commit 9bc6119bb9cd0407ba97b4fa3b284128560db71f
author Andrzej Kurek <andrzej.kurek@arm.com> Fri Nov 13 11:29:14 2020 +0100
committer Andrzej Kurek <andrzej.kurek@arm.com> Wed Nov 25 06:38:05 2020 -0500
tree 686c7d83fa67b902153ced1aa29685a82629da4e
parent 5eba1d82a2e154e3d922dd8ab2fcb5012baaa72e

Add random delays to sha256 to protect against fault injection

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/sha256.c

diff --git a/library/sha256.c b/library/sha256.c
index 5214591..c2a20d2 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -281,7 +281,9 @@
 
     if( flow_ctrl == 8 )
     {
-        return( 0 );
+        mbedtls_platform_random_delay();
+        if( flow_ctrl == 8 )
+            return( 0 );
     }
     /* Free the ctx upon suspected FI */
     mbedtls_sha256_free( ctx );
@@ -355,6 +357,7 @@
     /* Re-check ilen_dup to protect from a FI attack */
     if( ilen_dup < 64 )
     {
+        mbedtls_platform_random_delay();
         /* Re-check that the calculated offsets are correct */
         ilen_change = ilen - ilen_dup;
         if( ( input_dup + ilen_change ) == input )
@@ -458,7 +461,9 @@
     /* flow ctrl was incremented twice and then 7 times in two loops */
     if( flow_ctrl == 9 )
     {
-        return( 0 );
+        mbedtls_platform_random_delay();
+        if( flow_ctrl == 9 )
+            return( 0 );
     }
     /* Free the ctx and clear output upon suspected FI */
     mbedtls_sha256_free( ctx );
@@ -509,7 +514,9 @@
 
     if( input_dup == input && ilen_dup == ilen )
     {
-        return( ret );
+        mbedtls_platform_random_delay();
+        if( input_dup == input && ilen_dup == ilen )
+            return( ret );
     }
     mbedtls_platform_memset( output, 0, 32 );
     return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );