eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pr/2945' into baremetal

Browse source 
* upstream/pr/2945:
  Rename macro MBEDTLS_MAX_RAND_DELAY
  Update signature of mbedtls_platform_random_delay
  Replace mbedtls_platform_enforce_volatile_reads 2
  Replace mbedtls_platform_enforce_volatile_reads
  Add more variation to random delay countermeasure
  Add random  delay to enforce_volatile_reads
  Update comments of mbedtls_platform_random_delay
  Follow Mbed TLS coding style
  Add random delay function to platform_utils
This commit is contained in:
Arto Kinnunen 2020-01-17 11:21:16 +02:00
commit 10a2ffde5d
10 changed files with 72 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

4
library/entropy.c
View file

@ -273,7 +273,7 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
volatile int strong_fi = ctx->source[i].strong;
if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
have_one_strong_fi = MBEDTLS_ENTROPY_SOURCE_STRONG;
@ -305,7 +305,7 @@ cleanup:
if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( have_one_strong_fi == MBEDTLS_ENTROPY_SOURCE_STRONG )
{
return( ret );

4
library/pk.c
View file

@ -597,7 +597,7 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
if( ret_fi == UECC_SUCCESS )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret_fi == UECC_SUCCESS )
return( 0 );
else
@ -1553,7 +1553,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
if( verify_ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( verify_ret == 0 )
{
return( verify_ret );

34
library/platform_util.c
View file

@ -45,6 +45,9 @@
#include <stddef.h>
#include <string.h>
/* Max number of loops for mbedtls_platform_random_delay */
#define MAX_RAND_DELAY 100
#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
/*
* This implementation should never be optimized out by the compiler
@ -165,13 +168,32 @@ uint32_t mbedtls_platform_random_in_range( size_t num )
#endif
}
/* Some compilers (armcc 5 for example) optimize away successive reads from a
* volatile local variable (which we use as a counter-measure to fault
* injection attacks), unless there is a call to an external function between
* them. This functions doesn't need to do anything, it just needs to be
* in another compilation unit. So here's a function that does nothing. */
void mbedtls_platform_enforce_volatile_reads( void )
void mbedtls_platform_random_delay( void )
{
#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
return;
#else
size_t rn_1, rn_2, rn_3;
volatile size_t i = 0;
uint8_t shift;
rn_1 = mbedtls_platform_random_in_range( MAX_RAND_DELAY );
rn_2 = mbedtls_platform_random_in_range( 0xffffffff ) + 1;
rn_3 = mbedtls_platform_random_in_range( 0xffffffff ) + 1;
do
{
i++;
shift = rn_2 & 0x07;
if ( i % 2 )
rn_2 = (uint32_t)( rn_2 >> shift | rn_2 << ( 32 - shift ) );
else
rn_3 = (uint32_t)( rn_3 << shift | rn_3 >> ( 32 - shift ) );
rn_2 ^= rn_3;
} while( i < rn_1 || rn_2 == 0 || rn_3 == 0 );
return;
#endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT */
}
#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)

8
library/ssl_cli.c
View file

@ -717,7 +717,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
( mbedtls_ssl_conf_get_prng( ssl->conf ), p, 28 );
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->hello_random_set = MBEDTLS_SSL_FI_FLAG_SET;
@ -2369,7 +2369,7 @@ static int ssl_rsa_generate_partial_pms( mbedtls_ssl_context *ssl,
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2442,7 +2442,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl,
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -3071,7 +3071,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{

4
library/ssl_srv.c
View file

@ -4064,7 +4064,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
if( pmscounter == ssl->handshake->pmslen )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( pmscounter == ssl->handshake->pmslen )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -4651,7 +4651,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{

24
library/ssl_tls.c
View file

@ -1938,7 +1938,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
ssl );
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->key_derivation_done = MBEDTLS_SSL_FI_FLAG_SET;
@ -2020,7 +2020,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2063,7 +2063,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2094,7 +2094,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) );
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -2123,7 +2123,7 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
mbedtls_ssl_conf_get_prng( ssl->conf ) );
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret == 0 )
{
ssl->handshake->premaster_generated = MBEDTLS_SSL_FI_FLAG_SET;
@ -7355,7 +7355,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
if( verify_ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( verify_ret == 0 )
{
flow_counter++;
@ -7445,7 +7445,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
( verify_ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
verify_ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
@ -7511,7 +7511,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
flow_counter == 4 )
#endif
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( verify_ret == 0 &&
#if defined(MBEDTLS_ECP_C) || defined(MBEDTLS_USE_TINYCRYPT)
flow_counter == 5 )
@ -7998,7 +7998,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
1 )
#endif
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( authmode == MBEDTLS_SSL_VERIFY_NONE ||
authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@ -8019,7 +8019,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
#if !defined(MBEDTLS_SSL_NO_SESSION_RESUMPTION)
if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ssl->handshake->resume == MBEDTLS_SSL_FI_FLAG_SET )
{
/* When doing session resume, no premaster or peer authentication */
@ -8036,7 +8036,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ssl->handshake->peer_authenticated == MBEDTLS_SSL_FI_FLAG_SET )
{
ret = 0;
@ -8057,7 +8057,7 @@ int mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ssl->handshake->hello_random_set == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->key_derivation_done == MBEDTLS_SSL_FI_FLAG_SET &&
ssl->handshake->premaster_generated == MBEDTLS_SSL_FI_FLAG_SET )

6
library/x509_crt.c
View file

@ -3043,7 +3043,7 @@ check_signature:
if( ret_fi == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( ret_fi == 0 )
signature_is_good = X509_SIGNATURE_IS_GOOD;
}
@ -3549,7 +3549,7 @@ find_parent:
if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
@ -3861,7 +3861,7 @@ exit:
flags_fi = *flags;
if( flags_fi == 0 )
{
mbedtls_platform_enforce_volatile_reads();
mbedtls_platform_random_delay();
if( flags_fi == 0 )
return( 0 );
}