Commit Graph

10235 Commits

Author SHA1 Message Date
Arto Kinnunen
7543901b6a Follow Mbed TLS coding style
Fix remaining if-clauses.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
425137a0fa Follow Mbed TLS coding style
-Fix multiple for clauses
-Remove redundant check
2019-12-10 14:54:43 +02:00
Arto Kinnunen
c3532c2339 Improve SCA CM AES performance
SCA CM implementation caused AES performance drop. For example
AES-CCM-128 calculation speed was dropped from 240 KB/s to 111 KB/s.
(-54%), Similarily AES-CBC-128 calculation speed was dropped from
536 KB/s to 237 KB/s (-56%).

Use functions instead of macros to reduce code indirections and
therefore increase performance. Now the performance is 163 KB/s for
AES-CCM-128 (-32%) and 348 KB/s for AES-CBC-128 (-35%).

When SCA countermeasures are activated the performance is as follows:
122 KB/s for AES-CCM-128 (-49%) and 258 KB/s for AES-CBC-128 (-52%)
compared to the original AES implementation.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
172836a281 Rework AES countermeasures implementation
Use control bytes to instruct AES calculation rounds. Each
calculation round has a control byte that indicates what data
(real/fake) is used and if any offset is required for AES data
positions.

First and last AES calculation round are calculated with SCA CM data
included. The calculation order is randomized by the control bytes.

Calculations between the first and last rounds contains 3 SCA CMs
in randomized positions.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
b2be92e2c7 Update AES SCA flag to version_features.c 2019-12-10 14:54:43 +02:00
Arto Kinnunen
43980a09e0 Add AES SCA countermeasures to query_config
Add MBEDTLS_AES_SCA_COUNTERMEASURES flag to query_config so that
flag value can be queried.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
2231138c18 Disable AES SCA countermeasures from full config
Disable AES SCA countermeasures from full config. Otherwise
check_config will break the builds due inproper configuration.
2019-12-10 14:54:43 +02:00
Arto Kinnunen
45a475f293 Follow Mbed TLS coding style 2019-12-10 14:54:43 +02:00
Arto Kinnunen
430ac13112 Add config and test for AES SCA countermeasures
- Add configuration for AES_SCA_COUNTERMEASURES to config.h. By
  default the feature is disabled.
- Add AES_SCA_COUNTERMEASURES configuration check to check_config.h
- Add AES_SCA_COUNTERMEASURES test to all.sh
2019-12-10 14:54:43 +02:00
Arto Kinnunen
f93d55e3ce Add SCA countermeasures to AES calculation
- 3 additional dummy AES rounds calculated with random data for each
  AES encryption/decryption
- additional rounds can be occur in any point in sequence of rounds
2019-12-10 14:54:43 +02:00
Simon Butcher
0252cd6876 Merge remote-tracking branch 'public/pr/2940' into baremetal 2019-12-05 14:32:54 +00:00
Simon Butcher
501c466d01 Merge remote-tracking branch 'public/pr/2934' into baremetal 2019-12-05 14:32:44 +00:00
Simon Butcher
5b45c6e1b3 Merge remote-tracking branch 'public/pr/2932' into baremetal 2019-12-05 14:32:31 +00:00
Simon Butcher
7c5de360da Merge remote-tracking branch 'public/pr/2922' into baremetal 2019-12-05 14:31:03 +00:00
Simon Butcher
098846287f Merge remote-tracking branch 'public/pr/2918' into baremetal 2019-12-05 14:27:29 +00:00
Teppo Järvelin
e06e039f7a Fix basic-build-test.sh to work in different env
Also added possibility to run only unit tests
2019-11-29 11:05:11 +02:00
Manuel Pégourié-Gonnard
766c9e9781 Improve description of ERR_PLATFORM_FAULT_DETECTED 2019-11-29 09:40:08 +01:00
Manuel Pégourié-Gonnard
65be6b48de Add compile guard in platform.h
We may want to include it just for the errors it defines without having all of
the other defines that only make sense when PLATFORM_C is enabled.
2019-11-28 12:51:45 +01:00
Arto Kinnunen
ec37a89bf3 Save ROM by using int instead of char
Save 20 bytes of ROM by changing variable type from char to int.
2019-11-28 13:43:02 +02:00
Manuel Pégourié-Gonnard
9ca11fc892 Fix issues found by the CI
- MSVC doesn't like -1u
- We need to include platform.h for MBEDTLS_ERR_PLATFORM_FAULT_DETECTED - in
  some configurations it was already included indirectly, but not in all
configurations, so better include it directly.
2019-11-28 12:07:01 +01:00
Manuel Pégourié-Gonnard
6bdc6809da Initialise variables to failing values 2019-11-28 10:40:03 +01:00
Arto Kinnunen
c5bbdd411c Include platform.h in hmac_drbg.c and md.c
Include platform.h to find MBEDTLS_ERR_PLATFORM_FAULT_DETECTED.
2019-11-25 17:32:28 +02:00
Arto Kinnunen
5299a42f25 Update HMAC and MD FI countermeasures
-Return error value by default.
-Success is returned only after checking internal states.
-Append flow_control to cover also last function call.
2019-11-25 16:29:10 +02:00
Arto Kinnunen
5b36693774 Harden hmac_drbg and md against fault injection
-Add flow monitor, loop integrity check and variable doubling to
 harden mbedtls_hmac_drbg_update_ret.

