eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add minor FI countermeasures improvements

Browse source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-06-24 17:33:39 -04:00
parent 189ee74a82
commit 11ddf25828
No known key found for this signature in database
GPG key ID: 89A90840DC388527
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
library/aes.c
View file

@ -552,7 +552,7 @@ static int aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
int i = 0, j, is_even_pos, dummy_rounds, num; int i = 0, j, is_even_pos, dummy_rounds, num;
mbedtls_platform_memset( tbl, 0, tbl_len ); mbedtls_platform_memset( tbl, 0, tbl_len );
// get random from 0x0fff (each f will be used separately) // get random from 0x0fff
num = mbedtls_platform_random_in_range( 0x1000 ); num = mbedtls_platform_random_in_range( 0x1000 );
// Randomize execution order of initial round key addition // Randomize execution order of initial round key addition
@ -570,7 +570,7 @@ static int aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
tbl_len = tbl_len - (AES_SCA_CM_ROUNDS - dummy_rounds); tbl_len = tbl_len - (AES_SCA_CM_ROUNDS - dummy_rounds);
// randomize positions for the dummy rounds // randomize positions for the dummy rounds
num = ( num & 0x000f ) % ( dummy_rounds + 1 ); num = ( num & 0x0fff ) % ( dummy_rounds + 1 );
// add dummy rounds after initial round key addition (if needed) // add dummy rounds after initial round key addition (if needed)
for ( ; i < num + 2; i++ ) for ( ; i < num + 2; i++ )
@ -725,7 +725,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) ); return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
#endif #endif
mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 ); mbedtls_platform_memset( RK, 0, keybits >> 3 );
offset = mbedtls_platform_random_in_range( keybits >> 5 ); offset = mbedtls_platform_random_in_range( keybits >> 5 );
for( j = offset; j < ( keybits >> 5 ); j++ ) for( j = offset; j < ( keybits >> 5 ); j++ )
@ -1089,7 +1089,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
do do
{ {
GET_UINT32_LE( aes_data_real.xy_values[i], input, ( i * 4 ) ); GET_UINT32_LE( aes_data_real.xy_values[i], input, ( i * 4 ) );
aes_data_fake.xy_values[i] = mbedtls_platform_random_in_range( 0xffffffff ); aes_data_fake.xy_values[i] = mbedtls_platform_random_uint32();
flow_control++; flow_control++;
} while( ( i = ( i + 1 ) % 4 ) != offset ); } while( ( i = ( i + 1 ) % 4 ) != offset );