From 189ee74a8229eaa37b217b225ef81fd404343e2a Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 24 Jun 2020 17:28:31 -0400
Subject: [PATCH 1/3] Add a platform function to return a random uint32_t

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 include/mbedtls/platform_util.h | 12 ++++++++++++
 library/platform_util.c         | 14 ++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 4e0f9897a3..7d16074e23 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -231,6 +231,18 @@ int mbedtls_platform_memmove( void *dst, const void *src, size_t num );
  */
 int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num );
 
+/**
+ * \brief       RNG-function for getting a random 32-bit integer.
+ *
+ *
+ * \note        Currently the function is dependent of hardware providing an
+ *              rng with MBEDTLS_ENTROPY_HARDWARE_ALT. By default, 0 is
+ *              returned.
+ *
+ * \return      The generated random number.
+ */
+uint32_t mbedtls_platform_random_uint32( void );
+
 /**
  * \brief       RNG-function for getting a random in given range.
  *
diff --git a/library/platform_util.c b/library/platform_util.c
index de2fa2bd0e..fc6eb5abb1 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -172,6 +172,20 @@ int mbedtls_platform_memcmp( const void *buf1, const void *buf2, size_t num )
     return( (int) diff | (int) ( flow_counter ^ num ) );
 }
 
+uint32_t mbedtls_platform_random_uint32( )
+{
+#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+    return 0;
+#else
+    uint32_t result = 0;
+    size_t olen = 0;
+
+    mbedtls_hardware_poll( NULL, (unsigned char *) &result, sizeof( result ),
+                           &olen );
+    return( result );
+#endif
+}
+
 uint32_t mbedtls_platform_random_in_range( size_t num )
 {
 #if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)

From 11ddf25828adce96dc7a9cf259b34a19f912f190 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 24 Jun 2020 17:33:39 -0400
Subject: [PATCH 2/3] Add minor FI countermeasures improvements

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/aes.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/aes.c b/library/aes.c
index f6c4fc33e3..c4710c45c0 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -552,7 +552,7 @@ static int aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
     int i = 0, j, is_even_pos, dummy_rounds, num;
 
     mbedtls_platform_memset( tbl, 0, tbl_len );
-    // get random from 0x0fff (each f will be used separately)
+    // get random from 0x0fff
     num = mbedtls_platform_random_in_range( 0x1000 );
 
     // Randomize execution order of initial round key addition
@@ -570,7 +570,7 @@ static int aes_sca_cm_data_randomize( uint8_t *tbl, uint8_t tbl_len )
     tbl_len = tbl_len - (AES_SCA_CM_ROUNDS - dummy_rounds);
 
     // randomize positions for the dummy rounds
-    num = ( num & 0x000f ) % ( dummy_rounds + 1 );
+    num = ( num & 0x0fff ) % ( dummy_rounds + 1 );
 
     // add dummy rounds after initial round key addition (if needed)
     for ( ; i < num + 2; i++ )
@@ -725,7 +725,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
         return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
 #endif
 
-    mbedtls_platform_memset( RK, 0, ( keybits >> 5 ) * 4 );
+    mbedtls_platform_memset( RK, 0, keybits >> 3 );
     offset = mbedtls_platform_random_in_range( keybits >> 5 );
 
     for( j = offset; j < ( keybits >> 5 ); j++ )
@@ -1089,7 +1089,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
     do
     {
         GET_UINT32_LE( aes_data_real.xy_values[i], input,  ( i * 4 ) );
-        aes_data_fake.xy_values[i] = mbedtls_platform_random_in_range( 0xffffffff );
+        aes_data_fake.xy_values[i] = mbedtls_platform_random_uint32();
         flow_control++;
     } while( ( i = ( i + 1 ) % 4 ) != offset );
 

From a9a5ff5f313a4832227de50f0cd21268cf415bc6 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 15 Jul 2020 08:50:59 -0400
Subject: [PATCH 3/3] aes: add a comment about expected keybits value.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/aes.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/aes.c b/library/aes.c
index c4710c45c0..e9e7544492 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -725,6 +725,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
         return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
 #endif
 
+    /* Three least significant bits are truncated from keybits, which is
+     * expected to be a multiple of 8. */
     mbedtls_platform_memset( RK, 0, keybits >> 3 );
     offset = mbedtls_platform_random_in_range( keybits >> 5 );