TLS Glitch Resistance on Encrypt

We’ve had some recent interest in adding resistance for detection of encrypt issues due to glitching. A recent report for ESP32 AES HW showed it was possible to skip the encrypt operation with some timed glitching. The attack requires physical access to the hardware. The attack results in the HW encrypt operation being skipped and the data being sent unencrypted over the TLS transport.

As a result we’ve added a new build option WOLFSSL_CIPHER_TEXT_CHECK to enable checking of the encrypt to ensure the data changed (i.e. is not the same). It defaults to checking 64-bits of the buffer, but this can be enlarged by overriding the WOLFSSL_CIPHER_CHECK_SZ macro.

We enable this feature by default with our “max strength” build option `–enable-maxstrength`.

For details see PR “Added sanity check on TLS encrypt to trap against glitching”.

If you have any questions please email