From 324c6e9cc9768f435f0f13bf66b3df449b94ceb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 6 Nov 2019 11:52:41 +0100 Subject: [PATCH] Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED This can be used by Mbed TLS functions in any module to signal that a fault attack is likely happening, so this can be appropriately handled by the application (report, fall back to safer mode or even halt, etc.) --- include/mbedtls/error.h | 2 +- include/mbedtls/platform.h | 1 + library/error.c | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 31f294f70..a52f9f5db 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -86,7 +86,7 @@ * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 - * PLATFORM 1 0x0070-0x0072 + * PLATFORM 3 0x0070-0x0072 0x0071-0x0071 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 89fe8a7b1..82d5e3355 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -45,6 +45,7 @@ #define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */ #define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */ +#define MBEDTLS_ERR_PLATFORM_FAULT_DETECTED -0x0071 /**< A fault was detected in a critical path, likely indicative of an active physical attack */ #ifdef __cplusplus extern "C" { diff --git a/library/error.c b/library/error.c index c993524fe..77c713374 100644 --- a/library/error.c +++ b/library/error.c @@ -841,6 +841,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) ) mbedtls_snprintf( buf, buflen, "PLATFORM - The requested feature is not supported by the platform" ); + if( use_ret == -(MBEDTLS_ERR_PLATFORM_FAULT_DETECTED) ) + mbedtls_snprintf( buf, buflen, "PLATFORM - A fault was detected in a critical path, likely indicative of an active physical attack" ); #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C)