aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrzej Kurek <andrzej.kurek@arm.com>2020-05-29 11:20:04 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>2020-06-01 07:31:15 -0400
commite601bcee00563963793051e881f622ba6faa20a7 (patch)
tree0486ca241b61e31263d02dfa8ac6691ad3d57380
parentfc7c69df25f98961254cc36e2b297632b92f3d5e (diff)
downloadmbed-tls-e601bcee00563963793051e881f622ba6faa20a7.tar.gz
Add flow control to tinycrypt verification
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
-rw-r--r--tinycrypt/ecc_dsa.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c
index 660c5e9fa..e7292511a 100644
--- a/tinycrypt/ecc_dsa.c
+++ b/tinycrypt/ecc_dsa.c
@@ -192,6 +192,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
const uECC_word_t *point;
bitcount_t num_bits;
bitcount_t i;
+ bitcount_t flow_control;
volatile uECC_word_t diff;
uECC_word_t _public[NUM_ECC_WORDS * 2];
@@ -202,6 +203,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
rx[num_n_words - 1] = 0;
r[num_n_words - 1] = 0;
s[num_n_words - 1] = 0;
+ flow_control = 1;
uECC_vli_bytesToNative(_public, public_key, NUM_ECC_BYTES);
uECC_vli_bytesToNative(_public + num_words, public_key + NUM_ECC_BYTES,
@@ -220,6 +222,8 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
return UECC_FAILURE;
}
+ flow_control++;
+
/* Calculate u1 and u2. */
uECC_vli_modInv(z, s, curve_n); /* z = 1/s */
u1[num_n_words - 1] = 0;
@@ -237,6 +241,8 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
uECC_vli_modInv(z, z, curve_p); /* z = 1/z */
apply_z(sum, sum + num_words, z);
+ flow_control++;
+
/* Use Shamir's trick to calculate u1*G + u2*Q */
points[0] = 0;
points[1] = curve_G;
@@ -251,6 +257,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
uECC_vli_set(ry, point + num_words);
uECC_vli_clear(z);
z[0] = 1;
+ flow_control++;
for (i = num_bits - 2; i >= 0; --i) {
uECC_word_t index;
@@ -266,10 +273,12 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
XYcZ_add(tx, ty, rx, ry);
uECC_vli_modMult_fast(z, z, tz);
}
+ flow_control++;
}
uECC_vli_modInv(z, z, curve_p); /* Z = 1/Z */
apply_z(rx, ry, z);
+ flow_control++;
/* v = x1 (mod n) */
if (uECC_vli_cmp_unsafe(curve_n, rx) != 1) {
@@ -279,8 +288,13 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
/* Accept only if v == r. */
diff = uECC_vli_equal(rx, r);
if (diff == 0) {
+ flow_control++;
mbedtls_platform_random_delay();
- if (diff == 0) {
+
+ /* Re-check the condition and test if the control flow is as expected.
+ * 1 (base value) + num_bits - 1 (from the loop) + 5 incrementations.
+ */
+ if (diff == 0 && flow_control == (num_bits + 5)) {
return UECC_SUCCESS;
}
else {