
|
/* don't keep trying if a fault was detected */
|
||||||
if (r == UECC_FAULT_DETECTED) {
|
if (r == UECC_FAULT_DETECTED) {
|
||||||
|
mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
if (r == UECC_SUCCESS) {
|
if (r == UECC_SUCCESS) {
|
||||||
|
if (private_key_dup != private_key || message_hash_dup != message_hash ||
|
||||||
|
hash_size_dup != hash_size || signature_dup != signature) {
|
||||||
|
mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
|
||||||
|
return UECC_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return UECC_SUCCESS;
|
return UECC_SUCCESS;
|
||||||
}
|
}
|
||||||
/* else keep trying */
|
/* else keep trying */
|
||||||
@ -194,6 +204,10 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
bitcount_t i;
|
bitcount_t i;
|
||||||
bitcount_t flow_control;
|
bitcount_t flow_control;
|
||||||
volatile uECC_word_t diff;
|
volatile uECC_word_t diff;
|
||||||
|
volatile const uint8_t *public_key_dup = public_key;
|
||||||
|
volatile const uint8_t *message_hash_dup = message_hash;
|
||||||
|
volatile unsigned hash_size_dup = hash_size;
|
||||||
|
volatile const uint8_t *signature_dup = signature;
|
||||||
|
|
||||||
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
uECC_word_t _public[NUM_ECC_WORDS * 2];
|
||||||
uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
|
uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
|
||||||
@ -295,6 +309,10 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
|
|||||||
* 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
|
* 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
|
||||||
*/
|
*/
|
||||||
if (diff == 0 && flow_control == (num_bits + 5)) {
|
if (diff == 0 && flow_control == (num_bits + 5)) {
|
||||||
|
if (public_key_dup != public_key || message_hash_dup != message_hash ||
|
||||||
|
hash_size_dup != hash_size || signature_dup != signature) {
|
||||||
|
return UECC_FAULT_DETECTED;
|
||||||
|
}
|
||||||
return UECC_SUCCESS;
|
return UECC_SUCCESS;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
Loading…
Reference in New Issue
Block a user