Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-05-02 14:16:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

fw: Protect zeroisation against compiler optimisation.

Browse source 
The memset() responsible for the zeroisation of the secure_ctx under
the compute_cdi() function in FW's main.c, was optimised away by the
compiler. Instead of using memset(), secure_wipe() is introduced
which uses a volatile keyword to prevent the compiler to try to
optimise it. Secure_wipe() is now used on all locations handling
removal of sensitive data.
This commit is contained in:
dehanj 2024-02-02 14:20:21 +01:00
parent c85b5311cd
commit 3a6a60ff26
No known key found for this signature in database
GPG key ID: 3707A9DBF4BB8F1A
3 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hw/application_fpga/fw/tk1/main.c
View file

@ -115,7 +115,7 @@ static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
// while on the firmware stack which is in the special fw_ram.
wordcpy_s(local_uds, 8, (void *)uds, 8);
blake2s_update(&secure_ctx, (const void *)local_uds, 32);
(void)memset(local_uds, 0, 32);
(void)secure_wipe(local_uds, sizeof(local_uds));
// Update with TKey program digest
blake2s_update(&secure_ctx, digest, 32);
@ -130,7 +130,7 @@ static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
// Clear secure_ctx of any residue of UDS. Don't want to keep
// that for long even though fw_ram is cleared later.
(void)memset(&secure_ctx, 0, sizeof(secure_ctx));
(void)secure_wipe(&secure_ctx, sizeof(secure_ctx));
// CDI only word writable
wordcpy_s((void *)cdi, 8, &local_cdi, 8);