Add flow montitor to the mbedtls_platform_memset()
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 8d00eba..1f45b1c 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -161,8 +161,11 @@
* \param buf Buffer to be zeroized
* \param len Length of the buffer in bytes
*
+ * \return The value of \p buf if the operation was successful.
+ * \return NULL if a potential FI attack was detected or input parameters
+ * are not valid.
*/
-void mbedtls_platform_zeroize( void *buf, size_t len );
+void *mbedtls_platform_zeroize( void *buf, size_t len );
/**
* \brief Secure memset
@@ -176,7 +179,8 @@
* \param value Value to be used when setting the buffer.
* \param num The length of the buffer in bytes.
*
- * \return The value of \p ptr.
+ * \return The value of \p ptr if the operation was successful.
+ * \return NULL if a potential FI attack was detected.
*/
void *mbedtls_platform_memset( void *ptr, int value, size_t num );
diff --git a/library/platform_util.c b/library/platform_util.c
index 5e938f9..28790a4 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -95,30 +95,68 @@
void *mbedtls_platform_memset( void *, int, size_t );
static void * (* const volatile memset_func)( void *, int, size_t ) = mbedtls_platform_memset;
-void mbedtls_platform_zeroize( void *buf, size_t len )
+void *mbedtls_platform_zeroize( void *buf, size_t len )
{
- MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
+ volatile size_t vlen = len;
- if( len > 0 )
- memset_func( buf, 0, len );
+ MBEDTLS_INTERNAL_VALIDATE_RET( ( len == 0 || buf != NULL ), NULL );
+
+ if( vlen > 0 )
+ {
+ return memset_func( buf, 0, vlen );
+ }
+ else
+ {
+ mbedtls_platform_random_delay();
+ if( vlen == 0 && vlen == len )
+ {
+ return buf;
+ }
+ }
+ return NULL;
}
#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
void *mbedtls_platform_memset( void *ptr, int value, size_t num )
{
- /* Randomize start offset. */
- size_t start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num );
- /* Randomize data */
- uint32_t data = mbedtls_platform_random_in_range( 256 );
+ size_t i, start_offset;
+ volatile size_t flow_counter = 0;
+ volatile char *b = ptr;
+ char rnd_data;
- /* Perform a pair of memset operations from random locations with
- * random data */
- memset( (void *) ( (unsigned char *) ptr + start_offset ), data,
- ( num - start_offset ) );
- memset( (void *) ptr, data, start_offset );
+ start_offset = (size_t) mbedtls_platform_random_in_range( (uint32_t) num );
+ rnd_data = (char) mbedtls_platform_random_in_range( 256 );
- /* Perform the original memset */
- return( memset( ptr, value, num ) );
+ /* Start from a random location */
+ for( i = start_offset; i < num; ++i )
+ {
+ b[i] = value;
+ flow_counter++;
+ }
+
+ /* Perform a memset operations with random data */
+ for( i = 0; i < start_offset; ++i )
+ {
+ b[i] = rnd_data;
+ }
+
+ /* Finish a memset operations with correct data */
+ for( i = 0; i < start_offset; ++i )
+ {
+ b[i] = value;
+ flow_counter++;
+ }
+
+ /* check the correct number of iterations */
+ if( flow_counter == num )
+ {
+ mbedtls_platform_random_delay();
+ if( flow_counter == num )
+ {
+ return ptr;
+ }
+ }
+ return NULL;
}
void *mbedtls_platform_memcpy( void *dst, const void *src, size_t num )