Piotr Nowicki
26c33692b0
Fix CI failure.
...
For ASanDbg tests of the earlier implementation of the
mbedtls_platform_random_in_range(), there was no case where ‘shift’
value was zero. Such a case generated a bit shift of 32, which is treated
as an error by ASanDbg. Increasing the ‘shift’ value by one ensures that
it will always be non-zero.
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-11 16:41:34 +02:00
Piotr Nowicki
057daa3b28
Random delay can be disabled in configuration
...
Use random delay depending on whether MBEDTLS_FI_COUNTERMEASURES is defined
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-11 16:41:34 +02:00
Piotr Nowicki
77b7a7754c
Expanded the random number generator in the platform_util.c
file
...
The earlier implementation had two problems: the random generator always
returned 0 if the MBEDTLS_ENTROPY_HARDWARE_ALT flag was not defined and there
was no protection needed if the HW RNG was malfunctioning. Both these problems
have been solved in this commit by adding the linear congruential generator algorithm.
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-11 16:41:34 +02:00
Piotr Nowicki
8656fc6525
Change the value type in the mbedtls_platform_random_in_range()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-11 16:38:25 +02:00
Piotr Nowicki
fa635dfaa1
Merge pull request #3448 from piotr-now/platform_util
...
Renamed mbedtls_platform_memcmp() to mbedtls_platform_memequal()
2020-08-11 14:30:35 +02:00
Andrzej Kurek
8fba6e99ce
Merge pull request #3532 from AndrzejKurek/fi-hmac-drbg-fixes
...
Fi-related hmac_drbg fixes
2020-08-10 19:02:25 +02:00
Andrzej Kurek
0305753d7a
Merge pull request #3477 from AndrzejKurek/aes-fake-key
...
Use a fake random key in AES calculations
2020-08-10 13:05:46 +02:00
Piotr Nowicki
e3c4ee51b2
Rename mbedtls_platform_memcmp() to mbedtls_platform_memequal()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-08-10 12:41:00 +02:00
Shelly Liberman
c6319a70ab
Merge pull request #3514 from shelib01/fi_write_user_data
...
Fi write user data
2020-08-06 07:41:15 +03:00
Shelly Liberman
3799fc1578
Splitting buffers comment added
...
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-08-05 17:53:31 +03:00
Shelly Liberman
c6a7e6b0c4
Enhancement fixes
...
Co-authored-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-08-05 15:40:15 +03:00
shelib01
4062d6ca68
Add user pointer and data size duplication to ssl context.
...
Signed-off-by: Shelly Liberman <shelly.liberman@arm.com>
2020-08-05 15:01:05 +03:00
Andrzej Kurek
e9cb642748
Merge pull request #3516 from AndrzejKurek/fi-pkparse-changes
...
FI-related pkparse.c fixes
2020-08-03 12:14:22 +02:00
Andrzej Kurek
7400fae7ee
Merge pull request #3510 from AndrzejKurek/fi-pk-fixes
...
pk.c FI-related fixes
2020-08-03 12:14:06 +02:00
Andrzej Kurek
898d330148
Merge pull request #3500 from AndrzejKurek/fi-sha256-fixes
...
Introduce sha256 security review fixes
2020-08-03 12:13:40 +02:00
Andrzej Kurek
84afe68ad4
Merge pull request #3509 from AndrzejKurek/fi-x509-changes
...
x509.c: Remove one unnecessary cast
2020-08-03 12:11:47 +02:00
Andrzej Kurek
4353b698ed
hmac_drbg: make no reseeding behaviour explicit
...
Add a flag to the hmac_drbg context that will signal that reseeding is not required.
Change tests and one ecdsa call to not use reseeding, as was the previous case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-19 09:00:18 -04:00
Andrzej Kurek
fac2f9b4ce
aes: move the fake key operations to AES_SCA_COUNTERMEASURES define
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-19 05:01:44 -04:00
Andrzej Kurek
f6265441b0
hmac_drbg: fix default value of the prediction resistance in ctx
...
After changing the possible prediction resistance values to have more
hamming distance between them, 0 (default initialization value) no
longer meant no prediction resistance.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-18 07:09:04 -04:00
Andrzej Kurek
6bc37fa4e2
hmac_drbg: set_entropy_len can now return an error
...
Make mbedtls_hmac_drbg_set_entropy_len return an error
in case of a too long entropy length setting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-18 06:05:03 -04:00
Andrzej Kurek
9167aa96f8
hmac_drbg: change two variables to be volatile
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-18 06:02:59 -04:00
Andrzej Kurek
e78775eed2
Use a fake random key in AES calculations
...
