aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrzej Kurek <andrzej.kurek@arm.com>2020-06-04 08:09:53 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>2020-06-10 05:12:34 -0400
commit78f77eb4e63516fedcc9b07bc17cbffa19cb9c8f (patch)
tree3aad0d34b9dbba1ff59d2dd1d6d8833cce4608db
parent0da03c70e95ddf92a5c221a5a25d637f249745c6 (diff)
downloadmbed-tls-78f77eb4e63516fedcc9b07bc17cbffa19cb9c8f.tar.gz
Add flow control to sha256
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
-rw-r--r--library/sha256.c57
1 files changed, 54 insertions, 3 deletions
diff --git a/library/sha256.c b/library/sha256.c
index 4dcec8965..07b899d07 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -34,6 +34,7 @@
#include "mbedtls/sha256.h"
#include "mbedtls/platform_util.h"
+#include "mbedtls/platform.h"
#include <string.h>
@@ -187,6 +188,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
{
uint32_t temp1, temp2, W[64];
uint32_t A[8];
+ uint32_t flow_ctrl = 0;
unsigned int i;
SHA256_VALIDATE_RET( ctx != NULL );
@@ -203,13 +205,20 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
for( i = offset; i < 16; i++ )
{
W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] );
+ flow_ctrl++;
}
for( i = 0; i < offset; i++ )
{
W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] );
+ flow_ctrl++;
}
}
+ if( flow_ctrl != 16 )
+ {
+ return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+ }
+
for( i = 0; i < 64; i++ )
{
if( i >= 16 )
@@ -219,10 +228,20 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
+ flow_ctrl++;
+ }
+
+ if( flow_ctrl != 80 )
+ {
+ return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
}
+
#else /* MBEDTLS_SHA256_SMALLER */
for( i = 0; i < 16; i++ )
+ {
W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] );
+ flow_ctrl++;
+ }
for( i = 0; i < 16; i += 8 )
{
@@ -234,6 +253,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
+ flow_ctrl++;
}
for( i = 16; i < 64; i += 8 )
@@ -246,13 +266,29 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
+ flow_ctrl++;
+ }
+
+ /* 16 from the first loop, 2 from the second and 6 from the third. */
+ if( flow_ctrl != 24 )
+ {
+ return MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
}
#endif /* MBEDTLS_SHA256_SMALLER */
+ flow_ctrl = 0;
for( i = 0; i < 8; i++ )
+ {
ctx->state[i] += A[i];
+ flow_ctrl++;
+ }
- return( 0 );
+ if( flow_ctrl == 8 )
+ {
+ return( 0 );
+ }
+
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -314,7 +350,12 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
if( ilen > 0 )
mbedtls_platform_memcpy( (void *) (ctx->buffer + left), input, ilen );
- return( 0 );
+ /* Re-check ilen to protect from a FI attack */
+ if( ilen < 64 )
+ {
+ return( 0 );
+ }
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -336,6 +377,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
uint32_t used;
uint32_t high, low;
uint32_t offset = 0;
+ uint32_t flow_ctrl = 0;
SHA256_VALIDATE_RET( ctx != NULL );
SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
@@ -346,6 +388,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
used = ctx->total[0] & 0x3F;
ctx->buffer[used++] = 0x80;
+ flow_ctrl++;
if( used <= 56 )
{
@@ -372,6 +415,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
(void)mbedtls_platform_put_uint32_be( ctx->buffer + 56, high );
(void)mbedtls_platform_put_uint32_be( ctx->buffer + 60, low );
+ flow_ctrl++;
if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
return( ret );
@@ -388,6 +432,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
{
(void)mbedtls_platform_put_uint32_be( &output[o_pos],
ctx->state[s_pos] );
+ flow_ctrl++;
}
#if !defined(MBEDTLS_SHA256_NO_SHA224)
@@ -399,8 +444,14 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
{
(void)mbedtls_platform_put_uint32_be( &output[o_pos],
ctx->state[s_pos] );
+ flow_ctrl++;
}
- return( 0 );
+ /* flow ctrl was incremented twice and then 7 times in two loops */
+ if( flow_ctrl == 9 )
+ {
+ return( 0 );
+ }
+ return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
}
#if !defined(MBEDTLS_DEPRECATED_REMOVED)