Duplicate sensitive buffer and buffer length information
Detect FI attacks on buffer pointers and buffer lengths.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c
index ca91e12..27cef2e 100644
--- a/tinycrypt/ecc.c
+++ b/tinycrypt/ecc.c
@@ -1234,11 +1234,13 @@
return uECC_valid_point(_public);
}
-int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key)
+int uECC_compute_public_key(const uint8_t * private_key, uint8_t * public_key)
{
int ret = UECC_FAULT_DETECTED;
uECC_word_t _private[NUM_ECC_WORDS];
uECC_word_t _public[NUM_ECC_WORDS * 2];
+ volatile const uint8_t * private_key_dup = private_key;
+ volatile const uint8_t * public_key_dup = public_key;
uECC_vli_bytesToNative(
_private,
@@ -1264,5 +1266,8 @@
uECC_vli_nativeToBytes(
public_key +
NUM_ECC_BYTES, NUM_ECC_BYTES, _public + NUM_ECC_WORDS);
+ if(private_key_dup != private_key || public_key_dup != public_key){
+ return UECC_FAULT_DETECTED;
+ }
return ret;
}
diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index a63c84b..08805eb 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c
@@ -114,6 +114,8 @@
uECC_word_t _private[NUM_ECC_WORDS];
uECC_word_t _public[NUM_ECC_WORDS * 2];
uECC_word_t tries;
+ volatile uint8_t *public_key_dup = public_key;
+ volatile uint8_t *private_key_dup = private_key;
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
/* Generating _private uniformly at random: */
@@ -148,8 +150,12 @@
/* erasing temporary buffer that stored secret: */
mbedtls_platform_memset(_private, 0, NUM_ECC_BYTES);
- return UECC_SUCCESS;
- }
+ if(private_key == private_key_dup &&
+ public_key == public_key_dup){
+ return UECC_SUCCESS;
+ }
+ return UECC_FAULT_DETECTED;
+ }
}
return UECC_FAILURE;
}
@@ -163,6 +169,10 @@
wordcount_t num_words = NUM_ECC_WORDS;
wordcount_t num_bytes = NUM_ECC_BYTES;
int r = UECC_FAULT_DETECTED;
+ volatile const uint8_t *public_key_dup = public_key;
+ volatile const uint8_t *private_key_dup = private_key;
+ volatile const uint8_t *secret_dup = secret;
+
/* Converting buffers to correct bit order: */
uECC_vli_bytesToNative(_private,
@@ -180,6 +190,10 @@
/* erasing temporary buffer used to store secret: */
mbedtls_platform_zeroize(_private, sizeof(_private));
+ if(public_key_dup != public_key || private_key_dup != private_key ||
+ secret_dup != secret){
+ return UECC_FAULT_DETECTED;
+ }
return r;
}
diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
index bb3ed81..b2adb9e 100644
--- a/tinycrypt/ecc_dsa.c
+++ b/tinycrypt/ecc_dsa.c
@@ -146,6 +146,10 @@
uECC_word_t _random[2*NUM_ECC_WORDS];
uECC_word_t k[NUM_ECC_WORDS];
uECC_word_t tries;
+ volatile const uint8_t *private_key_dup = private_key;
+ volatile const uint8_t *message_hash_dup = message_hash;
+ volatile unsigned hash_size_dup = hash_size;
+ volatile uint8_t *signature_dup = signature;
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
/* Generating _random uniformly at random: */
@@ -164,6 +168,10 @@
return r;
}
if (r == UECC_SUCCESS) {
+ if(private_key_dup != private_key || message_hash_dup != message_hash ||
+ hash_size_dup != hash_size || signature_dup != signature){
+ return UECC_FAULT_DETECTED;
+ }
return UECC_SUCCESS;
}
/* else keep trying */
@@ -194,6 +202,11 @@
bitcount_t i;
bitcount_t flow_control;
volatile uECC_word_t diff;
+ volatile const uint8_t *public_key_dup = public_key;
+ volatile const uint8_t *message_hash_dup = message_hash;
+ volatile unsigned hash_size_dup = hash_size;
+ volatile const uint8_t *signature_dup = signature;
+
uECC_word_t _public[NUM_ECC_WORDS * 2];
uECC_word_t r[NUM_ECC_WORDS], s[NUM_ECC_WORDS];
@@ -295,6 +308,10 @@
* 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
*/
if (diff == 0 && flow_control == (num_bits + 5)) {
+ if(public_key_dup != public_key || message_hash_dup != message_hash ||
+ hash_size_dup != hash_size || signature_dup != signature){
+ return UECC_FAULT_DETECTED;
+ }
return UECC_SUCCESS;
}
else {