Validate peer's public key in ECDH This protects against invalid curve attacks. (It's also a tiny step in the direction of protecting against some fault injection attacks.)

commit: 6ee7a4e01c587072b88cf9bcb4c7566f614bda9f [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Oct 14 14:02:07 2019 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Oct 31 13:07:52 2019 +0100
tree: f38c1c0e920056bdd75bdbc92f9ec69197cf05ce
parent: 4a658a01c6511f02c82efd9d1e80901e8fef2fac [diff] [blame]
diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c
index 54b9a8a..853c50d 100644
--- a/tinycrypt/ecc_dh.c
+++ b/tinycrypt/ecc_dh.c

@@ -169,6 +169,12 @@
 	wordcount_t num_bytes = curve->num_bytes;
 	int r;
 
+        /* Protect against invalid curve attacks */
+        if (uECC_valid_public_key(public_key, curve) != 0) {
+            r = 0;
+            goto clear_and_out;
+        }
+
 	/* Converting buffers to correct bit order: */
 	uECC_vli_bytesToNative(_private,
       			       private_key,
commit	6ee7a4e01c587072b88cf9bcb4c7566f614bda9f	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Oct 14 14:02:07 2019 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Oct 31 13:07:52 2019 +0100
tree	f38c1c0e920056bdd75bdbc92f9ec69197cf05ce
parent	4a658a01c6511f02c82efd9d1e80901e8fef2fac [diff] [blame]