Backport hfilali to earlgrey 1.0.0 #28434
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit beb00a0)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit c2e6bf2)
Noticed this incidentally; I suspect the convenience unmask function didn't exist when this was first written. Saves a bit of code size. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 0e07e38)
This is a side-channel mitigation Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit c192fbc)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit fb21d9a)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 0bf3598)
THis is a side-channel mitigation. Also fixes a byte-word confusion in RSA decryption that I noticed incidentally. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit be8d02a)
Randomize buffers where we can, being careful not to use hardening primitives that rely on entropy in the manual-DRBG routines. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 8cc7019)
This is a side channel mitigation. Also makes a small code size optimization around sideloaded-key clearing that I noticed incidentally. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 6b99624)
This is a side-channel mitigation. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 4d76c3d)
Small defense-in-depth improvement in SCA defense. Signed-off-by: Jade Philipoom <[email protected]> (cherry picked from commit 5e8bd4c)
This commit adds checks to the RSA codebase where, based on the selected padding scheme, the control-flow diverges. These checks make sure that a fault cannot allow an attacker to switch to a different padding scheme. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 27769f5)
Signed-off-by: Lucas Baizer <[email protected]> (cherry picked from commit 47a4f45)
Always wipe the DMEM once the OTBN execution has been finished. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 52c318f)
When an error occurs, HARDENED_TRY() immediately returns. As we also want to wipe the OTBN DMEM when an error happens, this commit adds HARDENED_TRY_WIPE_DMEM() which wipes DMEM on an error before returning. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit a5952c3)
Use the hardened_memcpy function to randomize writing into the HMAC key register. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit ce38ad9)
To mitigate fault attacks, read back the HMAC config from the register and compare to the expected config. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 8926c49)
Make sure that the key length was set in the ctrl_reg register. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 2a7fce1)
Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit cb93127)
Add new functions to the AES driver that allows computing a checksum of the current AES key. The checksum is calculated when creating the AES key structure. The checksum is checked again after writing the key to the AES IP core. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 9977567)
Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 6e77c08)
Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 83b8114)
Check if the loop ran for the expected number of iterations. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 92c3db6)
This commit randomizes the order we are writing the key shares to the AES block. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit fc4196b)
This commit randomizes the order we are reading the key shares from the keymanager. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 2144e83)
This commit adds fault injection protection to the HMAC cryptolib implementation. When `security_level == kOtcryptoKeySecurityLevelLow`, no protection is provided, similar until now. When `seucrity_level == kOtcryptoKeySecurityLevelMedium`, the CL now calls the CL-internal `hmac_hmac_sha256()` function twice. By comparing both tag outputs, an ongoing FI attack can be mitigated. When `security_level == kOtcryptoKeySecurityLevelHigh`, the CL now calls once the CL-internal `hmac_hmac_sha256()` function as well as the new `hmac_hmac_sha256_redundant()` function. Both functions again calculate the same tag and the CL compares both tages. However, the second implementation uses an alternative HMAC implementation that does not use the HMAC core itself but constructs HMAC over the SHA core. The idea is that two identical faults affect both implementations differently, which can be detected. Impact on the runtime for HMAC SHA256, 13 bytes message: otcrypto_hmac() runtime with security_level low: 6026 cycles otcrypto_hmac() runtime with security_level medium: 11852 cycles otcrypto_hmac() runtime with security_level high: 14975 cycles Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 9e6c1af)
This commit adds fault injection protection for the AES cryptolib implementation. When `key.security_level > kOtcryptoKeySecurityLevelLow`, the cryptolib internally performs two AES operations. The result of the first AES operation is used as input of the second AES operation. The output of the second AES operation should match the input of the first AES operation. If the check fails, an UNIMP instruction is executed. Performance AES-128 ECB encryption of 50 bytes: otcrypto_aes() runtime with security_level low: 25407 cycles otcrypto_aes() runtime with security_level > low: 53964 cycles Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 15fd255)
We should check the integrity of the public and private key after we have written them into OTBN. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 6517812)
Some functions in the HMAC driver are security-sensitve. Use `HARDEND_TRY()` to check the return value of those functions. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 8a6efc3)
As we also want to use CFI for those functions, return `status_t`. Signed-off-by: Pascal Nasahl <[email protected]> (cherry picked from commit 757b303)
This commit adds a new procedure that does an is on curve check on projective coordinates for p256. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 4c68fa9)
