Arto Kinnunen
2eb678f5e8
Update AES SCA countermeasures
...
-Add dummy rounds to the start and/or end of the AES calculation
rounds.
2020-01-21 12:01:42 +02:00
Arto Kinnunen
28ecfb002f
Merge remote-tracking branch 'upstream/pr/2983' into baremetal
...
* upstream/pr/2983:
Fix mbedtls_strerror to work with all wanted codes
2020-01-17 11:21:53 +02:00
Arto Kinnunen
ca1978b7d5
Merge remote-tracking branch 'upstream/pr/2982' into baremetal
...
* upstream/pr/2982:
Use mbedtls_platform_memset in data_randomize
Protect get/put on secret data on AES-module
2020-01-17 11:21:41 +02:00
Arto Kinnunen
d1340e455c
Merge remote-tracking branch 'upstream/pr/2980' into baremetal
...
* upstream/pr/2980:
Protect get/put on secret data on sha256-module
2020-01-17 11:21:32 +02:00
Arto Kinnunen
10a2ffde5d
Merge remote-tracking branch 'upstream/pr/2945' into baremetal
...
* upstream/pr/2945:
Rename macro MBEDTLS_MAX_RAND_DELAY
Update signature of mbedtls_platform_random_delay
Replace mbedtls_platform_enforce_volatile_reads 2
Replace mbedtls_platform_enforce_volatile_reads
Add more variation to random delay countermeasure
Add random delay to enforce_volatile_reads
Update comments of mbedtls_platform_random_delay
Follow Mbed TLS coding style
Add random delay function to platform_utils
2020-01-17 11:21:16 +02:00
Jarno Lamsa
8f8c0bdfc7
Use mbedtls_platform_memset in data_randomize
...
More secure memset should be used here instead
of standard memset.
2020-01-10 08:19:37 +02:00
Jarno Lamsa
282db8e3f8
Protect get/put on secret data on AES-module
...
When reading the input, buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will start
from a random offset.
2020-01-10 08:19:37 +02:00
Teppo Järvelin
5bc072f737
Fix mbedtls_strerror to work with all wanted codes
2020-01-09 14:22:32 +02:00
Arto Kinnunen
b148651e49
Rename macro MBEDTLS_MAX_RAND_DELAY
...
MBEDTLS_MAX_RAND_DELAY renamed to MAX_RAND_DELAY to get CI passing.
2020-01-09 11:11:23 +02:00
Arto Kinnunen
ac6d226939
Update signature of mbedtls_platform_random_delay
...
Skip parameter and return value from mbedtls_platform_random_delay
to make it more resistant for FI attacks.
2020-01-09 10:19:07 +02:00
Simon Butcher
05ca9d46c1
Merge remote-tracking branch 'public/pr/2979' into baremetal
2020-01-08 18:15:52 +00:00
Simon Butcher
282911eabf
Merge remote-tracking branch 'public/pr/2978' into baremetal
2020-01-08 18:14:21 +00:00
Simon Butcher
01d78fcefe
Merge remote-tracking branch 'public/pr/2971' into baremetal
2020-01-08 18:10:44 +00:00
Simon Butcher
2d9c0eb215
Merge remote-tracking branch 'public/pr/2948' into baremetal
2020-01-08 18:08:28 +00:00
Simon Butcher
4b3b8c208e
Merge remote-tracking branch 'public/pr/2886' into baremetal
2020-01-08 17:53:43 +00:00
Simon Butcher
5dc7faf56e
Merge remote-tracking branch 'public/pr/2956' into baremetal
2020-01-08 17:53:16 +00:00
Jarno Lamsa
bb86c52430
Protect get/put on secret data on sha256-module
...
When reading the input, the buffer will be initialised with random data
and the reading will start from a random offset. When writing the data,
the output will be initialised with random data and the writing will
start from a random offset.
2020-01-08 10:45:51 +02:00
Teppo Järvelin
cafb6c91b0
Clear internal decrypted buffer after read
2020-01-08 10:25:16 +02:00
Arto Kinnunen
0a8f87f5eb
Remove entropy source overwrite in baremetal_test
...
-Do not overwrite MBEDTLS_ENTROPY_MAX_SOURCES in baremetal_test.h
-Skip tests that are not suitable for low number of entropy sources
2020-01-07 14:48:33 +02:00
Arto Kinnunen
7195571681
Replace mbedtls_platform_enforce_volatile_reads 2
...
Replace remaining mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
e91f0dc905
Replace mbedtls_platform_enforce_volatile_reads
...
Replace function mbedtls_platform_enforce_volatile_reads() with
mbedtls_platform_random_delay().
2020-01-07 10:47:58 +02:00
Arto Kinnunen
dbf2b43ceb
Add more variation to random delay countermeasure
...
