Duplicate sensitive buffer and buffer length information
Detect FI attacks on buffer pointers and buffer lengths.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index a63c84b..08805eb 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c
@@ -114,6 +114,8 @@
uECC_word_t _private[NUM_ECC_WORDS];
uECC_word_t _public[NUM_ECC_WORDS * 2];
uECC_word_t tries;
+ volatile uint8_t *public_key_dup = public_key;
+ volatile uint8_t *private_key_dup = private_key;
for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) {
/* Generating _private uniformly at random: */
@@ -148,8 +150,12 @@
/* erasing temporary buffer that stored secret: */
mbedtls_platform_memset(_private, 0, NUM_ECC_BYTES);
- return UECC_SUCCESS;
- }
+ if(private_key == private_key_dup &&
+ public_key == public_key_dup){
+ return UECC_SUCCESS;
+ }
+ return UECC_FAULT_DETECTED;
+ }
}
return UECC_FAILURE;
}
@@ -163,6 +169,10 @@
wordcount_t num_words = NUM_ECC_WORDS;
wordcount_t num_bytes = NUM_ECC_BYTES;
int r = UECC_FAULT_DETECTED;
+ volatile const uint8_t *public_key_dup = public_key;
+ volatile const uint8_t *private_key_dup = private_key;
+ volatile const uint8_t *secret_dup = secret;
+
/* Converting buffers to correct bit order: */
uECC_vli_bytesToNative(_private,
@@ -180,6 +190,10 @@
/* erasing temporary buffer used to store secret: */
mbedtls_platform_zeroize(_private, sizeof(_private));
+ if(public_key_dup != public_key || private_key_dup != private_key ||
+ secret_dup != secret){
+ return UECC_FAULT_DETECTED;
+ }
return r;
}