Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED
This can be used by Mbed TLS functions in any module to signal that a fault
attack is likely happening, so this can be appropriately handled by the
application (report, fall back to safer mode or even halt, etc.)
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 31f294f..a52f9f5 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -86,7 +86,7 @@
* CHACHA20 3 0x0051-0x0055
* POLY1305 3 0x0057-0x005B
* CHACHAPOLY 2 0x0054-0x0056
- * PLATFORM 1 0x0070-0x0072
+ * PLATFORM 3 0x0070-0x0072 0x0071-0x0071
*
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 89fe8a7..82d5e33 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -45,6 +45,7 @@
#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070 /**< Hardware accelerator failed */
#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */
+#define MBEDTLS_ERR_PLATFORM_FAULT_DETECTED -0x0071 /**< A fault was detected in a critical path, likely indicative of an active physical attack */
#ifdef __cplusplus
extern "C" {
diff --git a/library/error.c b/library/error.c
index c993524..77c7133 100644
--- a/library/error.c
+++ b/library/error.c
@@ -841,6 +841,8 @@
mbedtls_snprintf( buf, buflen, "PLATFORM - Hardware accelerator failed" );
if( use_ret == -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) )
mbedtls_snprintf( buf, buflen, "PLATFORM - The requested feature is not supported by the platform" );
+ if( use_ret == -(MBEDTLS_ERR_PLATFORM_FAULT_DETECTED) )
+ mbedtls_snprintf( buf, buflen, "PLATFORM - A fault was detected in a critical path, likely indicative of an active physical attack" );
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_POLY1305_C)