Add more variation to the random delay function by xor:ing two
variables. It is not enough to increment just a counter to create a
delay as it will be visible as uniform delay that can be easily
removed from the trace by analysis.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
0490485be5
Add random delay to enforce_volatile_reads
...
Add a random delay to mbedtls_platform_enforce_volatile_reads() as a
countermeasure to fault injection attacks.
2020-01-07 10:47:58 +02:00
Arto Kinnunen
9a506e7424
Update comments of mbedtls_platform_random_delay
2020-01-07 10:47:58 +02:00
Arto Kinnunen
b47b105838
Follow Mbed TLS coding style
2020-01-07 10:47:58 +02:00
Arto Kinnunen
4c63b98e94
Add random delay function to platform_utils
...
Add delay function to platform_utils. The function will delay
program execution by incrementing local variable randomised number of
times.
2020-01-07 10:47:58 +02:00
Teppo Järvelin
c2fa3eaa81
Removed dead code after optimization in tinycrypt
2020-01-05 12:02:37 +02:00
Teppo Järvelin
8f7e36fc98
Coverity fixes, check hmac return values
2020-01-05 12:02:37 +02:00
Teppo Järvelin
0b1d7d946d
Coverity fix: dead error condition removed from ecc.c
2020-01-05 12:02:04 +02:00
Simon Butcher
7d2434fac2
Merge remote-tracking branch 'public/pr/2973' into baremetal
2020-01-03 15:52:36 +00:00
Darryl Green
029fe86c53
Fix some pylint warnings
...
Fix a too-long line to meet PEP8 standards
2020-01-03 13:41:20 +00:00
Simon Butcher
1b370a63ec
Merge remote-tracking branch 'public/pr/2960' into baremetal
2019-12-27 18:18:22 +00:00
Simon Butcher
58813498f7
Merge remote-tracking branch 'public/pr/2957' into baremetal
2019-12-27 18:18:04 +00:00
Jarno Lamsa
5aa4c07b85
Minor review fixes
2019-12-20 13:09:27 +02:00
Jarno Lamsa
015aa44b93
Make authmode volatile
...
This is to enforce reading it from memory for the double
check to prevent compiler from optimising it away.
2019-12-20 12:09:37 +02:00
Jarno Lamsa
af60cd7698
Protect the peer_authenticated flag more
...
Add more protection to the flag preventing attacker
possibly to glitch using faulty certificate.
2019-12-20 10:50:33 +02:00
Jarno Lamsa
616fbe177c
Increase hamming distance for authmode
...
Prevent glitching mode by single bit flipping.
2019-12-19 17:07:35 +02:00
Jarno Lamsa
8d09e5744c
Increase hamming distance for session resume flag
...
This is to prevent glitching a single bit for the resume flag.
2019-12-19 17:07:35 +02:00
Jarno Lamsa
489dccd158
Adress review comments
2019-12-19 17:07:35 +02:00
Jarno Lamsa
88db2ae9a0
Use Platform fault when double check fails
2019-12-19 17:07:35 +02:00
Jarno Lamsa
f5b6af01d3
Fix double check in entropy_gather_internal
...
The double check was wrong way, glitching either check
could have compromised the flow there.
2019-12-19 17:07:29 +02:00
Jarno Lamsa
afff4d0679
Remove unused flag
2019-12-19 14:41:56 +02:00
Jarno Lamsa
06164057b3
Check that we have all the proper keys
...
The proper keys should be set at the end of
the handshake, if not, fail the handshake.
2019-12-19 14:40:36 +02:00
Jarno Lamsa
e1621d4700
Check that the peer_authenticated flag
...
Check that the peer has been authenticated in the end
of the handshake.
2019-12-19 14:29:24 +02:00
Jarno Lamsa
ba4730fe4c
Protect setting of peer_authenticated flag
...
Use flow counting and double checks when setting the flag.
Also protect the flow to prevent causing a glitch.
2019-12-19 09:43:25 +02:00
Jarno Lamsa
4031a45019
Protect key_derivation_done flag
...
The flag is used to track that the key derivation
has been done.
2019-12-19 09:43:25 +02:00
Jarno Lamsa
67f0a1e833
Protect setting of premaster_generated flag
...
The flag is used for tracking if the premaster has
been succesfully generated. Note that when resuming
a session, the flag should not be used when trying to
notice if all the key generation/derivation has been done.
2019-12-19 09:43:19 +02:00
Jarno Lamsa
98801af26b
Protect setting of hello_random flag
...
The handshake flag tells when the handshake hello.random
is set and can be used later to decide if we have the correct
keys.
2019-12-19 09:02:02 +02:00
Jarno Lamsa
b57d7fd568
Add flags for protecting TLS state machine
...
Flags are there to prevent skipping vital parts of the TLS
handshake.
2019-12-19 09:01:54 +02:00
Jarno Lamsa
6122b59042
Address review comments
2019-12-19 07:56:10 +02:00