Updates to AES countermeasures
-Update comments regarding flag MBEDTLS_AES_SCA_COUNTERMEASURES
-Remove MBEDTLS_AES_SCA_COUNTERMEASURES dependency check
-More comments and coding style changes
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 40647d5..fe9c594 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -70,10 +70,6 @@
#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES) && !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-#error "MBEDTLS_AES_SCA_COUNTERMEASURES defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1a2de9a..20f1800 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -639,12 +639,12 @@
*
* Add countermeasures against possible side-channel-attack to AES calculation.
*
- * Uncommenting this macro adds three additional calculation rounds to AES
+ * Uncommenting this macro adds additional calculation rounds to AES
* calculation. Additional rounds are using random data and can occur in any
* AES calculation round.
*
- * Tradeoff: Uncommenting this increases ROM footprint by ~800 bytes.
- * The performance loss is 3/11= 27% with 128 bit AES.
+ * Tradeoff: Uncommenting this increases ROM footprint by ~100 bytes.
+ * The performance loss is ~50% with 128 bit AES.
*
* This option is dependent of \c MBEDTLS_ENTROPY_HARDWARE_ALT.
*
diff --git a/library/aes.c b/library/aes.c
index 909b4c5..0ddde52 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -90,7 +90,7 @@
*/
typedef struct _aes_r_data_s {
uint32_t *rk_ptr; /* Round Key */
- uint32_t xy_values[8]; /* X0, X1, X2, X3, Y0, U1, Y2, Y3 */
+ uint32_t xy_values[8]; /* X0, X1, X2, X3, Y0, Y1, Y2, Y3 */
} aes_r_data_t;
#if defined(MBEDTLS_AES_SCA_COUNTERMEASURES)
@@ -547,20 +547,20 @@
is_unique_number = 0;
tbl[num] = 0x10;
}
- } while ( is_unique_number == 1 );
+ } while( is_unique_number == 1 );
}
// Fill start/final round control data
num = /* mbedtls_platform_random_in_range( tbl_len - 1 ) */rand() % 0xff;
if( ( num % 2 ) == 0 )
{
- tbl[tbl_len - 2] = 0x10;
- tbl[tbl_len - 1] = 0x0;
+ tbl[tbl_len - 2] = 0x10; // fake data
+ tbl[tbl_len - 1] = 0x0; // real data
}
else
{
- tbl[tbl_len - 2] = 0x00;
- tbl[tbl_len - 1] = 0x10;
+ tbl[tbl_len - 2] = 0x00; // real data
+ tbl[tbl_len - 1] = 0x10; // fake data
}
#endif /* AES_SCA_CM_ROUNDS != 0 */
@@ -572,7 +572,7 @@
{
if( is_even_pos == 1 )
{
- tbl[i] = 0x04; // real data, offset 0
+ tbl[i] = 0x04; // real data, offset 4
is_even_pos = 0;
}
else