Create an additional field in the AES context to store a randomized fake key.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-18 05:21:32 -04:00
Andrzej Kurek
8917326d7b
Introduce sha256 security review fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-18 00:42:39 -04:00
Andrzej Kurek
3403969645
Add a comment regarding remaining space check
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-17 05:49:47 -04:00
Andrzej Kurek
a9a5ff5f31
aes: add a comment about expected keybits value.
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-17 03:28:32 -04:00
Andrzej Kurek
11ddf25828
Add minor FI countermeasures improvements
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-17 03:28:32 -04:00
Andrzej Kurek
189ee74a82
Add a platform function to return a random uint32_t
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-17 03:28:32 -04:00
Andrzej Kurek
3ed65d2b84
Add a return from pk_get_ueccpubkey if uecc_public_key_read_binary fails
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-17 02:17:38 -04:00
Andrzej Kurek
a798e5d5cc
Introduce additional buffer size checks to pk.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-16 11:32:53 -04:00
Andrzej Kurek
ddc2db4c13
x509.c: Remove one unnecessary cast
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-16 04:41:48 -04:00
Andrzej Kurek
afec8853c5
Revert a part of the sensitive information duplication changes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-15 16:31:27 -04:00
Andrzej Kurek
c417c783e5
Merge pull request #3481 from AndrzejKurek/fi_duplicate_buffers_2
...
Duplicate sensitive buffer and buffer length information
2020-07-15 11:56:36 +02:00
Andrzej Kurek
45e719983f
Minor formatting and cosmetic changes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-08 10:09:44 -04:00
Andrzej Kurek
ca60937cf9
Add buffer and context clearing upon suspected FI
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-08 09:25:49 -04:00
Andrzej Kurek
0919b142b6
Formatting changes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-06 15:28:59 -04:00
Andrzej Kurek
84bde419e1
Add FI countermeasures to the ssl module
...
This commit adds mainly buffer pointer and length duplication and checks,
but also some hamming distance and return values checking improvements.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-06 15:27:34 -04:00
Andrzej Kurek
74f7d0f03d
Duplicate sensitive buffer and buffer length information
...
Detect FI attacks on buffer pointers and buffer lengths.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-07-06 14:28:12 -04:00
Shelly Liberman
a24c8414cf
Merge pull request #3439 from piotr-now/fic_switch
...
Add FI countermeasures for sensitive switch instructions
2020-07-05 10:55:13 +03:00
Piotr Nowicki
78fc139121
Add FI countermeasures for sensitive switch instructions
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-30 14:11:52 +02:00
Andrzej Kurek
77647bd03b
Wrap AES 192 and 256 info structures in !AES_ONLY_128_BIT_KEY_LENGTH
...
This reduces the code size by not compiling in unnecessary info structures
when using only 128 bit AES.
Co-authored by: AnttiKauppila <antti.kauppila@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-06-30 05:03:19 -04:00
Andrzej Kurek
98c847a483
Merge pull request #3395 from AndrzejKurek/sha-flow_ctrl
...
Add flow control to sha256
2020-06-22 11:30:53 +01:00
Andrzej Kurek
e5425a0944
Merge pull request #3408 from AndrzejKurek/hamming-distance-improvements
...
Hamming distance improvements
2020-06-22 08:28:55 +01:00
Piotr Nowicki
f523c47578
Merge pull request #3403 from piotr-now/sca_memmove
...
Add mbedtls_platform_memmove() as a secured memcmp()
2020-06-10 14:52:02 +02:00
Piotr Nowicki
ce0aab4474
Add new error code PLATFORM_ALLOC_FAILED for mbedtls_platform_memmove()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-10 13:51:32 +02:00
Andrzej Kurek
78f77eb4e6
Add flow control to sha256
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-06-10 05:12:34 -04:00
Piotr Nowicki
5d5841f450
Add mbedtls_platform_memmove() as a secured memcmp()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-09 14:31:55 +02:00
Piotr Nowicki
e048b91d25
Add returning a FAULT_DETECTED error on suspected FI attacks
...
The change applies to the places where we prevent double synchronous
FI attacks with random delay, and where we do not respond to their
detection. The response to such an attack should be to return the
appropriate error code.
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-09 12:00:42 +02:00
Andrzej Kurek
8f52a8a8c0
Improve the Hamming distance of ssl_hs_is_proper_fragment return values
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-06-08 11:02:22 -04:00
Piotr Nowicki
b06ec05dc0
Add comment for mbedtls_platform_random_delay()
...
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-06-08 14:21:38 +02:00
Andrzej Kurek
478b05c34c
Merge pull request #3355 from AndrzejKurek/fi_error_codes
...
Change the default value of status variables to an error
2020-06-08 08:57:33 +01:00