Add returning a FAULT_DETECTED error on suspected FI attacks

The change applies to the places where we prevent double synchronous FI attacks with random delay, and where we do not respond to their detection. The response to such an attack should be to return the appropriate error code. Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2024-11-22 11:35:44 +01:00 · 2020-06-05 17:59:28 +02:00 · 2020-06-05 17:59:28 +02:00 · e048b91d25
commit e048b91d25
parent b06ec05dc0
5 changed files with 34 additions and 12 deletions
--- a/library/pk.c
+++ b/library/pk.c
@ -46,10 +46,9 @@
 #endif /* MBEDTLS_USE_TINYCRYPT */

 #include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
-#else
+
+#if !defined(MBEDTLS_PLATFORM_C)
 #include <stdlib.h>
 #define mbedtls_calloc    calloc
 #define mbedtls_free       free
@ -1561,7 +1560,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
        }
        else
        {
-            verify_ret = MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
+            verify_ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
        }
    }

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -27,9 +27,9 @@

 #if defined(MBEDTLS_SSL_CLI_C)

-#if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
-#else
+
+#if !defined(MBEDTLS_PLATFORM_C)
 #include <stdlib.h>
 #define mbedtls_calloc    calloc
 #define mbedtls_free      free
@ -724,6 +724,10 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
            ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
            return( 0 );
        }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+        }
    }

    return( ret );
@ -2388,6 +2392,10 @@ static int ssl_rsa_generate_partial_pms( mbedtls_ssl_context *ssl,
            ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
            return( 0 );
        }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+        }
    }

    MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
@ -2460,6 +2468,12 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl,
        {
            ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
        }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
+            goto cleanup;
+        }
    }
    else
    {
@ -3101,7 +3115,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
            }
            else
            {
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
            }
        }
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -27,9 +27,9 @@

 #if defined(MBEDTLS_SSL_SRV_C)

-#if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
-#else
+
+#if !defined(MBEDTLS_PLATFORM_C)
 #include <stdlib.h>
 #define mbedtls_calloc    calloc
 #define mbedtls_free      free
@ -4659,6 +4659,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
            goto exit;
        }
+        else
+        {
+            ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+        }

    }

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2027,8 +2027,9 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
            }
            else
            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-                return( ret );
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret",
+                                       MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
+                return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
            }
        }
        else
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2936,7 +2936,7 @@ static int x509_crt_check_parent( const mbedtls_x509_crt_sig_info *sig_info,
 *
 * Return value:
 *  - 0 on success
- *  - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise
+ *  - MBEDTLS_ERR_ECP_IN_PROGRESS or MBEDTLS_ERR_PLATFORM_FAULT_DETECTED otherwise
 */
 static int x509_crt_find_parent_in(
                        mbedtls_x509_crt_sig_info const *child_sig,
@ -3051,6 +3051,8 @@ check_signature:
            mbedtls_platform_random_delay();
            if( ret_fi == 0 )
                signature_is_good = X509_SIGNATURE_IS_GOOD;
+            else
+                return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
        }

        if( top && ! signature_is_good )
@ -3869,6 +3871,8 @@ exit:
        mbedtls_platform_random_delay();
        if( flags_fi == 0 )
            return( 0 );
+        else
+            return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
    }

    /* Preserve the API by removing internal extra bits - from now on the