mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2024-10-01 01:45:38 -04:00
fw: Protect zeroisation against compiler optimisation.
The memset() responsible for the zeroisation of the secure_ctx under the compute_cdi() function in FW's main.c, was optimised away by the compiler. Instead of using memset(), secure_wipe() is introduced which uses a volatile keyword to prevent the compiler to try to optimise it. Secure_wipe() is now used on all locations handling removal of sensitive data.
This commit is contained in:
parent
c85b5311cd
commit
3a6a60ff26
@ -155,3 +155,10 @@ int memeq(void *dest, const void *src, size_t n)
|
|||||||
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void secure_wipe(void *v, size_t n)
|
||||||
|
{
|
||||||
|
volatile uint8_t *p = (volatile uint8_t *)v;
|
||||||
|
while (n--)
|
||||||
|
*p++ = 0;
|
||||||
|
}
|
||||||
|
@ -28,5 +28,5 @@ void *memset(void *dest, int c, unsigned n);
|
|||||||
void memcpy_s(void *dest, size_t destsize, const void *src, size_t n);
|
void memcpy_s(void *dest, size_t destsize, const void *src, size_t n);
|
||||||
void wordcpy_s(void *dest, size_t destsize, const void *src, size_t n);
|
void wordcpy_s(void *dest, size_t destsize, const void *src, size_t n);
|
||||||
int memeq(void *dest, const void *src, size_t n);
|
int memeq(void *dest, const void *src, size_t n);
|
||||||
|
void secure_wipe(void *v, size_t n);
|
||||||
#endif
|
#endif
|
||||||
|
@ -115,7 +115,7 @@ static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
|
|||||||
// while on the firmware stack which is in the special fw_ram.
|
// while on the firmware stack which is in the special fw_ram.
|
||||||
wordcpy_s(local_uds, 8, (void *)uds, 8);
|
wordcpy_s(local_uds, 8, (void *)uds, 8);
|
||||||
blake2s_update(&secure_ctx, (const void *)local_uds, 32);
|
blake2s_update(&secure_ctx, (const void *)local_uds, 32);
|
||||||
(void)memset(local_uds, 0, 32);
|
(void)secure_wipe(local_uds, sizeof(local_uds));
|
||||||
|
|
||||||
// Update with TKey program digest
|
// Update with TKey program digest
|
||||||
blake2s_update(&secure_ctx, digest, 32);
|
blake2s_update(&secure_ctx, digest, 32);
|
||||||
@ -130,7 +130,7 @@ static void compute_cdi(const uint8_t *digest, const uint8_t use_uss,
|
|||||||
|
|
||||||
// Clear secure_ctx of any residue of UDS. Don't want to keep
|
// Clear secure_ctx of any residue of UDS. Don't want to keep
|
||||||
// that for long even though fw_ram is cleared later.
|
// that for long even though fw_ram is cleared later.
|
||||||
(void)memset(&secure_ctx, 0, sizeof(secure_ctx));
|
(void)secure_wipe(&secure_ctx, sizeof(secure_ctx));
|
||||||
|
|
||||||
// CDI only word writable
|
// CDI only word writable
|
||||||
wordcpy_s((void *)cdi, 8, &local_cdi, 8);
|
wordcpy_s((void *)cdi, 8, &local_cdi, 8);
|
||||||
|
Loading…
Reference in New Issue
Block a user