Add buffer and context clearing upon suspected FI

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-07-08 03:19:02 -04:00
parent 0919b142b6
commit ca60937cf9
No known key found for this signature in database
GPG Key ID: 89A90840DC388527
6 changed files with 36 additions and 4 deletions

View File

@ -822,6 +822,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
} }
} }
mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ #endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
@ -1176,6 +1177,8 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
} }
} }
// Clear the output in case of a FI
mbedtls_platform_memset( output, 0, 16 );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
@ -1460,6 +1463,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
} }
} }
// Clear the output in case of a FI
mbedtls_platform_memset( output, 0, 16 );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }

View File

@ -101,12 +101,14 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
return( ret ); return( ret );
} }
if( keybits_dup != keybits || key_dup != key ) if( keybits_dup == keybits && key_dup == key )
{ {
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; return( ret );
} }
return( ret ); // In case of a FI - clear the context
mbedtls_cipher_free( &ctx->cipher_ctx );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
/* /*
@ -336,6 +338,9 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
add_dup != add || add_len_dup != add_len || input_dup != input || add_dup != add || add_len_dup != add_len || input_dup != input ||
output_dup != output || tag_dup != tag || tag_len_dup != tag_len) output_dup != output || tag_dup != tag || tag_len_dup != tag_len)
{ {
// In case of a FI - clear the output
mbedtls_platform_memset( output, 0, length );
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
} }

View File

@ -212,6 +212,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
volatile const unsigned char *additional_dup = additional; volatile const unsigned char *additional_dup = additional;
volatile size_t len_dup = len; volatile size_t len_dup = len;
int reseed_counter_backup = -1;
if( use_nonce == HMAC_NONCE_NO ) if( use_nonce == HMAC_NONCE_NO )
total_entropy_len = ctx->entropy_len; total_entropy_len = ctx->entropy_len;
@ -269,6 +270,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
goto exit; goto exit;
/* 3. Reset reseed_counter */ /* 3. Reset reseed_counter */
reseed_counter_backup = ctx->reseed_counter;
ctx->reseed_counter = 1; ctx->reseed_counter = 1;
exit: exit:
@ -278,6 +280,10 @@ exit:
if( additional_dup != additional || len_dup != len ) if( additional_dup != additional || len_dup != len )
{ {
/* Rollback the reseed_counter in case of FI */
if( reseed_counter_backup != -1 )
ctx->reseed_counter = reseed_counter_backup;
return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED; return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
} }
@ -290,6 +296,9 @@ exit:
return ret; return ret;
} }
/* Rollback the reseed_counter in case of FI */
if( reseed_counter_backup != -1 )
ctx->reseed_counter = reseed_counter_backup;
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }

View File

@ -287,7 +287,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
{ {
return( 0 ); return( 0 );
} }
/* Free the ctx upon suspected FI */
mbedtls_sha256_free( ctx );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
@ -362,6 +363,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
return( 0 ); return( 0 );
} }
} }
/* Free the ctx upon suspected FI */
mbedtls_sha256_free( ctx );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
@ -458,6 +461,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
{ {
return( 0 ); return( 0 );
} }
/* Free the ctx and clear output upon suspected FI */
mbedtls_sha256_free( ctx );
mbedtls_platform_memset( output, 0, 32 );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }
@ -506,6 +512,7 @@ exit:
{ {
return( ret ); return( ret );
} }
mbedtls_platform_memset( output, 0, 32 );
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED ); return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
} }

View File

@ -153,6 +153,8 @@ int uECC_make_key(uint8_t *public_key, uint8_t *private_key)
if (private_key == private_key_dup && public_key == public_key_dup) { if (private_key == private_key_dup && public_key == public_key_dup) {
return UECC_SUCCESS; return UECC_SUCCESS;
} }
/* Erase key in case of FI */
mbedtls_platform_memset(public_key, 0, 2*NUM_ECC_BYTES);
return UECC_FAULT_DETECTED; return UECC_FAULT_DETECTED;
} }
} }
@ -189,6 +191,8 @@ int uECC_shared_secret(const uint8_t *public_key, const uint8_t *private_key,
/* erasing temporary buffer used to store secret: */ /* erasing temporary buffer used to store secret: */
mbedtls_platform_zeroize(_private, sizeof(_private)); mbedtls_platform_zeroize(_private, sizeof(_private));
if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) { if (public_key_dup != public_key || private_key_dup != private_key || secret_dup != secret) {
/* Erase secret in case of FI */
mbedtls_platform_memset(secret, 0, NUM_ECC_BYTES);
return UECC_FAULT_DETECTED; return UECC_FAULT_DETECTED;
} }

View File

@ -165,11 +165,13 @@ int uECC_sign(const uint8_t *private_key, const uint8_t *message_hash,
r = uECC_sign_with_k(private_key, message_hash, hash_size, k, signature); r = uECC_sign_with_k(private_key, message_hash, hash_size, k, signature);
/* don't keep trying if a fault was detected */ /* don't keep trying if a fault was detected */
if (r == UECC_FAULT_DETECTED) { if (r == UECC_FAULT_DETECTED) {
mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
return r; return r;
} }
if (r == UECC_SUCCESS) { if (r == UECC_SUCCESS) {
if (private_key_dup != private_key || message_hash_dup != message_hash || if (private_key_dup != private_key || message_hash_dup != message_hash ||
hash_size_dup != hash_size || signature_dup != signature) { hash_size_dup != hash_size || signature_dup != signature) {
mbedtls_platform_memset(signature, 0, 2*NUM_ECC_BYTES);
return UECC_FAULT_DETECTED; return UECC_FAULT_DETECTED;
} }
return UECC_SUCCESS; return UECC_SUCCESS;