-Use longer hamming distance for nonce usage in hmac_drbg_reseed_core

-Return actual value instead of success in mbedtls_hmac_drbg_seed and
 mbedtls_hmac_drbg_seed_buf

-Check illegal condition in hmac_drbg_reseed_core.

-Double buf/buf_len variables in mbedtls_hmac_drbg_random_with_add

-Add more hamming distance to MBEDTLS_HMAC_DRBG_PR_ON/OFF
2019-11-25 13:45:44 +02:00
Simon Butcher
45fd0d68d9 Add USE_TINYCRYPT build option to CMake files
Adds the USE_TINYCRYPT build option to the CMake build files. Default is
enabled.
2019-11-22 16:56:17 +00:00
Simon Butcher
9699887185 Add Makefile option to exclude TinyCrypt files
Added an additional Makefile option of 'TINYCRYPT_BUILD' to exclude the
TinyCrypt source files from the build. This allows some tests to exclude those
files as and when necessary.

Specifically this includes in all.sh the test
'component_build_arm_none_eabi_gcc_no_64bit_multiplication' which was failing as
64bit cannot be disabled in TinyCrypt, and check-names.sh as TinyCrypt obviously
does not conform to Mbed TLS naming conventions.
2019-11-22 15:09:39 +00:00
Simon Butcher
35e535a74a Remove TinyCrypt config condition in source files
This commit removes from the TinyCrypt header and source code files, the
configuration condition on MBEDTLS_USE_TINYCRYPT to include the file
contents.

This is to allow use of the library by the Factory Tool without enabling
MBEDTLS_USE_TINYCRYPT, and also removes a modification we've made to make the
code closer to the upstream TinyCrypt making it easier to maintain.
2019-11-21 17:54:16 +00:00
Manuel Pégourié-Gonnard
18761926a8 Fix double-check for bad signature
In the previous version, it was enough for the attacker to glitch the
top-level 'if' to skip the entire block. We want two independent blocks here,
so that an attacker can only succeed with two successive glitches.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
4c9b556e38 Add double-check for flags == 0 in crt_verify()
Also move to "default flow assumes failure" while at it.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
ea7eab1fde Add redundancy (Hamming distance) to cert flags
Before this commit, if a certificate only had one issue (for example, if the
"untrusted" bit was the only set in flags), an attacker that could flip this
single bit between the moment it's set and the moment flags are checked before
returning from mbedtls_x509_crt_verify() could make the entire verification
routine appear to succeed (return 0 with no bit set in flags).

Avoid that by making sure that flags always has either 0 or at least 9 bits
set during the execution of the function. However, to preserve the API, clear
the 8 extra bits before returning. This doesn't open the door to other
attacks, as fortunately the API already had redundancy: either both flags and
the return value are 0, or flags has bits set and the return value is non-zero
with at least 16 bits set (assuming 32-bit 2-complement ints).
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
81c1fc4132 Add double check on bad signature flagging 2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
f66657ac44 Use large Hamming distance for signature validity
If signature_is_good is 0 (invalid) of 1 (valid), then it's all too easy for
an active physical attacker to turn invalid into valid by flipping a single
bit in RAM, on the bus or in a CPU register.

Use a special value to represent "valid" that can't easily be reached by
flipping a few bits.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
d1e55dfce6 Add double check on cert signature verification
x509_crt_check_signature() directly returns the return value of
pk_verify_xxx() without looking at it, so nothing to do here. But its caller
compares the value to 0, which ought to be double-checked.
2019-11-21 15:32:45 +01:00
Manuel Pégourié-Gonnard
72a8c9e7dc Force some compilers to respect volatile reads
Inspection of the generated assembly showed that before this commit, armcc 5
was optimizing away the successive reads to the volatile local variable that's
used for double-checks. Inspection also reveals that inserting a call to an
external function is enough to prevent it from doing that.

The tested versions of ARM-GCC, Clang and Armcc 6 (aka armclang) all keep the
double read, with our without a call to an external function in the middle.

