TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 74f7d0f03de292474ed16500575aee45758fa491^! / . / library / aes.c
commit74f7d0f03de292474ed16500575aee45758fa491[log] [tgz]
authorAndrzej Kurek <andrzej.kurek@arm.com>Mon Jul 06 14:28:12 2020 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>Mon Jul 06 14:28:12 2020 -0400
tree8c7c27d291705e8bd54131673e0810729c66cc8a
parent98c847a4834eff8cd9b27b3ac5bbf30668578b48 [diff] [blame]
Duplicate sensitive buffer and buffer length information

Detect FI attacks on buffer pointers and buffer lengths.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

diff --git a/library/aes.c b/library/aes.c
index 5746987..8cfb4ba 100644
--- a/library/aes.c
+++ b/library/aes.c

@@ -686,6 +686,8 @@
     unsigned int flow_ctrl = 0;
     volatile unsigned int i = 0;
     volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
+    volatile const unsigned char *key_dup = key;
+    volatile unsigned int keybits_dup = keybits;
     uint32_t *RK;
     uint32_t offset = 0;
 
@@ -814,7 +816,10 @@
 #endif
     ) )
     {
-        return ret;
+        if( keybits_dup == keybits && key_dup == key )
+        {
+            return ret;
+        }
     }
 
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
@@ -1063,6 +1068,8 @@
     aes_r_data_t *aes_data_table[2];    // pointers to real and fake data
     int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
     volatile int flow_control;
+    volatile const unsigned char *input_dup = input;
+    volatile unsigned char *output_dup = output;
     // control bytes for AES calculation rounds,
     // reserve based on max rounds + dummy rounds + 2 (for initial key addition)
     uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1163,7 +1170,10 @@
     if( flow_control == tindex + dummy_rounds + 8 )
     {
         /* Validate control path due possible fault injection */
-        return 0;
+        if( output_dup == output && input_dup == input )
+        {
+            return 0;
+        }
     }
 
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
@@ -1342,6 +1352,8 @@
     aes_r_data_t *aes_data_table[2];    // pointers to real and fake data
     int round_ctrl_table_len = ctx->nr + 2 + AES_SCA_CM_ROUNDS;
     volatile int flow_control;
+    volatile const unsigned char *input_dup = input;
+    volatile unsigned char *output_dup = output;
     // control bytes for AES calculation rounds,
     // reserve based on max rounds + dummy rounds + 2 (for initial key addition)
     uint8_t round_ctrl_table[( 14 + AES_SCA_CM_ROUNDS + 2 )];
@@ -1442,7 +1454,10 @@
     if( flow_control == tindex + dummy_rounds + 8 )
     {
         /* Validate control path due possible fault injection */
-        return 0;
+        if( output_dup == output && input_dup == input )
+        {
+            return 0;
+        }
     }
 
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );