commit 74f7d0f03de292474ed16500575aee45758fa491
author Andrzej Kurek <andrzej.kurek@arm.com> Mon Jul 06 14:28:12 2020 -0400
committer Andrzej Kurek <andrzej.kurek@arm.com> Mon Jul 06 14:28:12 2020 -0400
tree 8c7c27d291705e8bd54131673e0810729c66cc8a
parent 98c847a4834eff8cd9b27b3ac5bbf30668578b48

Duplicate sensitive buffer and buffer length information

Detect FI attacks on buffer pointers and buffer lengths.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/sha256.c

diff --git a/library/sha256.c b/library/sha256.c
index 07b899d..bf52eae 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -310,7 +310,9 @@
     int ret;
     size_t fill;
     uint32_t left;
-
+    volatile const unsigned char *input_dup = input;
+    volatile size_t ilen_dup = ilen;
+    size_t ilen_change;
     SHA256_VALIDATE_RET( ctx != NULL );
     SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
 
@@ -353,7 +355,12 @@
     /* Re-check ilen to protect from a FI attack */
     if( ilen < 64 )
     {
-        return( 0 );
+        /* Re-check that the calculated offsets are correct */
+        ilen_change = ilen_dup - ilen;
+        if( ( input_dup + ilen_change ) == input )
+        {
+            return( 0 );
+        }
     }
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
@@ -472,8 +479,10 @@
                         unsigned char output[32],
                         int is224 )
 {
-    int ret;
+    int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
     mbedtls_sha256_context ctx;
+    volatile const unsigned char *input_dup = input;
+    volatile size_t ilen_dup = ilen;
 
     SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
     SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
@@ -493,7 +502,11 @@
 exit:
     mbedtls_sha256_free( &ctx );
 
-    return( ret );
+    if( input_dup == input && ilen_dup == ilen )
+    {
+        return( ret );
+    }
+    return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)