The inserted function can also be changed to insert a random delay if
desired in the future, as it is appropriately places between the reads.
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
ca7b5ab5ef Use double-checking of critical value in pk_verify()
Also change the flow so that the default return value is a failing one.
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
324c6e9cc9 Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED
This can be used by Mbed TLS functions in any module to signal that a fault
attack is likely happening, so this can be appropriately handled by the
application (report, fall back to safer mode or even halt, etc.)
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
e6d6f17738 Add double-checking of critical value in uECC_verify()
This hardens against attacks that glitch the conditional branch by making it
necessary for the attacker to inject two consecutive faults instead of one. If
desired, we could insert a random delay in order to further protect against
double-glitch attacks.

Also, when a single glitch is detected we report it.
2019-11-21 15:14:59 +01:00
Manuel Pégourié-Gonnard
2b6312b7d9 Harden return value of uECC_vli_equal()
Previously it was returning 0 or 1, so flipping a single bit in the return
value reversed its meaning. Now it's returning the diff itself.

This is safe because in the two places it's used (signature verification and
point validation), invalid values will have a large number of bits differing
from the expected value, so diff will have a large Hamming weight.

An alternative would be to return for example -!(diff == 0), but the
comparison itself is prone to attacks (glitching the appropriate flag in the
CPU flags register, or the conditional branch if the comparison uses one). So
we'd need to protect the comparison, and it's simpler to just skip it and
return diff itself.
2019-11-21 15:12:44 +01:00
Manuel Pégourié-Gonnard
10d8e8ed64 Use safer return values in uECC_verify()
This is a first step in protecting against fault injection attacks: the
attacker can no longer change failure into success by flipping a single bit.
Additional steps are needed to prevent other attacks (instruction skip etc)
and will be the object of future commits.

The return value of uECC_vli_equal() should be protected as well, which will
be done in a future commit as well.
2019-11-21 15:12:44 +01:00
Manuel Pégourié-Gonnard
c05f1506f4 Introduce return values for tinycrypt functions
Currently functions that may return success or failure tend to do so by
returning 0 or 1. If an active physical attacker can flip a bit in memory or
registers at the right time, they may easily change a failure value into a
success value, with potentially catastrophic security consequences.

As typical attackers can only flip a few bits, an element of protection
against such attacks is to ensure a sufficient Hamming distance between
failure values and the success value. This commit introduces such values,
which will put to use in critical functions in future commits.

In addition to SUCCESS and FAILURE, a third value ATTACK_DETECTED is
introduced, which can be used later when suspicious-looking events are noticed
(static data changed when it shouldn't, double condition checking returning
inconsistent results, etc.).

Values are chosen so that Hamming distances are large, and that no value is
the complement of another, in order to avoid unwanted compiler optimisations.

Note: the error values used by Mbed TLS are already safe (assuming 32-bit
integers) as they are of the form -x with x in the range [1, 2^15) so their
Hamming distance with the success value (0) is at least 17, so it's hard for
an attacker to turn an error value into the success value (or vice-versa).
2019-11-21 15:10:02 +01:00
Simon Butcher
a3877007e6 Merge remote-tracking branch 'public/pr/2876' into baremetal 2019-11-20 12:00:18 +00:00
Simon Butcher
c759b88194 Merge remote-tracking branch 'public/pr/2889' into baremetal 2019-11-20 12:00:06 +00:00
Simon Butcher
b2af693900 Merge remote-tracking branch 'public/pr/2910' into baremetal 2019-11-20 11:59:55 +00:00
Simon Butcher
4965466614 Merge remote-tracking branch 'public/pr/2930' into baremetal 2019-11-20 11:59:46 +00:00
Manuel Pégourié-Gonnard
1e96b46b03 Disable use of HRNG in SCA-hardened mem-functions
This is a temporary work-around for an integration issue.

A future task will re-integrate randomness into these functions are their
entire point is to be randomized; this is really just temporary.
2019-11-19 11:49:05 +01:00
Manuel Pégourié-Gonnard
c881486bb2 Fix off-by-one number of extra operations
This caused a performance issue.
2019-11-05 10:32:37 +01:00
Manuel Pégourié-Gonnard
ad166d8db7 Also check curve in verify()
This is the only function that performs computations without calling
EccPoint_mult_safer() and that didn't have that guard yet.
2019-11-04 15:53:24 +01:00
Manuel Pégourié-Gonnard
913534837a Hardcode numwords in vli_modInv 2019-11-04 15:53:22 +01:00
Manuel Pégourié-Gonnard
3e20adf533 Hardcode numwords in vli_modMult 2019-11-04 15:53:20 +01:00
Manuel Pégourié-Gonnard
10349e4912 Hardcode numwords in vli_mmod 2019-11-04 15:53:19 +01:00