This commit adds the new is on curve check to the shared keygen function after the scalar multiplication as FI countermeasure. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit cc56065)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 5788aa2)
This commit adds the existing affine is on curve check to base point multiplications in ECDSA. This is done as a FI countermeasure. This commit also adds a wrapper function that does the comparison between the right hand and the left hand side of the result of the is on curve check. This way we save some IMEM. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 8237f51)
This commit adds a new procedure that does an is on curve check on projective coordinates for p384. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit a22f9f7)
This commit uses the new projective is on curve check routine to check whether the result of the scalar multiplications for ECDH are still on the p384 curve. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit bb4818b)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 0685dc0)
After two PRs were merged at the same time the instruction time check didn't check for the correct value any more. This commit fixes that issue. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit eff223f)
Avoid potential horizontal SCA issue in P256 scalar multiplication based on code review. Avoid that source and dest of one case in BN.SEL uses the same value by preseting with randomness. Re-order code to randomize destination of (first) BN.SEL before 1st use. Typos and minor edits of comments in P256 scalar mult. Signed-off-by: Johann Heyszl <[email protected]> (cherry picked from commit 17586fbe367a3d598aa5490200f6d4c3458f5b4c)
This commit adds blinding for the secret scalar d each time before a scalar multiplication is performed. This is done as a SCA countermeasure. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit c7726c9)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit a3817ac)
This commit adds mask refreshing before the secret scalar is used for the p256 sign algorithm. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit c88d89c)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit c2e7296)
This commit adds a new internal point multiplication which refreshes the blinding on the secret scalar and also extends the number of blinding bits as a SCA countermeasure. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit ca59a7d)
This commit adds a new test for the internal multiplication, since the scalar_mult_test will be using the blinded version of the internal multiplication and will thus no longer test the basic internal multiplication which is still needed for the sign algorithm. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 9c26142)
This commit changes all point multiplications which use the secret key scalar d to now use the new point multiplication with additional blinding bits and blinding refreshing. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 13323b5)
The preceding commits overflow the memory. For this reason this commit moves all the memory variables into a single file to avoid this issue. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit e132285)
Most of the tests have to be moved to the hjson framework since the variables have been moved to a single memory file. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 3ad4a52)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 585e1c3)
This commit adds remasking of the secret key scalar each time the sign routine is executed. This is added as a countermeasure against SCA. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit d7453a5)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 882630f)
This commit changes all the instructions in the p384 library that violate rules 6 and 7 related to bn.sel instructions. The destination register should not match any of the source registers. The two source registers can't be two shares of the same secret. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 9e1eb86)
This commit changes all the instructions in the p384 library that violate rule 8 related to bn.mulqacc instructions. After executing a mulqacc instruction on a secret the accumulation register and the flags need to be cleared. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit e7faf36)
…/sub This commit changes all the instructions in the p384 library that violate rule 5 or 9 related to bn.add and bn.sub instructions. After executing a bn.add or bn.sub instructions some sensitive state can remain in the flags. For this reason we need to be careful with these instructions and clear the flags in case they can contain sensitive data. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit c6390ae)
This commit changes all the instructions in the p384 library that violate rules 1-4 related to the handling of shares. Shares of the same secret should not be: - in different parts of the same reg - accessed in consecutive instructions - accessed in the same instruction - over write each other In some parts of the p384 library the shares are combined and some of these rules are violated by necessity. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 89e99eb)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 002fc75)
This commit pads the secret scalar with randomness instead of zeros for the scalar point multiplication of p384. Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit 01ee97e)
Signed-off-by: Hakim Filali <[email protected]> (cherry picked from commit b117008)
h-filali
force-pushed
the
backport-hfilali-to-earlgrey_1.0.0
branch
from
becb4d6 to
2d4d1be
Compare
nasahlpa
approved these changes
Oct 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a backport to earlgrey 1.0.0 for my cryptolib PRs that require manual intervention.
This PR is based on @nasahlpa s backport PR #28433