TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-11 14:38:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use safer return values in uECC_verify()

Browse Source 
This is a first step in protecting against fault injection attacks: the
attacker can no longer change failure into success by flipping a single bit.
Additional steps are needed to prevent other attacks (instruction skip etc)
and will be the object of future commits.

The return value of uECC_vli_equal() should be protected as well, which will
be done in a future commit as well.
This commit is contained in:
Manuel Pégourié-Gonnard
2019-11-06 10:30:26 +01:00
parent c05f1506f4
commit 10d8e8ed64
5 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tinycrypt/ecc_dsa.c
View File

@@ -235,13 +235,13 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
/* r, s must not be 0. */
if (uECC_vli_isZero(r) || uECC_vli_isZero(s)) {
return 0;
return UECC_FAILURE;
}
/* r, s must be < n. */
if (uECC_vli_cmp_unsafe(curve->n, r) != 1 ||
uECC_vli_cmp_unsafe(curve->n, s) != 1) {
return 0;
return UECC_FAILURE;
}
/* Calculate u1 and u2. */
@@ -301,7 +301,10 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
}
/* Accept only if v == r. */
return (int)(uECC_vli_equal(rx, r) == 0);
if (uECC_vli_equal(rx, r) == 0)
return UECC_SUCCESS;
return UECC_FAILURE;
}
#else
typedef int mbedtls_dummy_tinycrypt_def;