Harden hmac_drbg and md against fault injection
-Add flow monitor, loop integrity check and variable doubling to harden mbedtls_hmac_drbg_update_ret. -Use longer hamming distance for nonce usage in hmac_drbg_reseed_core -Return actual value instead of success in mbedtls_hmac_drbg_seed and mbedtls_hmac_drbg_seed_buf -Check illegal condition in hmac_drbg_reseed_core. -Double buf/buf_len variables in mbedtls_hmac_drbg_random_with_add -Add more hamming distance to MBEDTLS_HMAC_DRBG_PR_ON/OFF
This commit is contained in:
Arto Kinnunen
parent
72a8c9e7dc
commit
5b36693774
3 changed files with 101 additions and 30 deletions
15
library/md.c
15
library/md.c
|
|
@ -575,15 +575,28 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
|
|||
if( ( ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ) ) != 0 )
|
||||
goto cleanup;
|
||||
|
||||
i++; // Use i as flow control
|
||||
|
||||
if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, ipad,
|
||||
mbedtls_md_info_block_size( md_info ) ) ) != 0 )
|
||||
{
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
i++; // Use i as flow control now
|
||||
|
||||
cleanup:
|
||||
mbedtls_platform_zeroize( sum, sizeof( sum ) );
|
||||
|
||||
if ( ret == 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
|
||||
/* Check possible fault injection */
|
||||
if ( ( i - 2 ) == keylen ) {
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
|
|
@ -653,7 +666,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
|
|||
if( ( ret = mbedtls_md_info_finish( md_info, ctx->md_ctx, output ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue